[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 27 21:10:33 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e18e1671 by security tracker role at 2021-05-27T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-33603
+	RESERVED
+CVE-2021-33602
+	RESERVED
+CVE-2021-33601
+	RESERVED
+CVE-2021-33600
+	RESERVED
+CVE-2021-33599
+	RESERVED
+CVE-2021-33598
+	RESERVED
+CVE-2021-33597
+	RESERVED
+CVE-2021-33596
+	RESERVED
+CVE-2021-33595
+	RESERVED
+CVE-2021-33594
+	RESERVED
+CVE-2021-33593
+	RESERVED
+CVE-2021-33592
+	RESERVED
+CVE-2021-33591
+	RESERVED
+CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
+	TODO: check
+CVE-2021-33589
+	RESERVED
 CVE-2021-33588
 	RESERVED
 CVE-2021-33587
@@ -79,8 +109,8 @@ CVE-2021-33560
 	RESERVED
 CVE-2021-33559
 	RESERVED
-CVE-2021-33558
-	RESERVED
+CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...)
+	TODO: check
 CVE-2021-33557
 	RESERVED
 CVE-2021-33556
@@ -421,8 +451,8 @@ CVE-2021-33396
 	RESERVED
 CVE-2021-33395
 	RESERVED
-CVE-2021-33394
-	RESERVED
+CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...)
+	TODO: check
 CVE-2021-33393
 	RESERVED
 CVE-2021-33392
@@ -826,8 +856,7 @@ CVE-2021-33202
 	RESERVED
 CVE-2021-33201
 	RESERVED
-CVE-2021-33200
-	RESERVED
+CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -2027,12 +2056,12 @@ CVE-2021-32647
 	RESERVED
 CVE-2021-32646
 	RESERVED
-CVE-2021-32645
-	RESERVED
+CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...)
+	TODO: check
 CVE-2021-32644
 	RESERVED
-CVE-2021-32643
-	RESERVED
+CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...)
+	TODO: check
 CVE-2021-32642 [add result validation to dyndisc example scripts]
 	RESERVED
 	- radsecproxy 1.8.2-4 (unimportant)
@@ -2513,10 +2542,10 @@ CVE-2021-32461
 	RESERVED
 CVE-2021-32460
 	RESERVED
-CVE-2021-32459
-	RESERVED
-CVE-2021-32458
-	RESERVED
+CVE-2021-32459 (A hard-coded password vulnerability exists in the SFTP Log Collection  ...)
+	TODO: check
+CVE-2021-32458 (A privilege escalation vulnerability exists in the tdts.ko chrdev_ioct ...)
+	TODO: check
 CVE-2021-32457 (A privilege escalation vulnerability exists in the tdts.ko chrdev_ioct ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
@@ -4173,8 +4202,7 @@ CVE-2021-31810
 	RESERVED
 CVE-2021-31809
 	RESERVED
-CVE-2021-31808
-	RESERVED
+CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
 	- squid <unfixed> (bug #989043)
 	- squid3 <removed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
@@ -4185,8 +4213,7 @@ CVE-2021-31807
 	- squid3 <removed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
-CVE-2021-31806
-	RESERVED
+CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
 	- squid <unfixed> (bug #989043)
 	- squid3 <removed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
@@ -4748,8 +4775,7 @@ CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.
 	NOT-FOR-US: SIS-REWE Go
 CVE-2021-31536
 	RESERVED
-CVE-2021-31535
-	RESERVED
+CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...)
 	{DSA-4920-1 DLA-2666-1}
 	- libx11 2:1.7.1-1 (bug #988737)
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
@@ -4775,8 +4801,7 @@ CVE-2021-31527
 	RESERVED
 CVE-2021-31526
 	RESERVED
-CVE-2021-31525 [net/http: ReadRequest can stack overflow]
-	RESERVED
+CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...)
 	- golang-1.16 1.16.4-1
 	- golang-1.15 1.15.9-2
 	- golang-1.11 <removed>
@@ -5648,16 +5673,13 @@ CVE-2021-31157
 	RESERVED
 CVE-2021-31156
 	RESERVED
-CVE-2021-31155
-	RESERVED
+CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...)
 	- rust-pleaser 0.4.1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
-CVE-2021-31154
-	RESERVED
+CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...)
 	- rust-pleaser 0.4.1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
-CVE-2021-31153
-	RESERVED
+CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...)
 	- rust-pleaser 0.4.1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
 CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...)
@@ -7319,8 +7341,7 @@ CVE-2021-30467
 	RESERVED
 CVE-2021-30466
 	RESERVED
-CVE-2021-30465
-	RESERVED
+CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...)
 	- runc 1.0.0~rc93+ds1-5 (bug #988768)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2
 	NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
@@ -11611,8 +11632,7 @@ CVE-2021-28664 (The Arm Mali GPU kernel driver allows privilege escalation or a
 	NOT-FOR-US: ARM components for Android
 CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or informat ...)
 	NOT-FOR-US: ARM components for Android
-CVE-2021-28662
-	RESERVED
+CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...)
 	- squid <unfixed> (bug #988891)
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
@@ -11663,14 +11683,12 @@ CVE-2021-28654
 	RESERVED
 CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital G-Technolo ...)
 	NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology ArmorLock NVMe SSD
-CVE-2021-28652
-	RESERVED
+CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
 	- squid <unfixed> (bug #988892)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
 	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch
-CVE-2021-28651
-	RESERVED
+CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
 	- squid <unfixed> (bug #988893)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
@@ -14391,24 +14409,24 @@ CVE-2021-27498
 	RESERVED
 CVE-2021-27497
 	RESERVED
-CVE-2021-27496
-	RESERVED
+CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+	TODO: check
 CVE-2021-27495
 	RESERVED
-CVE-2021-27494
-	RESERVED
+CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+	TODO: check
 CVE-2021-27493
 	RESERVED
-CVE-2021-27492
-	RESERVED
+CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...)
+	TODO: check
 CVE-2021-27491
 	RESERVED
-CVE-2021-27490
-	RESERVED
+CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+	TODO: check
 CVE-2021-27489
 	RESERVED
-CVE-2021-27488
-	RESERVED
+CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+	TODO: check
 CVE-2021-27487
 	RESERVED
 CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...)
@@ -14984,7 +15002,7 @@ CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8.
 	NOT-FOR-US: Mutare Voice (EVM)
 CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...)
 	NOT-FOR-US: Pelco Digital Sentry Server
-CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...)
+CVE-2021-27231 (Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...)
 	NOT-FOR-US: ExpressionEngine
@@ -25076,16 +25094,16 @@ CVE-2021-22913
 	RESERVED
 CVE-2021-22912
 	RESERVED
-CVE-2021-22911
-	RESERVED
+CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
+	TODO: check
 CVE-2021-22910
 	RESERVED
-CVE-2021-22909
-	RESERVED
-CVE-2021-22908
-	RESERVED
-CVE-2021-22907
-	RESERVED
+CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...)
+	TODO: check
+CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...)
+	TODO: check
+CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...)
+	TODO: check
 CVE-2021-22906
 	RESERVED
 CVE-2021-22905
@@ -25115,10 +25133,10 @@ CVE-2021-22901 [TLS session caching disaster]
 	NOTE: https://curl.se/docs/CVE-2021-22901.html
 	NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (7.77.0)
-CVE-2021-22900
-	RESERVED
-CVE-2021-22899
-	RESERVED
+CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse Connect ...)
+	TODO: check
+CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...)
+	TODO: check
 CVE-2021-22898 [TELNET stack contents disclosure]
 	RESERVED
 	- curl <unfixed>
@@ -25137,14 +25155,14 @@ CVE-2021-22896
 	RESERVED
 CVE-2021-22895
 	RESERVED
-CVE-2021-22894
-	RESERVED
+CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before  ...)
+	TODO: check
 CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
 	NOT-FOR-US: Pulse Connect Secure
-CVE-2021-22892
-	RESERVED
-CVE-2021-22891
-	RESERVED
+CVE-2021-22892 (An information disclosure vulnerability exists in the Rocket.Chat serv ...)
+	TODO: check
+CVE-2021-22891 (A missing authorization vulnerability exists in Citrix ShareFile Stora ...)
+	TODO: check
 CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...)
 	{DSA-4881-1}
 	- curl 7.74.0-1.2 (bug #986270)
@@ -25159,8 +25177,7 @@ CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware
 	NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
 CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...)
