Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
adc0edfb by security tracker role at 2021-03-08T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2021-3424
+ RESERVED
+CVE-2021-28091
+ RESERVED
+CVE-2021-28090
+ RESERVED
+CVE-2021-28089
+ RESERVED
+CVE-2020-36256
+ RESERVED
CVE-2021-XXXX [Arbitrary file read/write without permissions]
- flatpak 1.10.1-4
NOTE: https://github.com/flatpak/flatpak/issues/4146
@@ -1864,8 +1874,8 @@ CVE-2021-27224 (The WPG plugin before 3.1.0.0 for
IrfanView 4.57 has a user-mode
NOT-FOR-US: WPG plugin for IrfanView
CVE-2021-27223
RESERVED
-CVE-2021-27222
- RESERVED
+CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote
authenticat ...)
+ TODO: check
CVE-2021-27221
RESERVED
CVE-2021-27220
@@ -2878,8 +2888,8 @@ CVE-2021-26790
RESERVED
CVE-2021-26789
RESERVED
-CVE-2021-26788
- RESERVED
+CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is
affected b ...)
+ TODO: check
CVE-2021-26787
RESERVED
CVE-2021-26786
@@ -10827,7 +10837,7 @@ CVE-2021-23341 (The package prismjs before 1.23.0 are
vulnerable to Regular Expr
NOTE: https://github.com/PrismJS/prism/issues/2583
CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local
FIle In ...)
NOT-FOR-US: Pimcore
-CVE-2021-23339 (This affects all versions of package
com.typesafe.akka:akka-http-core. ...)
+CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to
10.2.4 of ...)
NOT-FOR-US: com.typesafe.akka:akka-http-core
CVE-2021-23338 (This affects all versions of package qlib. The workflow
function in cl ...)
NOT-FOR-US: qlib
@@ -16329,18 +16339,18 @@ CVE-2021-21330 (aiohttp is an asynchronous HTTP
client/server framework for asyn
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
NOTE:
https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25
NOTE:
https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b
-CVE-2021-21329
- RESERVED
+CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security
Capture t ...)
+ TODO: check
CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version
4.40.1, th ...)
NOT-FOR-US: Vapor
-CVE-2021-21327
- RESERVED
-CVE-2021-21326
- RESERVED
-CVE-2021-21325
- RESERVED
-CVE-2021-21324
- RESERVED
+CVE-2021-21327 (GLPI is an open-source asset and IT management software
package that p ...)
+ TODO: check
+CVE-2021-21326 (GLPI is an open-source asset and IT management software
package that p ...)
+ TODO: check
+CVE-2021-21325 (GLPI is an open-source asset and IT management software
package that p ...)
+ TODO: check
+CVE-2021-21324 (GLPI is an open-source asset and IT management software
package that p ...)
+ TODO: check
CVE-2021-21323 (Brave is an open source web browser with a focus on privacy
and securi ...)
- brave-browser <itp> (bug #864795)
CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin
for pro ...)
@@ -29699,7 +29709,7 @@ CVE-2020-27818 (A flaw was found in the
check_chunk_name() function of pngcheck-
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
NOTE: Patch applied in Fedora:
https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
CVE-2020-27817
- RESERVED
+ REJECTED
CVE-2020-27816 (The elasticsearch-operator does not validate the namespace
where kiban ...)
NOT-FOR-US: OpenShift Elasticsearch operator
CVE-2020-27815
@@ -34616,7 +34626,7 @@ CVE-2020-25904
RESERVED
CVE-2020-25903
RESERVED
-CVE-2020-25902 (Blackboard Collaborate Ultra 20.02 is affected by a cross-site
scripti ...)
+CVE-2020-25902 (** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected
by a cro ...)
NOT-FOR-US: Blackboard Collaborate Ultra
CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the
attacker to r ...)
NOT-FOR-US: Spiceworks
@@ -39160,8 +39170,8 @@ CVE-2020-23969
RESERVED
CVE-2020-23968 (Ilex International Sign&go Workstation Security Suite 7.1
allows e ...)
NOT-FOR-US: Ilex International Sign&go Workstation Security Suite
-CVE-2020-23967
- RESERVED
+CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of
privilege ...)
+ TODO: check
CVE-2020-23966
RESERVED
CVE-2020-23965
@@ -86053,8 +86063,8 @@ CVE-2020-5016
RESERVED
CVE-2020-5015
RESERVED
-CVE-2020-5014
- RESERVED
+CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local
attacker with ...)
+ TODO: check
CVE-2020-5013
RESERVED
CVE-2020-5012
@@ -86275,8 +86285,8 @@ CVE-2020-4905 (IBM Financial Transaction Manager for
SWIFT Services for Multipla
NOT-FOR-US: IBM
CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for
Multiplatform ...)
NOT-FOR-US: IBM
-CVE-2020-4903
- RESERVED
+CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has
intercep ...)
+ TODO: check
CVE-2020-4902
RESERVED
CVE-2020-4901
@@ -86694,8 +86704,8 @@ CVE-2020-4697 (IBM Jazz Foundation products are
vulnerable to cross-site scripti
NOT-FOR-US: IBM
CVE-2020-4696 (IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate
session a ...)
NOT-FOR-US: IBM
-CVE-2020-4695
- RESERVED
+CVE-2020-4695 (IBM API Connect V10 is impacted by insecure communications
during data ...)
+ TODO: check
CVE-2020-4694
RESERVED
CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10
and 8. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc0edfb5f7f24da7f1237b33753af32aa35555d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc0edfb5f7f24da7f1237b33753af32aa35555d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
