[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 18 21:10:47 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d89b843 by security tracker role at 2021-05-18T20:10:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2021-3555
+ RESERVED
+CVE-2021-33186
+ RESERVED
+CVE-2021-33185
+ RESERVED
+CVE-2021-33184
+ RESERVED
+CVE-2021-33183
+ RESERVED
+CVE-2021-33182
+ RESERVED
+CVE-2021-33181
+ RESERVED
+CVE-2021-33180
+ RESERVED
+CVE-2021-33179
+ RESERVED
+CVE-2021-33178
+ RESERVED
+CVE-2021-33177
+ RESERVED
+CVE-2021-33176
+ RESERVED
+CVE-2021-33175
+ RESERVED
+CVE-2021-33174
+ RESERVED
+CVE-2021-33173
+ RESERVED
+CVE-2021-33172
+ RESERVED
+CVE-2021-33171
+ RESERVED
+CVE-2021-33170
+ RESERVED
+CVE-2021-33169
+ RESERVED
+CVE-2021-33168
+ RESERVED
CVE-2021-33167
RESERVED
CVE-2021-33166
@@ -1839,8 +1879,8 @@ CVE-2021-32307
RESERVED
CVE-2021-32306
RESERVED
-CVE-2021-32305
- RESERVED
+CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...)
+ TODO: check
CVE-2021-32304
RESERVED
CVE-2021-32303
@@ -1973,8 +2013,8 @@ CVE-2021-32240
RESERVED
CVE-2021-32239
RESERVED
-CVE-2021-32238
- RESERVED
+CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Ove ...)
+ TODO: check
CVE-2021-32237
RESERVED
CVE-2021-32236
@@ -2575,8 +2615,7 @@ CVE-2021-3532
[buster] - ansible <no-dsa> (Minor issue)
- ansible-base <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464
-CVE-2021-3531
- RESERVED
+CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...)
- ceph <unfixed>
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5
@@ -3057,8 +3096,7 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Ph
NOTE: Introduced by: https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 (6.1.8)
NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a (v6.4.1)
NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1)
-CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
- RESERVED
+CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...)
{DLA-2653-1}
- libxml2 2.9.10+dfsg-6.6 (bug #987737)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -3092,8 +3130,8 @@ CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 perform
NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...)
NOT-FOR-US: OpenDistro for Elasticsearch
-CVE-2021-31827
- RESERVED
+CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...)
+ TODO: check
CVE-2021-31825
RESERVED
CVE-2021-31824
@@ -4232,7 +4270,7 @@ CVE-2021-31343
RESERVED
CVE-2021-31342
RESERVED
-CVE-2021-31341 (A vulnerability has been identified in Mendix Database Replication (Al ...)
+CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...)
NOT-FOR-US: Mendix Database Replication
CVE-2021-31340
RESERVED
@@ -7021,8 +7059,7 @@ CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of lib
[bullseye] - seafile-client <no-dsa> (Minor issue)
[buster] - seafile-client <no-dsa> (Minor issue)
NOTE: https://github.com/Security-AVS/CVE-2021-30146
-CVE-2021-30145
- RESERVED
+CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...)
- mpv 0.32.0-3 (bug #986839)
[buster] - mpv <no-dsa> (Minor issue)
[stretch] - mpv <postponed> (Minor issue; can be fixed in next update)
@@ -12044,8 +12081,8 @@ CVE-2021-28043
RESERVED
CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
NOT-FOR-US: Deutsche Post Mailoptimizer
-CVE-2021-3423
- RESERVED
+CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...)
+ TODO: check
CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
- openssh 1:8.4p1-5 (bug #984940)
[buster] - openssh <not-affected> (Vulnerable code introduced later)
@@ -17360,8 +17397,8 @@ CVE-2021-3202
RESERVED
CVE-2021-3201
RESERVED
-CVE-2021-3200
- RESERVED
+CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...)
+ TODO: check
CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...)
NOT-FOR-US: ONLYOFFICE Document Server
CVE-2021-3198
@@ -25787,8 +25824,8 @@ CVE-2021-22119
RESERVED
CVE-2021-22118
RESERVED
-CVE-2021-22117
- RESERVED
+CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...)
+ TODO: check
CVE-2021-22116
RESERVED
CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...)
@@ -39357,8 +39394,7 @@ CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56)
-CVE-2020-25709 [assertion failure in Certificate List syntax validation]
- RESERVED
+CVE-2020-25709 (A flaw was found in OpenLDAP. This flaw allows an attacker who can sen ...)
{DSA-4792-1 DLA-2481-1}
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
@@ -48034,7 +48070,7 @@ CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_i
[stretch] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/3723
NOTE: https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
-CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux kernel f ...)
+CVE-2020-25705 (A flaw in ICMP packets in the Linux kernel may allow an attacker to qu ...)
{DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
@@ -50437,8 +50473,8 @@ CVE-2020-24742
RESERVED
CVE-2020-24741
RESERVED
-CVE-2020-24740
- RESERVED
+CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...)
+ TODO: check
CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2020-24738
@@ -52036,8 +52072,8 @@ CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there is
NOTE: http://lists.live555.com/pipermail/live-devel/2020-July/021662.html
NOTE: Fixed in 2020.07.09 upstream, cf.
NOTE: http://www.live555.com/liveMedia/public/changelog.txt
-CVE-2020-24026
- RESERVED
+CVE-2020-24026 (TinyShop, a free and open source mall based on RageFrame2, has a store ...)
+ TODO: check
CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...)
- node-node-sass <unfixed>
[bullseye] - node-node-sass <ignored> (Minor issue)
@@ -52386,8 +52422,8 @@ CVE-2020-23863
RESERVED
CVE-2020-23862
RESERVED
-CVE-2020-23861
- RESERVED
+CVE-2020-23861 (A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 v ...)
+ TODO: check
CVE-2020-23860
RESERVED
CVE-2020-23859
@@ -52396,18 +52432,18 @@ CVE-2020-23858
RESERVED
CVE-2020-23857
RESERVED
-CVE-2020-23856
- RESERVED
+CVE-2020-23856 (Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, ...)
+ TODO: check
CVE-2020-23855
RESERVED
CVE-2020-23854
RESERVED
CVE-2020-23853
RESERVED
-CVE-2020-23852
- RESERVED
-CVE-2020-23851
- RESERVED
+CVE-2020-23852 (A heap based buffer overflow vulnerability exists in ffjpeg through 20 ...)
+ TODO: check
+CVE-2020-23851 (A stack-based buffer overflow vulnerability exists in ffjpeg through 2 ...)
+ TODO: check
CVE-2020-23850
RESERVED
CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...)
@@ -58211,8 +58247,8 @@ CVE-2020-20953
RESERVED
CVE-2020-20952
RESERVED
-CVE-2020-20951
- RESERVED
+CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...)
+ TODO: check
CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...)
NOT-FOR-US: Microchip Libraries for Applications
CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...)
@@ -59613,10 +59649,10 @@ CVE-2020-20256
RESERVED
CVE-2020-20255
RESERVED
-CVE-2020-20254
- RESERVED
-CVE-2020-20253
- RESERVED
+CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
+ TODO: check
+CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...)
+ TODO: check
CVE-2020-20252
RESERVED
CVE-2020-20251
@@ -59647,10 +59683,10 @@ CVE-2020-20239
RESERVED
CVE-2020-20238
RESERVED
-CVE-2020-20237
- RESERVED
-CVE-2020-20236
- RESERVED
+CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...)
+ TODO: check
+CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...)
+ TODO: check
CVE-2020-20235
RESERVED
CVE-2020-20234
@@ -59677,8 +59713,8 @@ CVE-2020-20224
RESERVED
CVE-2020-20223
RESERVED
-CVE-2020-20222
- RESERVED
+CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
+ TODO: check
CVE-2020-20221
RESERVED
CVE-2020-20220
@@ -59693,8 +59729,8 @@ CVE-2020-20216
RESERVED
CVE-2020-20215
RESERVED
-CVE-2020-20214
- RESERVED
+CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...)
+ TODO: check
CVE-2020-20213
RESERVED
CVE-2020-20212
@@ -63780,8 +63816,8 @@ CVE-2020-18180
RESERVED
CVE-2020-18179
RESERVED
-CVE-2020-18178
- RESERVED
+CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...)
+ TODO: check
CVE-2020-18177
RESERVED
CVE-2020-18176
@@ -70508,8 +70544,8 @@ CVE-2020-15281
REJECTED
CVE-2020-15280
RESERVED
-CVE-2020-15279
- RESERVED
+CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...)
+ TODO: check
CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...)
NOT-FOR-US: Red Discord Bot
CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...)
@@ -109765,7 +109801,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9
CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
NOT-FOR-US: Adaware
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
- {DLA-2389-1 DLA-2096-1}
+ {DSA-4918-1 DLA-2389-1 DLA-2096-1}
- ruby-rack-cors 1.1.1-1 (bug #944849)
NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
@@ -391640,8 +391676,7 @@ CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows
NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is
NOTE: properly rebuild with a fixed version from the start
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
-CVE-2002-2438
- RESERVED
+CVE-2002-2438 (TCP firewalls could be circumvented by sending a SYN Packets with othe ...)
NOT-FOR-US: ancient linux 2.4 issue
CVE-2001-1592
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d89b843ba6821f0b980bc7411fe71798ac36239
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d89b843ba6821f0b980bc7411fe71798ac36239
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210518/388b2c73/attachment.htm>
More information about the debian-security-tracker-commits
mailing list