Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 23c9d604 by security tracker role at 2021-02-12T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,15 @@ +CVE-2021-3411 + RESERVED +CVE-2021-3410 + RESERVED +CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local copy of ...) + TODO: check +CVE-2021-27204 (Telegram before 7.4 (212543) Stable on macOS stores the local passcode ...) + TODO: check +CVE-2021-27203 + RESERVED +CVE-2021-27202 + RESERVED CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file] - spip 3.2.9-1 TODO: needs possibly CVE requests for individual issues @@ -9,8 +21,8 @@ CVE-2021-27199 RESERVED CVE-2021-27198 RESERVED -CVE-2021-27197 - RESERVED +CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) + TODO: check CVE-2021-27196 RESERVED CVE-2021-27195 @@ -29,10 +41,10 @@ CVE-2021-27190 (PEEL Shopping cart 9.3.0 allows utilisateurs/change_params.php A NOT-FOR-US: PEEL Shopping cart CVE-2021-27189 RESERVED -CVE-2021-27188 - RESERVED -CVE-2021-27187 - RESERVED +CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...) + TODO: check +CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...) + TODO: check CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...) NOT-FOR-US: Fluent Bit CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...) @@ -493,7 +505,8 @@ CVE-2021-26961 RESERVED CVE-2021-26960 RESERVED -CVE-2021-26959 (An issue was discovered in the hyper crate before 0.13.10 and 0.14.x b ...) +CVE-2021-26959 + REJECTED TODO: check, seems to be a duplicate of CVE-2021-21299, contacted MITRE CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) - rust-xcb <unfixed> @@ -2022,7 +2035,7 @@ CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through - linux 5.10.13-1 NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6) CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.10.12-1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1 CVE-2021-3343 @@ -9442,32 +9455,32 @@ CVE-2021-22987 RESERVED CVE-2021-22986 RESERVED -CVE-2021-22985 - RESERVED +CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...) + TODO: check CVE-2021-22984 RESERVED -CVE-2021-22983 - RESERVED -CVE-2021-22982 - RESERVED -CVE-2021-22981 - RESERVED -CVE-2021-22980 - RESERVED -CVE-2021-22979 - RESERVED +CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...) + TODO: check +CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...) + TODO: check +CVE-2021-22981 (On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol ...) + TODO: check +CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, a ...) + TODO: check +CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...) + TODO: check CVE-2021-22978 RESERVED CVE-2021-22977 RESERVED -CVE-2021-22976 - RESERVED -CVE-2021-22975 - RESERVED -CVE-2021-22974 - RESERVED -CVE-2021-22973 - RESERVED +CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x ...) + TODO: check +CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and ...) + TODO: check +CVE-2021-22974 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...) + TODO: check +CVE-2021-22973 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...) + TODO: check CVE-2021-22972 RESERVED CVE-2021-22971 @@ -12633,7 +12646,7 @@ CVE-2021-21497 CVE-2021-21496 RESERVED CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.10.5-1 NOTE: https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1) CVE-2020-36157 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...) @@ -16340,20 +16353,20 @@ CVE-2021-20414 RESERVED CVE-2021-20413 RESERVED -CVE-2021-20412 - RESERVED -CVE-2021-20411 - RESERVED -CVE-2021-20410 - RESERVED -CVE-2021-20409 - RESERVED -CVE-2021-20408 - RESERVED -CVE-2021-20407 - RESERVED -CVE-2021-20406 - RESERVED +CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...) + TODO: check +CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) + TODO: check +CVE-2021-20410 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user crede ...) + TODO: check +CVE-2021-20409 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...) + TODO: check +CVE-2021-20408 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose h ...) + TODO: check +CVE-2021-20407 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensit ...) + TODO: check +CVE-2021-20406 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than ...) + TODO: check CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) NOT-FOR-US: IBM CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) @@ -16946,7 +16959,7 @@ CVE-2021-20178 [user data leak in snmp_facts module] NOTE: https://github.com/ansible-collections/community.general/pull/1621 CVE-2021-20177 RESERVED - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.5.13-1 [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823 @@ -19420,12 +19433,12 @@ CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where r CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s ...) NOT-FOR-US: Harbor CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 CVE-2020-29660 (A locking inconsistency issue was discovered in the tty subsystem of t ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 @@ -20177,11 +20190,11 @@ CVE-2020-29570 (An issue was discovered in Xen through 4.14.x. Recording of the [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-358.html CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as used wi ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-350.html CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such as Linu ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-349.html CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs t ...) @@ -21876,6 +21889,7 @@ CVE-2020-28937 (OpenClinic version 0.8.2 is affected by a missing authentication CVE-2020-28936 RESERVED CVE-2020-28935 (NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs ...) + {DLA-2556-1} - nsd 4.3.4-1 [buster] - nsd <no-dsa> (Minor issue) [stretch] - nsd <no-dsa> (Minor issue) @@ -24257,7 +24271,7 @@ CVE-2020-28376 CVE-2020-28375 RESERVED CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10. ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.10.9-1 NOTE: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4 NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12 @@ -27216,7 +27230,7 @@ CVE-2020-27831 NOT-FOR-US: Quay CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2] RESERVED - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.9.15-1 [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/1 @@ -27246,7 +27260,7 @@ CVE-2020-27826 RESERVED NOT-FOR-US: Keycloak CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux ...) - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.9.6-1 NOTE: https://git.kernel.org/linus/bbeb97464eefc65f506084fd9f18f21653e01137 CVE-2020-27824 [global-buffer-overflow read in lib-openjp2] @@ -27289,7 +27303,7 @@ CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where NOT-FOR-US: OpenShift Elasticsearch operator CVE-2020-27815 RESERVED - {DSA-4843-1} + {DSA-4843-1 DLA-2557-1} - linux 5.10.4-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/30/5 CVE-2020-27814 (A heap-buffer overflow was found in the way openjpeg2 handled certain ...) @@ -34263,6 +34277,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2021-3409 [sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085] + RESERVED - qemu <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...) @@ -62183,14 +62198,14 @@ CVE-2020-12665 CVE-2020-12664 RESERVED CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...) - {DSA-4694-1} + {DSA-4694-1 DLA-2556-1} - unbound 1.10.1-1 [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694) [jessie] - unbound <end-of-life> (No longer supported) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...) - {DSA-4694-1} + {DSA-4694-1 DLA-2556-1} - unbound 1.10.1-1 [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694) [jessie] - unbound <end-of-life> (No longer supported) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23c9d6040d4c39cea07b7976d61b2c2f6d22efde -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23c9d6040d4c39cea07b7976d61b2c2f6d22efde You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits