Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: adc0edfb by security tracker role at 2021-03-08T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,13 @@ +CVE-2021-3424 + RESERVED +CVE-2021-28091 + RESERVED +CVE-2021-28090 + RESERVED +CVE-2021-28089 + RESERVED +CVE-2020-36256 + RESERVED CVE-2021-XXXX [Arbitrary file read/write without permissions] - flatpak 1.10.1-4 NOTE: https://github.com/flatpak/flatpak/issues/4146 @@ -1864,8 +1874,8 @@ CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode NOT-FOR-US: WPG plugin for IrfanView CVE-2021-27223 RESERVED -CVE-2021-27222 - RESERVED +CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...) + TODO: check CVE-2021-27221 RESERVED CVE-2021-27220 @@ -2878,8 +2888,8 @@ CVE-2021-26790 RESERVED CVE-2021-26789 RESERVED -CVE-2021-26788 - RESERVED +CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...) + TODO: check CVE-2021-26787 RESERVED CVE-2021-26786 @@ -10827,7 +10837,7 @@ CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expr NOTE: https://github.com/PrismJS/prism/issues/2583 CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...) NOT-FOR-US: Pimcore -CVE-2021-23339 (This affects all versions of package com.typesafe.akka:akka-http-core. ...) +CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of ...) NOT-FOR-US: com.typesafe.akka:akka-http-core CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...) NOT-FOR-US: qlib @@ -16329,18 +16339,18 @@ CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyn NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg NOTE: https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 NOTE: https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b -CVE-2021-21329 - RESERVED +CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security Capture t ...) + TODO: check CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version 4.40.1, th ...) NOT-FOR-US: Vapor -CVE-2021-21327 - RESERVED -CVE-2021-21326 - RESERVED -CVE-2021-21325 - RESERVED -CVE-2021-21324 - RESERVED +CVE-2021-21327 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2021-21326 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2021-21325 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check +CVE-2021-21324 (GLPI is an open-source asset and IT management software package that p ...) + TODO: check CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...) - brave-browser <itp> (bug #864795) CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin for pro ...) @@ -29699,7 +29709,7 @@ CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011 NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch CVE-2020-27817 - RESERVED + REJECTED CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where kiban ...) NOT-FOR-US: OpenShift Elasticsearch operator CVE-2020-27815 @@ -34616,7 +34626,7 @@ CVE-2020-25904 RESERVED CVE-2020-25903 RESERVED -CVE-2020-25902 (Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripti ...) +CVE-2020-25902 (** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cro ...) NOT-FOR-US: Blackboard Collaborate Ultra CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...) NOT-FOR-US: Spiceworks @@ -39160,8 +39170,8 @@ CVE-2020-23969 RESERVED CVE-2020-23968 (Ilex International Sign&go Workstation Security Suite 7.1 allows e ...) NOT-FOR-US: Ilex International Sign&go Workstation Security Suite -CVE-2020-23967 - RESERVED +CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of privilege ...) + TODO: check CVE-2020-23966 RESERVED CVE-2020-23965 @@ -86053,8 +86063,8 @@ CVE-2020-5016 RESERVED CVE-2020-5015 RESERVED -CVE-2020-5014 - RESERVED +CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with ...) + TODO: check CVE-2020-5013 RESERVED CVE-2020-5012 @@ -86275,8 +86285,8 @@ CVE-2020-4905 (IBM Financial Transaction Manager for SWIFT Services for Multipla NOT-FOR-US: IBM CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) NOT-FOR-US: IBM -CVE-2020-4903 - RESERVED +CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has intercep ...) + TODO: check CVE-2020-4902 RESERVED CVE-2020-4901 @@ -86694,8 +86704,8 @@ CVE-2020-4697 (IBM Jazz Foundation products are vulnerable to cross-site scripti NOT-FOR-US: IBM CVE-2020-4696 (IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session a ...) NOT-FOR-US: IBM -CVE-2020-4695 - RESERVED +CVE-2020-4695 (IBM API Connect V10 is impacted by insecure communications during data ...) + TODO: check CVE-2020-4694 RESERVED CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc0edfb5f7f24da7f1237b33753af32aa35555d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc0edfb5f7f24da7f1237b33753af32aa35555d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits