[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 12 Mar 2021 00:10:34 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
37e034d4 by security tracker role at 2021-03-12T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,170 @@
-CVE-2021-28153 [g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION 
creates empty target for dangling symlink]
+CVE-2021-3441
+       RESERVED
+CVE-2021-3440
+       RESERVED
+CVE-2021-3439
+       RESERVED
+CVE-2021-3438
+       RESERVED
+CVE-2021-3437
+       RESERVED
+CVE-2021-3436
+       RESERVED
+CVE-2021-28216
+       RESERVED
+CVE-2021-28215
+       RESERVED
+CVE-2021-28214
+       RESERVED
+CVE-2021-28213
+       RESERVED
+CVE-2021-28212
+       RESERVED
+CVE-2021-28211
+       RESERVED
+CVE-2021-28210
+       RESERVED
+CVE-2021-28209
+       RESERVED
+CVE-2021-28208
+       RESERVED
+CVE-2021-28207
+       RESERVED
+CVE-2021-28206
+       RESERVED
+CVE-2021-28205
+       RESERVED
+CVE-2021-28204
+       RESERVED
+CVE-2021-28203
+       RESERVED
+CVE-2021-28202
+       RESERVED
+CVE-2021-28201
+       RESERVED
+CVE-2021-28200
+       RESERVED
+CVE-2021-28199
+       RESERVED
+CVE-2021-28198
+       RESERVED
+CVE-2021-28197
+       RESERVED
+CVE-2021-28196
+       RESERVED
+CVE-2021-28195
+       RESERVED
+CVE-2021-28194
+       RESERVED
+CVE-2021-28193
+       RESERVED
+CVE-2021-28192
+       RESERVED
+CVE-2021-28191
+       RESERVED
+CVE-2021-28190
+       RESERVED
+CVE-2021-28189
+       RESERVED
+CVE-2021-28188
+       RESERVED
+CVE-2021-28187
+       RESERVED
+CVE-2021-28186
+       RESERVED
+CVE-2021-28185
+       RESERVED
+CVE-2021-28184
+       RESERVED
+CVE-2021-28183
+       RESERVED
+CVE-2021-28182
+       RESERVED
+CVE-2021-28181
+       RESERVED
+CVE-2021-28180
+       RESERVED
+CVE-2021-28179
+       RESERVED
+CVE-2021-28178
+       RESERVED
+CVE-2021-28177
+       RESERVED
+CVE-2021-28176
+       RESERVED
+CVE-2021-28175
+       RESERVED
+CVE-2021-28174
+       RESERVED
+CVE-2021-28173
+       RESERVED
+CVE-2021-28172
+       RESERVED
+CVE-2021-28171
+       RESERVED
+CVE-2021-28170
+       RESERVED
+CVE-2021-28169
+       RESERVED
+CVE-2021-28168
+       RESERVED
+CVE-2021-28167
+       RESERVED
+CVE-2021-28166
+       RESERVED
+CVE-2021-28165
+       RESERVED
+CVE-2021-28164
+       RESERVED
+CVE-2021-28163
+       RESERVED
+CVE-2021-28162
+       RESERVED
+CVE-2021-28161
+       RESERVED
+CVE-2021-28160
+       RESERVED
+CVE-2021-28159
+       RESERVED
+CVE-2021-28158
+       RESERVED
+CVE-2021-28157
+       RESERVED
+CVE-2021-28156
+       RESERVED
+CVE-2021-28155
+       RESERVED
+CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 
4.6.0 all ...)
+       TODO: check
+CVE-2021-28152
+       RESERVED
+CVE-2021-28151
+       RESERVED
+CVE-2021-28150
+       RESERVED
+CVE-2021-28149
+       RESERVED
+CVE-2021-28148
+       RESERVED
+CVE-2021-28147
+       RESERVED
+CVE-2021-28146
+       RESERVED
+CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 
is vuln ...)
+       TODO: check
+CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read 
in pixFew ...)
+       TODO: check
+CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read 
in pixRea ...)
+       TODO: check
+CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read 
in raster ...)
+       TODO: check
+CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read 
in findNe ...)
+       TODO: check
+CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service 
(application crash) ...)
+       TODO: check
+CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based 
buffer overfl ...)
+       TODO: check
+CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When 
g_file_repla ...)
        - glib2.0 2.66.7-2 (bug #984969)
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
 CVE-2021-3435
@@ -21,8 +187,8 @@ CVE-2021-28145
        RESERVED
 CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows 
remote a ...)
        NOT-FOR-US: D-Link
-CVE-2021-28143
-       RESERVED
+CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows 
authenticated  ...)
