[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
96cc63c0 by security tracker role at 2021-03-02T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2021-3420
+       RESERVED
+CVE-2021-27917
+       RESERVED
+CVE-2021-27916
+       RESERVED
+CVE-2021-27915
+       RESERVED
+CVE-2021-27914
+       RESERVED
+CVE-2021-27913
+       RESERVED
+CVE-2021-27912
+       RESERVED
+CVE-2021-27911
+       RESERVED
+CVE-2021-27910
+       RESERVED
+CVE-2021-27909
+       RESERVED
+CVE-2021-27908
+       RESERVED
+CVE-2021-27907
+       RESERVED
+CVE-2021-27906
+       RESERVED
+CVE-2021-27905
+       RESERVED
 CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in 
MISP 2. ...)
        NOT-FOR-US: MISP
 CVE-2021-27903
@@ -36,8 +64,8 @@ CVE-2021-27887
        RESERVED
 CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command 
injection in ...)
        NOT-FOR-US: rakibtg Docker Dashboard
-CVE-2021-27885
-       RESERVED
+CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN 
protect ...)
+       TODO: check
 CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE 
YApi throu ...)
        TODO: check
 CVE-2021-27883
@@ -3008,8 +3036,8 @@ CVE-2021-3386
        RESERVED
 CVE-2021-3385
        RESERVED
-CVE-2021-3384
-       RESERVED
+CVE-2021-3384 (A vulnerability in Stormshield Network Security could allow an 
attacke ...)
+       TODO: check
 CVE-2021-3383
        RESERVED
 CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 
1.13.1 allo ...)
@@ -6044,8 +6072,8 @@ CVE-2021-25332
        RESERVED
 CVE-2021-25331
        RESERVED
-CVE-2021-25330
-       RESERVED
+CVE-2021-25330 (Calling of non-existent provider in MobileWips application 
prior to SM ...)
+       TODO: check
 CVE-2020-36198
        RESERVED
 CVE-2020-36197
@@ -12631,12 +12659,12 @@ CVE-2021-22298 (There is a logic vulnerability in 
Huawei Gauss100 OLTP Product.
        NOT-FOR-US: Huawei
 CVE-2021-22297
        RESERVED
-CVE-2021-22296
-       RESERVED
+CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. 
Local attack ...)
+       TODO: check
 CVE-2021-22295
        RESERVED
-CVE-2021-22294
-       RESERVED
+CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass 
vulnerabi ...)
+       TODO: check
 CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of 
HTTP reque ...)
        NOT-FOR-US: Huawei
 CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 
versions V ...)
@@ -12849,8 +12877,8 @@ CVE-2021-22189
        RESERVED
 CVE-2021-22188
        RESERVED
-CVE-2021-22187
-       RESERVED
+CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions 
of Gitla ...)
+       TODO: check
 CVE-2021-22186
        RESERVED
 CVE-2021-22185
@@ -14246,10 +14274,10 @@ CVE-2021-21516
        RESERVED
 CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a 
Stored Cross ...)
        NOT-FOR-US: EMC
-CVE-2021-21514
-       RESERVED
-CVE-2021-21513
-       RESERVED
+CVE-2021-21514 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 
and prior ...)
+       TODO: check
+CVE-2021-21513 (Dell EMC OpenManage Server Administrator (OMSA) version 9.5 
Microsoft  ...)
+       TODO: check
 CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, 
contains an In ...)
        NOT-FOR-US: EMC
 CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an 
Improper Aut ...)
@@ -15905,6 +15933,7 @@ CVE-2021-21313
 CVE-2021-21312
        RESERVED
 CVE-2021-21311 (Adminer is an open-source database management in a single PHP 
file. In ...)
+       {DLA-2580-1}
        - adminer 4.7.9-1
        NOTE: 
https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
        NOTE: 
https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
 (v4.7.9)
@@ -18469,6 +18498,7 @@ CVE-2021-20234 [Memory leak in client induced by 
malicious server without CURVE/
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123
 CVE-2021-20233
        RESERVED
+       {DSA-4867-1}
        - grub2 2.04-16
 CVE-2021-20232
        RESERVED
@@ -18507,6 +18537,7 @@ CVE-2021-20226 (A use-after-free flaw was found in the 
io_uring in Linux kernel,
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/
 CVE-2021-20225
        RESERVED
+       {DSA-4867-1}
        - grub2 2.04-16
 CVE-2021-20224
        RESERVED
@@ -24291,8 +24322,8 @@ CVE-2020-28659
        RESERVED
 CVE-2020-28658
        RESERVED
-CVE-2020-28657
-       RESERVED
+CVE-2020-28657 (In bPanel 2.0, the administrative ajax endpoints (aka 
ajax/aj_*.php) a ...)