 	NOT-FOR-US: Rocket.Chat
-CVE-2021-22885 [Possible Information Disclosure / Unintended Method Execution in Action Pack]
-	RESERVED
+CVE-2021-22885 (A possible information disclosure / unintended method execution vulner ...)
 	{DLA-2655-1}
 	- rails 2:6.0.3.7+dfsg-1 (bug #988214)
 	NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
@@ -26293,8 +26310,8 @@ CVE-2021-22413
 	RESERVED
 CVE-2021-22412
 	RESERVED
-CVE-2021-22411
-	RESERVED
+CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...)
+	TODO: check
 CVE-2021-22410
 	RESERVED
 CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...)
@@ -26387,20 +26404,20 @@ CVE-2021-22366
 	RESERVED
 CVE-2021-22365
 	RESERVED
-CVE-2021-22364
-	RESERVED
+CVE-2021-22364 (There is a denial of service vulnerability in the versions 10.1.0.126( ...)
+	TODO: check
 CVE-2021-22363
 	RESERVED
-CVE-2021-22362
-	RESERVED
+CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei products. ...)
+	TODO: check
 CVE-2021-22361
 	RESERVED
-CVE-2021-22360
-	RESERVED
-CVE-2021-22359
-	RESERVED
-CVE-2021-22358
-	RESERVED
+CVE-2021-22360 (There is a resource management error vulnerability in the verisions V5 ...)
+	TODO: check
+CVE-2021-22359 (There is a denial of service vulnerability in the verisions V200R005C0 ...)
+	TODO: check
+CVE-2021-22358 (There is an insufficient input validation vulnerability in FusionCompu ...)
+	TODO: check
 CVE-2021-22357
 	RESERVED
 CVE-2021-22356
@@ -26927,8 +26944,8 @@ CVE-2021-22120
 	RESERVED
 CVE-2021-22119
 	RESERVED
-CVE-2021-22118
-	RESERVED
+CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ...)
+	TODO: check
 CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...)
 	- rabbitmq-server <not-affected> (Windows-specific)
 CVE-2021-22116
@@ -31597,8 +31614,8 @@ CVE-2021-20729
 	RESERVED
 CVE-2021-20728
 	RESERVED
-CVE-2021-20727
-	RESERVED
+CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
+	TODO: check
 CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
 	NOT-FOR-US: Overwolf
 CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...)
@@ -43649,8 +43666,7 @@ CVE-2020-27834 [attacker can send the same request over and over again without c
 	NOTE: very scarce/incomplete CVE request from http://almorabea.net/cves/zabbix.txt
 CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in openshift-clien ...)
 	NOT-FOR-US: OpenShift
-CVE-2020-27832
-	RESERVED
+CVE-2020-27832 (A flaw was found in Red Hat Quay, where it has a persistent Cross-site ...)
 	NOT-FOR-US: Quay
 CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly protect t ...)
 	NOT-FOR-US: Quay
@@ -57228,32 +57244,32 @@ CVE-2020-22036
 	RESERVED
 CVE-2020-22035
 	RESERVED
-CVE-2020-22034
-	RESERVED
-CVE-2020-22033
-	RESERVED
-CVE-2020-22032
-	RESERVED
-CVE-2020-22031
-	RESERVED
-CVE-2020-22030
-	RESERVED
-CVE-2020-22029
-	RESERVED
+CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 atlibavfi ...)
+	TODO: check
+CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...)
+	TODO: check
+CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
+	TODO: check
+CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
+	TODO: check
+CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
+	TODO: check
+CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
+	TODO: check
 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
 	TODO: check
-CVE-2020-22027
-	RESERVED
+CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...)
+	TODO: check
 CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
 	TODO: check
-CVE-2020-22025
-	RESERVED
+CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at  ...)
+	TODO: check
 CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
 	TODO: check
-CVE-2020-22023
-	RESERVED
-CVE-2020-22022
-	RESERVED
+CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...)
+	TODO: check
+CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
+	TODO: check
 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
 	TODO: check
 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
@@ -57265,10 +57281,10 @@ CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10b
 	TODO: check
 CVE-2020-22018
 	RESERVED
-CVE-2020-22017
-	RESERVED
-CVE-2020-22016
-	RESERVED
+CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...)
+	TODO: check
+CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...)
+	TODO: check
 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
 	- ffmpeg <unfixed>
 	[bullseye] - ffmpeg <ignored> (Minor issue)
@@ -64882,10 +64898,10 @@ CVE-2020-18232
 	RESERVED
 CVE-2020-18231
 	RESERVED
-CVE-2020-18230
-	RESERVED
-CVE-2020-18229
-	RESERVED
+CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...)
+	TODO: check
+CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...)
+	TODO: check
 CVE-2020-18228
 	RESERVED
 CVE-2020-18227
@@ -66344,8 +66360,8 @@ CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.
 	- cassandra <itp> (bug #585905)
 CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...)
 	- airflow <itp> (bug #819700)
-CVE-2020-17514
-	RESERVED
+CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ...)
+	TODO: check
 CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...)
 	- airflow <itp> (bug #819700)
 CVE-2020-17512
@@ -79603,8 +79619,7 @@ CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWo
 CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...)
 	- firefox <not-affected> (Specific to iOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
-CVE-2020-12403
-	RESERVED
+CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...)
 	{DLA-2388-1}
 	- nss 2:3.55-1
 	[buster] - nss <no-dsa> (Minor issue)
@@ -85396,8 +85411,7 @@ CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it is
 	NOT-FOR-US: Keycloak
 CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine versions 4.4  ...)
 	NOT-FOR-US: ovirt-engine
-CVE-2020-10774
-	RESERVED
+CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's versions befo ...)
 	- linux <not-affected> (Red Hat-specific patch)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964
 CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...)
@@ -85593,8 +85607,7 @@ CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was
 	NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14364
 	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb)
-CVE-2020-10729 [two random password lookups in same task return same value]
-	RESERVED
+CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...)
 	- ansible 2.9.6+dfsg-1
 	[buster] - ansible <no-dsa> (Minor issue)
 	[jessie] - ansible <not-affected> (Vulnerable code introduced later, no variables template caching)
@@ -85649,8 +85662,7 @@ CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file syst
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
-CVE-2020-10716
-	RESERVED
+CVE-2020-10716 (A flaw was found in Red Hat Satellite's Job Invocation, where the "Use ...)
 	NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation
 CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...)
 	NOT-FOR-US: Openshift Web Console
@@ -85672,8 +85684,7 @@ CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
 CVE-2020-10710
 	RESERVED
-CVE-2020-10709
-	RESERVED
+CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...)
 	- ansible-awx <itp> (bug #908763)
 	NOTE: https://github.com/ansible/awx/issues/6630
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033
@@ -85708,8 +85719,7 @@ CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Au
 	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
 	- qemu-kvm <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0)
-CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS]
-	RESERVED
+CVE-2020-10701 (A missing authorization flaw was found in the libvirt API responsible  ...)
 	- libvirt 6.0.0-7 (bug #955841)
 	[buster] - libvirt <not-affected> (Vulnerable code introduced later)
 	[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -85728,11 +85738,9 @@ CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2
 	NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162
 	NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50)
 	NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d
-CVE-2020-10698
-	RESERVED
+CVE-2020-10698 (A flaw was found in Ansible Tower when running jobs. This flaw allows  ...)
 	NOT-FOR-US: Ansible Tower
-CVE-2020-10697
-	RESERVED
+CVE-2020-10697 (A flaw was found in Ansible Tower when running Openshift. Tower runs a ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5.  ...)
 	- golang-github-containers-buildah 1.11.6-2
@@ -85767,8 +85775,7 @@ CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a
 	NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e
 CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did  ...)
 	NOT-FOR-US: Eclipse Che
-CVE-2020-10688
-	RESERVED
+CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...)
 	- resteasy <unfixed> (bug #970328)
 	- resteasy3.0 <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
@@ -445378,8 +445385,7 @@ CVE-2008-2546
 	REJECTED
 CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sens ...)
 	NOT-FOR-US: Skype
-CVE-2008-2544
-	RESERVED
+CVE-2008-2544 (Mounting /proc filesystem via chroot command silently mounts it in rea ...)
 	- linux <unfixed> (unimportant)
 	NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22
 CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and As ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18e167100bf57eb3ebb80c78b16eaf557147981

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e18e167100bf57eb3ebb80c78b16eaf557147981
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210527/4a508587/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list