Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5cd7ea07 by security tracker role at 2021-03-26T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,27 @@ +CVE-2021-3471 + RESERVED +CVE-2021-3470 + RESERVED +CVE-2021-3469 + RESERVED +CVE-2021-3468 + RESERVED +CVE-2021-29262 + RESERVED +CVE-2021-29261 + RESERVED +CVE-2021-29260 + RESERVED +CVE-2021-29259 + RESERVED CVE-2021-29258 RESERVED CVE-2021-29257 RESERVED CVE-2021-29256 RESERVED -CVE-2021-29255 - RESERVED +CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...) + TODO: check CVE-2021-29254 RESERVED CVE-2021-29253 @@ -2165,14 +2181,14 @@ CVE-2021-28252 RESERVED CVE-2021-28251 RESERVED -CVE-2021-28250 - RESERVED -CVE-2021-28249 - RESERVED -CVE-2021-28248 - RESERVED -CVE-2021-28247 - RESERVED +CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + TODO: check +CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + TODO: check +CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + TODO: check +CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + TODO: check CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) NOT-FOR-US: CA eHealth Performance Manager CVE-2021-28245 @@ -7869,8 +7885,8 @@ CVE-2021-3277 RESERVED CVE-2021-3276 RESERVED -CVE-2021-3275 - RESERVED +CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...) + TODO: check CVE-2021-3274 RESERVED CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...) @@ -9127,14 +9143,14 @@ CVE-2021-25374 RESERVED CVE-2021-25373 RESERVED -CVE-2021-25372 - RESERVED -CVE-2021-25371 - RESERVED -CVE-2021-25370 - RESERVED -CVE-2021-25369 - RESERVED +CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...) + TODO: check +CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...) + TODO: check +CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...) + TODO: check +CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...) + TODO: check CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...) NOT-FOR-US: Samsung CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...) @@ -12130,7 +12146,7 @@ CVE-2021-23988 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988 CVE-2021-23987 RESERVED - {DSA-4876-1 DSA-4874-1 DLA-2607-1} + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 @@ -12147,7 +12163,7 @@ CVE-2021-23985 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985 CVE-2021-23984 RESERVED - {DSA-4876-1 DSA-4874-1 DLA-2607-1} + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 @@ -12160,7 +12176,7 @@ CVE-2021-23983 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983 CVE-2021-23982 RESERVED - {DSA-4876-1 DSA-4874-1 DLA-2607-1} + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 @@ -12169,7 +12185,7 @@ CVE-2021-23982 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982 CVE-2021-23981 RESERVED - {DSA-4876-1 DSA-4874-1 DLA-2607-1} + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} - firefox 87.0-1 - firefox-esr 78.9.0esr-1 - thunderbird 1:78.9.0-1 @@ -12457,12 +12473,12 @@ CVE-2021-23892 RESERVED CVE-2021-23891 RESERVED -CVE-2021-23890 - RESERVED -CVE-2021-23889 - RESERVED -CVE-2021-23888 - RESERVED +CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...) + TODO: check +CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) + TODO: check +CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...) + TODO: check CVE-2021-23887 RESERVED CVE-2021-23886 @@ -13846,8 +13862,8 @@ CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XS NOT-FOR-US: Concrete5 CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...) NOT-FOR-US: PrestaShop -CVE-2021-3109 - RESERVED +CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...) + TODO: check CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) NOT-FOR-US: MERCUSYS Mercury X18G devices CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) @@ -14526,8 +14542,8 @@ CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS v TODO: check CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...) NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 -CVE-2021-22886 - RESERVED +CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...) + TODO: check CVE-2021-22885 RESERVED CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...) @@ -15456,8 +15472,8 @@ CVE-2021-22508 RESERVED CVE-2021-22507 RESERVED -CVE-2021-22506 - RESERVED +CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...) + TODO: check CVE-2021-22505 RESERVED CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...) @@ -16143,8 +16159,7 @@ CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 all [stretch] - wireshark <not-affected> (Affected code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2021-01.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124 -CVE-2021-22172 - RESERVED +CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...) [experimental] - gitlab 13.6.6-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ @@ -18356,8 +18371,8 @@ CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, all NOT-FOR-US: SAP CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...) NOT-FOR-US: SAP -CVE-2020-35856 - RESERVED +CVE-2020-35856 (SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by ...) + TODO: check CVE-2020-35855 RESERVED CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...) @@ -18981,8 +18996,8 @@ CVE-2021-21405 RESERVED CVE-2021-21404 RESERVED -CVE-2021-21403 - RESERVED +CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...) + TODO: check CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...) NOT-FOR-US: Jellyfin CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...) @@ -20833,20 +20848,20 @@ CVE-2021-20685 RESERVED CVE-2021-20684 RESERVED -CVE-2021-20683 - RESERVED -CVE-2021-20682 - RESERVED -CVE-2021-20681 - RESERVED +CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...) + TODO: check +CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...) + TODO: check +CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...) + TODO: check CVE-2021-20680 RESERVED CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...) NOT-FOR-US: Fuji CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...) NOT-FOR-US: Paid Memberships Pro -CVE-2021-20677 - RESERVED +CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...) + TODO: check CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) NOT-FOR-US: M-System CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) @@ -21630,8 +21645,7 @@ CVE-2021-20291 RESERVED CVE-2021-20290 RESERVED -CVE-2021-20289 - RESERVED +CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...) NOT-FOR-US: Keycloak CVE-2021-20288 RESERVED @@ -21642,13 +21656,11 @@ CVE-2021-20286 (A flaw was found in libnbd 1.7.3. An assertion failure in nbd_un NOTE: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/2216190ecbbd853648df6a3280c17b345b0907a0 (v1.6.2) NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 (v1.7.3) -CVE-2021-20285 [Illegal memory access in canPack function in p_lx_elf.cpp] - RESERVED +CVE-2021-20285 (A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ...) - upx-ucl <unfixed> (unimportant) NOTE: https://github.com/upx/upx/issues/421 NOTE: https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c -CVE-2021-20284 - RESERVED +CVE-2021-20284 (A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...) - binutils <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931 NOTE: binutils not covered by security support @@ -21704,8 +21716,7 @@ CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b -CVE-2021-20271 - RESERVED +CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...) - rpm <unfixed> (bug #985308) [bullseye] - rpm <no-dsa> (Minor issue) [buster] - rpm <no-dsa> (Minor issue) @@ -22081,8 +22092,7 @@ CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a NOTE: ahead of time CVE-2021-20198 (A flaw was found in the OpenShift Installer before version v0.9.0-mast ...) NOT-FOR-US: OpenShift -CVE-2021-20197 - RESERVED +CVE-2021-20197 (There is an open race window when writing output in the following util ...) [experimental] - binutils 2.35.50.20201209-1 - binutils <unfixed> (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26945 @@ -22108,8 +22118,7 @@ CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher tha [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1912683 NOTE: https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.re...@liblor.ch/#23921223 -CVE-2021-20193 [Memory leak in read_header() in list.c] - RESERVED +CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...) - tar 1.34+dfsg-1 (unimportant; bug #980525) NOTE: https://savannah.gnu.org/bugs/?59897 NOTE: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 @@ -22492,8 +22501,7 @@ CVE-2020-35519 [buster] - linux 4.19.171-1 [stretch] - linux 4.9.258-1 NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/17 -CVE-2020-35518 [Information disclosure during the binding of a DN] - RESERVED +CVE-2020-35518 (When binding against a DN during authentication, the reply from 389-ds ...) - 389-ds-base 1.4.4.10-1 [buster] - 389-ds-base <not-affected> (Vulnerable code introduced later) [stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later) @@ -22537,8 +22545,7 @@ CVE-2020-35510 CVE-2020-35509 RESERVED NOT-FOR-US: Keycloak -CVE-2020-35508 - RESERVED +CVE-2020-35508 (A flaw possibility of race condition and incorrect initialization of t ...) - linux 5.9.9-1 [buster] - linux 4.19.160-1 [stretch] - linux 4.9.246-1 @@ -24936,6 +24943,7 @@ CVE-2021-1871 RESERVED CVE-2021-1870 RESERVED + {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.6-1 @@ -25078,6 +25086,7 @@ CVE-2021-1802 RESERVED CVE-2021-1801 RESERVED + {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.6-1 @@ -25086,6 +25095,7 @@ CVE-2021-1800 RESERVED CVE-2021-1799 RESERVED + {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.6-1 @@ -25110,6 +25120,7 @@ CVE-2021-1790 RESERVED CVE-2021-1789 RESERVED + {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.6-1 @@ -25162,6 +25173,7 @@ CVE-2021-1766 RESERVED CVE-2021-1765 RESERVED + {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.6-1 @@ -25289,6 +25301,7 @@ CVE-2020-29624 RESERVED CVE-2020-29623 RESERVED + {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.6-1 @@ -25925,14 +25938,14 @@ CVE-2021-1631 RESERVED CVE-2021-1630 RESERVED -CVE-2021-1629 - RESERVED -CVE-2021-1628 - RESERVED -CVE-2021-1627 - RESERVED -CVE-2021-1626 - RESERVED +CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...) + TODO: check +CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...) + TODO: check +CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...) + TODO: check +CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...) + TODO: check CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in ...) NOT-FOR-US: Invision Community CVE-2020-29476 @@ -27696,8 +27709,8 @@ CVE-2020-28697 RESERVED CVE-2020-28696 RESERVED -CVE-2020-28695 - RESERVED +CVE-2020-28695 (Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices ...) + TODO: check CVE-2020-28694 RESERVED CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an ...) @@ -32127,6 +32140,7 @@ CVE-2020-27920 CVE-2020-27919 RESERVED CVE-2020-27918 (A use after free issue was addressed with improved memory management. ...) + {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.30.6-1 @@ -32555,8 +32569,7 @@ CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2] [stretch] - linux <not-affected> (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/1 NOTE: https://git.kernel.org/linus/f0992098cadb4c9c6a00703b66cafe604e178fea -CVE-2020-27829 [heap buffer overflow in coders/tiff.c] - RESERVED +CVE-2020-27829 (A heap based buffer overflow in coders/tiff.c may result in program cr ...) - imagemagick 8:6.9.11.57+dfsg-1 [stretch] - imagemagick <not-affected> (vulnerable code was introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0 @@ -37688,8 +37701,8 @@ CVE-2020-25842 (The encryption function of NHIServiSignAdapter fail to verify th NOT-FOR-US: NHIServiSignAdapter CVE-2020-25841 RESERVED -CVE-2020-25840 - RESERVED +CVE-2020-25840 (Cross-Site scripting vulnerability in Micro Focus Access Manager produ ...) + TODO: check CVE-2020-25839 (NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected b ...) NOT-FOR-US: NetIQ Identity Manager CVE-2020-25838 (Unauthorized disclosure of sensitive information vulnerability in Micr ...) @@ -50834,10 +50847,10 @@ CVE-2020-19628 RESERVED CVE-2020-19627 RESERVED -CVE-2020-19626 - RESERVED -CVE-2020-19625 - RESERVED +CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...) + TODO: check +CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...) + TODO: check CVE-2020-19624 RESERVED CVE-2020-19623 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd7ea07caff1b9823728f12cb6dc4cb81f89b22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd7ea07caff1b9823728f12cb6dc4cb81f89b22 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits