Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3e62d17 by security tracker role at 2021-03-02T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,63 @@
+CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in
MISP 2. ...)
+ TODO: check
+CVE-2021-27903
+ RESERVED
+CVE-2021-27902
+ RESERVED
+CVE-2021-27901 (An issue was discovered on LG mobile devices with Android OS
11 softwa ...)
+ TODO: check
+CVE-2021-27900
+ RESERVED
+CVE-2021-27899
+ RESERVED
+CVE-2021-27898
+ RESERVED
+CVE-2021-27897
+ RESERVED
+CVE-2021-27896
+ RESERVED
+CVE-2021-27895
+ RESERVED
+CVE-2021-27894
+ RESERVED
+CVE-2021-27893
+ RESERVED
+CVE-2021-27892
+ RESERVED
+CVE-2021-27891
+ RESERVED
+CVE-2021-27890
+ RESERVED
+CVE-2021-27889
+ RESERVED
+CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a
drop-off ...)
+ TODO: check
+CVE-2021-27887
+ RESERVED
+CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command
injection in ...)
+ TODO: check
+CVE-2021-27885
+ RESERVED
+CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE
YApi throu ...)
+ TODO: check
+CVE-2021-27883
+ RESERVED
+CVE-2021-27882
+ RESERVED
+CVE-2021-27881
+ RESERVED
+CVE-2021-27880
+ RESERVED
+CVE-2021-27879
+ RESERVED
+CVE-2021-27878 (An issue was discovered in Veritas Backup Exec before 21.2.
The commun ...)
+ TODO: check
+CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It
support ...)
+ TODO: check
+CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2.
The commun ...)
+ TODO: check
CVE-2021-3419 [net: rtl8139: stack-based buffer overflow induced by infinite
recursion issue]
+ RESERVED
- qemu <unfixed>
NOTE: https://bugs.launchpad.net/qemu/+bug/1910826
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg00010.html
@@ -146,8 +205,8 @@ CVE-2021-27806
RESERVED
CVE-2021-27805
RESERVED
-CVE-2021-27804
- RESERVED
+CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory
corruption. ...)
+ TODO: check
CVE-2021-27802
RESERVED
CVE-2021-27801
@@ -308,10 +367,10 @@ CVE-2021-27733
RESERVED
CVE-2021-27732
RESERVED
-CVE-2021-27731
- RESERVED
-CVE-2021-27730
- RESERVED
+CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS
via a cra ...)
+ TODO: check
+CVE-2021-27730 (Accellion FTA 9_12_432 and earlier is affected by argument
injection v ...)
+ TODO: check
CVE-2021-27729
RESERVED
CVE-2021-27728
@@ -1191,10 +1250,10 @@ CVE-2021-27320
RESERVED
CVE-2021-27319
RESERVED
-CVE-2021-27318
- RESERVED
-CVE-2021-27317
- RESERVED
+CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in
Doctor Ap ...)
+ TODO: check
+CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in
Doctor Ap ...)
+ TODO: check
CVE-2021-27316
RESERVED
CVE-2021-27315
@@ -2231,9 +2290,13 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows
attackers to bypass intended acc
NOTE:
https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
NOTE:
https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
CVE-2021-24032 [zstd allows for race-opening files being compressed or
uncompressed]
+ RESERVED
+ {DSA-4859-1 DLA-2573-1}
- libzstd 1.4.8+dfsg-2 (bug #982519)
NOTE: https://github.com/facebook/zstd/issues/2491
CVE-2021-24031 [zstd adds read permissions to files while being compressed or
uncompressed]
+ RESERVED
+ {DSA-4850-1 DLA-2573-1}
- libzstd 1.4.8+dfsg-1 (bug #981404)
NOTE: https://github.com/facebook/zstd/issues/1630
CVE-2021-26852
@@ -2568,12 +2631,12 @@ CVE-2021-26706
RESERVED
CVE-2021-26705
RESERVED
-CVE-2021-26704
- RESERVED
-CVE-2021-26703
- RESERVED
-CVE-2021-26702
- RESERVED
+CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary
commands vi ...)
+ TODO: check
+CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files
and poss ...)
+ TODO: check
+CVE-2021-26702 (EPrints 3.4.2 exposes a reflected XSS opportunity in the
dataset param ...)
+ TODO: check
CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is
unique fr ...)
NOT-FOR-US: Microsoft
CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution
Vulnerab ...)
@@ -3169,10 +3232,10 @@ CVE-2021-26478
RESERVED
CVE-2021-26477
RESERVED
-CVE-2021-26476
- RESERVED
-CVE-2021-26475
- RESERVED
+CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands
via craft ...)
+ TODO: check
+CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a
cgi/cal ...)
+ TODO: check
CVE-2021-26474
RESERVED
CVE-2021-26473
@@ -3534,8 +3597,8 @@ CVE-2021-3347 (An issue was discovered in the Linux
kernel through 5.10.11. PI f
NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
CVE-2021-3343
RESERVED
-CVE-2021-3342
- RESERVED
+CVE-2021-3342 (EPrints 3.4.2 allows remote attackers to read arbitrary files
and poss ...)
+ TODO: check
CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of
DH2i Dx ...)
NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of
Wikindx be ...)
@@ -3588,8 +3651,8 @@ CVE-2021-26295
RESERVED
CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting
(XSS). W ...)
NOT-FOR-US: Open-AudIT
-CVE-2021-3332
- RESERVED
+CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a
protection me ...)
+ TODO: check
CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute
arbitrary pro ...)
NOT-FOR-US: WinSCP
CVE-2021-3330
@@ -6084,14 +6147,14 @@ CVE-2021-25311 (condor_credd in HTCondor before 8.9.11
allows Directory Traversa
NOTE:
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html
CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web
interface on Be ...)
NOT-FOR-US: Belkin Linksys WRT160NL devices
-CVE-2021-25309
- RESERVED
+CVE-2021-25309 (The telnet administrator service running on port 650 on
Gigaset DX600A ...)
+ TODO: check
CVE-2021-25308
RESERVED
CVE-2021-25307
RESERVED
-CVE-2021-25306
- RESERVED
+CVE-2021-25306 (A buffer overflow vulnerability in the AT command interface of
Gigaset ...)
+ TODO: check
CVE-2021-3174
RESERVED
CVE-2021-25305
@@ -14175,12 +14238,12 @@ CVE-2021-21519
RESERVED
CVE-2021-21518
RESERVED
-CVE-2021-21517
- RESERVED
+CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity
Injection ...)
+ TODO: check
CVE-2021-21516
RESERVED
-CVE-2021-21515
- RESERVED
+CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a
Stored Cross ...)
+ TODO: check
CVE-2021-21514
RESERVED
CVE-2021-21513
@@ -15816,12 +15879,12 @@ CVE-2021-21324
RESERVED
CVE-2021-21323 (Brave is an open source web browser with a focus on privacy
and securi ...)
- brave-browser <itp> (bug #864795)
-CVE-2021-21322
- RESERVED
-CVE-2021-21321
- RESERVED
-CVE-2021-21320
- RESERVED
+CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin
for pro ...)
+ TODO: check
+CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin
to forw ...)
+ TODO: check
+CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for
React Jav ...)
+ TODO: check
CVE-2021-21319
RESERVED
CVE-2021-21318 (Opencast is a free, open-source platform to support the
management of ...)
@@ -265250,113 +265313,113 @@ CVE-2016-8162
CVE-2016-8161
RESERVED
CVE-2016-8160
- RESERVED
+ REJECTED
CVE-2016-8159
- RESERVED
+ REJECTED
CVE-2016-8158
- RESERVED
+ REJECTED
CVE-2016-8157
- RESERVED
+ REJECTED
CVE-2016-8156
- RESERVED
+ REJECTED
CVE-2016-8155
- RESERVED
+ REJECTED
CVE-2016-8154
- RESERVED
+ REJECTED
CVE-2016-8153
- RESERVED
+ REJECTED
CVE-2016-8152
- RESERVED
+ REJECTED
CVE-2016-8151
- RESERVED
+ REJECTED
CVE-2016-8150
- RESERVED
+ REJECTED
CVE-2016-8149
- RESERVED
+ REJECTED
CVE-2016-8148
- RESERVED
+ REJECTED
CVE-2016-8147
- RESERVED
+ REJECTED
CVE-2016-8146
- RESERVED
+ REJECTED
CVE-2016-8145
- RESERVED
+ REJECTED
CVE-2016-8144
- RESERVED
+ REJECTED
CVE-2016-8143
- RESERVED
+ REJECTED
CVE-2016-8142
- RESERVED
+ REJECTED
CVE-2016-8141
- RESERVED
+ REJECTED
CVE-2016-8140
- RESERVED
+ REJECTED
CVE-2016-8139
- RESERVED
+ REJECTED
CVE-2016-8138
- RESERVED
+ REJECTED
CVE-2016-8137
- RESERVED
+ REJECTED
CVE-2016-8136
- RESERVED
+ REJECTED
CVE-2016-8135
- RESERVED
+ REJECTED
CVE-2016-8134
- RESERVED
+ REJECTED
CVE-2016-8133
- RESERVED
+ REJECTED
CVE-2016-8132
- RESERVED
+ REJECTED
CVE-2016-8131
- RESERVED
+ REJECTED
CVE-2016-8130
- RESERVED
+ REJECTED
CVE-2016-8129
- RESERVED
+ REJECTED
CVE-2016-8128
- RESERVED
+ REJECTED
CVE-2016-8127
- RESERVED
+ REJECTED
CVE-2016-8126
- RESERVED
+ REJECTED
CVE-2016-8125
- RESERVED
+ REJECTED
CVE-2016-8124
- RESERVED
+ REJECTED
CVE-2016-8123
- RESERVED
+ REJECTED
CVE-2016-8122
- RESERVED
+ REJECTED
CVE-2016-8121
- RESERVED
+ REJECTED
CVE-2016-8120
- RESERVED
+ REJECTED
CVE-2016-8119
- RESERVED
+ REJECTED
CVE-2016-8118
- RESERVED
+ REJECTED
CVE-2016-8117
- RESERVED
+ REJECTED
CVE-2016-8116
- RESERVED
+ REJECTED
CVE-2016-8115
- RESERVED
+ REJECTED
CVE-2016-8114
- RESERVED
+ REJECTED
CVE-2016-8113
- RESERVED
+ REJECTED
CVE-2016-8112
- RESERVED
+ REJECTED
CVE-2016-8111
- RESERVED
+ REJECTED
CVE-2016-8110
- RESERVED
+ REJECTED
CVE-2016-8109
- RESERVED
+ REJECTED
CVE-2016-8108
- RESERVED
+ REJECTED
CVE-2016-8107
- RESERVED
+ REJECTED
CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710
with Non ...)
NOT-FOR-US: Intel driver
CVE-2016-8105 (Drivers for the Intel Ethernet Controller X710 and Intel
Ethernet Cont ...)
@@ -265472,25 +265535,25 @@ CVE-2016-8051
CVE-2016-8050
REJECTED
CVE-2016-8049
- RESERVED
+ REJECTED
CVE-2016-8048
- RESERVED
+ REJECTED
CVE-2016-8047
- RESERVED
+ REJECTED
CVE-2016-8046
- RESERVED
+ REJECTED
CVE-2016-8045
- RESERVED
+ REJECTED
CVE-2016-8044
- RESERVED
+ REJECTED
CVE-2016-8043
- RESERVED
+ REJECTED
CVE-2016-8042
- RESERVED
+ REJECTED
CVE-2016-8041
- RESERVED
+ REJECTED
CVE-2016-8040
- RESERVED
+ REJECTED
CVE-2016-8039
REJECTED
CVE-2016-8038
@@ -265514,7 +265577,7 @@ CVE-2016-8030 (A memory corruption vulnerability in
Scriptscan COM Object in McA
CVE-2016-8029
REJECTED
CVE-2016-8028
- RESERVED
+ REJECTED
CVE-2016-8027 (SQL injection vulnerability in core services in Intel Security
McAfee ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8026 (Arbitrary command execution vulnerability in Intel Security
McAfee Sec ...)
@@ -265540,11 +265603,11 @@ CVE-2016-8017 (Special element injection
vulnerability in Intel Security VirusSc
CVE-2016-8016 (Information exposure in Intel Security VirusScan Enterprise
Linux (VSE ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8015
- RESERVED
+ REJECTED
CVE-2016-8014
- RESERVED
+ REJECTED
CVE-2016-8013
- RESERVED
+ REJECTED
CVE-2016-8012 (Access control vulnerability in Intel Security Data Loss
Prevention En ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8011 (Cross-site scripting vulnerability in Intel Security McAfee
Endpoint S ...)
@@ -265562,13 +265625,13 @@ CVE-2016-8006 (Authentication bypass vulnerability
in Enterprise Security Manage
CVE-2016-8005 (File extension filtering vulnerability in Intel Security McAfee
Email ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8004
- RESERVED
+ REJECTED
CVE-2016-8003
- RESERVED
+ REJECTED
CVE-2016-8002
REJECTED
CVE-2016-8001
- RESERVED
+ REJECTED
CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows
remote at ...)
{DLA-695-1}
- spip 3.1.3-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e62d17a53f475b3a5eac64e8e9246d4ddcd53d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e62d17a53f475b3a5eac64e8e9246d4ddcd53d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
