Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b3b0b17 by security tracker role at 2021-03-01T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2021-3418
+ RESERVED
+CVE-2021-27875
+ RESERVED
+CVE-2021-27874
+ RESERVED
+CVE-2021-27873
+ RESERVED
+CVE-2021-27872
+ RESERVED
+CVE-2021-27871
+ RESERVED
+CVE-2021-27870
+ RESERVED
+CVE-2021-27869
+ RESERVED
+CVE-2021-27868
+ RESERVED
+CVE-2021-27867
+ RESERVED
+CVE-2021-27866
+ RESERVED
+CVE-2021-27865
+ RESERVED
+CVE-2021-27864
+ RESERVED
+CVE-2021-27863
+ RESERVED
+CVE-2021-27862
+ RESERVED
+CVE-2021-27861
+ RESERVED
+CVE-2021-27860
+ RESERVED
+CVE-2021-27859
+ RESERVED
+CVE-2021-27858
+ RESERVED
+CVE-2021-27857
+ RESERVED
+CVE-2021-27856
+ RESERVED
+CVE-2021-27855
+ RESERVED
+CVE-2021-27854
+ RESERVED
+CVE-2021-27853
+ RESERVED
+CVE-2021-27852
+ RESERVED
+CVE-2021-27851
+ RESERVED
+CVE-2021-27850
+ RESERVED
+CVE-2021-27849
+ RESERVED
+CVE-2021-27848
+ RESERVED
+CVE-2021-27847
+ RESERVED
+CVE-2021-27846
+ RESERVED
+CVE-2021-27845
+ RESERVED
+CVE-2021-27844
+ RESERVED
+CVE-2021-27843
+ RESERVED
+CVE-2021-27842
+ RESERVED
+CVE-2021-27841
+ RESERVED
+CVE-2021-27840
+ RESERVED
+CVE-2021-27839
+ RESERVED
+CVE-2021-27838
+ RESERVED
+CVE-2021-27837
+ RESERVED
+CVE-2021-27836
+ RESERVED
+CVE-2021-27835
+ RESERVED
+CVE-2021-27834
+ RESERVED
+CVE-2021-27833
+ RESERVED
+CVE-2021-27832
+ RESERVED
+CVE-2021-27831
+ RESERVED
+CVE-2021-27830
+ RESERVED
+CVE-2021-27829
+ RESERVED
+CVE-2021-27828
+ RESERVED
+CVE-2021-27827
+ RESERVED
+CVE-2021-27826
+ RESERVED
+CVE-2021-27825
+ RESERVED
+CVE-2021-27824
+ RESERVED
+CVE-2021-27823
+ RESERVED
+CVE-2021-27822
+ RESERVED
+CVE-2021-27821
+ RESERVED
+CVE-2021-27820
+ RESERVED
+CVE-2021-27819
+ RESERVED
+CVE-2021-27818
+ RESERVED
+CVE-2021-27817
+ RESERVED
+CVE-2021-27816
+ RESERVED
+CVE-2021-27815
+ RESERVED
+CVE-2021-27814
+ RESERVED
+CVE-2021-27813
+ RESERVED
+CVE-2021-27812
+ RESERVED
+CVE-2021-27811
+ RESERVED
+CVE-2021-27810
+ RESERVED
+CVE-2021-27809
+ RESERVED
+CVE-2021-27808
+ RESERVED
CVE-2021-27807
RESERVED
CVE-2021-27806
@@ -3376,8 +3514,8 @@ CVE-2018-25006
RESERVED
CVE-2018-25005
RESERVED
-CVE-2018-25004
- RESERVED
+CVE-2018-25004 (A user authorized to performing a specific type of query may
trigger a ...)
+ TODO: check
CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt
version 1.9. ...)
[experimental] - libgcrypt20 1.9.1-1 (bug #981370)
- libgcrypt20 <not-affected> (Only affected 1.9)
@@ -3500,8 +3638,8 @@ CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the
GoDaddy node-config-shield
NOT-FOR-US: GoDaddy node-config-shield
CVE-2021-26275
RESERVED
-CVE-2020-36240
- RESERVED
+CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version
4.0.4, a ...)
+ TODO: check
CVE-2020-36239
RESERVED
CVE-2020-36238
@@ -4352,8 +4490,8 @@ CVE-2021-25916
RESERVED
CVE-2021-25915
RESERVED
-CVE-2021-25914
- RESERVED
+CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider'
versions 1.0.0 ...)
+ TODO: check
CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version
1.0.0 throug ...)
