Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f54fbe24 by security tracker role at 2021-02-11T20:10:33+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,13 @@ +CVE-2021-27195 + RESERVED +CVE-2021-27194 + RESERVED +CVE-2021-27193 + RESERVED +CVE-2021-27192 + RESERVED +CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...) + TODO: check CVE-2021-3408 RESERVED CVE-2021-27190 @@ -500,7 +510,7 @@ CVE-2021-26941 RESERVED CVE-2021-26940 RESERVED -CVE-2021-26939 (An information disclosure issue exists in henriquedornas 5.2.17 becaus ...) +CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...) NOT-FOR-US: henriquedornas CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...) NOT-FOR-US: henriquedornas @@ -750,8 +760,7 @@ CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain seq - python-cryptography 3.3.2-1 [buster] - python-cryptography <no-dsa> (Minor issue) NOTE: https://github.com/pyca/cryptography/issues/5615 -CVE-2021-21299 [hyper: Multiple Transfer-Encoding headers misinterprets request payload] - RESERVED +CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...) - rust-hyper <unfixed> NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html @@ -3674,12 +3683,12 @@ CVE-2021-25692 RESERVED CVE-2021-25691 RESERVED -CVE-2021-25690 - RESERVED -CVE-2021-25689 - RESERVED -CVE-2021-25688 - RESERVED +CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...) + TODO: check +CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...) + TODO: check +CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...) + TODO: check CVE-2021-25687 RESERVED CVE-2021-25686 @@ -8736,10 +8745,10 @@ CVE-2021-23337 RESERVED CVE-2021-23336 RESERVED -CVE-2021-23335 - RESERVED -CVE-2021-23334 - RESERVED +CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...) + TODO: check +CVE-2021-23334 (All versions of package static-eval are vulnerable to Arbitrary Code E ...) + TODO: check CVE-2021-23333 RESERVED CVE-2021-23332 @@ -9620,10 +9629,10 @@ CVE-2021-22883 RESERVED CVE-2021-22882 RESERVED -CVE-2021-22881 - RESERVED -CVE-2021-22880 - RESERVED +CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...) + TODO: check +CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...) + TODO: check CVE-2021-22879 RESERVED CVE-2021-22878 @@ -10220,20 +10229,20 @@ CVE-2021-22660 RESERVED CVE-2021-22659 RESERVED -CVE-2021-22658 - RESERVED +CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) + TODO: check CVE-2021-22657 RESERVED -CVE-2021-22656 - RESERVED +CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...) + TODO: check CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...) NOT-FOR-US: Fuji Electric -CVE-2021-22654 - RESERVED +CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) + TODO: check CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...) NOT-FOR-US: Fuji Electric -CVE-2021-22652 - RESERVED +CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...) + TODO: check CVE-2021-22651 RESERVED CVE-2021-22650 @@ -14216,8 +14225,8 @@ CVE-2021-21309 RESERVED CVE-2021-21308 RESERVED -CVE-2021-21307 - RESERVED +CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...) + TODO: check CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...) - node-marked <unfixed> NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96 @@ -14233,8 +14242,8 @@ CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernete - helm-kubernetes <itp> (bug #910799) CVE-2021-21302 RESERVED -CVE-2021-21301 - RESERVED +CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...) + TODO: check CVE-2021-21300 RESERVED CVE-2021-21298 @@ -14254,6 +14263,7 @@ CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...) NOT-FOR-US: OAuth2 Proxy CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...) + {DLA-2555-1} - netty <unfixed> NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec @@ -16309,14 +16319,14 @@ CVE-2021-20407 RESERVED CVE-2021-20406 RESERVED -CVE-2021-20405 - RESERVED -CVE-2021-20404 - RESERVED -CVE-2021-20403 - RESERVED -CVE-2021-20402 - RESERVED +CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) + TODO: check +CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) + TODO: check +CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to ...) + TODO: check +CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...) + TODO: check CVE-2021-20401 RESERVED CVE-2021-20400 @@ -16449,8 +16459,8 @@ CVE-2021-20337 RESERVED CVE-2021-20336 RESERVED -CVE-2021-20335 - RESERVED +CVE-2021-20335 (For MongoDB Ops Manager 4.2.X with multiple OM application servers, th ...) + TODO: check CVE-2021-20334 RESERVED CVE-2021-20333 @@ -16859,8 +16869,7 @@ CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a CVE-2021-20189 REJECTED -CVE-2021-20188 - RESERVED +CVE-2021-20188 (A flaw was found in podman before 1.7.0. File permissions for non-root ...) - libpod <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915734 NOTE: https://github.com/containers/podman/commit/2c7b579fe7328dc6db48bdaf60d0ddd9136b1e24 @@ -17301,8 +17310,7 @@ CVE-2020-35499 [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910048 NOTE: https://git.kernel.org/linus/f6b8c6b5543983e9de29dc14716bfa4eb3f157c4 -CVE-2020-35498 [Packet parsing vulnerability] - RESERVED +CVE-2020-35498 (A vulnerability was found in openvswitch. A limitation in the implemen ...) - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bug #982493) NOTE: master: https://github.com/openvswitch/ovs/commit/79349cbab0b2a755140eedb91833ad2760520a83 NOTE: 2.15: https://github.com/openvswitch/ovs/commit/0625dc79aec73b966f206e55655a2816696246d0 @@ -33296,8 +33304,8 @@ CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (f NOT-FOR-US: Xinuo SCO Openserver CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...) NOT-FOR-US: Xinuo SCO Openserver -CVE-2020-25493 - RESERVED +CVE-2020-25493 (Oclean Mobile Application 2.1.2 communicates with an external website ...) + TODO: check CVE-2020-25492 RESERVED CVE-2020-25491 @@ -60795,10 +60803,10 @@ CVE-2020-13188 REJECTED CVE-2020-13187 REJECTED -CVE-2020-13186 - RESERVED -CVE-2020-13185 - RESERVED +CVE-2020-13186 (An Anti CSRF mechanism was discovered missing in the Teradici Cloud Ac ...) + TODO: check +CVE-2020-13185 (Certain web application pages in the authenticated section of the Tera ...) + TODO: check CVE-2020-13184 RESERVED CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...) @@ -68770,8 +68778,8 @@ CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2) CVE-2020-10735 RESERVED -CVE-2020-10734 - RESERVED +CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout ...) + TODO: check CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...) - postgresql-12 <not-affected> (Windows-specific) - postgresql-11 <not-affected> (Windows-specific) @@ -75492,16 +75500,16 @@ CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Devic NOT-FOR-US: Ruckus CVE-2020-8032 RESERVED -CVE-2020-8031 - RESERVED -CVE-2020-8030 - RESERVED -CVE-2020-8029 - RESERVED +CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) + TODO: check +CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform ...) + TODO: check +CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) + TODO: check CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...) NOT-FOR-US: Salt configuration in SUSE Server Manager -CVE-2020-8027 - RESERVED +CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Ent ...) + TODO: check CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - inn2 <not-affected> (inews has correct ownership in Debian) CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...) @@ -84048,8 +84056,8 @@ CVE-2020-4770 RESERVED CVE-2020-4769 RESERVED -CVE-2020-4768 - RESERVED +CVE-2020-4768 (IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0 ...) + TODO: check CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...) NOT-FOR-US: IBM CVE-2020-4766 (IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cau ...) @@ -92968,8 +92976,8 @@ CVE-2020-1719 - wildfly <itp> (bug #752018) CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...) NOT-FOR-US: Keycloak -CVE-2020-1717 - RESERVED +CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...) + TODO: check CVE-2020-1716 RESERVED NOT-FOR-US: ceph-ansible View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54fbe2437fbb87dd6416093850fa345a6777b71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f54fbe2437fbb87dd6416093850fa345a6777b71 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits