Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2dc45ec8 by security tracker role at 2021-03-09T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2021-3426
+ RESERVED
+CVE-2021-3425
+ RESERVED
+CVE-2021-28108
+ RESERVED
+CVE-2021-28107
+ RESERVED
+CVE-2021-28106
+ RESERVED
+CVE-2021-28105
+ RESERVED
+CVE-2021-28104
+ RESERVED
+CVE-2021-28103
+ RESERVED
+CVE-2021-28102
+ RESERVED
+CVE-2021-28101
+ RESERVED
+CVE-2021-28100
+ RESERVED
+CVE-2021-28099
+ RESERVED
+CVE-2020-36276
+ RESERVED
+CVE-2020-36275
+ RESERVED
+CVE-2020-36274
+ RESERVED
+CVE-2020-36273
+ RESERVED
+CVE-2020-36272
+ RESERVED
+CVE-2020-36271
+ RESERVED
+CVE-2020-36270
+ RESERVED
+CVE-2020-36269
+ RESERVED
+CVE-2020-36268
+ RESERVED
+CVE-2020-36267
+ RESERVED
+CVE-2020-36266
+ RESERVED
+CVE-2020-36265
+ RESERVED
+CVE-2020-36264
+ RESERVED
+CVE-2020-36263
+ RESERVED
+CVE-2020-36262
+ RESERVED
+CVE-2020-36261
+ RESERVED
+CVE-2020-36260
+ RESERVED
+CVE-2020-36259
+ RESERVED
+CVE-2020-36258
+ RESERVED
+CVE-2020-36257
+ RESERVED
CVE-2021-28098
RESERVED
CVE-2021-28097
@@ -194,8 +258,8 @@ CVE-2021-28008
RESERVED
CVE-2021-28007
RESERVED
-CVE-2021-28006
- RESERVED
+CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting
(XSS) in ...)
+ TODO: check
CVE-2021-28005
RESERVED
CVE-2021-28004
@@ -786,8 +850,8 @@ CVE-2021-27803 (A vulnerability was discovered in how
p2p/p2p_pd.c in wpa_suppli
NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
NOTE:
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
NOTE:
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
-CVE-2021-3417
- RESERVED
+CVE-2021-3417 (An internal product security audit of LXCO, prior to version
1.2.2, di ...)
+ TODO: check
CVE-2021-3416 [net: infinite loop in loopback mode may lead to stack overflow]
RESERVED
- qemu <unfixed> (bug #984448)
@@ -1091,24 +1155,24 @@ CVE-2021-27594
RESERVED
CVE-2021-27593
RESERVED
-CVE-2021-27592
- RESERVED
-CVE-2021-27591
- RESERVED
-CVE-2021-27590
- RESERVED
-CVE-2021-27589
- RESERVED
-CVE-2021-27588
- RESERVED
-CVE-2021-27587
- RESERVED
-CVE-2021-27586
- RESERVED
-CVE-2021-27585
- RESERVED
-CVE-2021-27584
- RESERVED
+CVE-2021-27592 (When a user opens manipulated Universal 3D (.U3D) files
received from ...)
+ TODO: check
+CVE-2021-27591 (When a user opens manipulated Portable Document Format (.PDF)
format f ...)
+ TODO: check
+CVE-2021-27590 (When a user opens manipulated Tag Image File Format (.TIFF)
format fil ...)
+ TODO: check
+CVE-2021-27589 (When a user opens manipulated Scalable Vector Graphics (.SVG)
format f ...)
+ TODO: check
+CVE-2021-27588 (When a user opens manipulated HPGL format files received from
untruste ...)
+ TODO: check
+CVE-2021-27587 (When a user opens manipulated Jupiter Tessellation (.JT)
format files ...)
+ TODO: check
+CVE-2021-27586 (When a user opens manipulated Interchange File Format (.IFF)
format fi ...)
+ TODO: check
+CVE-2021-27585 (When a user opens manipulated Computer Graphics Metafile
(.CGM) format ...)
+ TODO: check
+CVE-2021-27584 (When a user opens manipulated PhotoShop Document (.PSD) format
files r ...)
+ TODO: check
CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1,
an atta ...)
NOT-FOR-US: Directus
CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the
OpenID Co ...)
@@ -5018,8 +5082,8 @@ CVE-2021-25917
RESERVED
CVE-2021-25916
RESERVED
-CVE-2021-25915
- RESERVED
+CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions
0.0.1 throug ...)
+ TODO: check
CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider'
versions 1.0.0 ...)
NOT-FOR-US: object-collider
CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version
1.0.0 throug ...)
@@ -10827,10 +10891,10 @@ CVE-2021-23355
RESERVED
CVE-2021-23354
RESERVED
-CVE-2021-23353
- RESERVED
-CVE-2021-23352
- RESERVED
+CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible
via the ...)
+ TODO: check
+CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to
specify ...)
+ TODO: check
CVE-2021-23351 (The package github.com/pires/go-proxyproto before 0.5.0 are
vulnerable ...)
TODO: check
CVE-2021-23350
@@ -15482,8 +15546,8 @@ CVE-2019-25001 (An issue was discovered in the
serde_cbor crate before 0.10.2 fo
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0025.html
CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before
2.5.0 for ...)
NOT-FOR-US: libpulse-binding rust crate
-CVE-2021-21493
- RESERVED
+CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format
(.GIF) forma ...)
+ TODO: check
CVE-2021-21492
RESERVED
CVE-2021-21491
@@ -15492,24 +15556,24 @@ CVE-2021-21490
RESERVED
CVE-2021-21489
RESERVED
-CVE-2021-21488
- RESERVED
-CVE-2021-21487
- RESERVED
-CVE-2021-21486
- RESERVED
+CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40,
7.50 allow ...)
+ TODO: check
+CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary
authorizati ...)
+ TODO: check
+CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103,
104, 105, 6 ...)
+ TODO: check
CVE-2021-21485
RESERVED
-CVE-2021-21484
- RESERVED
+CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be
bypassed i ...)
+ TODO: check
CVE-2021-21483
RESERVED
CVE-2021-21482
RESERVED
-CVE-2021-21481
- RESERVED
-CVE-2021-21480
- RESERVED
+CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions
7.10, 7. ...)
+ TODO: check
+CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP
through ...)
+ TODO: check
CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to
inject and ...)
NOT-FOR-US: SAP
CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a
malicious ...)
@@ -16271,8 +16335,8 @@ CVE-2021-21371
RESERVED
CVE-2021-21370
RESERVED
-CVE-2021-21369
- RESERVED
+CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible,
Ethereum clien ...)
+ TODO: check
CVE-2021-21368
RESERVED
CVE-2021-21367
@@ -16447,8 +16511,8 @@ CVE-2021-21297 (Node-Red is a low-code programming for
event-driven applications
TODO: check
CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before
version 3.7.0 ...)
NOT-FOR-US: Fleet
-CVE-2021-21295
- RESERVED
+CVE-2021-21295 (Netty is an open-source, asynchronous event-driven network
application ...)
+ TODO: check
CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala
interface f ...)
NOT-FOR-US: Http4s
CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines,
with a f ...)
@@ -16715,131 +16779,99 @@ CVE-2021-21192
RESERVED
CVE-2021-21191
RESERVED
-CVE-2021-21190
- RESERVED
+CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to
89.0.4389.72 al ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21189
- RESERVED
+CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome
prior to ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21188
- RESERVED
+CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72
allowed ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21187
- RESERVED
+CVE-2021-21187 (Insufficient data validation in URL formatting in Google
Chrome prior ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21186
- RESERVED
+CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google
Chrome on iOS ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21185
- RESERVED
+CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome
prior t ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21184
- RESERVED
+CVE-2021-21184 (Inappropriate implementation in performance APIs in Google
Chrome prio ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21183
- RESERVED
+CVE-2021-21183 (Inappropriate implementation in performance APIs in Google
Chrome prio ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21182
- RESERVED
+CVE-2021-21182 (Insufficient policy enforcement in navigations in Google
Chrome prior ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21181
- RESERVED
+CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome
prior to ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21180
- RESERVED
+CVE-2021-21180 (Use after free in tab search in Google Chrome prior to
89.0.4389.72 al ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21179
- RESERVED
+CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux
prior to ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21178
- RESERVED
+CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome
on Linux ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21177
- RESERVED
+CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome
prior to ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21176
- RESERVED
+CVE-2021-21176 (Inappropriate implementation in full screen mode in Google
Chrome prio ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21175
- RESERVED
+CVE-2021-21175 (Inappropriate implementation in Site isolation in Google
Chrome prior ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21174
- RESERVED
+CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome
prior to 89. ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21173
- RESERVED
+CVE-2021-21173 (Side-channel information leakage in Network Internals in
Google Chrome ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21172
- RESERVED
+CVE-2021-21172 (Insufficient policy enforcement in File System API in Google
Chrome on ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21171
- RESERVED
+CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google
Chrome on A ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21170
- RESERVED
+CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to
89.0.4389.72 ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21169
- RESERVED
+CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to
89.0.4389. ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21168
- RESERVED
+CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome
prior to ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21167
- RESERVED
+CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to
89.0.4389.72 all ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21166
- RESERVED
+CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72
allowed a re ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21165
- RESERVED
+CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72
allowed a re ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21164
- RESERVED
+CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome
on iOS ...)
- chromium <not-affected> (MacOS specific)
-CVE-2021-21163
- RESERVED
+CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome
on iOS pr ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21162
- RESERVED
+CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to
89.0.4389.72 allowe ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21161
- RESERVED
+CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to
89.0.4389.7 ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21160
- RESERVED
+CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to
89.0.4389.7 ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21159
- RESERVED
+CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to
89.0.4389.7 ...)
- chromium 89.0.4389.82-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-21158
@@ -18750,8 +18782,8 @@ CVE-2021-20343
RESERVED
CVE-2021-20342
RESERVED
-CVE-2021-20341
- RESERVED
+CVE-2021-20341 (IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns
potenti ...)
+ TODO: check
CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2021-20339
@@ -18883,33 +18915,32 @@ CVE-2021-20278
RESERVED
CVE-2021-20277
RESERVED
-CVE-2021-20276
- RESERVED
+CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory
access with ...)
+ {DLA-2587-1}
- privoxy 3.0.32-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d
-CVE-2021-20275
- RESERVED
+CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of
size two ...)
+ {DLA-2587-1}
- privoxy 3.0.32-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521
-CVE-2021-20274
- RESERVED
+CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur
due a NUL ...)
- privoxy 3.0.32-1
[buster] - privoxy <not-affected> (Vulnerable code introduced later)
[stretch] - privoxy <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=85817cc55b9829e6c20db40d3a93b8380618463d
-CVE-2021-20273
- RESERVED
+CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur
via a cra ...)
+ {DLA-2587-1}
- privoxy 3.0.32-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
NOTE:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058
-CVE-2021-20272
- RESERVED
+CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion
failure could ...)
+ {DLA-2587-1}
- privoxy 3.0.32-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
@@ -18923,8 +18954,7 @@ CVE-2021-20270
NOTE:
https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
CVE-2021-20269
RESERVED
-CVE-2021-20268
- RESERVED
+CVE-2021-20268 (An out-of-bounds access flaw was found in the Linux kernel's
implement ...)
- linux 5.10.12-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -18943,15 +18973,13 @@ CVE-2021-20265 [increase slab leak leads to DoS]
NOTE:
https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3)
CVE-2021-20264
RESERVED
-CVE-2021-20263
- RESERVED
+CVE-2021-20263 (A flaw was found in the virtio-fs shared file system daemon
(virtiofsd ...)
- qemu <unfixed>
[buster] - qemu <not-affected> (Introduced in 5.2.0)
[stretch] - qemu <not-affected> (Introduced in 5.2.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933668
NOTE: Introduced in
https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a
-CVE-2021-20262
- RESERVED
+CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication
does not o ...)
NOT-FOR-US: Keycloak
CVE-2021-20261
RESERVED
@@ -18978,8 +19006,7 @@ CVE-2021-20255 [net: eepro100: stack overflow via
infinite recursion]
NOTE:
https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
CVE-2021-20254
RESERVED
-CVE-2021-20253
- RESERVED
+CVE-2021-20253 (A flaw was found in ansible-tower. The default installation is
vulnera ...)
NOT-FOR-US: Ansible Tower
CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2.
The 3sca ...)
NOT-FOR-US: Red Hat 3scale API Management
@@ -18997,32 +19024,28 @@ CVE-2021-20247 (A flaw was found in mbsync before
v1.3.5 and v1.4.1. Validations
[buster] - isync <no-dsa> (Minor issue)
[stretch] - isync <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
-CVE-2021-20246 [Division by zero in ScaleResampleFilter in
MagickCore/resample.c]
- RESERVED
+CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An
attacker ...)
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
-CVE-2021-20245 [Division by zero in WriteAnimatedWEBPImage() in coders/webp.c]
- RESERVED
+CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker
who subm ...)
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca
-CVE-2021-20244 [Division by zero in ImplodeImage in
MagickCore/visual-effects.c]
- RESERVED
+CVE-2021-20244 (A flaw was found in ImageMagick in
MagickCore/visual-effects.c. An att ...)
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
NOTE: In IM6 the code seems to be in magick/fx.c
-CVE-2021-20243 [Division by zero in GetResizeFilterWeight in
MagickCore/resize.c]
- RESERVED
+CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An
attacker wh ...)
- imagemagick <undetermined>
[buster] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
@@ -19030,8 +19053,7 @@ CVE-2021-20243 [Division by zero in
GetResizeFilterWeight in MagickCore/resize.c
TODO: check
CVE-2021-20242
REJECTED
-CVE-2021-20241 [Division by zero in WriteJP2Image() in coders/jp2.c]
- RESERVED
+CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker
who submi ...)
- imagemagick <unfixed>
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue)
@@ -20061,8 +20083,8 @@ CVE-2020-35453 (HashiCorp Vault Enterprise’s
Sentinel EGP policy feature i
NOT-FOR-US: HashiCorp Vault
CVE-2020-35452
RESERVED
-CVE-2020-35451
- RESERVED
+CVE-2020-35451 (There is a race condition in OozieSharelibCLI in Apache Oozie
before v ...)
+ TODO: check
CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus
handler fo ...)
- gobby 0.6.0~20201227~b98f4d2-1 (bug #978446)
[buster] - gobby <no-dsa> (Minor issue)
@@ -23830,7 +23852,7 @@ CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be
bypassed via a brute-force
NOT-FOR-US: cPanel
CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter
injectio ...)
NOT-FOR-US: cPanel
-CVE-2020-29134 (TOTVS Fluig Luke 1.7.0 allows directory traversal via a base64
encoded ...)
+CVE-2020-29134 (TOTVS Fluig Platform allows directory traversal via a base64
encoded i ...)
NOT-FOR-US: TOTVS Fluig Luke
CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded
personal ...)
NOT-FOR-US: Coremail XT
@@ -28764,8 +28786,8 @@ CVE-2020-28152
RESERVED
CVE-2020-28151
RESERVED
-CVE-2020-28150
- RESERVED
+CVE-2020-28150 (I-Net Software Clear Reports 20.10.136 web application accepts
a user- ...)
+ TODO: check
CVE-2020-28149
RESERVED
CVE-2020-28148
@@ -31632,8 +31654,8 @@ CVE-2020-27227
RESERVED
CVE-2020-27226
RESERVED
-CVE-2020-27225
- RESERVED
+CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help
Subsyst ...)
+ TODO: check
CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the
Markdown Prev ...)
NOT-FOR-US: Eclipse Theia
CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114
(inclusive), 10.0 ...)
@@ -35485,7 +35507,7 @@ CVE-2020-25641 (A flaw was found in the Linux kernel's
implementation of biovecs
NOTE:
https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where,
Resource a ...)
- wildfly <itp> (bug #752018)
-CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux
kernel’s ...)
+CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux
kernel's GPU No ...)
- linux 5.10.19-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -77212,10 +77234,10 @@ CVE-2020-8359
RESERVED
CVE-2020-8358
RESERVED
-CVE-2020-8357
- RESERVED
-CVE-2020-8356
- RESERVED
+CVE-2020-8357 (A denial of service vulnerability was reported in Lenovo
PCManager, pr ...)
+ TODO: check
+CVE-2020-8356 (An internal product security audit of LXCO, prior to version
1.2.2, di ...)
+ TODO: check
CVE-2020-8355 (An internal product security audit of Lenovo XClarity
Administrator (L ...)
NOT-FOR-US: Lenovo
CVE-2020-8354 (A potential vulnerability in the SMI callback function used in
the Var ...)
@@ -171986,11 +172008,11 @@ CVE-2018-13385 (There was an argument injection
vulnerability in Sourcetree for
NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS
all versio ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4,
5.6.0 to 5. ...)
+CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 through
6.0.4, 5.6.0 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS
6.0.0 to 6 ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to
6.0.4, 5. ...)
+CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0
through 6.0. ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS
6.0.0 t ...)
NOT-FOR-US: Fortinet FortiOS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dc45ec8bd2d7930a7ca6dff632fa5ff195d52e0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dc45ec8bd2d7930a7ca6dff632fa5ff195d52e0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