NOT-FOR-US: Node set-or-get
CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1
through 0. ...)
@@ -4787,16 +4925,16 @@ CVE-2021-25835 (Cosmos Network Ethermint <= v0.4.0
is affected by a cross-cha
NOT-FOR-US: Cosmos Network Ethermint
CVE-2021-25834 (Cosmos Network Ethermint <= v0.4.0 is affected by a
transaction rep ...)
NOT-FOR-US: Cosmos Network Ethermint
-CVE-2021-25833
- RESERVED
-CVE-2021-25832
- RESERVED
-CVE-2021-25831
- RESERVED
-CVE-2021-25830
- RESERVED
-CVE-2021-25829
- RESERVED
+CVE-2021-25833 (A file extension handling issue was found in [server] module
of ONLYOF ...)
+ TODO: check
+CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image
processing wa ...)
+ TODO: check
+CVE-2021-25831 (A file extension handling issue was found in [core] module of
ONLYOFFI ...)
+ TODO: check
+CVE-2021-25830 (A file extension handling issue was found in [core] module of
ONLYOFFI ...)
+ TODO: check
+CVE-2021-25829 (An improper binary stream data handling issue was found in the
[core] ...)
+ TODO: check
CVE-2021-25828
RESERVED
CVE-2021-25827
@@ -5865,8 +6003,7 @@ CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows
remote attackers to cause a
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
CVE-2021-3180
RESERVED
-CVE-2021-25329
- RESERVED
+CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache
Tomcat 10. ...)
- tomcat9 9.0.43-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -6406,8 +6543,7 @@ CVE-2021-25124 (The Baseboard Management Controller(BMC)
in HPE Cloudline CL5800
NOT-FOR-US: HPE
CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
NOT-FOR-US: HPE
-CVE-2021-25122
- RESERVED
+CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat
versions ...)
- tomcat9 9.0.43-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -8751,7 +8887,7 @@ CVE-2021-23979 (Mozilla developers reported memory safety
bugs present in Firefo
- firefox 86.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
CVE-2021-23978 (Mozilla developers reported memory safety bugs present in
Firefox 85 a ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -8771,7 +8907,7 @@ CVE-2021-23974 (The DOMParser API did not properly
process '<noscript>' el
- firefox 86.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video
context ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -8788,7 +8924,7 @@ CVE-2021-23970 (Context-specific code was included in a
shared jump table; resul
- firefox 86.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when
creating a ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -8796,7 +8932,7 @@ CVE-2021-23969 (As specified in the W3C Content Security
Policy draft, when crea
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full
destinat ...)
- {DSA-4866-1 DSA-4862-1 DLA-2575-1}
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird 1:78.8.0-1
@@ -12826,8 +12962,8 @@ CVE-2021-22116
RESERVED
CVE-2021-22115
RESERVED
-CVE-2021-22114
- RESERVED
+CVE-2021-22114 (Addresses partial fix in CVE-2018-1263.
Spring-integration-zip, versio ...)
+ TODO: check
CVE-2021-22113 (Applications using the “Sensitive Headers”
functionality i ...)
NOT-FOR-US: Spring Cloud Netflix Zuul
CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to
5.3.8.RELEASE, 5. ...)
@@ -61177,7 +61313,7 @@ CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows
guest OS users to trigger an
NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb
(regression fix)
NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17
(regression fix)
NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79
(regression fix)
-CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the
Apple/Goog ...)
+CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google
Exposure Not ...)
NOT-FOR-US: Apple/Google Exposure Notification API
CVE-2020-13701
RESERVED
@@ -73513,8 +73649,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to
7.1.9, and 8.0.0 to 8.0.6 is
NOTE:
https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource
manager's mas ...)
- apache-spark <itp> (bug #802194)
-CVE-2020-9479
- RESERVED
+CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow
files to ...)
NOT-FOR-US: Apache AsterixDB
CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the
holding of a ...)
- libvirt 6.0.0-2 (low; bug #953078)
@@ -77435,8 +77570,8 @@ CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x,
insecure FreeMarker template pr
NOT-FOR-US: JFrog Artifactory
CVE-2020-7930
RESERVED
-CVE-2020-7929
- RESERVED
+CVE-2020-7929 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
CVE-2020-7928 (A user authorized to perform database queries may trigger a
read overr ...)
- mongodb <removed>
[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3b0b17bac3ec888624b509145666418e19c017
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b3b0b17bac3ec888624b509145666418e19c017
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
