[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 28 21:10:39 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cca4665 by security tracker role at 2021-05-28T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,256 @@
-CVE-2021-33620 [SQUID-2021:5 Denial of Service in HTTP Response processing]
+CVE-2021-3569
+ RESERVED
+CVE-2021-3568
+ RESERVED
+CVE-2021-3567
+ RESERVED
+CVE-2021-33738
+ RESERVED
+CVE-2021-33737
+ RESERVED
+CVE-2021-33736
+ RESERVED
+CVE-2021-33735
+ RESERVED
+CVE-2021-33734
+ RESERVED
+CVE-2021-33733
+ RESERVED
+CVE-2021-33732
+ RESERVED
+CVE-2021-33731
+ RESERVED
+CVE-2021-33730
+ RESERVED
+CVE-2021-33729
+ RESERVED
+CVE-2021-33728
+ RESERVED
+CVE-2021-33727
+ RESERVED
+CVE-2021-33726
+ RESERVED
+CVE-2021-33725
+ RESERVED
+CVE-2021-33724
+ RESERVED
+CVE-2021-33723
+ RESERVED
+CVE-2021-33722
+ RESERVED
+CVE-2021-33721
+ RESERVED
+CVE-2021-33720
+ RESERVED
+CVE-2021-33719
+ RESERVED
+CVE-2021-33718
+ RESERVED
+CVE-2021-33717
+ RESERVED
+CVE-2021-33716
+ RESERVED
+CVE-2021-33715
+ RESERVED
+CVE-2021-33714
+ RESERVED
+CVE-2021-33713
+ RESERVED
+CVE-2021-33712
+ RESERVED
+CVE-2021-33711
+ RESERVED
+CVE-2021-33710
+ RESERVED
+CVE-2021-33709
+ RESERVED
+CVE-2021-33708
+ RESERVED
+CVE-2021-33707
+ RESERVED
+CVE-2021-33706
+ RESERVED
+CVE-2021-33705
+ RESERVED
+CVE-2021-33704
+ RESERVED
+CVE-2021-33703
+ RESERVED
+CVE-2021-33702
+ RESERVED
+CVE-2021-33701
+ RESERVED
+CVE-2021-33700
+ RESERVED
+CVE-2021-33699
+ RESERVED
+CVE-2021-33698
+ RESERVED
+CVE-2021-33697
+ RESERVED
+CVE-2021-33696
+ RESERVED
+CVE-2021-33695
+ RESERVED
+CVE-2021-33694
+ RESERVED
+CVE-2021-33693
+ RESERVED
+CVE-2021-33692
+ RESERVED
+CVE-2021-33691
+ RESERVED
+CVE-2021-33690
+ RESERVED
+CVE-2021-33689
+ RESERVED
+CVE-2021-33688
+ RESERVED
+CVE-2021-33687
+ RESERVED
+CVE-2021-33686
+ RESERVED
+CVE-2021-33685
+ RESERVED
+CVE-2021-33684
+ RESERVED
+CVE-2021-33683
+ RESERVED
+CVE-2021-33682
+ RESERVED
+CVE-2021-33681
+ RESERVED
+CVE-2021-33680
+ RESERVED
+CVE-2021-33679
+ RESERVED
+CVE-2021-33678
+ RESERVED
+CVE-2021-33677
+ RESERVED
+CVE-2021-33676
+ RESERVED
+CVE-2021-33675
+ RESERVED
+CVE-2021-33674
+ RESERVED
+CVE-2021-33673
+ RESERVED
+CVE-2021-33672
+ RESERVED
+CVE-2021-33671
+ RESERVED
+CVE-2021-33670
+ RESERVED
+CVE-2021-33669
+ RESERVED
+CVE-2021-33668
+ RESERVED
+CVE-2021-33667
+ RESERVED
+CVE-2021-33666
+ RESERVED
+CVE-2021-33665
+ RESERVED
+CVE-2021-33664
+ RESERVED
+CVE-2021-33663
+ RESERVED
+CVE-2021-33662
+ RESERVED
+CVE-2021-33661
+ RESERVED
+CVE-2021-33660
+ RESERVED
+CVE-2021-33659
+ RESERVED
+CVE-2021-33658
+ RESERVED
+CVE-2021-33657
+ RESERVED
+CVE-2021-33656
+ RESERVED
+CVE-2021-33655
+ RESERVED
+CVE-2021-33654
+ RESERVED
+CVE-2021-33653
+ RESERVED
+CVE-2021-33652
+ RESERVED
+CVE-2021-33651
+ RESERVED
+CVE-2021-33650
+ RESERVED
+CVE-2021-33649
+ RESERVED
+CVE-2021-33648
+ RESERVED
+CVE-2021-33647
+ RESERVED
+CVE-2021-33646
+ RESERVED
+CVE-2021-33645
+ RESERVED
+CVE-2021-33644
+ RESERVED
+CVE-2021-33643
+ RESERVED
+CVE-2021-33642
+ RESERVED
+CVE-2021-33641
+ RESERVED
+CVE-2021-33640
+ RESERVED
+CVE-2021-33639
+ RESERVED
+CVE-2021-33638
+ RESERVED
+CVE-2021-33637
+ RESERVED
+CVE-2021-33636
+ RESERVED
+CVE-2021-33635
+ RESERVED
+CVE-2021-33634
+ RESERVED
+CVE-2021-33633
+ RESERVED
+CVE-2021-33632
+ RESERVED
+CVE-2021-33631
+ RESERVED
+CVE-2021-33630
+ RESERVED
+CVE-2021-33629
+ RESERVED
+CVE-2021-33628
+ RESERVED
+CVE-2021-33627
+ RESERVED
+CVE-2021-33626
+ RESERVED
+CVE-2021-33625
+ RESERVED
+CVE-2021-33624
+ RESERVED
+CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
+ TODO: check
+CVE-2021-33622
+ RESERVED
+CVE-2021-33621
+ RESERVED
+CVE-2021-33619
+ RESERVED
+CVE-2021-33618
+ RESERVED
+CVE-2021-33617
+ RESERVED
+CVE-2021-33616
+ RESERVED
+CVE-2021-33615
+ RESERVED
+CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...)
- squid 4.13-10
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
@@ -49,8 +301,8 @@ CVE-2021-33593
RESERVED
CVE-2021-33592
RESERVED
-CVE-2021-33591
- RESERVED
+CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...)
+ TODO: check
CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
TODO: check
CVE-2021-33589
@@ -2093,16 +2345,15 @@ CVE-2021-32648
RESERVED
CVE-2021-32647
RESERVED
-CVE-2021-32646
- RESERVED
+CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...)
+ TODO: check
CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...)
TODO: check
CVE-2021-32644
RESERVED
CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...)
TODO: check
-CVE-2021-32642 [add result validation to dyndisc example scripts]
- RESERVED
+CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...)
- radsecproxy 1.8.2-4 (unimportant)
NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
NOTE: Only affects example script
@@ -2117,8 +2368,8 @@ CVE-2021-32639
RESERVED
CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...)
NOT-FOR-US: Github
-CVE-2021-32637
- RESERVED
+CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...)
+ TODO: check
CVE-2021-32636
RESERVED
CVE-2021-32635 [Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint]
@@ -2368,16 +2619,16 @@ CVE-2021-32545
RESERVED
CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...)
NOT-FOR-US: igt+
-CVE-2021-32543
- RESERVED
-CVE-2021-32542
- RESERVED
-CVE-2021-32541
- RESERVED
-CVE-2021-32540
- RESERVED
-CVE-2021-32539
- RESERVED
+CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...)
+ TODO: check
+CVE-2021-32542 (The parameters of the specific functions in the CTS Web trading system ...)
+ TODO: check
+CVE-2021-32541 (The CTS Web transaction system related to authentication and session m ...)
+ TODO: check
+CVE-2021-32540 (Add announcement function in the 101EIP system does not filter special ...)
+ TODO: check
+CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...)
+ TODO: check
CVE-2021-32538
RESERVED
CVE-2021-32537
@@ -4132,8 +4383,7 @@ CVE-2021-3515
- pglogical 2.3.3-3 (bug #988735)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112
NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
-CVE-2021-3514 [sync_repl NULL pointer dereference in sync_create_state_control()]
- RESERVED
+CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...)
- 389-ds-base 1.4.4.11-2 (bug #988727)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://github.com/389ds/389-ds-base/issues/4711
@@ -9361,10 +9611,10 @@ CVE-2021-29631
RESERVED
CVE-2021-29630
RESERVED
-CVE-2021-29629
- RESERVED
-CVE-2021-29628
- RESERVED
+CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...)
+ TODO: check
+CVE-2021-29628 (In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before ...)
+ TODO: check
CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...)
NOT-FOR-US: FreeBSD
CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...)
@@ -15503,8 +15753,8 @@ CVE-2021-27034
RESERVED
CVE-2021-27033
RESERVED
-CVE-2021-27032
- RESERVED
+CVE-2021-27032 (Autodesk Licensing Services was found to be vulnerable to privilege es ...)
+ TODO: check
CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...)
NOT-FOR-US: Autodesk
CVE-2021-27030 (A user may be tricked into opening a malicious FBX file which may expl ...)
@@ -15707,7 +15957,7 @@ CVE-2021-23217
RESERVED
CVE-2021-23201
RESERVED
-CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has ...)
+CVE-2020-36244 (The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to ...)
- dlt-daemon 2.18.6-1
[buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/GENIVI/dlt-daemon/issues/265
@@ -24922,6 +25172,7 @@ CVE-2021-23018
RESERVED
CVE-2021-23017
RESERVED
+ {DSA-4921-1}
- nginx <unfixed> (bug #989095)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/5
NOTE: Patch: http://nginx.org/download/patch.2021.resolver.txt
@@ -27775,8 +28026,8 @@ CVE-2021-21736
RESERVED
CVE-2021-21735
RESERVED
-CVE-2021-21734
- RESERVED
+CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...)
+ TODO: check
CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...)
NOT-FOR-US: ZXCDN
CVE-2021-21732 (A mobile phone of ZTE is impacted by improper access control vulnerabi ...)
@@ -32588,8 +32839,7 @@ CVE-2021-20293
- resteasy <undetermined>
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819
-CVE-2021-20292 [RM Memory Management Double Free Privilege Escalation Vulnerability]
- RESERVED
+CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions before 5.9 in ...)
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686
@@ -32636,8 +32886,7 @@ CVE-2021-20280 (Text-based feedback answers required additional sanitizing to pr
- moodle <removed>
CVE-2021-20279 (The ID number user profile field required additional sanitizing to pre ...)
- moodle <removed>
-CVE-2021-20278
- RESERVED
+CVE-2021-20278 (An authentication bypass vulnerability was found in Kiali in versions ...)
NOT-FOR-US: Kiali
CVE-2021-20277 (A flaw was found in Samba's libldb. Multiple, consecutive leading spac ...)
{DSA-4884-1 DLA-2611-1}
@@ -32703,8 +32952,7 @@ CVE-2021-20268 (An out-of-bounds access flaw was found in the Linux kernel's imp
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/
NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b
-CVE-2021-20267
- RESERVED
+CVE-2021-20267 (A flaw was found in openstack-neutron's default Open vSwitch firewall ...)
- neutron 2:17.1.1-5 (bug #985104)
[buster] - neutron <no-dsa> (Minor issue)
[stretch] - neutron <no-dsa> (Minor issue)
@@ -32838,8 +33086,7 @@ CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
-CVE-2021-20240 [integer underflow in the GIF loader of gdk-pixbuf via crafted input leads to segmentation fault]
- RESERVED
+CVE-2021-20240 (A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer w ...)
- gdk-pixbuf 2.42.2+dfsg-1
[buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
[stretch] - gdk-pixbuf <not-affected> (Vulnerable code added later)
@@ -32847,8 +33094,7 @@ CVE-2021-20240 [integer underflow in the GIF loader of gdk-pixbuf via crafted in
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
NOTE: Vulnerable code introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f (2.39.2)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e (2.42.0)
-CVE-2021-20239 [Untrusted Pointer Dereference in setsockopt system call]
- RESERVED
+CVE-2021-20239 (A flaw was found in the Linux kernel in versions before 5.4.92 in the ...)
- linux 5.10.4-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -32857,16 +33103,14 @@ CVE-2021-20239 [Untrusted Pointer Dereference in setsockopt system call]
CVE-2021-20238
RESERVED
NOT-FOR-US: OpenShift
-CVE-2021-20237 [Memory leaks via metadata messages processed by PUB sockets]
- RESERVED
+CVE-2021-20237 (An uncontrolled resource consumption (memory leak) flaw was found in Z ...)
- zeromq3 4.3.3-1
[buster] - zeromq3 <no-dsa> (Minor issue)
[stretch] - zeromq3 <no-dsa> (Minor issue)
NOTE: https://github.com/zeromq/libzmq/pull/3935
NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22344
-CVE-2021-20236 [Stack overflow on server running PUB/XPUB socket]
- RESERVED
+CVE-2021-20236 (A flaw was found in the ZeroMQ server in versions before 4.3.3. This f ...)
- zeromq3 4.3.3-1
[buster] - zeromq3 <no-dsa> (Minor issue)
[stretch] - zeromq3 <ignored> (Minor issue, too intrusive to backport)
@@ -33051,8 +33295,7 @@ CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior to the ...)
NOT-FOR-US: Keycloak
-CVE-2021-20201 [Client initiated renegotiation denial of service]
- RESERVED
+CVE-2021-20201 (A flaw was found in spice in versions before 0.14.92. A DoS tool might ...)
