Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
983e1878 by security tracker role at 2021-02-27T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,146 @@
+CVE-2021-27806
+ RESERVED
+CVE-2021-27805
+ RESERVED
+CVE-2021-27804
+ RESERVED
+CVE-2021-27802
+ RESERVED
+CVE-2021-27801
+ RESERVED
+CVE-2021-27800
+ RESERVED
+CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode
Generator 2.19. ...)
+ TODO: check
+CVE-2021-27798
+ RESERVED
+CVE-2021-27797
+ RESERVED
+CVE-2021-27796
+ RESERVED
+CVE-2021-27795
+ RESERVED
+CVE-2021-27794
+ RESERVED
+CVE-2021-27793
+ RESERVED
+CVE-2021-27792
+ RESERVED
+CVE-2021-27791
+ RESERVED
+CVE-2021-27790
+ RESERVED
+CVE-2021-27789
+ RESERVED
+CVE-2021-27788
+ RESERVED
+CVE-2021-27787
+ RESERVED
+CVE-2021-27786
+ RESERVED
+CVE-2021-27785
+ RESERVED
+CVE-2021-27784
+ RESERVED
+CVE-2021-27783
+ RESERVED
+CVE-2021-27782
+ RESERVED
+CVE-2021-27781
+ RESERVED
+CVE-2021-27780
+ RESERVED
+CVE-2021-27779
+ RESERVED
+CVE-2021-27778
+ RESERVED
+CVE-2021-27777
+ RESERVED
+CVE-2021-27776
+ RESERVED
+CVE-2021-27775
+ RESERVED
+CVE-2021-27774
+ RESERVED
+CVE-2021-27773
+ RESERVED
+CVE-2021-27772
+ RESERVED
+CVE-2021-27771
+ RESERVED
+CVE-2021-27770
+ RESERVED
+CVE-2021-27769
+ RESERVED
+CVE-2021-27768
+ RESERVED
+CVE-2021-27767
+ RESERVED
+CVE-2021-27766
+ RESERVED
+CVE-2021-27765
+ RESERVED
+CVE-2021-27764
+ RESERVED
+CVE-2021-27763
+ RESERVED
+CVE-2021-27762
+ RESERVED
+CVE-2021-27761
+ RESERVED
+CVE-2021-27760
+ RESERVED
+CVE-2021-27759
+ RESERVED
+CVE-2021-27758
+ RESERVED
+CVE-2021-27757
+ RESERVED
+CVE-2021-27756
+ RESERVED
+CVE-2021-27755
+ RESERVED
+CVE-2021-27754
+ RESERVED
+CVE-2021-27753
+ RESERVED
+CVE-2021-27752
+ RESERVED
+CVE-2021-27751
+ RESERVED
+CVE-2021-27750
+ RESERVED
+CVE-2021-27749
+ RESERVED
+CVE-2021-27748
+ RESERVED
+CVE-2021-27747
+ RESERVED
+CVE-2021-27746
+ RESERVED
+CVE-2021-27745
+ RESERVED
+CVE-2021-27744
+ RESERVED
+CVE-2021-27743
+ RESERVED
+CVE-2021-27742
+ RESERVED
+CVE-2021-27741
+ RESERVED
+CVE-2021-27740
+ RESERVED
+CVE-2021-27739
+ RESERVED
+CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE
template) versi ...)
+ TODO: check
CVE-2021-27738
RESERVED
CVE-2021-27737
RESERVED
CVE-2020-35358
RESERVED
-CVE-2021-27803 [P2P: Fix a corner case in peer addition based on PD Request]
+CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in
wpa_supplicant b ...)
- wpa 2:2.9.0-21
NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
NOTE:
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
@@ -724,14 +860,14 @@ CVE-2020-36246 (Amaze File Manager before 3.5.1 allows
attackers to obtain root
NOT-FOR-US: Amaze File Manager
CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command
injection ...)
NOT-FOR-US: OpenRepeater (ORP)
-CVE-2019-25023
- RESERVED
-CVE-2019-25022
- RESERVED
-CVE-2019-25021
- RESERVED
-CVE-2019-25020
- RESERVED
+CVE-2019-25023 (An issue was discovered in Scytl sVote 2.1. Because the IP
address fro ...)
+ TODO: check
+CVE-2019-25022 (An issue was discovered in Scytl sVote 2.1. An attacker can
inject cod ...)
+ TODO: check
+CVE-2019-25021 (An issue was discovered in Scytl sVote 2.1. Due to the
implementation ...)
+ TODO: check
+CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the
sdm-ws-rest AP ...)
+ TODO: check
CVE-2021-3413
RESERVED
NOT-FOR-US: Red Hat Satellite
@@ -1172,8 +1308,8 @@ CVE-2021-27200
RESERVED
CVE-2021-27199
RESERVED
-CVE-2021-27198
- RESERVED
+CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server
through 11.0 ...)
+ TODO: check
CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67
has an arb ...)
NOT-FOR-US: Pelco Digital Sentry Server
CVE-2021-27196
@@ -1309,8 +1445,8 @@ CVE-2021-27134
RESERVED
CVE-2021-27133
RESERVED
-CVE-2021-27132
- RESERVED
+CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF
injection (for H ...)
+ TODO: check
CVE-2021-27131
RESERVED
CVE-2021-27130
@@ -2606,22 +2742,22 @@ CVE-2021-26569
RESERVED
CVE-2021-26568
RESERVED
-CVE-2021-26567
- RESERVED
-CVE-2021-26566
- RESERVED
-CVE-2021-26565
- RESERVED
-CVE-2021-26564
- RESERVED
-CVE-2021-26563
- RESERVED
-CVE-2021-26562
- RESERVED
-CVE-2021-26561
- RESERVED
-CVE-2021-26560
- RESERVED
+CVE-2021-26567 (Use of unmaintained third party components vulnerability in
faad in Sy ...)
+ TODO: check
+CVE-2021-26566 (Insertion of sensitive information into sent data
vulnerability in syn ...)
+ TODO: check
+CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability
in synor ...)
+ TODO: check
+CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability
in synor ...)
+ TODO: check
+CVE-2021-26563 (Improper access control vulnerability in synoagentregisterd in
Synolog ...)
+ TODO: check
+CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in
Synology Di ...)
+ TODO: check
+CVE-2021-26561 (Stack-based buffer overflow vulnerability in
synoagentregisterd in Syn ...)
+ TODO: check
+CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability
in synoa ...)
+ TODO: check
CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the
Stable API ...)
- airflow <itp> (bug #819700)
CVE-2021-26558
@@ -4956,8 +5092,8 @@ CVE-2020-36201 (An issue was discovered in certain Xerox
WorkCentre products. Th
NOT-FOR-US: Xerox
CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via
a crafte ...)
NOT-FOR-US: LuCI in OpenWrt
-CVE-2021-3197
- RESERVED
+CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The
salt-api' ...)
+ TODO: check
CVE-2021-3196
RESERVED
CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can
create a ne ...)
@@ -5870,14 +6006,14 @@ CVE-2021-25286
RESERVED
CVE-2021-25285
RESERVED
-CVE-2021-25284
- RESERVED
-CVE-2021-25283
- RESERVED
-CVE-2021-25282
- RESERVED
-CVE-2021-25281
- RESERVED
+CVE-2021-25284 (An issue was discovered in through SaltStack Salt before
3002.5. salt. ...)
+ TODO: check
+CVE-2021-25283 (An issue was discovered in through SaltStack Salt before
3002.5. The j ...)
+ TODO: check
+CVE-2021-25282 (An issue was discovered in through SaltStack Salt before
3002.5. The s ...)
+ TODO: check
+CVE-2021-25281 (An issue was discovered in through SaltStack Salt before
3002.5. salt- ...)
+ TODO: check
CVE-2021-XXXX [Unexpected database bindings via requests (follow-up)]
- php-laravel-framework 6.20.14+dfsg-1
NOTE:
https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg
@@ -6086,14 +6222,14 @@ CVE-2021-3153
RESERVED
CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a
protecti ...)
NOT-FOR-US: Home Assistant
-CVE-2021-3151
- RESERVED
+CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting
(XSS) ...)
+ TODO: check
CVE-2021-3150
RESERVED
CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices,
/usr/local/webmin/System/manual_ ...)
NOT-FOR-US: Netshield NANO devices
-CVE-2021-3148
- RESERVED
+CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5.
Sending craft ...)
+ TODO: check
CVE-2021-3147
RESERVED
CVE-2021-25196
@@ -8271,8 +8407,8 @@ CVE-2021-3146
RESERVED
CVE-2021-3145
RESERVED
-CVE-2021-3144
- RESERVED
+CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once
after e ...)
+ TODO: check
CVE-2021-3143
RESERVED
CVE-2021-3142
@@ -14088,8 +14224,8 @@ CVE-2020-36081
RESERVED
CVE-2020-36080
RESERVED
-CVE-2020-36079
- RESERVED
+CVE-2020-36079 (Zenphoto through 1.5.7 is affected by authenticated arbitrary
file upl ...)
+ TODO: check
CVE-2020-36078
RESERVED
CVE-2020-36077
@@ -15189,8 +15325,8 @@ CVE-2020-35664 (An issue was discovered in Acronis
Cyber Protect before 15 Updat
NOT-FOR-US: Acronis
CVE-2020-35663
RESERVED
-CVE-2020-35662
- RESERVED
+CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to
services using ...)
+ TODO: check
CVE-2020-35661
RESERVED
CVE-2020-35660
@@ -15538,14 +15674,13 @@ CVE-2021-21311 (Adminer is an open-source database
management in a single PHP fi
NOTE:
https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351
(v4.7.9)
CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication
solution for ...)
NOT-FOR-US: NextAuth.js
-CVE-2021-21309
- RESERVED
+CVE-2021-21309 (Redis is an open-source, in-memory database that persists on
disk. In ...)
{DLA-2576-1}
- redis 5:6.0.11-1 (bug #983446)
[buster] - redis <no-dsa> (Minor issue)
NOTE: https://github.com/redis/redis/pull/8522
-CVE-2021-21308
- RESERVED
+CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce
solution. In Pre ...)
+ TODO: check
CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and
scripting lan ...)
NOT-FOR-US: Lucee Server
CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm
package "ma ...)
@@ -15560,8 +15695,8 @@ CVE-2021-21304 (Dynamoose is an open-source modeling
tool for Amazon's DynamoDB.
NOT-FOR-US: Dynamoose
CVE-2021-21303 (Helm is open-source software which is essentially "The
Kubernetes Pack ...)
- helm-kubernetes <itp> (bug #910799)
-CVE-2021-21302
- RESERVED
+CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce
solution. In Pre ...)
+ TODO: check
CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS
(iPhone ...)
NOT-FOR-US: Wire
CVE-2021-21300
@@ -23163,8 +23298,8 @@ CVE-2020-28975 (** DISPUTED ** svm_predict_values in
svm.cpp in Libsvm v324, as
NOTE: disputed libsvm non issue
CVE-2020-28973
RESERVED
-CVE-2020-28972
- RESERVED
+CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware
vcenter, vsp ...)
+ TODO: check
CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version
0.2.23, unix- ...)
- rust-time <not-affected> (Vulnerable methods introduced in v0.2.7)
NOTE:
https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396
@@ -25419,7 +25554,7 @@ CVE-2020-28495 (This affects the package total.js
before 3.4.7. The set function
NOT-FOR-US: Node total.js
CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue
occurs in th ...)
NOT-FOR-US: Node total.js
-CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3.
The ReDO ...)
+CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3.
The ReDo ...)
- jinja2 <unfixed> (bug #982736)
[stretch] - jinja2 <no-dsa> (Minor issue)
NOTE: https://github.com/pallets/jinja/pull/1343
@@ -27087,18 +27222,18 @@ CVE-2021-0408
RESERVED
CVE-2021-0407
RESERVED
-CVE-2021-0406
- RESERVED
-CVE-2021-0405
- RESERVED
-CVE-2021-0404
- RESERVED
-CVE-2021-0403
- RESERVED
-CVE-2021-0402
- RESERVED
-CVE-2021-0401
- RESERVED
+CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2021-0405 (In performance driver, there is a possible out of bounds write
due to ...)
+ TODO: check
+CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due
to imp ...)
+ TODO: check
+CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a
missin ...)
+ TODO: check
+CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to
improper input ...)
+ TODO: check
+CVE-2021-0401 (In vow, there is a possible memory corruption due to a race
condition. ...)
+ TODO: check
CVE-2021-0400
RESERVED
CVE-2021-0399
@@ -27165,10 +27300,10 @@ CVE-2021-0369
RESERVED
CVE-2021-0368
RESERVED
-CVE-2021-0367
- RESERVED
-CVE-2021-0366
- RESERVED
+CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race
condition. ...)
+ TODO: check
+CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race
condition. ...)
+ TODO: check
CVE-2021-0365 (In display driver, there is a possible memory corruption due to
a use ...)
NOT-FOR-US: Mediatek components for Android
CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to
improper ...)
@@ -27507,8 +27642,8 @@ CVE-2020-28245
RESERVED
CVE-2020-28244
RESERVED
-CVE-2020-28243
- RESERVED
+CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The
minion's ...)
+ TODO: check
CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before
13.37.1, 1 ...)
- asterisk 1:16.15.0~dfsg-1 (bug #974713)
[buster] - asterisk <no-dsa> (Minor issue)
@@ -29725,8 +29860,7 @@ CVE-2020-27619 (In Python 3 through 3.9.0, the
Lib/test/multibytecodec_support.p
NOTE:
https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
(3.7)
NOTE: https://bugs.python.org/issue41944
NOTE: Only affects the testsuite
-CVE-2020-27618 [iconv when processing invalid multi-byte input sequences fails
to advance the input state, which could result in an infinite loop]
- RESERVED
+CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6)
2.32 and ...)
- glibc 2.31-5 (bug #973914)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -30574,8 +30708,8 @@ CVE-2020-27225
RESERVED
CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the
Markdown Prev ...)
NOT-FOR-US: Eclipse Theia
-CVE-2020-27223
- RESERVED
+CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114
(inclusive), 10.0 ...)
+ TODO: check
CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate
based ( ...)
NOT-FOR-US: Eclipse Californium
CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is
potential ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/983e187812142e0c43c5a829766d21b3ac5feaf4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/983e187812142e0c43c5a829766d21b3ac5feaf4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
