Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a1c76b0 by security tracker role at 2021-02-25T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2021-3417
+ RESERVED
+CVE-2021-3416
+ RESERVED
+CVE-2021-27736
+ RESERVED
+CVE-2021-27735
+ RESERVED
+CVE-2021-27734
+ RESERVED
+CVE-2021-27733
+ RESERVED
+CVE-2021-27732
+ RESERVED
+CVE-2021-27731
+ RESERVED
+CVE-2021-27730
+ RESERVED
+CVE-2021-27729
+ RESERVED
+CVE-2021-27728
+ RESERVED
+CVE-2021-27727
+ RESERVED
+CVE-2021-27726
+ RESERVED
+CVE-2021-27725
+ RESERVED
+CVE-2021-27724
+ RESERVED
CVE-2021-27723
RESERVED
CVE-2021-27722
@@ -438,7 +468,7 @@ CVE-2021-27511
RESERVED
CVE-2021-27510
RESERVED
-CVE-2020-36254
+CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of .
or an em ...)
- dropbear 2020.79-1
NOTE:
https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff
CVE-2020-36253
@@ -840,8 +870,8 @@ CVE-2021-27332
RESERVED
CVE-2021-27331
RESERVED
-CVE-2021-27330
- RESERVED
+CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by
cross-site scri ...)
+ TODO: check
CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS
lookups or ...)
NOT-FOR-US: Friendica
CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by
Directory Trave ...)
@@ -4311,8 +4341,8 @@ CVE-2021-3275
RESERVED
CVE-2021-3274
RESERVED
-CVE-2021-3273
- RESERVED
+CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the
/nagiosxi/adm ...)
+ TODO: check
CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a
heap-b ...)
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/259
@@ -8541,7 +8571,7 @@ CVE-2021-23979
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
CVE-2021-23978
RESERVED
- {DSA-4862-1}
+ {DSA-4862-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -8566,7 +8596,7 @@ CVE-2021-23974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
CVE-2021-23973
RESERVED
- {DSA-4862-1}
+ {DSA-4862-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -8587,7 +8617,7 @@ CVE-2021-23970
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
CVE-2021-23969
RESERVED
- {DSA-4862-1}
+ {DSA-4862-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -8596,7 +8626,7 @@ CVE-2021-23969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
CVE-2021-23968
RESERVED
- {DSA-4862-1}
+ {DSA-4862-1 DLA-2575-1}
- firefox 86.0-1
- firefox-esr 78.8.0esr-1
- thunderbird <unfixed>
@@ -8964,8 +8994,8 @@ CVE-2021-23835 (An issue was discovered in flatCore
before 2.0.0 build 139. A lo
NOT-FOR-US: flatCore CMS
CVE-2021-3125
RESERVED
-CVE-2021-3124
- RESERVED
+CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in
robust.systems prod ...)
+ TODO: check
CVE-2021-3123
RESERVED
CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH
servers per ...)
@@ -15519,6 +15549,7 @@ CVE-2021-21310 (NextAuth.js (next-auth) is am open
source authentication solutio
NOT-FOR-US: NextAuth.js
CVE-2021-21309
RESERVED
+ {DLA-2576-1}
- redis 5:6.0.11-1 (bug #983446)
[buster] - redis <no-dsa> (Minor issue)
NOTE: https://github.com/redis/redis/pull/8522
@@ -15696,6 +15727,7 @@ CVE-2021-21240 (httplib2 is a comprehensive HTTP client
library for Python. In h
NOTE:
https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc
(v0.19.0)
NOTE: https://github.com/httplib2/httplib2/pull/182
CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2
Standard. Py ...)
+ {DLA-2577-1}
- python-pysaml2 6.5.1-1 (bug #980772)
NOTE:
https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62
NOTE:
https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737
@@ -16276,12 +16308,12 @@ CVE-2021-21068
RESERVED
CVE-2021-21067
RESERVED
-CVE-2021-21066
- RESERVED
-CVE-2021-21065
- RESERVED
-CVE-2021-21064
- RESERVED
+CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an
out-of-bound ...)
+ TODO: check
+CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an
out-of-bound ...)
+ TODO: check
+CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by
a Path t ...)
+ TODO: check
CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
@@ -17803,10 +17835,10 @@ CVE-2021-20330
RESERVED
CVE-2021-20329
RESERVED
-CVE-2021-20328
- RESERVED
-CVE-2021-20327
- RESERVED
+CVE-2021-20328 (Specific versions of the Java driver that support client-side
field le ...)
+ TODO: check
+CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption
module doe ...)
+ TODO: check
CVE-2021-20326
RESERVED
CVE-2021-20325
@@ -29906,8 +29938,8 @@ CVE-2020-27545
RESERVED
CVE-2020-27544
RESERVED
-CVE-2020-27543
- RESERVED
+CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote
attackers ...)
+ TODO: check
CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command
injection. ...)
NOT-FOR-US: Rostelecom CS-C2SHW
CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW
5.0.082.1. Agen ...)
@@ -38997,8 +39029,8 @@ CVE-2020-23536
RESERVED
CVE-2020-23535
RESERVED
-CVE-2020-23534
- RESERVED
+CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in
Upgrade.php of g ...)
+ TODO: check
CVE-2020-23533
RESERVED
CVE-2020-23532
@@ -76932,8 +76964,8 @@ CVE-2020-8034 (Gollem before 3.0.13, as used in Horde
Groupware Webmail Edition
NOTE:
https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083
CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp
Device Nam ...)
NOT-FOR-US: Ruckus
-CVE-2020-8032
- RESERVED
+CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of
cyrus-sasl ...)
+ TODO: check
CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation
('Cross- ...)
- open-build-service <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880
@@ -197740,7 +197772,7 @@ CVE-2017-1000437 (Creolabs Gravity 1.0 contains a
stack based buffer overflow in
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an
Open Redir ...)
NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run
with pyth ...)
- {DLA-1410-1}
+ {DLA-2577-1 DLA-1410-1}
- python-pysaml2 4.5.0-2 (bug #886423)
NOTE: https://github.com/rohe/pysaml2/issues/451
NOTE: Fixed by:
https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a1c76b0474205d6d817702b3b63e73b1af6822e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a1c76b0474205d6d817702b3b63e73b1af6822e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