- spice 0.14.3-2.1 (bug #983698)
[buster] - spice <no-dsa> (Minor issue)
[stretch] - spice <no-dsa> (Minor issue)
@@ -33089,8 +33332,7 @@ CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emu
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210
NOTE: https://bugs.launchpad.net/qemu/+bug/1912780
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
-CVE-2021-20195
- RESERVED
+CVE-2021-20195 (A flaw was found in keycloak in versions before 13.0.0. A Self Stored ...)
NOT-FOR-US: Keycloak
CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher than 5.2 ...)
- linux 5.10.19-1
@@ -33536,24 +33778,21 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25308
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537
NOTE: binutils not covered by security support
-CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c]
- RESERVED
+CVE-2020-35506 (A use-after-free vulnerability was found in the am53c974 SCSI host bus ...)
- qemu <unfixed> (bug #984454)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
NOTE: https://bugs.launchpad.net/qemu/+bug/1909247
-CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c]
- RESERVED
+CVE-2020-35505 (A NULL pointer dereference flaw was found in the am53c974 SCSI host bu ...)
- qemu <unfixed> (bug #984455)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769
NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
-CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c]
- RESERVED
+CVE-2020-35504 (A NULL pointer dereference flaw was found in the SCSI emulation suppor ...)
- qemu <unfixed> (bug #979679)
[bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[buster] - qemu <postponed> (Fix along in future DSA)
@@ -40568,8 +40807,7 @@ CVE-2020-28417
RESERVED
CVE-2020-28416
RESERVED
-CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
- RESERVED
+CVE-2020-25710 (A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allo ...)
{DSA-4792-1 DLA-2481-1}
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
@@ -43637,8 +43875,7 @@ CVE-2020-27849
RESERVED
CVE-2020-27848 (dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /ap ...)
NOT-FOR-US: dotCMS
-CVE-2020-27847
- RESERVED
+CVE-2020-27847 (A vulnerability exists in the SAML connector of the github.com/dexidp/ ...)
NOT-FOR-US: github.com/dexidp/dex
CVE-2020-27846 (A signature verification vulnerability exists in crewjam/saml. This fl ...)
NOT-FOR-US: github.com/crewjam/saml
@@ -43740,8 +43977,7 @@ CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch. Specially
NOTE: https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
NOTE: https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0
-CVE-2020-27826
- RESERVED
+CVE-2020-27826 (A flaw was found in Keycloak before version 12.0.0 where it is possibl ...)
NOT-FOR-US: Keycloak
CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux ...)
{DSA-4843-1 DLA-2586-1 DLA-2557-1}
@@ -49242,8 +49478,7 @@ CVE-2020-25717
CVE-2020-25716
RESERVED
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-25715
- RESERVED
+CVE-2020-25715 (A flaw was found in pki-core 10.9.0. A specially crafted POST request ...)
- dogtag-pki <unfixed> (bug #988153)
[bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1891016
@@ -70419,8 +70654,8 @@ CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All ver
NOT-FOR-US: Spectrum Power 4
CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
NOT-FOR-US: Siemens
-CVE-2020-15782
- RESERVED
+CVE-2020-15782 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...)
NOT-FOR-US: SICAM
CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
@@ -109806,8 +110041,7 @@ CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before 0.9.4
NOTE: https://bugs.libssh.org/T213
NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a
-CVE-2020-1729
- RESERVED
+CVE-2020-1729 (A flaw was found in SmallRye's API through version 1.6.1. The API can ...)
NOT-FOR-US: SmallRye Config
CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...)
NOT-FOR-US: Keycloak
@@ -109851,8 +110085,7 @@ CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak ver
NOT-FOR-US: Keycloak
CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...)
NOT-FOR-US: Keycloak
-CVE-2020-1716
- RESERVED
+CVE-2020-1716 (A flaw was found in the ceph-ansible playbook where it contained hardc ...)
NOT-FOR-US: ceph-ansible
CVE-2020-1715
RESERVED
@@ -363991,8 +364224,7 @@ CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4536
- RESERVED
+CVE-2013-4536 (An user able to alter the savevm data (either on the disk or over the ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -410630,8 +410862,7 @@ CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CV
CVE-2010-3844 (An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure ...)
- ettercap 1:0.7.4-1 (unimportant; bug #600130)
NOTE: Very far-fetched attack vector
-CVE-2010-3843
- RESERVED
+CVE-2010-3843 (The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Et ...)
- ettercap 1:0.7.4-1 (unimportant; bug #600130)
NOTE: Very far-fetched attack vector
CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, w ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cca46655c07624d7d041e24ea37e2d18f6262c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cca46655c07624d7d041e24ea37e2d18f6262c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210528/77a1791d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list