Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e945a9bb by security tracker role at 2021-04-20T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2161,8 +2161,8 @@ CVE-2021-30498
NOTE: https://github.com/cacalabs/libcaca/issues/53
CVE-2021-30497
RESERVED
-CVE-2021-30496
- RESERVED
+CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated
users to ca ...)
+ TODO: check
CVE-2021-30495
RESERVED
CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse
3 softw ...)
@@ -2276,8 +2276,8 @@ CVE-2021-30466
RESERVED
CVE-2021-30465
RESERVED
-CVE-2021-30464
- RESERVED
+CVE-2021-30464 (OMICRON StationGuard before 1.10 allows remote attackers to
cause a de ...)
+ TODO: check
CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges
by creati ...)
NOT-FOR-US: VestaCP
CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate
privileges ...)
@@ -3427,6 +3427,7 @@ CVE-2021-29947
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947
CVE-2021-29946
RESERVED
+ {DSA-4895-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -3435,6 +3436,7 @@ CVE-2021-29946
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946
CVE-2021-29945
RESERVED
+ {DSA-4895-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -4516,8 +4518,8 @@ CVE-2021-29461
RESERVED
CVE-2021-29460
RESERVED
-CVE-2021-29459
- RESERVED
+CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed> (bug #987277)
[buster] - exiv2 <no-dsa> (Minor issue)
@@ -5227,8 +5229,7 @@ CVE-2021-29157
RESERVED
CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the
Webfinger ...)
NOT-FOR-US: ForgeRock OpenAM
-CVE-2021-29155
- RESERVED
+CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x.
kernel/bpf ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4
CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have
incorrect c ...)
@@ -5983,12 +5984,12 @@ CVE-2021-27851 [Local privilege escalation via
guix-daemon and --keep-failed]
NOTE: Neutralised by kernel hardening (fs.protected_hardlinks = 1)
CVE-2021-28830
RESERVED
-CVE-2021-28829
- RESERVED
-CVE-2021-28828
- RESERVED
-CVE-2021-28827
- RESERVED
+CVE-2021-28829 (The Administration GUI component of TIBCO Software Inc.'s
TIBCO Admini ...)
+ TODO: check
+CVE-2021-28828 (The Administration GUI component of TIBCO Software Inc.'s
TIBCO Admini ...)
+ TODO: check
+CVE-2021-28827 (The Administration GUI component of TIBCO Software Inc.'s
TIBCO Admini ...)
+ TODO: check
CVE-2021-28826 (The Windows Installation component of TIBCO Software Inc.'s
TIBCO Mess ...)
NOT-FOR-US: TIBCO
CVE-2021-28825 (The Windows Installation component of TIBCO Software Inc.'s
TIBCO Mess ...)
@@ -6055,8 +6056,8 @@ CVE-2021-28795
RESERVED
CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual
Studio Co ...)
NOT-FOR-US: ShellCheck extension for Visual Studio Code
-CVE-2021-28793
- RESERVED
+CVE-2021-28793 (vscode-restructuredtext before 146.0.0 contains an incorrect
access co ...)
+ TODO: check
CVE-2021-28792 (The unofficial Swift Development Environment extension before
2.12.1 f ...)
NOT-FOR-US: Swift Development Environment extension for Visual Studio
Code
CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual
Studio Co ...)
@@ -6729,8 +6730,8 @@ CVE-2021-3444 (The bpf verifier in the Linux kernel did
not properly handle mod3
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3
NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2
-CVE-2021-28492
- RESERVED
+CVE-2021-28492 (Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before
5.1.017.0, an ...)
+ TODO: check
CVE-2021-28491
RESERVED
CVE-2021-28490
@@ -7451,8 +7452,7 @@ CVE-2021-28158
RESERVED
CVE-2021-28157 (An SQL Injection issue in Devolutions Server before 2021.1 and
Devolut ...)
NOT-FOR-US: Devolutions Server
-CVE-2021-28156
- RESERVED
+CVE-2021-28156 (HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit
log can be ...)
- consul <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950492
NOTE: https://github.com/hashicorp/consul/pull/10030
@@ -13587,12 +13587,12 @@ CVE-2021-25683
CVE-2021-25682
RESERVED
NOT-FOR-US: Apport
-CVE-2021-25681
- RESERVED
-CVE-2021-25680
- RESERVED
-CVE-2021-25679
- RESERVED
+CVE-2021-25681 (** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager
10.8.1 s ...)
+ TODO: check
+CVE-2021-25680 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone
Manager soft ...)
+ TODO: check
+CVE-2021-25679 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone
Manager soft ...)
+ TODO: check
CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products.
They do ...)
NOT-FOR-US: Xerox
CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via
a crafte ...)