+       TODO: check
 CVE-2020-28656 (The update functionality of the Discover Media infotainment 
system in  ...)
        NOT-FOR-US: 3Discover Media infotainment system in Volkswagen Polo 2019 
vehicles
 CVE-2020-28655
@@ -29215,6 +29246,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in 
versions prior to 1.5.1 in the
        NOTE: Fixed by: 
https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb
 CVE-2020-27779
        RESERVED
+       {DSA-4867-1}
        - grub2 2.04-16
 CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were 
converte ...)
        - poppler 0.85.0-2
@@ -29416,6 +29448,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in 
MagickCore/colorspace-private
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f
 CVE-2020-27749
        RESERVED
+       {DSA-4867-1}
        - grub2 2.04-16
 CVE-2020-27748 [local file inclusion vulnerability]
        RESERVED
@@ -34021,8 +34054,8 @@ CVE-2020-25904
        RESERVED
 CVE-2020-25903
        RESERVED
-CVE-2020-25902
-       RESERVED
+CVE-2020-25902 (Blackboard Collaborate Ultra 20.02 is affected by a cross-site 
scripti ...)
+       TODO: check
 CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the 
attacker to r ...)
        NOT-FOR-US: Spiceworks
 CVE-2020-25900
@@ -34791,6 +34824,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled 
CCS (ChangeCipherSpec) m
        NOTE: Fixed by: 
https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
 CVE-2020-25647
        RESERVED
+       {DSA-4867-1}
        - grub2 2.04-16
 CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. 
openssl_priva ...)
        TODO: check
@@ -34849,6 +34883,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in 
all versions of RESTEasy
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
 CVE-2020-25632
        RESERVED
+       {DSA-4867-1}
        - grub2 2.04-16
 CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 
and 3.7 ...)
        - moodle <removed>
@@ -39454,8 +39489,8 @@ CVE-2020-23520 (imcat 5.2 allows an authenticated file 
upload and consequently r
        NOT-FOR-US: imcat
 CVE-2020-23519
        RESERVED
-CVE-2020-23518
-       RESERVED
+CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo 
Billing - ...)
+       TODO: check
 CVE-2020-23517
        RESERVED
 CVE-2020-23516
@@ -59411,6 +59446,7 @@ CVE-2020-14373 (A use after free was found in 
igc_reloc_struct_ptr() of psi/igc.
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851
 CVE-2020-14372
        RESERVED
+       {DSA-4867-1}
        - grub2 2.04-16
 CVE-2020-14371
        RESERVED
@@ -86021,10 +86057,10 @@ CVE-2020-4728
        RESERVED
 CVE-2020-4727 (IBM InfoSphere Information Server 11.7 could allow a remote 
attacker t ...)
        NOT-FOR-US: IBM
-CVE-2020-4726
-       RESERVED
-CVE-2020-4725
-       RESERVED
+CVE-2020-4726 (The IBM Application Performance Monitoring UI (IBM Cloud APM 
8.1.4) al ...)
+       TODO: check
+CVE-2020-4725 (IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an 
authenticated use ...)
+       TODO: check
 CVE-2020-4724 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local 
attacker t ...)
        NOT-FOR-US: IBM
 CVE-2020-4723 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local 
attacker t ...)
@@ -86035,8 +86071,8 @@ CVE-2020-4721 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 
could allow a local attac
        NOT-FOR-US: IBM
 CVE-2020-4720
        RESERVED
-CVE-2020-4719
-       RESERVED
+CVE-2020-4719 (The IBM Cloud APM 8.1.4 server will issue a DNS request to 
resolve any ...)
+       TODO: check
 CVE-2020-4718 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is 
vulnerabl ...)
        NOT-FOR-US: IBM
 CVE-2020-4717
@@ -93836,8 +93872,8 @@ CVE-2020-1938 (When using the Apache JServ Protocol 
(AJP), care must be taken wh
        NOTE: 
https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645
 (7.0.100)
 CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with 
the user  ...)
        NOT-FOR-US: Apache Kylin
-CVE-2020-1936
-       RESERVED
+CVE-2020-1936 (A cross-site scripting issue was found in Apache Ambari Views. 
This wa ...)
+       TODO: check
 CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 
to 7.0. ...)
        {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
        - tomcat9 9.0.31-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cc63c0519da1223072f5ca05825fa88f732785

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96cc63c0519da1223072f5ca05825fa88f732785
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits