Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b58f1e37 by security tracker role at 2021-02-02T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2021-3395
+ RESERVED
+CVE-2021-3394
+ RESERVED
+CVE-2021-3393
+ RESERVED
+CVE-2021-3392
+ RESERVED
+CVE-2021-26597
+ RESERVED
+CVE-2021-26596
+ RESERVED
+CVE-2021-26595
+ RESERVED
+CVE-2021-26594
+ RESERVED
+CVE-2021-26593
+ RESERVED
+CVE-2021-26592
+ RESERVED
+CVE-2021-26591
+ RESERVED
+CVE-2021-26590
+ RESERVED
+CVE-2021-26589
+ RESERVED
+CVE-2021-26588
+ RESERVED
+CVE-2021-26587
+ RESERVED
+CVE-2021-26586
+ RESERVED
+CVE-2021-26585
+ RESERVED
+CVE-2021-26584
+ RESERVED
+CVE-2021-26583
+ RESERVED
+CVE-2021-26582
+ RESERVED
+CVE-2021-26581
+ RESERVED
+CVE-2021-26580
+ RESERVED
+CVE-2021-26579
+ RESERVED
+CVE-2021-26578
+ RESERVED
+CVE-2021-26577
+ RESERVED
+CVE-2021-26576
+ RESERVED
+CVE-2021-26575
+ RESERVED
+CVE-2021-26574
+ RESERVED
+CVE-2021-26573
+ RESERVED
+CVE-2021-26572
+ RESERVED
+CVE-2021-26571
+ RESERVED
+CVE-2021-26570
+ RESERVED
+CVE-2021-26569
+ RESERVED
+CVE-2021-26568
+ RESERVED
+CVE-2021-26567
+ RESERVED
+CVE-2021-26566
+ RESERVED
+CVE-2021-26565
+ RESERVED
+CVE-2021-26564
+ RESERVED
+CVE-2021-26563
+ RESERVED
+CVE-2021-26562
+ RESERVED
+CVE-2021-26561
+ RESERVED
+CVE-2021-26560
+ RESERVED
+CVE-2021-26559
+ RESERVED
+CVE-2021-26558
+ RESERVED
+CVE-2019-25018 (In the rcp client in MIT krb5-appl through 1.0.3, malicious
servers co ...)
+ TODO: check
+CVE-2019-25017 (An issue was discovered in rcp in MIT krb5-appl through 1.0.3.
Due to ...)
+ TODO: check
CVE-2021-3391
RESERVED
CVE-2021-3390
@@ -1566,8 +1658,8 @@ CVE-2021-25914
RESERVED
CVE-2021-25913
RESERVED
-CVE-2021-25912
- RESERVED
+CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1
through 0. ...)
+ TODO: check
CVE-2018-25003
RESERVED
CVE-2021-25911
@@ -3134,8 +3226,8 @@ CVE-2021-25311 (condor_credd in HTCondor before 8.9.11
allows Directory Traversa
- condor <undetermined>
NOTE:
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html
TODO: check details, according to advisory, only affects versions
starting at 8.9.7 but details are not clear
-CVE-2021-25310
- RESERVED
+CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web
interface on Be ...)
+ TODO: check
CVE-2021-25309
RESERVED
CVE-2021-25308
@@ -5954,7 +6046,7 @@ CVE-2021-23965
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
CVE-2021-23964
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -5975,7 +6067,7 @@ CVE-2021-23961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
CVE-2021-23960
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -6004,7 +6096,7 @@ CVE-2021-23955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
CVE-2021-23954
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -6013,7 +6105,7 @@ CVE-2021-23954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
CVE-2021-23953
RESERVED
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox-esr 78.7.0esr-1
- firefox 85.0-1
- thunderbird 1:78.7.0-1
@@ -7457,8 +7549,8 @@ CVE-2021-23273
RESERVED
CVE-2021-23272 (The Application Development Clients component of TIBCO
Software Inc.'s ...)
NOT-FOR-US: TIBCO
-CVE-2021-23271
- RESERVED
+CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s
TIBCO EBX ...)
+ TODO: check
CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote
attackers ...)
NOT-FOR-US: Netsia SEBA+
CVE-2021-23270
@@ -12809,22 +12901,22 @@ CVE-2021-21293
RESERVED
CVE-2021-21292
RESERVED
-CVE-2021-21291
- RESERVED
+CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file
server th ...)
+ TODO: check
CVE-2021-21290
RESERVED
-CVE-2021-21289
- RESERVED
+CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated
web inte ...)
+ TODO: check
CVE-2021-21288
RESERVED
CVE-2021-21287 (MinIO is a High Performance Object Storage released under
Apache Licen ...)
- minio <itp> (bug #859207)
CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It
is simi ...)
NOT-FOR-US: AVideo Platform
-CVE-2021-21285
- RESERVED
-CVE-2021-21284
- RESERVED
+CVE-2021-21285 (In Docker before versions 9.03.15, 20.10.3 there is a
vulnerability in ...)
+ TODO: check
+CVE-2021-21284 (In Docker before versions 9.03.15, 20.10.3 there is a
vulnerability in ...)
+ TODO: check
CVE-2021-21283 (Flarum is an open source discussion platform for websites. The
"Flarum ...)
NOT-FOR-US: Flarum
CVE-2021-21282
@@ -15262,8 +15354,7 @@ CVE-2021-20201
RESERVED
CVE-2021-20200
RESERVED
-CVE-2021-20199
- RESERVED
+CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with
a source ...)
- libpod <unfixed>
NOTE: https://github.com/containers/podman/issues/5138
NOTE: https://github.com/containers/podman/pull/9052
@@ -22361,16 +22452,16 @@ CVE-2020-28500
RESERVED
CVE-2020-28499
RESERVED
-CVE-2020-28498
- RESERVED
+CVE-2020-28498 (All versions of package elliptic are vulnerable to
Cryptographic Issue ...)
+ TODO: check
CVE-2020-28497
RESERVED
CVE-2020-28496
RESERVED
-CVE-2020-28495
- RESERVED
-CVE-2020-28494
- RESERVED
+CVE-2020-28495 (This affects the package total.js before 3.4.7. The set
function can b ...)
+ TODO: check
+CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue
occurs in th ...)
+ TODO: check
CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3.
The ReDO ...)
TODO: check
CVE-2020-28492
@@ -22381,8 +22472,8 @@ CVE-2020-28490
RESERVED
CVE-2020-28489
RESERVED
-CVE-2020-28488 (This affects all versions of package jquery-ui; all versions
of packag ...)
- TODO: check
+CVE-2020-28488
+ REJECTED
CVE-2020-28487 (This affects the package vis-timeline before 7.4.4. An
attacker with t ...)
TODO: check
CVE-2020-28486
@@ -28030,7 +28121,7 @@ CVE-2020-26977 (By attempting to connect a website
using an unresponsive port, a
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was
a servic ...)
- {DSA-4842-1 DSA-4840-1 DLA-2539-1}
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
- firefox 84.0-1
- firefox-esr 78.7.0esr-1
- thunderbird 1:78.7.0-1
@@ -31096,32 +31187,39 @@ CVE-2020-25689 (A memory leak flaw was found in
WildFly in all versions up to 21
CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before
2.1.0. Two ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
CVE-2020-25687 (A flaw was found in dnsmasq before version 2.83. A heap-based
buffer o ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25686 (A flaw was found in dnsmasq before version 2.83. When
receiving a quer ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68198de012a4967156
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914
CVE-2020-25685 (A flaw was found in dnsmasq before version 2.83. When getting
a reply ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2d765867c597db18be9d876c9c17e2c0fe1953cd
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2024f9729713fd657d65e64c2e4e471baa0a3e5b
CVE-2020-25684 (A flaw was found in dnsmasq before version 2.83. When getting
a reply ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=257ac0c5f7732cbc6aa96fdd3b06602234593aca
CVE-2020-25683 (A flaw was found in dnsmasq before version 2.83. A heap-based
buffer o ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25682 (A flaw was found in dnsmasq before 2.83. A buffer overflow
vulnerabili ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
CVE-2020-25681 (A flaw was found in dnsmasq before version 2.83. A heap-based
buffer o ...)
