[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
935f1509 by security tracker role at 2021-05-28T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-33614
+	RESERVED
+CVE-2021-33613
+	RESERVED
+CVE-2021-33612
+	RESERVED
+CVE-2021-33611
+	RESERVED
+CVE-2021-33610
+	RESERVED
+CVE-2021-33609
+	RESERVED
+CVE-2021-33608
+	RESERVED
+CVE-2021-33607
+	RESERVED
+CVE-2021-33606
+	RESERVED
+CVE-2021-33605
+	RESERVED
+CVE-2021-33604
+	RESERVED
 CVE-2021-33603
 	RESERVED
 CVE-2021-33602
@@ -423,8 +445,8 @@ CVE-2021-33410
 	RESERVED
 CVE-2021-33409
 	RESERVED
-CVE-2021-33408
-	RESERVED
+CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio Control>Center befo ...)
+	TODO: check
 CVE-2021-33407
 	RESERVED
 CVE-2021-33406
@@ -13654,8 +13676,8 @@ CVE-2021-27854
 	RESERVED
 CVE-2021-27853
 	RESERVED
-CVE-2021-27852
-	RESERVED
+CVE-2021-27852 (Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of  ...)
+	TODO: check
 CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability was fou ...)
 	NOT-FOR-US: Apache Tapestry
 CVE-2021-27849
@@ -33690,8 +33712,8 @@ CVE-2021-20028
 	RESERVED
 CVE-2021-20027
 	RESERVED
-CVE-2021-20026
-	RESERVED
+CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
+	TODO: check
 CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier  ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20024
@@ -71316,61 +71338,61 @@ CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html
 CVE-2020-15465
-	RESERVED
+	REJECTED
 CVE-2020-15464
-	RESERVED
+	REJECTED
 CVE-2020-15463
-	RESERVED
+	REJECTED
 CVE-2020-15462
-	RESERVED
+	REJECTED
 CVE-2020-15461
-	RESERVED
+	REJECTED
 CVE-2020-15460
-	RESERVED
+	REJECTED
 CVE-2020-15459
-	RESERVED
+	REJECTED
 CVE-2020-15458
-	RESERVED
+	REJECTED
 CVE-2020-15457
-	RESERVED
+	REJECTED
 CVE-2020-15456
-	RESERVED
+	REJECTED
 CVE-2020-15455
-	RESERVED
+	REJECTED
 CVE-2020-15454
-	RESERVED
+	REJECTED
 CVE-2020-15453
-	RESERVED
+	REJECTED
 CVE-2020-15452
-	RESERVED
+	REJECTED
 CVE-2020-15451
-	RESERVED
+	REJECTED
 CVE-2020-15450
-	RESERVED
+	REJECTED
 CVE-2020-15449
-	RESERVED
+	REJECTED
 CVE-2020-15448
-	RESERVED
+	REJECTED
 CVE-2020-15447
-	RESERVED
+	REJECTED
 CVE-2020-15446
-	RESERVED
+	REJECTED
 CVE-2020-15445
-	RESERVED
+	REJECTED
 CVE-2020-15444
-	RESERVED
+	REJECTED
 CVE-2020-15443
-	RESERVED
+	REJECTED
 CVE-2020-15442
-	RESERVED
+	REJECTED
 CVE-2020-15441
-	RESERVED
+	REJECTED
 CVE-2020-15440
-	RESERVED
+	REJECTED
 CVE-2020-15439
-	RESERVED
+	REJECTED
 CVE-2020-15438
-	RESERVED
+	REJECTED
 CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL pointer de ...)
 	- linux 5.7.17-1
 	[buster] - linux 4.19.146-1
@@ -71995,8 +72017,7 @@ CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site R
 	NOT-FOR-US: SoyCMS
 CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...)
 	NOT-FOR-US: Alfresco Reset Password add-on
-CVE-2020-15180
-	RESERVED
+CVE-2020-15180 (A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ...)
 	{DSA-4776-1 DLA-2409-1}
 	- mariadb-10.5 1:10.5.6-1
 	[experimental] - mariadb-10.3 1:10.3.27-1~exp1
@@ -74224,8 +74245,7 @@ CVE-2020-14389 (It was found that Keycloak before version 12.0.0 would permit a
 CVE-2020-14388
 	RESERVED
 	NOT-FOR-US: 3scale
-CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl]
-	RESERVED
+CVE-2020-14387 (A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperl ...)
 	- rsync 3.2.3-3 (bug #969530)
 	[buster] - rsync <not-affected> (Vulnerable code introduced later)
 	[stretch] - rsync <not-affected> (Vulnerable code introduced later)
@@ -74507,14 +74527,11 @@ CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ans
 	NOTE: https://github.com/ansible/ansible/pull/70762
 	NOTE: https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
 	NOTE: https://github.com/ansible/ansible/commit/76815d3afccc7baffa196456d092f4de94b4fbb1 (v2.9.12)
-CVE-2020-14329
-	RESERVED
+CVE-2020-14329 (A data exposure flaw was found in Ansible Tower in versions before 3.7 ...)
 	NOT-FOR-US: Ansible Tower
-CVE-2020-14328
-	RESERVED
+CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Server S ...)
 	NOT-FOR-US: Ansible Tower
-CVE-2020-14327
-	RESERVED
+CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2020-14326
 	RESERVED
@@ -74613,8 +74630,7 @@ CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions b
 	NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
 CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external identity  ...)
 	NOT-FOR-US: Keycloak
-CVE-2020-14301 [leak of sensitive cookie information via dumpxml]
-	RESERVED
+CVE-2020-14301 (An information disclosure vulnerability was found in libvirt in versio ...)
 	- libvirt <not-affected> (Vulnerable code introduced with 6.2.0)
 	NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979
 	NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5
@@ -87102,8 +87118,8 @@ CVE-2020-10147
 	RESERVED
 CVE-2020-10146 (The Microsoft Teams online service contains a stored cross-site script ...)
 	NOT-FOR-US: Microsoft Teams
-CVE-2020-10145
-	RESERVED
+CVE-2020-10145 (The Adobe ColdFusion installer fails to set a secure access-control li ...)
+	TODO: check
 CVE-2020-10144
 	RESERVED
 CVE-2020-10143 (Macrium Reflect includes an OpenSSL component that specifies an OPENSS ...)
@@ -109602,8 +109618,7 @@ CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon o
 	NOTE: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
 CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...)
 	NOT-FOR-US: Kiali
-CVE-2020-1761
-	RESERVED
+CVE-2020-1761 (A flaw was found in the OpenShift web console, where the access token  ...)
 	NOT-FOR-US: OpenShift
 CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...)
 	{DLA-2171-1}
@@ -109871,11 +109886,9 @@ CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file wa
 	NOT-FOR-US: openshift
 CVE-2020-1703
 	REJECTED
-CVE-2020-1702
-	RESERVED
+CVE-2020-1702 (A malicious container image can consume an unbounded amount of memory  ...)
 	NOT-FOR-US: Red Hat container manager tooling
-CVE-2020-1701
-	RESERVED
+CVE-2020-1701 (A flaw was found in the KubeVirt main virt-handler versions before 0.2 ...)
 	NOT-FOR-US: KubeVirt
 CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...)
 	- ceph 14.2.7-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935f15094d5aa00eb10eca86e4550047c9e7a2f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935f15094d5aa00eb10eca86e4550047c9e7a2f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210528/b3bda3ab/attachment.htm>