[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 26 Feb 2021 12:10:45 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
543d320c by security tracker role at 2021-02-26T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-27738
+       RESERVED
+CVE-2021-27737
+       RESERVED
+CVE-2020-35358
+       RESERVED
 CVE-2021-XXXX [P2P: Fix a corner case in peer addition based on PD Request]
        - wpa 2:2.9.0-21
        NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
@@ -1827,10 +1833,10 @@ CVE-2021-3402
        NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
 CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of 
authentica ...)
        NOT-FOR-US: 1Password SCIM Bridge
-CVE-2021-26904
-       RESERVED
-CVE-2021-26903
-       RESERVED
+CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...)
+       TODO: check
+CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via 
query['text']. ...)
+       TODO: check
 CVE-2021-26902
        RESERVED
 CVE-2021-26901
@@ -8570,12 +8576,10 @@ CVE-2021-23981
        RESERVED
 CVE-2021-23980
        RESERVED
-CVE-2021-23979
-       RESERVED
+CVE-2021-23979 (Mozilla developers reported memory safety bugs present in 
Firefox 85.  ...)
        - firefox 86.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
-CVE-2021-23978
-       RESERVED
+CVE-2021-23978 (Mozilla developers reported memory safety bugs present in 
Firefox 85 a ...)
        {DSA-4862-1 DLA-2575-1}
        - firefox 86.0-1
        - firefox-esr 78.8.0esr-1
@@ -8632,12 +8636,10 @@ CVE-2021-23967
        RESERVED
 CVE-2021-23966
        RESERVED
-CVE-2021-23965
-       RESERVED
+CVE-2021-23965 (Mozilla developers reported memory safety bugs present in 
Firefox 84.  ...)
        - firefox 85.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
-CVE-2021-23964
-       RESERVED
+CVE-2021-23964 (Mozilla developers reported memory safety bugs present in 
Firefox 84 a ...)
        {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
        - firefox-esr 78.7.0esr-1
        - firefox 85.0-1
@@ -9995,8 +9997,8 @@ CVE-2021-23347
        RESERVED
 CVE-2021-23346
        RESERVED
-CVE-2021-23345
-       RESERVED
+CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg 
are vuln ...)
+       TODO: check
 CVE-2021-23344
        RESERVED
 CVE-2021-23343
@@ -11529,8 +11531,8 @@ CVE-2021-22663 (Cscape (All versions prior to 9.90 
SP3.5) lacks proper validatio
        NOT-FOR-US: Cscape
 CVE-2021-22662
        RESERVED
-CVE-2021-22661
-       RESERVED
+CVE-2021-22661 (Changing the password on the module webpage does not require 
the user  ...)
+       TODO: check
 CVE-2021-22660
        RESERVED
 CVE-2021-22659
@@ -12943,8 +12945,8 @@ CVE-2021-3012
        RESERVED
 CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on 
NXP Smart ...)
        NOT-FOR-US: NXP
-CVE-2021-3010
-       RESERVED
+CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) 
vulnerabiliti ...)
+       TODO: check
 CVE-2021-3009
        RESERVED
 CVE-2021-3008
@@ -15561,10 +15563,10 @@ CVE-2021-21301 (Wire is an open-source collaboration 
platform. In Wire for iOS (
        NOT-FOR-US: Wire
 CVE-2021-21300
        RESERVED
-CVE-2021-21298
-       RESERVED
-CVE-2021-21297
-       RESERVED
+CVE-2021-21298 (Node-Red is a low-code programming for event-driven 
applications built ...)
+       TODO: check
+CVE-2021-21297 (Node-Red is a low-code programming for event-driven 
applications built ...)
+       TODO: check
 CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before 
version 3.7.0 ...)
        NOT-FOR-US: Fleet
 CVE-2021-21295
@@ -15628,10 +15630,10 @@ CVE-2021-21276 (Polr is an open source URL shortener. 
in Polr before version 2.3
        NOT-FOR-US: Polr
 CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request 
Forgery (CSR ...)
        NOT-FOR-US: MediaWiki Report extention
-CVE-2021-21274
-       RESERVED
-CVE-2021-21273
-       RESERVED
+CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python 
(pypi packa ...)
+       TODO: check
+CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python 
(pypi packa ...)
+       TODO: check
 CVE-2021-21272 (ORAS is open source software which enables a way to push OCI 
Artifacts ...)
        NOT-FOR-US: ORAS
 CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant 
(BFT) middl ...)
@@ -19241,7 +19243,6 @@ CVE-2020-35360
        RESERVED
 CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate 
server  ...)
        NOTE: Bogus issue, can be configured using MaxClientsPerIP in 
pure-ftpd.conf configuration file
-       RESERVED
 CVE-2020-35357
        RESERVED
 CVE-2020-35356
@@ -23920,8 +23921,8 @@ CVE-2020-28648 (Improper input validation in the 
Auto-Discovery component of Nag
        NOT-FOR-US: Nagios XI
 CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user 
could craf ...)
        NOT-FOR-US: Progress MOVEit Transfer
-CVE-2020-28646
-       RESERVED
+CVE-2020-28646 (ownCloud owncloud/client before 2.7 allows DLL Injection. The 
desktop  ...)
+       TODO: check
 CVE-2020-28645 (Deleting users with certain names caused system files to be 
deleted. R ...)
        - owncloud <removed>
 CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was 
improperly imple ...)
@@ -27597,8 +27598,8 @@ CVE-2020-28201
        RESERVED
 CVE-2020-28200
        RESERVED
-CVE-2020-28199
-       RESERVED
+CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes 
Sensitive  ...)
+       TODO: check
 CVE-2020-28198
        RESERVED
 CVE-2020-28197
@@ -32939,8 +32940,8 @@ CVE-2020-26202
        RESERVED
 CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a 
weak pass ...)
        NOT-FOR-US: Askey
-CVE-2020-26200
-       RESERVED
+CVE-2020-26200 (A component of Kaspersky custom boot loader allowed loading of 
untrust ...)
+       TODO: check
 CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 
5.0.4.0.5.012 ...)
        NOT-FOR-US: EMC
 CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 
contain a  ...)
@@ -36563,8 +36564,8 @@ CVE-2020-24688
        RESERVED
 CVE-2020-24687
        RESERVED
-CVE-2020-24686
-       RESERVED
+CVE-2020-24686 (The vulnerabilities can be exploited to cause the web 
visualization co ...)
+       TODO: check
 CVE-2020-24685 (An unauthenticated specially crafted packet sent by an 
attacker over t ...)
        NOT-FOR-US: ABB
 CVE-2020-24684
@@ -121507,8 +121508,8 @@ CVE-2019-11686 (Western Digital SanDisk X300, X300s, 
X400, and X600 devices: A v
        NOT-FOR-US: Western Digital
 CVE-2019-11685
        RESERVED
-CVE-2019-11684
-       RESERVED
+CVE-2019-11684 (Improper Access Control in the RCP+ server of the Bosch Video 
Recordin ...)
+       TODO: check
 CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux 
kernel  ...)
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543d320cb6ace95012cff4d90608871b23e5f9c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543d320cb6ace95012cff4d90608871b23e5f9c5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to