Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2b3b0b17 by security tracker role at 2021-03-01T20:10:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,141 @@ +CVE-2021-3418 + RESERVED +CVE-2021-27875 + RESERVED +CVE-2021-27874 + RESERVED +CVE-2021-27873 + RESERVED +CVE-2021-27872 + RESERVED +CVE-2021-27871 + RESERVED +CVE-2021-27870 + RESERVED +CVE-2021-27869 + RESERVED +CVE-2021-27868 + RESERVED +CVE-2021-27867 + RESERVED +CVE-2021-27866 + RESERVED +CVE-2021-27865 + RESERVED +CVE-2021-27864 + RESERVED +CVE-2021-27863 + RESERVED +CVE-2021-27862 + RESERVED +CVE-2021-27861 + RESERVED +CVE-2021-27860 + RESERVED +CVE-2021-27859 + RESERVED +CVE-2021-27858 + RESERVED +CVE-2021-27857 + RESERVED +CVE-2021-27856 + RESERVED +CVE-2021-27855 + RESERVED +CVE-2021-27854 + RESERVED +CVE-2021-27853 + RESERVED +CVE-2021-27852 + RESERVED +CVE-2021-27851 + RESERVED +CVE-2021-27850 + RESERVED +CVE-2021-27849 + RESERVED +CVE-2021-27848 + RESERVED +CVE-2021-27847 + RESERVED +CVE-2021-27846 + RESERVED +CVE-2021-27845 + RESERVED +CVE-2021-27844 + RESERVED +CVE-2021-27843 + RESERVED +CVE-2021-27842 + RESERVED +CVE-2021-27841 + RESERVED +CVE-2021-27840 + RESERVED +CVE-2021-27839 + RESERVED +CVE-2021-27838 + RESERVED +CVE-2021-27837 + RESERVED +CVE-2021-27836 + RESERVED +CVE-2021-27835 + RESERVED +CVE-2021-27834 + RESERVED +CVE-2021-27833 + RESERVED +CVE-2021-27832 + RESERVED +CVE-2021-27831 + RESERVED +CVE-2021-27830 + RESERVED +CVE-2021-27829 + RESERVED +CVE-2021-27828 + RESERVED +CVE-2021-27827 + RESERVED +CVE-2021-27826 + RESERVED +CVE-2021-27825 + RESERVED +CVE-2021-27824 + RESERVED +CVE-2021-27823 + RESERVED +CVE-2021-27822 + RESERVED +CVE-2021-27821 + RESERVED +CVE-2021-27820 + RESERVED +CVE-2021-27819 + RESERVED +CVE-2021-27818 + RESERVED +CVE-2021-27817 + RESERVED +CVE-2021-27816 + RESERVED +CVE-2021-27815 + RESERVED +CVE-2021-27814 + RESERVED +CVE-2021-27813 + RESERVED +CVE-2021-27812 + RESERVED +CVE-2021-27811 + RESERVED +CVE-2021-27810 + RESERVED +CVE-2021-27809 + RESERVED +CVE-2021-27808 + RESERVED CVE-2021-27807 RESERVED CVE-2021-27806 @@ -3376,8 +3514,8 @@ CVE-2018-25006 RESERVED CVE-2018-25005 RESERVED -CVE-2018-25004 - RESERVED +CVE-2018-25004 (A user authorized to performing a specific type of query may trigger a ...) + TODO: check CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...) [experimental] - libgcrypt20 1.9.1-1 (bug #981370) - libgcrypt20 <not-affected> (Only affected 1.9) @@ -3500,8 +3638,8 @@ CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield NOT-FOR-US: GoDaddy node-config-shield CVE-2021-26275 RESERVED -CVE-2020-36240 - RESERVED +CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...) + TODO: check CVE-2020-36239 RESERVED CVE-2020-36238 @@ -4352,8 +4490,8 @@ CVE-2021-25916 RESERVED CVE-2021-25915 RESERVED -CVE-2021-25914 - RESERVED +CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...) + TODO: check CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...) NOT-FOR-US: Node set-or-get CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...) @@ -4787,16 +4925,16 @@ CVE-2021-25835 (Cosmos Network Ethermint <= v0.4.0 is affected by a cross-cha NOT-FOR-US: Cosmos Network Ethermint CVE-2021-25834 (Cosmos Network Ethermint <= v0.4.0 is affected by a transaction rep ...) NOT-FOR-US: Cosmos Network Ethermint -CVE-2021-25833 - RESERVED -CVE-2021-25832 - RESERVED -CVE-2021-25831 - RESERVED -CVE-2021-25830 - RESERVED -CVE-2021-25829 - RESERVED +CVE-2021-25833 (A file extension handling issue was found in [server] module of ONLYOF ...) + TODO: check +CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image processing wa ...) + TODO: check +CVE-2021-25831 (A file extension handling issue was found in [core] module of ONLYOFFI ...) + TODO: check +CVE-2021-25830 (A file extension handling issue was found in [core] module of ONLYOFFI ...) + TODO: check +CVE-2021-25829 (An improper binary stream data handling issue was found in the [core] ...) + TODO: check CVE-2021-25828 RESERVED CVE-2021-25827 @@ -5865,8 +6003,7 @@ CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 CVE-2021-3180 RESERVED -CVE-2021-25329 - RESERVED +CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...) - tomcat9 9.0.43-1 - tomcat8 <removed> - tomcat7 <removed> @@ -6406,8 +6543,7 @@ CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 NOT-FOR-US: HPE CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) NOT-FOR-US: HPE -CVE-2021-25122 - RESERVED +CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...) - tomcat9 9.0.43-1 - tomcat8 <removed> - tomcat7 <removed> @@ -8751,7 +8887,7 @@ CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefo - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979 CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...) - {DSA-4866-1 DSA-4862-1 DLA-2575-1} + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 @@ -8771,7 +8907,7 @@ CVE-2021-23974 (The DOMParser API did not properly process '<noscript>' el - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974 CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video context ...) - {DSA-4866-1 DSA-4862-1 DLA-2575-1} + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 @@ -8788,7 +8924,7 @@ CVE-2021-23970 (Context-specific code was included in a shared jump table; resul - firefox 86.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970 CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when creating a ...) - {DSA-4866-1 DSA-4862-1 DLA-2575-1} + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 @@ -8796,7 +8932,7 @@ CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when crea NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969 CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full destinat ...) - {DSA-4866-1 DSA-4862-1 DLA-2575-1} + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} - firefox 86.0-1 - firefox-esr 78.8.0esr-1 - thunderbird 1:78.8.0-1 @@ -12826,8 +12962,8 @@ CVE-2021-22116 RESERVED CVE-2021-22115 RESERVED -CVE-2021-22114 - RESERVED +CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...) + TODO: check CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...) NOT-FOR-US: Spring Cloud Netflix Zuul CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...) @@ -61177,7 +61313,7 @@ CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix) -CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...) +CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...) NOT-FOR-US: Apple/Google Exposure Notification API CVE-2020-13701 RESERVED @@ -73513,8 +73649,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...) - apache-spark <itp> (bug #802194) -CVE-2020-9479 - RESERVED +CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to ...) NOT-FOR-US: Apache AsterixDB CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) - libvirt 6.0.0-2 (low; bug #953078) @@ -77435,8 +77570,8 @@ CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template pr NOT-FOR-US: JFrog Artifactory CVE-2020-7930 RESERVED -CVE-2020-7929 - RESERVED +CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...) + TODO: check CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...) - mongodb <removed> [stretch] - mongodb <not-affected> (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3b0b17bac3ec888624b509145666418e19c017 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3b0b17bac3ec888624b509145666418e19c017 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits