Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2dc45ec8 by security tracker role at 2021-03-09T20:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,67 @@ +CVE-2021-3426 + RESERVED +CVE-2021-3425 + RESERVED +CVE-2021-28108 + RESERVED +CVE-2021-28107 + RESERVED +CVE-2021-28106 + RESERVED +CVE-2021-28105 + RESERVED +CVE-2021-28104 + RESERVED +CVE-2021-28103 + RESERVED +CVE-2021-28102 + RESERVED +CVE-2021-28101 + RESERVED +CVE-2021-28100 + RESERVED +CVE-2021-28099 + RESERVED +CVE-2020-36276 + RESERVED +CVE-2020-36275 + RESERVED +CVE-2020-36274 + RESERVED +CVE-2020-36273 + RESERVED +CVE-2020-36272 + RESERVED +CVE-2020-36271 + RESERVED +CVE-2020-36270 + RESERVED +CVE-2020-36269 + RESERVED +CVE-2020-36268 + RESERVED +CVE-2020-36267 + RESERVED +CVE-2020-36266 + RESERVED +CVE-2020-36265 + RESERVED +CVE-2020-36264 + RESERVED +CVE-2020-36263 + RESERVED +CVE-2020-36262 + RESERVED +CVE-2020-36261 + RESERVED +CVE-2020-36260 + RESERVED +CVE-2020-36259 + RESERVED +CVE-2020-36258 + RESERVED +CVE-2020-36257 + RESERVED CVE-2021-28098 RESERVED CVE-2021-28097 @@ -194,8 +258,8 @@ CVE-2021-28008 RESERVED CVE-2021-28007 RESERVED -CVE-2021-28006 - RESERVED +CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...) + TODO: check CVE-2021-28005 RESERVED CVE-2021-28004 @@ -786,8 +850,8 @@ CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_suppli NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3 NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt NOTE: https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch -CVE-2021-3417 - RESERVED +CVE-2021-3417 (An internal product security audit of LXCO, prior to version 1.2.2, di ...) + TODO: check CVE-2021-3416 [net: infinite loop in loopback mode may lead to stack overflow] RESERVED - qemu <unfixed> (bug #984448) @@ -1091,24 +1155,24 @@ CVE-2021-27594 RESERVED CVE-2021-27593 RESERVED -CVE-2021-27592 - RESERVED -CVE-2021-27591 - RESERVED -CVE-2021-27590 - RESERVED -CVE-2021-27589 - RESERVED -CVE-2021-27588 - RESERVED -CVE-2021-27587 - RESERVED -CVE-2021-27586 - RESERVED -CVE-2021-27585 - RESERVED -CVE-2021-27584 - RESERVED +CVE-2021-27592 (When a user opens manipulated Universal 3D (.U3D) files received from ...) + TODO: check +CVE-2021-27591 (When a user opens manipulated Portable Document Format (.PDF) format f ...) + TODO: check +CVE-2021-27590 (When a user opens manipulated Tag Image File Format (.TIFF) format fil ...) + TODO: check +CVE-2021-27589 (When a user opens manipulated Scalable Vector Graphics (.SVG) format f ...) + TODO: check +CVE-2021-27588 (When a user opens manipulated HPGL format files received from untruste ...) + TODO: check +CVE-2021-27587 (When a user opens manipulated Jupiter Tessellation (.JT) format files ...) + TODO: check +CVE-2021-27586 (When a user opens manipulated Interchange File Format (.IFF) format fi ...) + TODO: check +CVE-2021-27585 (When a user opens manipulated Computer Graphics Metafile (.CGM) format ...) + TODO: check +CVE-2021-27584 (When a user opens manipulated PhotoShop Document (.PSD) format files r ...) + TODO: check CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) NOT-FOR-US: Directus CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...) @@ -5018,8 +5082,8 @@ CVE-2021-25917 RESERVED CVE-2021-25916 RESERVED -CVE-2021-25915 - RESERVED +CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...) + TODO: check CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...) NOT-FOR-US: object-collider CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...) @@ -10827,10 +10891,10 @@ CVE-2021-23355 RESERVED CVE-2021-23354 RESERVED -CVE-2021-23353 - RESERVED -CVE-2021-23352 - RESERVED +CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...) + TODO: check +CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to specify ...) + TODO: check CVE-2021-23351 (The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable ...) TODO: check CVE-2021-23350 @@ -15482,8 +15546,8 @@ CVE-2019-25001 (An issue was discovered in the serde_cbor crate before 0.10.2 fo NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0025.html CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5.0 for ...) NOT-FOR-US: libpulse-binding rust crate -CVE-2021-21493 - RESERVED +CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...) + TODO: check CVE-2021-21492 RESERVED CVE-2021-21491 @@ -15492,24 +15556,24 @@ CVE-2021-21490 RESERVED CVE-2021-21489 RESERVED -CVE-2021-21488 - RESERVED -CVE-2021-21487 - RESERVED -CVE-2021-21486 - RESERVED +CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allow ...) + TODO: check +CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary authorizati ...) + TODO: check +CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...) + TODO: check CVE-2021-21485 RESERVED -CVE-2021-21484 - RESERVED +CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...) + TODO: check CVE-2021-21483 RESERVED CVE-2021-21482 RESERVED -CVE-2021-21481 - RESERVED -CVE-2021-21480 - RESERVED +CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...) + TODO: check +CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...) + TODO: check CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...) NOT-FOR-US: SAP CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...) @@ -16271,8 +16335,8 @@ CVE-2021-21371 RESERVED CVE-2021-21370 RESERVED -CVE-2021-21369 - RESERVED +CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...) + TODO: check CVE-2021-21368 RESERVED CVE-2021-21367 @@ -16447,8 +16511,8 @@ CVE-2021-21297 (Node-Red is a low-code programming for event-driven applications TODO: check CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...) NOT-FOR-US: Fleet -CVE-2021-21295 - RESERVED +CVE-2021-21295 (Netty is an open-source, asynchronous event-driven network application ...) + TODO: check CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...) NOT-FOR-US: Http4s CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...) @@ -16715,131 +16779,99 @@ CVE-2021-21192 RESERVED CVE-2021-21191 RESERVED -CVE-2021-21190 - RESERVED +CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21189 - RESERVED +CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome prior to ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21188 - RESERVED +CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21187 - RESERVED +CVE-2021-21187 (Insufficient data validation in URL formatting in Google Chrome prior ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21186 - RESERVED +CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google Chrome on iOS ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21185 - RESERVED +CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21184 - RESERVED +CVE-2021-21184 (Inappropriate implementation in performance APIs in Google Chrome prio ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21183 - RESERVED +CVE-2021-21183 (Inappropriate implementation in performance APIs in Google Chrome prio ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21182 - RESERVED +CVE-2021-21182 (Insufficient policy enforcement in navigations in Google Chrome prior ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21181 - RESERVED +CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome prior to ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21180 - RESERVED +CVE-2021-21180 (Use after free in tab search in Google Chrome prior to 89.0.4389.72 al ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21179 - RESERVED +CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux prior to ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21178 - RESERVED +CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome on Linux ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21177 - RESERVED +CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21176 - RESERVED +CVE-2021-21176 (Inappropriate implementation in full screen mode in Google Chrome prio ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21175 - RESERVED +CVE-2021-21175 (Inappropriate implementation in Site isolation in Google Chrome prior ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21174 - RESERVED +CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome prior to 89. ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21173 - RESERVED +CVE-2021-21173 (Side-channel information leakage in Network Internals in Google Chrome ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21172 - RESERVED +CVE-2021-21172 (Insufficient policy enforcement in File System API in Google Chrome on ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21171 - RESERVED +CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google Chrome on A ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21170 - RESERVED +CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21169 - RESERVED +CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389. ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21168 - RESERVED +CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome prior to ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21167 - RESERVED +CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 all ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21166 - RESERVED +CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21165 - RESERVED +CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21164 - RESERVED +CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome on iOS ...) - chromium <not-affected> (MacOS specific) -CVE-2021-21163 - RESERVED +CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome on iOS pr ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21162 - RESERVED +CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowe ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21161 - RESERVED +CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21160 - RESERVED +CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.7 ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21159 - RESERVED +CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) - chromium 89.0.4389.82-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2021-21158 @@ -18750,8 +18782,8 @@ CVE-2021-20343 RESERVED CVE-2021-20342 RESERVED -CVE-2021-20341 - RESERVED +CVE-2021-20341 (IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potenti ...) + TODO: check CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2021-20339 @@ -18883,33 +18915,32 @@ CVE-2021-20278 RESERVED CVE-2021-20277 RESERVED -CVE-2021-20276 - RESERVED +CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory access with ...) + {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d -CVE-2021-20275 - RESERVED +CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of size two ...) + {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521 -CVE-2021-20274 - RESERVED +CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due a NUL ...) - privoxy 3.0.32-1 [buster] - privoxy <not-affected> (Vulnerable code introduced later) [stretch] - privoxy <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=85817cc55b9829e6c20db40d3a93b8380618463d -CVE-2021-20273 - RESERVED +CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur via a cra ...) + {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058 -CVE-2021-20272 - RESERVED +CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure could ...) + {DLA-2587-1} - privoxy 3.0.32-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 @@ -18923,8 +18954,7 @@ CVE-2021-20270 NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333 CVE-2021-20269 RESERVED -CVE-2021-20268 - RESERVED +CVE-2021-20268 (An out-of-bounds access flaw was found in the Linux kernel's implement ...) - linux 5.10.12-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -18943,15 +18973,13 @@ CVE-2021-20265 [increase slab leak leads to DoS] NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3) CVE-2021-20264 RESERVED -CVE-2021-20263 - RESERVED +CVE-2021-20263 (A flaw was found in the virtio-fs shared file system daemon (virtiofsd ...) - qemu <unfixed> [buster] - qemu <not-affected> (Introduced in 5.2.0) [stretch] - qemu <not-affected> (Introduced in 5.2.