+       TODO: check
 CVE-2021-28142
        RESERVED
 CVE-2021-28141 (An issue was discovered in Progress Telerik UI for ASP.NET 
AJAX 2021.1 ...)
@@ -1157,10 +1323,10 @@ CVE-2021-27649
        RESERVED
 CVE-2021-27648
        RESERVED
-CVE-2021-27647
-       RESERVED
-CVE-2021-27646
-       RESERVED
+CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core 
in Synolo ...)
+       TODO: check
+CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in 
Synology D ...)
+       TODO: check
 CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka 
glibc o ...)
        - glibc <unfixed> (bug #983479)
        [buster] - glibc <no-dsa> (Minor issue)
@@ -3596,8 +3762,8 @@ CVE-2021-26571 (The Baseboard Management Controller (BMC) 
firmware in HPE Apollo
        NOT-FOR-US: HPE
 CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE 
Apollo 70 Sy ...)
        NOT-FOR-US: HPE
-CVE-2021-26569
-       RESERVED
+CVE-2021-26569 (Race Condition within a Thread vulnerability in 
iscsi_snapshot_comm_co ...)
+       TODO: check
 CVE-2021-26568
        RESERVED
 CVE-2021-26567 (Use of unmaintained third party components vulnerability in 
faad in Sy ...)
@@ -12318,18 +12484,18 @@ CVE-2021-22716
        RESERVED
 CVE-2021-22715
        RESERVED
-CVE-2021-22714
-       RESERVED
-CVE-2021-22713
-       RESERVED
-CVE-2021-22712
-       RESERVED
-CVE-2021-22711
-       RESERVED
-CVE-2021-22710
-       RESERVED
-CVE-2021-22709
-       RESERVED
+CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds 
of a me ...)
+       TODO: check
+CVE-2021-22713 (A CWE-119:Improper restriction of operations within the bounds 
of a me ...)
+       TODO: check
+CVE-2021-22712 (A CWE-119:Improper Restriction of Operations within the Bounds 
of a Me ...)
+       TODO: check
+CVE-2021-22711 (A CWE-119:Improper Restriction of Operations within the Bounds 
of a Me ...)
+       TODO: check
+CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds 
of a Me ...)
+       TODO: check
+CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds 
of a Me ...)
+       TODO: check
 CVE-2021-22708
        RESERVED
 CVE-2021-22707
@@ -18265,8 +18431,8 @@ CVE-2021-20676
        RESERVED
 CVE-2021-20675
        RESERVED
-CVE-2021-20674
-       RESERVED
+CVE-2021-20674 (Untrusted search path vulnerability in Installer of 
MagicConnect Clien ...)
+       TODO: check
 CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of 
GROWI (v4.2 ...)
        NOT-FOR-US: GROWI
 CVE-2021-20672 (Reflected cross-site scripting vulnerability due to 
insufficient verif ...)
@@ -19138,8 +19304,7 @@ CVE-2021-20263 (A flaw was found in the virtio-fs 
shared file system daemon (vir
        NOTE: Introduced in 
https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a
 CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication 
does not o ...)
        NOT-FOR-US: Keycloak
-CVE-2021-20261
-       RESERVED
+CVE-2021-20261 (A race condition was found in the Linux kernels implementation 
of the  ...)
        - linux 4.5.1-1
        NOTE: 
https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932150
@@ -24217,8 +24382,8 @@ CVE-2020-29047 (The wp-hotel-booking plugin through 
1.10.2 for WordPress allows
        NOT-FOR-US: wp-hotel-booking plugin for WordPress
 CVE-2020-29046
        RESERVED
-CVE-2020-29045
-       RESERVED
+CVE-2020-29045 (The food-and-drink-menu plugin through 2.2.0 for WordPress 
allows remo ...)
+       TODO: check
 CVE-2020-29044
        RESERVED
 CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When 
at attac ...)
@@ -37181,10 +37346,10 @@ CVE-2020-24986 (Concrete5 up to and including 8.5.2 
allows Unrestricted Upload o
        NOT-FOR-US: Concrete5
 CVE-2020-24985
        RESERVED
-CVE-2020-24984
-       RESERVED
-CVE-2020-24983
-       RESERVED
+CVE-2020-24984 (An issue was discovered in Quadbase EspressReports ES 7 Update 
9. It a ...)
+       TODO: check
+CVE-2020-24983 (An issue was discovered in Quadbase EspressReports ES 7 Update 
9. An u ...)
+       TODO: check
 CVE-2020-24982
        RESERVED
 CVE-2020-24981 (An Incorrect Access Control vulnerability exists in 
/ucms/chk.php in U ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e034d47fb03234786111ed13a452285260b764

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e034d47fb03234786111ed13a452285260b764
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to