Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
085d9a28 by security tracker role at 2021-03-16T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,25 @@
+CVE-2021-3444
+ RESERVED
+CVE-2021-28492
+ RESERVED
+CVE-2021-28491
+ RESERVED
+CVE-2021-28490
+ RESERVED
+CVE-2021-28489
+ RESERVED
+CVE-2021-28488
+ RESERVED
+CVE-2021-28487
+ RESERVED
+CVE-2021-28486
+ RESERVED
+CVE-2021-28485
+ RESERVED
+CVE-2021-28484
+ RESERVED
CVE-2021-3443 [NULL pointer dereference in jp2_decode in jp2_dec.c]
+ RESERVED
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/269
NOTE:
https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
@@ -1436,8 +1457,7 @@ CVE-2021-27876 (An issue was discovered in Veritas Backup
Exec before 21.2. The
NOT-FOR-US: Veritas
CVE-2021-3419
REJECTED
-CVE-2021-3418
- RESERVED
+CVE-2021-3418 (If certificates that signed grub are installed into db, grub
can be bo ...)
- grub2 <not-affected> (Vulnerability specific to distributions using
shim_lock)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933757
CVE-2021-27875
@@ -2819,8 +2839,8 @@ CVE-2021-27232 (The RTSPLive555.dll ActiveX control in
Pelco Digital Sentry Serv
NOT-FOR-US: Pelco Digital Sentry Server
CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting
environment, s ...)
NOT-FOR-US: Hestia Control Panel
-CVE-2021-27230
- RESERVED
+CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP
Code Inj ...)
+ TODO: check
CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim
navigates ...)
{DLA-2562-1}
- mumble 1.3.4-1 (bug #982904)
@@ -3359,8 +3379,8 @@ CVE-2021-26989 (Clustered Data ONTAP versions prior to
9.3P21, 9.5P16, 9.6P12, 9
NOT-FOR-US: Clustered Data ONTAP
CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12,
9.7P8 a ...)
NOT-FOR-US: Clustered Data ONTAP
-CVE-2021-26987
- RESERVED
+CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot
Framework. ...)
+ TODO: check
CVE-2021-26986
RESERVED
CVE-2021-26985
@@ -7486,6 +7506,7 @@ CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows
remote attackers to cause a
CVE-2021-3180
RESERVED
CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache
Tomcat 10. ...)
+ {DLA-2594-1}
- tomcat9 9.0.43-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -8051,6 +8072,7 @@ CVE-2021-25124 (The Baseboard Management Controller(BMC)
in HPE Cloudline CL5800
CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline
CL5800 Gen9 ...)
NOT-FOR-US: HPE
CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat
versions ...)
+ {DLA-2594-1}
- tomcat9 9.0.43-1
- tomcat8 <removed>
- tomcat7 <removed>
@@ -10057,6 +10079,7 @@ CVE-2021-24124
CVE-2021-24123
RESERVED
CVE-2021-24122 (When serving resources from a network location using the NTFS
file sys ...)
+ {DLA-2594-1}
- tomcat9 9.0.40-1 (unimportant)
- tomcat8 <removed> (unimportant)
- tomcat7 <removed> (unimportant)
@@ -10274,8 +10297,8 @@ CVE-2021-24033 (react-dev-utils prior to v11.0.4
exposes a function, getProcessF
NOT-FOR-US: react-dev-utils
CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook
Gameroom d ...)
NOT-FOR-US: Facebook Gameroom
-CVE-2021-24029
- RESERVED
+CVE-2021-24029 (A packet of death scenario is possible in mvfst via a
specially crafte ...)
+ TODO: check
CVE-2021-24028
RESERVED
CVE-2021-24027
@@ -19838,20 +19861,15 @@ CVE-2021-20284
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931
NOTE: binutils not covered by security support
-CVE-2021-20283
- RESERVED
+CVE-2021-20283 (The web service responsible for fetching other users' enrolled
courses ...)
- moodle <removed>
-CVE-2021-20282
- RESERVED
+CVE-2021-20282 (When creating a user account, it was possible to verify the
account wi ...)
- moodle <removed>
-CVE-2021-20281
- RESERVED
+CVE-2021-20281 (It was possible for some users without permission to view
other users' ...)
- moodle <removed>
-CVE-2021-20280
- RESERVED
+CVE-2021-20280 (Text-based feedback answers required additional sanitizing to
prevent ...)
- moodle <removed>
-CVE-2021-20279
- RESERVED
+CVE-2021-20279 (The ID number user profile field required additional
sanitizing to pre ...)
- moodle <removed>
CVE-2021-20278
RESERVED
@@ -32493,8 +32511,8 @@ CVE-2020-27292
RESERVED
CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is
vulnerable t ...)
NOT-FOR-US: Delta Electronics CNCSoft-B
-CVE-2020-27290
- RESERVED
+CVE-2020-27290 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and
prior, an inf ...)
+ TODO: check
CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a
null poin ...)
NOT-FOR-US: Delta Electronics CNCSoft-B
CVE-2020-27288 (An untrusted pointer dereference has been identified in the
way TPEdit ...)
@@ -32509,16 +32527,16 @@ CVE-2020-27284 (TPEditor (v1.98 and prior) is
vulnerable to two out-of-bounds wr
NOT-FOR-US: Delta Electronics (Delta)
CVE-2020-27283 (An attacker could send a specially crafted message to Crimson
3.1 (Bui ...)
NOT-FOR-US: Crimson
-CVE-2020-27282
- RESERVED
+CVE-2020-27282 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and
prior, an XML ...)
+ TODO: check
CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics
CNCSoft S ...)
NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
CVE-2020-27280 (A use after free issue has been identified in the way
ISPSoft(v3.12 an ...)
NOT-FOR-US: Delta Electronics (Delta)
CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in
the prot ...)
NOT-FOR-US: Crimson
-CVE-2020-27278
- RESERVED
+CVE-2020-27278 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and
prior, hard-c ...)
+ TODO: check
CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a
null pointe ...)
NOT-FOR-US: Delta Electronics DOPSoft
CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i &
AnyDana-A, the c ...)
@@ -43312,7 +43330,7 @@ CVE-2020-22429
RESERVED
CVE-2020-22428
RESERVED
-CVE-2020-22427 (NagiosXI 5.6.11 is affected by a remote code execution (RCE)
vulnerabi ...)
+CVE-2020-22427 (** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code
execution ...)
NOT-FOR-US: Nagios XI
CVE-2020-22426
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/085d9a289aa29af9c7b7982b078c6d86b54ee835
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/085d9a289aa29af9c7b7982b078c6d86b54ee835
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