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933668 NOTE: Introduced in https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a -CVE-2021-20262 - RESERVED +CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication does not o ...) NOT-FOR-US: Keycloak CVE-2021-20261 RESERVED @@ -18978,8 +19006,7 @@ CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion] NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 CVE-2021-20254 RESERVED -CVE-2021-20253 - RESERVED +CVE-2021-20253 (A flaw was found in ansible-tower. The default installation is vulnera ...) NOT-FOR-US: Ansible Tower CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2. The 3sca ...) NOT-FOR-US: Red Hat 3scale API Management @@ -18997,32 +19024,28 @@ CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations [buster] - isync <no-dsa> (Minor issue) [stretch] - isync <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1 -CVE-2021-20246 [Division by zero in ScaleResampleFilter in MagickCore/resample.c] - RESERVED +CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...) - imagemagick <unfixed> [buster] - imagemagick <ignored> (Minor issue) [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74 -CVE-2021-20245 [Division by zero in WriteAnimatedWEBPImage() in coders/webp.c] - RESERVED +CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...) - imagemagick <unfixed> [buster] - imagemagick <ignored> (Minor issue) [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca -CVE-2021-20244 [Division by zero in ImplodeImage in MagickCore/visual-effects.c] - RESERVED +CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...) - imagemagick <unfixed> [buster] - imagemagick <ignored> (Minor issue) [stretch] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d NOTE: In IM6 the code seems to be in magick/fx.c -CVE-2021-20243 [Division by zero in GetResizeFilterWeight in MagickCore/resize.c] - RESERVED +CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...) - imagemagick <undetermined> [buster] - imagemagick <ignored> (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193 @@ -19030,8 +19053,7 @@ CVE-2021-20243 [Division by zero in GetResizeFilterWeight in MagickCore/resize.c TODO: check CVE-2021-20242 REJECTED -CVE-2021-20241 [Division by zero in WriteJP2Image() in coders/jp2.c] - RESERVED +CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...) - imagemagick <unfixed> [buster] - imagemagick <ignored> (Minor issue) [stretch] - imagemagick <ignored> (Minor issue) @@ -20061,8 +20083,8 @@ CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature i NOT-FOR-US: HashiCorp Vault CVE-2020-35452 RESERVED -CVE-2020-35451 - RESERVED +CVE-2020-35451 (There is a race condition in OozieSharelibCLI in Apache Oozie before v ...) + TODO: check CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler fo ...) - gobby 0.6.0~20201227~b98f4d2-1 (bug #978446) [buster] - gobby <no-dsa> (Minor issue) @@ -23830,7 +23852,7 @@ CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force NOT-FOR-US: cPanel CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter injectio ...) NOT-FOR-US: cPanel -CVE-2020-29134 (TOTVS Fluig Luke 1.7.0 allows directory traversal via a base64 encoded ...) +CVE-2020-29134 (TOTVS Fluig Platform allows directory traversal via a base64 encoded i ...) NOT-FOR-US: TOTVS Fluig Luke CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal ...) NOT-FOR-US: Coremail XT @@ -28764,8 +28786,8 @@ CVE-2020-28152 RESERVED CVE-2020-28151 RESERVED -CVE-2020-28150 - RESERVED +CVE-2020-28150 (I-Net Software Clear Reports 20.10.136 web application accepts a user- ...) + TODO: check CVE-2020-28149 RESERVED CVE-2020-28148 @@ -31632,8 +31654,8 @@ CVE-2020-27227 RESERVED CVE-2020-27226 RESERVED -CVE-2020-27225 - RESERVED +CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help Subsyst ...) + TODO: check CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...) NOT-FOR-US: Eclipse Theia CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...) @@ -35485,7 +35507,7 @@ CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124 CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...) - wildfly <itp> (bug #752018) -CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel’s ...) +CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel's GPU No ...) - linux 5.10.19-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -77212,10 +77234,10 @@ CVE-2020-8359 RESERVED CVE-2020-8358 RESERVED -CVE-2020-8357 - RESERVED -CVE-2020-8356 - RESERVED +CVE-2020-8357 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...) + TODO: check +CVE-2020-8356 (An internal product security audit of LXCO, prior to version 1.2.2, di ...) + TODO: check CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...) @@ -171986,11 +172008,11 @@ CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for NOT-FOR-US: Atlassian Sourcetree CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS all versio ...) NOT-FOR-US: Fortinet FortiOS -CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5. ...) +CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 ...) NOT-FOR-US: Fortinet FortiOS CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6 ...) NOT-FOR-US: Fortinet FortiOS -CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5. ...) +CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0. ...) NOT-FOR-US: Fortinet FortiOS CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...) NOT-FOR-US: Fortinet FortiOS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dc45ec8bd2d7930a7ca6dff632fa5ff195d52e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dc45ec8bd2d7930a7ca6dff632fa5ff195d52e0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits