[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 30 09:10:22 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d155afc by security tracker role at 2021-03-30T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3476
+ RESERVED
+CVE-2021-3475
+ RESERVED
+CVE-2021-3474
+ RESERVED
+CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...)
+ TODO: check
+CVE-2021-29423
+ RESERVED
CVE-2021-3473
RESERVED
CVE-2021-3472
@@ -10,8 +20,8 @@ CVE-2021-29420
RESERVED
CVE-2021-29419
RESERVED
-CVE-2021-29418
- RESERVED
+CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...)
+ TODO: check
CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
TODO: check
CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
@@ -94,8 +104,8 @@ CVE-2021-29378
RESERVED
CVE-2021-29377
RESERVED
-CVE-2021-29376
- RESERVED
+CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
+ TODO: check
CVE-2021-29375
RESERVED
CVE-2021-29374
@@ -1601,16 +1611,16 @@ CVE-2021-28674
RESERVED
CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
NOT-FOR-US: Xerox
-CVE-2021-28672
- RESERVED
-CVE-2021-28671
- RESERVED
+CVE-2021-28672 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ TODO: check
+CVE-2021-28671 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ TODO: check
CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...)
NOT-FOR-US: Xerox
-CVE-2021-28669
- RESERVED
-CVE-2021-28668
- RESERVED
+CVE-2021-28669 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...)
+ TODO: check
+CVE-2021-28668 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...)
+ TODO: check
CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loop that ...)
NOT-FOR-US: StackStorm
CVE-2021-28666
@@ -4838,16 +4848,16 @@ CVE-2021-27278
RESERVED
CVE-2021-27277
RESERVED
-CVE-2021-27276
- RESERVED
-CVE-2021-27275
- RESERVED
-CVE-2021-27274
- RESERVED
-CVE-2021-27273
- RESERVED
-CVE-2021-27272
- RESERVED
+CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...)
+ TODO: check
+CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ TODO: check
+CVE-2021-27274 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-27273 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-27272 (This vulnerability allows remote attackers to delete arbitrary files o ...)
+ TODO: check
CVE-2021-27271
RESERVED
CVE-2021-27270
@@ -4900,20 +4910,20 @@ CVE-2021-27247
RESERVED
CVE-2021-27246
RESERVED
-CVE-2021-27245
- RESERVED
-CVE-2021-27244
- RESERVED
-CVE-2021-27243
- RESERVED
-CVE-2021-27242
- RESERVED
-CVE-2021-27241
- RESERVED
-CVE-2021-27240
- RESERVED
-CVE-2021-27239
- RESERVED
+CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...)
+ TODO: check
+CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...)
+ TODO: check
+CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
CVE-2021-27238
RESERVED
CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...)
@@ -6139,8 +6149,7 @@ CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allow
NOT-FOR-US: Emoncms
CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...)
NOT-FOR-US: MITREid Connect
-CVE-2021-26714
- RESERVED
+CVE-2021-26714 (The Enterprise License Manager portal in Mitel MiContact Center Enterp ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3
CVE-2021-26713 (A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...)
- asterisk <not-affected> (Only affects 16.16.0 onwards)
@@ -6515,8 +6524,8 @@ CVE-2019-25018 (In the rcp client in MIT krb5-appl through 1.0.3, malicious serv
CVE-2019-25017 (An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to ...)
- krb5-appl <removed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131109
-CVE-2021-3391
- RESERVED
+CVE-2021-3391 (MobileIron Mobile at Work through 2021-03-22 allows attackers to distingu ...)
+ TODO: check
CVE-2021-3390
RESERVED
CVE-2021-3389
@@ -10097,22 +10106,22 @@ CVE-2021-25164
RESERVED
CVE-2021-25163
RESERVED
-CVE-2021-25162
- RESERVED
-CVE-2021-25161
- RESERVED
-CVE-2021-25160
- RESERVED
-CVE-2021-25159
- RESERVED
-CVE-2021-25158
- RESERVED
-CVE-2021-25157
- RESERVED
-CVE-2021-25156
- RESERVED
-CVE-2021-25155
- RESERVED
+CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ TODO: check
+CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...)
+ TODO: check
+CVE-2021-25160 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ TODO: check
+CVE-2021-25159 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ TODO: check
+CVE-2021-25158 (A remote arbitrary file read vulnerability was discovered in some Arub ...)
+ TODO: check
+CVE-2021-25157 (A remote arbitrary file read vulnerability was discovered in some Arub ...)
+ TODO: check
+CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered in so ...)
+ TODO: check
+CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ TODO: check
CVE-2021-25154
RESERVED
CVE-2021-25153
@@ -10121,18 +10130,18 @@ CVE-2021-25152
RESERVED
CVE-2021-25151
RESERVED
-CVE-2021-25150
- RESERVED
-CVE-2021-25149
- RESERVED
-CVE-2021-25148
- RESERVED
+CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ TODO: check
+CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ TODO: check
+CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ TODO: check
CVE-2021-25147
RESERVED
-CVE-2021-25146
- RESERVED
-CVE-2021-25145
- RESERVED
+CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ TODO: check
+CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...)
+ TODO: check
CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
NOT-FOR-US: Aruba
CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...)
@@ -15860,7 +15869,8 @@ CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P
NOT-FOR-US: Samsung mobile devices
CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...)
NOT-FOR-US: Samsung Note20 mobile devices
-CVE-2021-22493 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+CVE-2021-22493
+ REJECTED
NOT-FOR-US: Samsung mobile devices
CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
NOT-FOR-US: Samsung mobile devices
@@ -23907,10 +23917,10 @@ CVE-2020-35140
RESERVED
CVE-2020-35139
RESERVED
-CVE-2020-35138
- RESERVED
-CVE-2020-35137
- RESERVED
+CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
+ TODO: check
+CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...)
+ TODO: check
CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...)
- dolibarr <removed>
CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...)
@@ -25309,10 +25319,10 @@ CVE-2021-1872
RESERVED
CVE-2021-1871
RESERVED
- - webkit2gtk <unfixed>
+ - webkit2gtk <unfixed>
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- - wpewebkit <unfixed>
- NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+ - wpewebkit <unfixed>
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
CVE-2021-1870
RESERVED
{DSA-4877-1}
@@ -25372,10 +25382,10 @@ CVE-2021-1845
RESERVED
CVE-2021-1844
RESERVED
- - webkit2gtk <unfixed>
+ - webkit2gtk <unfixed>
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- - wpewebkit <unfixed>
- NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+ - wpewebkit <unfixed>
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
CVE-2021-1843
RESERVED
CVE-2021-1842
@@ -25503,10 +25513,10 @@ CVE-2021-1789
NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
CVE-2021-1788
RESERVED
- - webkit2gtk <unfixed>
+ - webkit2gtk <unfixed>
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- - wpewebkit <unfixed>
- NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+ - wpewebkit <unfixed>
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
CVE-2021-1787
RESERVED
CVE-2021-1786
@@ -38959,8 +38969,8 @@ CVE-2020-25585
RESERVED
CVE-2020-25584
RESERVED
-CVE-2020-25583
- RESERVED
+CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...)
+ TODO: check
CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...)
TODO: check
CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ...)
@@ -38971,8 +38981,8 @@ CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r36904
TODO: check
CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...)
TODO: check
-CVE-2020-25577
- RESERVED
+CVE-2020-25577 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...)
+ TODO: check
CVE-2020-25572
RESERVED
CVE-2020-25571
@@ -41057,8 +41067,8 @@ CVE-2020-24638 (Multiple authenticated remote command executions are possible in
NOT-FOR-US: Aruba
CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...)
NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS)
-CVE-2020-24636
- RESERVED
+CVE-2020-24636 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ TODO: check
CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...)
NOT-FOR-US: Aruba
CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...)
@@ -49385,8 +49395,8 @@ CVE-2020-20547
RESERVED
CVE-2020-20546
RESERVED
-CVE-2020-20545
- RESERVED
+CVE-2020-20545 (Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Coll ...)
+ TODO: check
CVE-2020-20544
RESERVED
CVE-2020-20543
@@ -51198,16 +51208,16 @@ CVE-2020-19645
RESERVED
CVE-2020-19644
RESERVED
-CVE-2020-19643
- RESERVED
-CVE-2020-19642
- RESERVED
-CVE-2020-19641
- RESERVED
-CVE-2020-19640
- RESERVED
-CVE-2020-19639
- RESERVED
+CVE-2020-19643 (Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P ...)
+ TODO: check
+CVE-2020-19642 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...)
+ TODO: check
+CVE-2020-19641 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...)
+ TODO: check
+CVE-2020-19640 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...)
+ TODO: check
+CVE-2020-19639 (Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy ...)
+ TODO: check
CVE-2020-19638
RESERVED
CVE-2020-19637
@@ -144164,8 +144174,8 @@ CVE-2019-5321 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 29
NOT-FOR-US: Aruba Intelligent Edge Switch Series
CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...)
NOT-FOR-US: Aruba Intelligent Edge Switch Series
-CVE-2019-5319
- RESERVED
+CVE-2019-5319 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ TODO: check
CVE-2019-5318
RESERVED
CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...)
@@ -210603,12 +210613,10 @@ CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable whe
CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earl ...)
NOT-FOR-US: Red Hat Specific script
NOTE: https://access.redhat.com/security/vulnerabilities/3442151
-CVE-2018-1110 [Improper Input Validation]
- RESERVED
+CVE-2018-1110 (A flaw was found in knot-resolver before version 2.3.0. Malformed DNS ...)
- knot-resolver 2.3.0-1 (bug #896681)
NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2
-CVE-2018-1109
- RESERVED
+CVE-2018-1109 (A vulnerability was found in Braces versions prior to 2.3.1. Affected ...)
- node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
NOTE: https://snyk.io/vuln/npm:braces:20180219
NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0)
@@ -210621,8 +210629,7 @@ CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakne
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
-CVE-2018-1107
- RESERVED
+CVE-2018-1107 (It was discovered that the is-my-json-valid JavaScript library used an ...)
NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before 1.1. ...)
{DSA-4207-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d155afc9e68110deb7b7d03ae59fb57ca083605
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d155afc9e68110deb7b7d03ae59fb57ca083605
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210330/b5fd4183/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list