Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7408d0d9 by security tracker role at 2021-03-09T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-28098
+ RESERVED
+CVE-2021-28097
+ RESERVED
+CVE-2021-28096
+ RESERVED
+CVE-2021-28095
+ RESERVED
+CVE-2021-28094
+ RESERVED
+CVE-2021-28093
+ RESERVED
+CVE-2021-28092
+ RESERVED
CVE-2021-3424
RESERVED
NOT-FOR-US: Keycloak
@@ -9285,8 +9299,8 @@ CVE-2021-24035
RESERVED
CVE-2021-24034
RESERVED
-CVE-2021-24033
- RESERVED
+CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function,
getProcessForPort ...)
+ TODO: check
CVE-2021-24030
RESERVED
CVE-2021-24029
@@ -13449,8 +13463,7 @@ CVE-2021-22136
RESERVED
CVE-2021-22135
RESERVED
-CVE-2021-22134
- RESERVED
+CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions
after 7 ...)
- elasticsearch <removed>
CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak
sensitive ...)
NOT-FOR-US: Elastic APM agent
@@ -14720,22 +14733,22 @@ CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery,
version 19.7.0.1, contains
NOT-FOR-US: EMC
CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an
Improper Aut ...)
NOT-FOR-US: EMC Avamar Server
-CVE-2021-21510
- RESERVED
+CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host
header inject ...)
+ TODO: check
CVE-2021-21509
RESERVED
CVE-2021-21508
RESERVED
CVE-2021-21507
RESERVED
-CVE-2021-21506
- RESERVED
+CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper
input sani ...)
+ TODO: check
CVE-2021-21505
RESERVED
CVE-2021-21504
RESERVED
-CVE-2021-21503
- RESERVED
+CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper
input sani ...)
+ TODO: check
CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a
"use of S ...)
NOT-FOR-US: Dell
CVE-2021-21501
@@ -16266,12 +16279,12 @@ CVE-2021-21364
RESERVED
CVE-2021-21363
RESERVED
-CVE-2021-21362
- RESERVED
-CVE-2021-21361
- RESERVED
-CVE-2021-21360
- RESERVED
+CVE-2021-21362 (MinIO is an open-source high performance object storage
service and it ...)
+ TODO: check
+CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin
contains an inf ...)
+ TODO: check
+CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the
configure ...)
+ TODO: check
CVE-2021-21359
RESERVED
CVE-2021-21358
@@ -16282,8 +16295,8 @@ CVE-2021-21356
RESERVED
CVE-2021-21355
RESERVED
-CVE-2021-21354
- RESERVED
+CVE-2021-21354 (Pollbot is open source software which "frees its human masters
from th ...)
+ TODO: check
CVE-2021-21353 (Pug is an npm package which is a high-performance template
engine. In ...)
TODO: check
CVE-2021-21352 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
@@ -16316,12 +16329,12 @@ CVE-2021-21339
RESERVED
CVE-2021-21338
RESERVED
-CVE-2021-21337
- RESERVED
-CVE-2021-21336
- RESERVED
-CVE-2021-21335
- RESERVED
+CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope
authentication and a ...)
+ TODO: check
+CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope
authentication and a ...)
+ TODO: check
+CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx
(spnego-http-auth-n ...)
+ TODO: check
CVE-2021-21334
RESERVED
- containerd 1.4.4~ds1-1
@@ -19669,7 +19682,7 @@ CVE-2020-35513 (A flaw incorrect umask during file or
directory modification in
[stretch] - linux <not-affected> (Vulnerable code introduce later)
NOTE:
https://git.kernel.org/linus/880a3a5325489a143269a8e172e7563ebf9897bc
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1911309
-CVE-2020-35512 (A use-after-free flaw was found in D-Bus 1.12.20 when a system
has mul ...)
+CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch
<= 1.13 ...)
- dbus 1.12.20-1
[buster] - dbus 1.12.20-0+deb10u1
[stretch] - dbus 1.10.32-0+deb9u1
@@ -29616,8 +29629,7 @@ CVE-2020-27839
RESERVED
- ceph <unfixed>
NOTE: https://tracker.ceph.com/issues/44591
-CVE-2020-27838
- RESERVED
+CVE-2020-27838 (A flaw was found in keycloak in versions prior to 13.0.0. The
client r ...)
NOT-FOR-US: Keycloak
CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race
conditio ...)
- gdm3 3.38.2.1-1
@@ -30864,12 +30876,12 @@ CVE-2020-27578
RESERVED
CVE-2020-27577
RESERVED
-CVE-2020-27576
- RESERVED
-CVE-2020-27575
- RESERVED
-CVE-2020-27574
- RESERVED
+CVE-2020-27576 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site
scripting (XS ...)
+ TODO: check
+CVE-2020-27575 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command
injection vuln ...)
+ TODO: check
+CVE-2020-27574 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site
request forge ...)
+ TODO: check
CVE-2020-27573
RESERVED
CVE-2020-27572
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7408d0d913fb849a8056b2af6576e21a7350dd34
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7408d0d913fb849a8056b2af6576e21a7350dd34
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
