Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a073941 by security tracker role at 2021-02-01T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2021-3386
+ RESERVED
+CVE-2021-3385
+ RESERVED
+CVE-2021-3384
+ RESERVED
+CVE-2021-3383
+ RESERVED
+CVE-2021-3382
+ RESERVED
+CVE-2021-3381
+ RESERVED
+CVE-2021-3380
+ RESERVED
+CVE-2021-26548
+ RESERVED
+CVE-2021-26547
+ RESERVED
+CVE-2021-26546
+ RESERVED
+CVE-2021-26545
+ RESERVED
+CVE-2021-26544
+ RESERVED
+CVE-2021-26543
+ RESERVED
+CVE-2021-26542
+ RESERVED
+CVE-2021-26541
+ RESERVED
+CVE-2021-26540
+ RESERVED
+CVE-2021-26539
+ RESERVED
CVE-2021-3379
RESERVED
CVE-2021-3378
@@ -1266,12 +1300,13 @@ CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE
8.x through 10.x before
NOT-FOR-US: TI Code Composer Studio IDE
CVE-2021-3284
RESERVED
-CVE-2021-3283
- RESERVED
-CVE-2021-3282
- RESERVED
+CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java
task d ...)
+ TODO: check
+CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the
`remove-peer` ...)
+ TODO: check
CVE-2021-3281
RESERVED
+ {DLA-2540-1}
- python-django 2:2.2.18-1 (bug #981562)
NOTE:
https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
NOTE:
https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23
(master)
@@ -5888,7 +5923,7 @@ CVE-2021-23965
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
CVE-2021-23964
RESERVED
- {DSA-4842-1 DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5909,7 +5944,7 @@ CVE-2021-23961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
CVE-2021-23960
RESERVED
- {DSA-4842-1 DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5938,7 +5973,7 @@ CVE-2021-23955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
CVE-2021-23954
RESERVED
- {DSA-4842-1 DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5947,7 +5982,7 @@ CVE-2021-23954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
CVE-2021-23953
RESERVED
- {DSA-4842-1 DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -7273,8 +7308,8 @@ CVE-2021-23332
RESERVED
CVE-2021-23331
RESERVED
-CVE-2021-23330
- RESERVED
+CVE-2021-23330 (All versions of package launchpad are vulnerable to Command
Injection ...)
+ TODO: check
CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable
to Protot ...)
TODO: check
CVE-2021-23328 (This affects all versions of package iniparserjs. This
vulnerability r ...)
@@ -8683,8 +8718,8 @@ CVE-2020-36161 (An issue was discovered in Veritas APTARE
10.4 before 10.4P9 and
NOT-FOR-US: Veritas
CVE-2020-36160 (An issue was discovered in Veritas System Recovery before
21.2. On sta ...)
NOT-FOR-US: Veritas
-CVE-2021-3024
- RESERVED
+CVE-2021-3024 (HashiCorp Vault and Vault Enterprise disclosed the internal IP
address ...)
+ TODO: check
CVE-2021-3023
RESERVED
CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10
softwa ...)
@@ -11208,8 +11243,8 @@ CVE-2020-36111
RESERVED
CVE-2020-36110
RESERVED
-CVE-2020-36109
- RESERVED
+CVE-2020-36109 (ASUS RT-AX86U router firmware below version under 9.0.0.4_386
has a bu ...)
+ TODO: check
CVE-2020-36108
RESERVED
CVE-2020-36107
@@ -12751,10 +12786,10 @@ CVE-2021-21289
RESERVED
CVE-2021-21288
RESERVED
-CVE-2021-21287
- RESERVED
-CVE-2021-21286
- RESERVED
+CVE-2021-21287 (MinIO is a High Performance Object Storage released under
Apache Licen ...)
+ TODO: check
+CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It
is simi ...)
+ TODO: check
CVE-2021-21285
RESERVED
CVE-2021-21284
@@ -12771,10 +12806,10 @@ CVE-2021-21279
RESERVED
CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed
generat ...)
NOT-FOR-US: RSSHub
-CVE-2021-21277
- RESERVED
-CVE-2021-21276
- RESERVED
+CVE-2021-21277 (angular-expressions is "angular's nicest part extracted as a
standalon ...)
+ TODO: check
+CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version
2.3.0, a ...)
+ TODO: check
CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request
Forgery (CSR ...)
NOT-FOR-US: MediaWiki Report extention
CVE-2021-21274
@@ -12793,8 +12828,8 @@ CVE-2021-21268
RESERVED
CVE-2021-21267
RESERVED
-CVE-2021-21266
- RESERVED
+CVE-2021-21266 (openHAB is a vendor and technology agnostic open source
automation sof ...)
+ TODO: check
CVE-2021-21265
RESERVED
CVE-2021-21264
@@ -22431,8 +22466,8 @@ CVE-2020-28428
RESERVED
CVE-2020-28427
RESERVED
-CVE-2020-28426
- RESERVED
+CVE-2020-28426 (All versions of package kill-process-on-port are vulnerable to
Command ...)
+ TODO: check
CVE-2020-28425
RESERVED
CVE-2020-28424
@@ -24472,8 +24507,8 @@ CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2
and 1.18.x before 1.18.3
NOTE:
https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
CVE-2020-28195
RESERVED
-CVE-2020-28194
- RESERVED
+CVE-2020-28194 (Variable underflow exists in accel-ppp radius/packet.c when
receiving ...)
+ TODO: check
CVE-2020-28193
RESERVED
CVE-2020-28192
@@ -27952,7 +27987,7 @@ CVE-2020-26977 (By attempting to connect a website
using an unresponsive port, a
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was
a servic ...)
- {DSA-4842-1 DSA-4840-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2539-1}
- firefox 84.0-1
- firefox-esr 78.7.0esr-1
- thunderbird 1:78.7.0-1
@@ -31414,8 +31449,8 @@ CVE-2020-25595 (An issue was discovered in Xen through
4.14.x. The PCI passthrou
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-337.html
-CVE-2020-25594
- RESERVED
+CVE-2020-25594 (HashiCorp Vault and Vault Enterprise allowed for enumeration
of Secret ...)
+ TODO: check
CVE-2020-25593
RESERVED
CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly
validates eauth ...)
@@ -34339,8 +34374,8 @@ CVE-2020-24273
RESERVED
CVE-2020-24272
RESERVED
-CVE-2020-24271
- RESERVED
+CVE-2020-24271 (A CSRF vulnerability was discovered in EasyCMS v1.6 that can
add an ad ...)
+ TODO: check
CVE-2020-24270
RESERVED
CVE-2020-24269
@@ -40548,16 +40583,16 @@ CVE-2020-21182
RESERVED
CVE-2020-21181
RESERVED
-CVE-2020-21180
- RESERVED
-CVE-2020-21179
- RESERVED
+CVE-2020-21180 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote
attackers ...)
+ TODO: check
+CVE-2020-21179 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote
attackers ...)
+ TODO: check
CVE-2020-21178
RESERVED
CVE-2020-21177
RESERVED
-CVE-2020-21176
- RESERVED
+CVE-2020-21176 (SQL injection vulnerability in the model.increment and
model.decrement ...)
+ TODO: check
CVE-2020-21175
RESERVED
CVE-2020-21174
@@ -42324,26 +42359,26 @@ CVE-2020-20298 (Eval injection vulnerability in the
parserCommom method in the P
NOT-FOR-US: zzzphp
CVE-2020-20297
RESERVED
-CVE-2020-20296
- RESERVED
-CVE-2020-20295
- RESERVED
-CVE-2020-20294
- RESERVED
+CVE-2020-20296 (An issue was found in CMSWing project version 1.3.8, Because
the recha ...)
+ TODO: check
+CVE-2020-20295 (An issue was found in CMSWing project version 1.3.8. Because
the updat ...)
+ TODO: check
+CVE-2020-20294 (An issue was found in CMSWing project version 1.3.8. Because
the log f ...)
+ TODO: check
CVE-2020-20293
RESERVED
CVE-2020-20292
RESERVED
CVE-2020-20291
RESERVED
-CVE-2020-20290
- RESERVED
-CVE-2020-20289
- RESERVED
+CVE-2020-20290 (Directory traversal vulnerability in the yccms 3.3 project.
The delete ...)
+ TODO: check
+CVE-2020-20289 (Sql injection vulnerability in the yccms 3.3 project. The
no_top funct ...)
+ TODO: check
CVE-2020-20288
RESERVED
-CVE-2020-20287
- RESERVED
+CVE-2020-20287 (Unrestricted file upload vulnerability in the yccms 3.3
project. The x ...)
+ TODO: check
CVE-2020-20286
RESERVED
CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can
inject ...)
@@ -58155,12 +58190,12 @@ CVE-2020-13566
RESERVED
CVE-2020-13565
RESERVED
-CVE-2020-13564
- RESERVED
-CVE-2020-13563
- RESERVED
-CVE-2020-13562
- RESERVED
+CVE-2020-13564 (A cross-site scripting vulnerability exists in the template
functional ...)
+ TODO: check
+CVE-2020-13563 (A cross-site scripting vulnerability exists in the template
functional ...)
+ TODO: check
+CVE-2020-13562 (A cross-site scripting vulnerability exists in the template
functional ...)
+ TODO: check
CVE-2020-13561
RESERVED
CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine
of Foxi ...)
@@ -70520,7 +70555,7 @@ CVE-2020-9322
RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and
TraefikEE 2.0. ...)
NOT-FOR-US: Traefik
-CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass
via a ...)
+CVE-2020-9320 (** DISPUTED ** Avira AV Engine before 8.3.54.138 allows
virus-detectio ...)
NOT-FOR-US: Avira
CVE-2020-9319
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a073941623eae8daeeb88fe25838ddc07acd9ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a073941623eae8daeeb88fe25838ddc07acd9ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
