Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8006e3a2 by security tracker role at 2021-02-16T20:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,89 @@ -CVE-2021-27238 +CVE-2021-27279 + RESERVED +CVE-2021-27278 + RESERVED +CVE-2021-27277 + RESERVED +CVE-2021-27276 + RESERVED +CVE-2021-27275 + RESERVED +CVE-2021-27274 + RESERVED +CVE-2021-27273 + RESERVED +CVE-2021-27272 + RESERVED +CVE-2021-27271 + RESERVED +CVE-2021-27270 + RESERVED +CVE-2021-27269 + RESERVED +CVE-2021-27268 + RESERVED +CVE-2021-27267 + RESERVED +CVE-2021-27266 + RESERVED +CVE-2021-27265 + RESERVED +CVE-2021-27264 + RESERVED +CVE-2021-27263 + RESERVED +CVE-2021-27262 + RESERVED +CVE-2021-27261 + RESERVED +CVE-2021-27260 + RESERVED +CVE-2021-27259 + RESERVED +CVE-2021-27258 + RESERVED +CVE-2021-27257 + RESERVED +CVE-2021-27256 + RESERVED +CVE-2021-27255 RESERVED -CVE-2021-27237 +CVE-2021-27254 RESERVED +CVE-2021-27253 + RESERVED +CVE-2021-27252 + RESERVED +CVE-2021-27251 + RESERVED +CVE-2021-27250 + RESERVED +CVE-2021-27249 + RESERVED +CVE-2021-27248 + RESERVED +CVE-2021-27247 + RESERVED +CVE-2021-27246 + RESERVED +CVE-2021-27245 + RESERVED +CVE-2021-27244 + RESERVED +CVE-2021-27243 + RESERVED +CVE-2021-27242 + RESERVED +CVE-2021-27241 + RESERVED +CVE-2021-27240 + RESERVED +CVE-2021-27239 + RESERVED +CVE-2021-27238 + RESERVED +CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...) + TODO: check CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfil ...) NOT-FOR-US: Mutare Voice (EVM) CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...) @@ -10,8 +92,8 @@ CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. NOT-FOR-US: Mutare Voice (EVM) CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...) NOT-FOR-US: Mutare Voice (EVM) -CVE-2021-27232 - RESERVED +CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...) + TODO: check CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...) NOT-FOR-US: Hestia Control Panel CVE-2021-27230 @@ -3929,8 +4011,8 @@ CVE-2021-25650 RESERVED CVE-2021-25649 RESERVED -CVE-2021-25648 - RESERVED +CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...) + TODO: check CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...) NOT-FOR-US: Mobile application "Testes de Codigo" CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...) @@ -7831,20 +7913,17 @@ CVE-2021-23843 RESERVED CVE-2021-23842 RESERVED -CVE-2021-23841 [Null pointer deref in X509_issuer_and_serial_hash()] - RESERVED +CVE-2021-23841 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...) - openssl <unfixed> - openssl1.0 <removed> NOTE: https://www.openssl.org/news/secadv/20210216.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j) -CVE-2021-23840 [Integer overflow in CipherUpdate] - RESERVED +CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...) - openssl <unfixed> - openssl1.0 <removed> NOTE: https://www.openssl.org/news/secadv/20210216.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (OpenSSL_1_1_1j) -CVE-2021-23839 [Incorrect SSLv2 rollback protection] - RESERVED +CVE-2021-23839 (OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 ...) - openssl 1.0.0d-1 - openssl1.0 <not-affected> (SSL2 disabled before openssl1.0 was uploaded) NOTE: https://www.openssl.org/news/secadv/20210216.txt @@ -14376,12 +14455,12 @@ CVE-2021-21319 RESERVED CVE-2021-21318 RESERVED -CVE-2021-21317 - RESERVED -CVE-2021-21316 - RESERVED -CVE-2021-21315 - RESERVED +CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...) + TODO: check +CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...) + TODO: check +CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...) + TODO: check CVE-2021-21314 RESERVED CVE-2021-21313 @@ -15252,34 +15331,34 @@ CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause - postsrsd 1.10-1 [buster] - postsrsd 1.5-2+deb10u1 NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10) -CVE-2020-35570 - RESERVED -CVE-2020-35569 - RESERVED -CVE-2020-35568 - RESERVED -CVE-2020-35567 - RESERVED -CVE-2020-35566 - RESERVED -CVE-2020-35565 - RESERVED -CVE-2020-35564 - RESERVED -CVE-2020-35563 - RESERVED +CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35564 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35563 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check CVE-2020-35562 RESERVED -CVE-2020-35561 - RESERVED -CVE-2020-35560 - RESERVED -CVE-2020-35559 - RESERVED -CVE-2020-35558 - RESERVED -CVE-2020-35557 - RESERVED +CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check +CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) + TODO: check CVE-2020-35556 RESERVED CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) @@ -15334,10 +15413,10 @@ CVE-2021-20989 RESERVED CVE-2021-20988 RESERVED -CVE-2021-20987 - RESERVED -CVE-2021-20986 - RESERVED +CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...) + TODO: check +CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...) + TODO: check CVE-2021-20985 RESERVED CVE-2021-20984 @@ -16922,6 +17001,7 @@ CVE-2021-20222 RESERVED CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field] RESERVED + {DLA-2560-1} - qemu 1:5.2+dfsg-4 NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1 NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a @@ -17110,6 +17190,7 @@ CVE-2021-20182 NOT-FOR-US: OpenShift CVE-2021-20181 [9pfs: Fully restart unreclaim loop] RESERVED + {DLA-2560-1} - qemu 1:5.2+dfsg-4 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305 CVE-2021-20180 @@ -20909,6 +20990,7 @@ CVE-2020-29445 CVE-2020-29444 RESERVED CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...) + {DLA-2560-1} - qemu <unfixed> [buster] - qemu <postponed> (Fix along in future DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html @@ -21597,6 +21679,7 @@ CVE-2020-29132 CVE-2020-29131 RESERVED CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...) + {DLA-2560-1} - libslirp 4.4.0-1 - qemu 1:4.1-2 [buster] - qemu <postponed> (Fix along in future DSA) @@ -21822,18 +21905,18 @@ CVE-2020-29029 RESERVED CVE-2020-29028 RESERVED -CVE-2020-29027 - RESERVED +CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...) + TODO: check CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...) NOT-FOR-US: GateManager -CVE-2020-29025 - RESERVED -CVE-2020-29024 - RESERVED -CVE-2020-29023 - RESERVED -CVE-2020-29022 - RESERVED +CVE-2020-29025 (A vulnerability in SiteManager-Embedded (SM-E) Web server which may al ...) + TODO: check +CVE-2020-29024 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...) + TODO: check +CVE-2020-29023 (Improper Encoding or Escaping of Output from CSV Report Generator of S ...) + TODO: check +CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManager Web ...) + TODO: check CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...) NOT-FOR-US: GateManager CVE-2020-29020 @@ -22125,6 +22208,7 @@ CVE-2020-28918 CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...) NOT-FOR-US: TYPO3 extension CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...) + {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #976388; bug #974687) [buster] - qemu <postponed> (Fix along in future DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2 @@ -33844,8 +33928,8 @@ CVE-2020-25342 RESERVED CVE-2020-25341 RESERVED -CVE-2020-25340 - RESERVED +CVE-2020-25340 (An issue was discovered in NFStream 5.2.0. Because some allocated modu ...) + TODO: check CVE-2020-25339 RESERVED CVE-2020-25338 @@ -34462,6 +34546,7 @@ CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_con NOTE: fix and relates to the CVE-2020-17380 assignment. NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 (v5.2.0-rc0) CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...) + {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #970539) [buster] - qemu <postponed> (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html @@ -35003,8 +35088,8 @@ CVE-2020-24843 RESERVED CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...) NOT-FOR-US: PNPSCADA -CVE-2020-24841 - RESERVED +CVE-2020-24841 (PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in ...) + TODO: check CVE-2020-24840 RESERVED CVE-2020-24839 @@ -53672,6 +53757,7 @@ CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because o CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...) NOT-FOR-US: Parallels CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...) + {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #965978) [buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA) NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html @@ -54785,6 +54871,7 @@ CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...) NOT-FOR-US: ffjpeg CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...) + {DLA-2560-1} - qemu <unfixed> (low; bug #970253) [buster] - qemu <postponed> (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 @@ -69577,7 +69664,7 @@ CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython im NOT-FOR-US: psd-tools CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...) NOT-FOR-US: Telegram for Android -CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...) +CVE-2020-10569 (** DISPUTED ** SysAid On-Premise 20.1.11, by default, allows the AJP p ...) NOT-FOR-US: SysAid On-Premise CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...) NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8006e3a2d07f265a22cc539b5e1b23cecce372e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8006e3a2d07f265a22cc539b5e1b23cecce372e6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits