Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57c512b8 by security tracker role at 2021-03-24T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2021-3464
+ RESERVED
+CVE-2021-3463
+ RESERVED
+CVE-2021-3462
+ RESERVED
+CVE-2021-29134
+ RESERVED
+CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux
Configurat ...)
+ TODO: check
+CVE-2021-29132
+ RESERVED
+CVE-2021-29131
+ RESERVED
+CVE-2021-29130
+ RESERVED
+CVE-2021-29129
+ RESERVED
+CVE-2021-29128
+ RESERVED
+CVE-2021-29127
+ RESERVED
+CVE-2021-29126
+ RESERVED
+CVE-2021-29125
+ RESERVED
+CVE-2021-29124
+ RESERVED
+CVE-2021-29123
+ RESERVED
+CVE-2021-29122
+ RESERVED
+CVE-2021-29121
+ RESERVED
+CVE-2021-29120
+ RESERVED
+CVE-2021-29119
+ RESERVED
+CVE-2021-29118
+ RESERVED
+CVE-2021-29117
+ RESERVED
+CVE-2021-29116
+ RESERVED
+CVE-2021-29115
+ RESERVED
+CVE-2021-29114
+ RESERVED
+CVE-2021-29113
+ RESERVED
+CVE-2021-29112
+ RESERVED
+CVE-2021-29111
+ RESERVED
+CVE-2021-29110
+ RESERVED
+CVE-2021-29109
+ RESERVED
+CVE-2021-29108
+ RESERVED
+CVE-2021-29107
+ RESERVED
+CVE-2021-29106
+ RESERVED
+CVE-2021-29105
+ RESERVED
+CVE-2021-29104
+ RESERVED
+CVE-2021-29103
+ RESERVED
+CVE-2021-29102
+ RESERVED
+CVE-2021-29101
+ RESERVED
+CVE-2021-29100
+ RESERVED
+CVE-2021-29099
+ RESERVED
+CVE-2021-29098
+ RESERVED
+CVE-2021-29097
+ RESERVED
+CVE-2021-29096
+ RESERVED
+CVE-2021-29095
+ RESERVED
+CVE-2021-29094
+ RESERVED
+CVE-2021-29093
+ RESERVED
CVE-2021-3461
RESERVED
NOT-FOR-US: Keycloak
@@ -257,8 +347,8 @@ CVE-2021-28969
RESERVED
CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS
vulnerability in ...)
NOT-FOR-US: PunBB
-CVE-2021-28967
- RESERVED
+CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio
Code al ...)
+ TODO: check
CVE-2021-28966
RESERVED
CVE-2021-28965
@@ -580,22 +670,22 @@ CVE-2021-28826
RESERVED
CVE-2021-28825
RESERVED
-CVE-2021-28824
- RESERVED
-CVE-2021-28823
- RESERVED
-CVE-2021-28822
- RESERVED
-CVE-2021-28821
- RESERVED
-CVE-2021-28820
- RESERVED
-CVE-2021-28819
- RESERVED
-CVE-2021-28818
- RESERVED
-CVE-2021-28817
- RESERVED
+CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s
TIBCO Acti ...)
+ TODO: check
+CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s
TIBCO eFTL ...)
+ TODO: check
+CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise
Message Se ...)
+ TODO: check
+CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s
TIBCO Ente ...)
+ TODO: check
+CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL
Java API ...)
+ TODO: check
+CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s
TIBCO FTL ...)
+ TODO: check
+CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure
Routing Daemon ...)
+ TODO: check
+CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s
TIBCO Rend ...)
+ TODO: check
CVE-2021-28816
RESERVED
CVE-2021-28815
@@ -2197,10 +2287,10 @@ CVE-2021-28102
RESERVED
CVE-2021-28101
RESERVED
-CVE-2021-28100
- RESERVED
-CVE-2021-28099
- RESERVED
+CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on
that fi ...)
+ TODO: check
+CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run
before cr ...)
+ TODO: check
CVE-2020-36276
RESERVED
CVE-2020-36275
@@ -2710,8 +2800,8 @@ CVE-2021-27910
RESERVED
CVE-2021-27909
RESERVED
-CVE-2021-27908
- RESERVED
+CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such
as datab ...)
+ TODO: check
CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the
creation of a M ...)
NOT-FOR-US: Apache Superset
CVE-2021-27906 (A carefully crafted PDF file can trigger an
OutOfMemory-Exception whil ...)
@@ -14200,8 +14290,8 @@ CVE-2021-22866
RESERVED
CVE-2021-22865
RESERVED
-CVE-2021-22864
- RESERVED
+CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub
Enterpr ...)
+ TODO: check
CVE-2021-22863 (An improper access control vulnerability was identified in the
GitHub ...)
NOT-FOR-US: GitHub Enterprise
CVE-2021-22862 (An improper access control vulnerability was identified in
GitHub Ente ...)
@@ -18599,8 +18689,8 @@ CVE-2021-21404
RESERVED
CVE-2021-21403
RESERVED
-CVE-2021-21402
- RESERVED
+CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before
version 1 ...)
+ TODO: check
CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in
ansi C. ...)
TODO: check
CVE-2021-21400
@@ -18641,8 +18731,8 @@ CVE-2021-21383 (Wiki.js an open-source wiki app built
on Node.js. Wiki.js before
NOT-FOR-US: Wiki.js
CVE-2021-21382
RESERVED
-CVE-2021-21380
- RESERVED
+CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service
proxy. In ...)
@@ -39253,8 +39343,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before
2020-08-03 allows XSS in
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS
in applic ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
-CVE-2021-3409 [sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085]
- RESERVED
+CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be
ineffectiv ...)
- qemu <unfixed>
[buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't
backported to Buster)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
@@ -39478,8 +39567,8 @@ CVE-2020-24996 (There is an invalid memory access in
the function TextString::~T
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
CVE-2020-24995
RESERVED
-CVE-2020-24994
- RESERVED
+CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c
in liba ...)
+ TODO: check
CVE-2020-24993
RESERVED
CVE-2020-24992
@@ -64835,23 +64924,23 @@ CVE-2020-13614 (An issue was discovered in ssl.c in
Axel before 2.17.8. The TLS
CVE-2020-13613
RESERVED
CVE-2020-13612
- RESERVED
+ REJECTED
CVE-2020-13611
- RESERVED
+ REJECTED
CVE-2020-13610
- RESERVED
+ REJECTED
CVE-2020-13609
- RESERVED
+ REJECTED
CVE-2020-13608
- RESERVED
+ REJECTED
CVE-2020-13607
- RESERVED
+ REJECTED
CVE-2020-13606
- RESERVED
+ REJECTED
CVE-2020-13605
- RESERVED
+ REJECTED
CVE-2020-13604
- RESERVED
+ REJECTED
CVE-2020-13603
RESERVED
CVE-2020-13602
@@ -98204,8 +98293,7 @@ CVE-2019-19344 (There is a use-after-free issue in all
samba 4.9.x versions befo
[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
-CVE-2019-19343
- RESERVED
+CVE-2019-19343 (A flaw was found in Undertow when using Remoting as shipped in
Red Hat ...)
- undertow <unfixed> (bug #948024; unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
NOTE: Issue affects both Undertow and rmeoting, but for adressing the
immediate
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57c512b8466ec73773481ce3b4c7cb706dabe2bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57c512b8466ec73773481ce3b4c7cb706dabe2bc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