@@ -17223,6 +17223,7 @@ CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x,
and 1.5.x through 1.5.2,
NOTE:
https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
CVE-2021-24002
RESERVED
+ {DSA-4895-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17239,6 +17240,7 @@ CVE-2021-24000
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000
CVE-2021-23999
RESERVED
+ {DSA-4895-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17247,6 +17249,7 @@ CVE-2021-23999
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
CVE-2021-23998
RESERVED
+ {DSA-4895-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17263,6 +17266,7 @@ CVE-2021-23996
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996
CVE-2021-23995
RESERVED
+ {DSA-4895-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17271,6 +17275,7 @@ CVE-2021-23995
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995
CVE-2021-23994
RESERVED
+ {DSA-4895-1}
- firefox 88.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -17426,6 +17431,7 @@ CVE-2021-23962 (Incorrect use of the
'<RowCountChanged>' method could have
- firefox 85.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962
CVE-2021-23961 (Further techniques that built on the slipstream research
combined with ...)
+ {DSA-4895-1}
- firefox 85.0-1
- firefox-esr 78.10.0esr-1
- thunderbird 1:78.10.0-1
@@ -22688,8 +22694,8 @@ CVE-2021-21528
RESERVED
CVE-2021-21527
RESERVED
-CVE-2021-21526
- RESERVED
+CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege
escalation in ...)
+ TODO: check
CVE-2021-21525
RESERVED
CVE-2021-21524 (Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior
to 4.5. ...)
@@ -26637,8 +26643,8 @@ CVE-2021-20455
RESERVED
CVE-2021-20454
RESERVED
-CVE-2021-20453
- RESERVED
+CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is
vulnerable to a ...)
+ TODO: check
CVE-2021-20452
RESERVED
CVE-2021-20451
@@ -28149,8 +28155,8 @@ CVE-2021-20025
RESERVED
CVE-2021-20024
RESERVED
-CVE-2021-20023
- RESERVED
+CVE-2021-20023 (SonicWall Email Security version 10.0.9.x contains a
vulnerability tha ...)
+ TODO: check
CVE-2021-20022 (SonicWall Email Security version 10.0.9.x contains a
vulnerability tha ...)
NOT-FOR-US: SonicWall
CVE-2021-20021 (A vulnerability in the SonicWall Email Security version
10.0.9.x allow ...)
@@ -28583,8 +28589,8 @@ CVE-2020-35315
RESERVED
CVE-2020-35314
RESERVED
-CVE-2020-35313
- RESERVED
+CVE-2020-35313 (A server-side request forgery (SSRF) vulnerability in the
addCustomThe ...)
+ TODO: check
CVE-2020-35312
RESERVED
CVE-2020-35311
@@ -32529,7 +32535,7 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and
19.x before 19.07.5 may enc
CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior
to KART 4 ...)
NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART)
CVE-2020-36193 (Tar.php in Archive_Tar through 1.4.11 allows write operations
with Dir ...)
- {DLA-2621-1 DLA-2530-1}
+ {DSA-4894-1 DLA-2621-1 DLA-2530-1}
- drupal7 <removed>
- php-pear 1:1.10.12+submodules+notgz+20210212-1 (bug #980428)
NOTE:
https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
@@ -34480,8 +34486,8 @@ CVE-2021-1081
RESERVED
CVE-2021-1080
RESERVED
-CVE-2021-1079
- RESERVED
+CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains
a vuln ...)
+ TODO: check
CVE-2021-1078
RESERVED
CVE-2021-1077
@@ -42392,8 +42398,8 @@ CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA
versions prior to 5.0.4.0
NOT-FOR-US: EMC
CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00
contain a ...)
NOT-FOR-US: EMC
-CVE-2020-26197
- RESERVED
+CVE-2020-26197 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider
inabilit ...)
+ TODO: check
CVE-2020-26196 (Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a
Backup/Restor ...)
NOT-FOR-US: EMC
CVE-2020-26195 (Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain
an issu ...)
@@ -43144,8 +43150,7 @@ CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0
to 3.0.13, the BLIP protoc
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16866
CVE-2020-25865
RESERVED
-CVE-2020-25864
- RESERVED
+CVE-2020-25864 (HashiCorp Consul and Consul Enterprise up to version 1.9.4
key-value ( ...)
- consul <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950275
NOTE: https://github.com/hashicorp/consul/pull/10023
@@ -69312,8 +69317,8 @@ CVE-2020-14107
RESERVED
CVE-2020-14106 (The application in the mobile phone can unauthorized access to
the lis ...)
NOT-FOR-US: Xiaomi
-CVE-2020-14105
- RESERVED
+CVE-2020-14105 (The application in the mobile phone can read the SNO
information of th ...)
+ TODO: check
CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error
on Xiao ...)
NOT-FOR-US: Xiaomi
CVE-2020-14103 (The application in the mobile phone can read the SNO
information of th ...)
@@ -87085,8 +87090,8 @@ CVE-2020-7858
RESERVED
CVE-2020-7857
RESERVED
-CVE-2020-7856
- RESERVED
+CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated
attacker to ...)
+ TODO: check
CVE-2020-7855
RESERVED
CVE-2020-7854
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e945a9bb4fad2ac6868669fa2fe7079525c0228f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e945a9bb4fad2ac6868669fa2fe7079525c0228f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
