Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
545ac341 by security tracker role at 2021-04-02T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,128 @@
-CVE-2021-30002 [media: v4l: ioctl: Fix memory leak in video_usercopy]
+CVE-2021-30006
+ RESERVED
+CVE-2021-30005
+ RESERVED
+CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur
because A ...)
+ TODO: check
+CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91
devices. Ther ...)
+ TODO: check
+CVE-2021-30001
+ RESERVED
+CVE-2021-30000
+ RESERVED
+CVE-2021-29999
+ RESERVED
+CVE-2021-29998
+ RESERVED
+CVE-2021-29997
+ RESERVED
+CVE-2021-29996
+ RESERVED
+CVE-2021-29995
+ RESERVED
+CVE-2021-29994
+ RESERVED
+CVE-2021-29993
+ RESERVED
+CVE-2021-29992
+ RESERVED
+CVE-2021-29991
+ RESERVED
+CVE-2021-29990
+ RESERVED
+CVE-2021-29989
+ RESERVED
+CVE-2021-29988
+ RESERVED
+CVE-2021-29987
+ RESERVED
+CVE-2021-29986
+ RESERVED
+CVE-2021-29985
+ RESERVED
+CVE-2021-29984
+ RESERVED
+CVE-2021-29983
+ RESERVED
+CVE-2021-29982
+ RESERVED
+CVE-2021-29981
+ RESERVED
+CVE-2021-29980
+ RESERVED
+CVE-2021-29979
+ RESERVED
+CVE-2021-29978
+ RESERVED
+CVE-2021-29977
+ RESERVED
+CVE-2021-29976
+ RESERVED
+CVE-2021-29975
+ RESERVED
+CVE-2021-29974
+ RESERVED
+CVE-2021-29973
+ RESERVED
+CVE-2021-29972
+ RESERVED
+CVE-2021-29971
+ RESERVED
+CVE-2021-29970
+ RESERVED
+CVE-2021-29969
+ RESERVED
+CVE-2021-29968
+ RESERVED
+CVE-2021-29967
+ RESERVED
+CVE-2021-29966
+ RESERVED
+CVE-2021-29965
+ RESERVED
+CVE-2021-29964
+ RESERVED
+CVE-2021-29963
+ RESERVED
+CVE-2021-29962
+ RESERVED
+CVE-2021-29961
+ RESERVED
+CVE-2021-29960
+ RESERVED
+CVE-2021-29959
+ RESERVED
+CVE-2021-29958
+ RESERVED
+CVE-2021-29957
+ RESERVED
+CVE-2021-29956
+ RESERVED
+CVE-2021-29955
+ RESERVED
+CVE-2021-29954
+ RESERVED
+CVE-2021-29953
+ RESERVED
+CVE-2021-29952
+ RESERVED
+CVE-2021-29951
+ RESERVED
+CVE-2021-29950
+ RESERVED
+CVE-2021-29949
+ RESERVED
+CVE-2021-29948
+ RESERVED
+CVE-2021-29947
+ RESERVED
+CVE-2021-29946
+ RESERVED
+CVE-2021-29945
+ RESERVED
+CVE-2021-29944
+ RESERVED
+CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when
a webca ...)
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
@@ -1148,8 +1272,8 @@ CVE-2021-3472
RESERVED
CVE-2021-29422
RESERVED
-CVE-2021-29421
- RESERVED
+CVE-2021-29421 (models/metadata.py in the pikepdf package 1.3.0 through 2.9.2
for Pyth ...)
+ TODO: check
CVE-2021-29420
RESERVED
CVE-2021-29419
@@ -2114,10 +2238,10 @@ CVE-2021-28974
RESERVED
CVE-2021-28973
RESERVED
-CVE-2021-28970
- RESERVED
-CVE-2021-28969
- RESERVED
+CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500
devices ...)
+ TODO: check
+CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote
authenticat ...)
+ TODO: check
CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS
vulnerability in ...)
NOT-FOR-US: PunBB
CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio
Code al ...)
@@ -4260,8 +4384,8 @@ CVE-2021-28049
RESERVED
CVE-2021-28048
RESERVED
-CVE-2021-28047
- RESERVED
+CVE-2021-28047 (Cross-Site Scripting (XSS) in Administrative Reports in
Devolutions Re ...)
+ TODO: check
CVE-2021-28046
RESERVED
CVE-2021-28045
@@ -13890,16 +14014,16 @@ CVE-2021-23927 (OX App Suite through 7.10.4 allows
SSRF via a URL with an @ char
CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not
set the p ...)
- xmlbeans 3.0.2-1
NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517
-CVE-2021-23925
- RESERVED
-CVE-2021-23924
- RESERVED
-CVE-2021-23923
- RESERVED
-CVE-2021-23922
- RESERVED
-CVE-2021-23921
- RESERVED
+CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3.
There is ...)
+ TODO: check
+CVE-2021-23924 (An issue was discovered in Devolutions Server before 2020.3.
There is ...)
+ TODO: check
+CVE-2021-23923 (An issue was discovered in Devolutions Server before 2020.3.
There is ...)
+ TODO: check
+CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager
before 2 ...)
+ TODO: check
+CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3.
There is ...)
+ TODO: check
CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request
that lac ...)
NOT-FOR-US: JupyterHub
CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2
allows ...)
@@ -20486,18 +20610,18 @@ CVE-2021-21423
RESERVED
CVE-2021-21422
RESERVED
-CVE-2021-21421
- RESERVED
-CVE-2021-21420
- RESERVED
+CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client.
Applications that a ...)
+ TODO: check
+CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A
vulnerability ...)
+ TODO: check
CVE-2021-21419
RESERVED
CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for
the Prest ...)
NOT-FOR-US: PrestaShop
CVE-2021-21417
RESERVED
-CVE-2021-21416
- RESERVED
+CVE-2021-21416 (django-registration is a user registration package for Django.
The dja ...)
+ TODO: check
CVE-2021-21415
RESERVED
CVE-2021-21414
@@ -23252,7 +23376,7 @@ CVE-2021-20278
NOT-FOR-US: Kiali
CVE-2021-20277 [Out of bounds read in AD DC LDAP server]
RESERVED
- {DLA-2611-1}
+ {DSA-4884-1 DLA-2611-1}
- ldb 2:2.2.0-3.1 (bug #985935)
- samba <unfixed> (unimportant)
NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html
@@ -34102,7 +34226,7 @@ CVE-2020-27841 (There's a flaw in openjpeg in versions
prior to 2.4.0 in src/lib
NOTE:
https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce
(v2.4.0)
CVE-2020-27840 [Heap corruption via crafted DN strings]
RESERVED
- {DLA-2611-1}
+ {DSA-4884-1 DLA-2611-1}
- ldb 2:2.2.0-3.1 (bug #985936)
- samba <unfixed> (unimportant)
NOTE: https://www.samba.org/samba/security/CVE-2020-27840.html
@@ -75868,7 +75992,7 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's
implementation of Userspa
CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the
Red Hat ...)
NOT-FOR-US: Red Hat OpenStack platform
CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw
was found ...)
- {DLA-2463-1}
+ {DSA-4884-1 DLA-2463-1}
- ldb 2:2.1.4-1
[stretch] - ldb <not-affected> (Vulnerable code introduced later)
- samba 2:4.12.5+dfsg-1
@@ -98983,7 +99107,7 @@ CVE-2020-1948 (This vulnerability can affect all Dubbo
users stay on version 2.7
CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the
ShardingS ...)
NOT-FOR-US: Apache ShardingSphere
CVE-2020-1946 (In Apache SpamAssassin before 3.4.5, malicious rule
configuration (.cf ...)
- {DSA-4879-1}
+ {DSA-4879-1 DLA-2615-1}
- spamassassin 3.4.5~pre1-1 (bug #985962)
NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/3
NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not
public)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ac34115263df72bc442ce8747136bc8e1569f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/545ac34115263df72bc442ce8747136bc8e1569f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