+ {DSA-4844-1}
- dnsmasq 2.83-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
NOTE:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
@@ -31667,8 +31765,8 @@ CVE-2020-25508
RESERVED
CVE-2020-25507 (An incorrect permission assignment during the installation
script of T ...)
NOT-FOR-US: No Magic TeamworkCloud
-CVE-2020-25506
- RESERVED
+CVE-2020-25506 (D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command
injectio ...)
+ TODO: check
CVE-2020-25505
RESERVED
CVE-2020-25504
@@ -45868,8 +45966,8 @@ CVE-2020-18570
RESERVED
CVE-2020-18569
RESERVED
-CVE-2020-18568
- RESERVED
+CVE-2020-18568 (The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service
contains a ...)
+ TODO: check
CVE-2020-18567
RESERVED
CVE-2020-18566
@@ -51190,7 +51288,7 @@ CVE-2020-16045 (Use after Free in Payments in Google
Chrome on Android prior to
TODO: check
CVE-2020-16044
RESERVED
- {DSA-4842-1 DSA-4827-1 DLA-2521-1}
+ {DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1}
- firefox 84.0.2-1
- firefox-esr 78.6.1esr-1
- thunderbird 1:78.6.1-1
@@ -52279,7 +52377,7 @@ CVE-2020-15686
RESERVED
CVE-2020-15685
RESERVED
- {DSA-4842-1}
+ {DSA-4842-1 DLA-2541-1}
- thunderbird 1:78.7.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685
CVE-2020-15684 (Mozilla developers reported memory safety bugs present in
Firefox 81. ...)
@@ -53827,8 +53925,8 @@ CVE-2020-15099 (In TYPO3 CMS greater than or equal to
9.0.0 and less than 9.5.20
NOT-FOR-US: TYPO3
CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than
9.5.20, and ...)
NOT-FOR-US: TYPO3
-CVE-2020-15097
- RESERVED
+CVE-2020-15097 (loklak is an open-source server application which is able to
collect m ...)
+ TODO: check
CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and
9.0.0-beta21, the ...)
- electron <itp> (bug #842420)
CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an
informati ...)
@@ -73615,8 +73713,8 @@ CVE-2020-8103 (A vulnerability in the improper handling
of symbolic links in Bit
NOT-FOR-US: Bitdefender Antivirus Free
CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser
compone ...)
NOT-FOR-US: Safepay
-CVE-2020-8101
- RESERVED
+CVE-2020-8101 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0
module as ...)
NOT-FOR-US: Bitdefender
CVE-2020-8099 (A vulnerability in the improper handling of junctions in
Bitdefender A ...)
@@ -74522,8 +74620,8 @@ CVE-2020-7777 (This affects all versions of package
jsen. If an attacker can con
NOT-FOR-US: Node jsen
CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0.
The libr ...)
NOT-FOR-US: phpoffice/phpspreadsheet
-CVE-2020-7775
- RESERVED
+CVE-2020-7775 (This affects all versions of package freediskspace. The
vulnerability ...)
+ TODO: check
CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5.
PoC by po ...)
- node-y18n 4.0.0-3 (bug #976390)
[buster] - node-y18n <no-dsa> (Minor issue)
@@ -82012,8 +82110,8 @@ CVE-2020-4936
RESERVED
CVE-2020-4935
RESERVED
-CVE-2020-4934
- RESERVED
+CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to
traverse ...)
+ TODO: check
CVE-2020-4933
RESERVED
CVE-2020-4932
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58f1e37edb4f56dafa83a5a4460aba697cbb4c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58f1e37edb4f56dafa83a5a4460aba697cbb4c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
