Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
93a85b8d by security tracker role at 2021-04-16T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,35 @@
+CVE-2021-3501
+ RESERVED
+CVE-2021-31416
+ RESERVED
+CVE-2021-31415
+ RESERVED
+CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for
Visual Studi ...)
+ TODO: check
+CVE-2021-31413
+ RESERVED
+CVE-2021-31412
+ RESERVED
+CVE-2021-31411
+ RESERVED
+CVE-2021-31410
+ RESERVED
+CVE-2021-31409
+ RESERVED
+CVE-2021-31408
+ RESERVED
+CVE-2021-31407
+ RESERVED
+CVE-2021-31406
+ RESERVED
+CVE-2021-31405
+ RESERVED
+CVE-2021-31404
+ RESERVED
+CVE-2021-31403
+ RESERVED
CVE-2021-3502 [reachable assertion in avahi_s_host_name_resolver_start when
trying to resolve badly-formatted hostnames]
+ RESERVED
- avahi <unfixed> (bug #986018)
[buster] - avahi <not-affected> (Vulnerable code introduced later)
[stretch] - avahi <not-affected> (Vulnerable code introduced later)
@@ -2443,8 +2474,8 @@ CVE-2021-30247
RESERVED
CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some
invalid RSA ...)
NOT-FOR-US: Node jsrasign
-CVE-2021-30245
- RESERVED
+CVE-2021-30245 (The project received a report that all versions of Apache
OpenOffice t ...)
+ TODO: check
CVE-2020-36316 (In RELIC before 2021-04-03, there is a buffer overflow in
PKCS#1 v1.5 ...)
NOT-FOR-US: RELIC
CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery
can occu ...)
@@ -4241,14 +4272,14 @@ CVE-2021-29452
RESERVED
CVE-2021-29451
RESERVED
-CVE-2021-29450
- RESERVED
+CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the
WordPress ed ...)
+ TODO: check
CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet
tracker bl ...)
NOT-FOR-US: Pi-hole
CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet
tracker bl ...)
NOT-FOR-US: Pi-hole
-CVE-2021-29447
- RESERVED
+CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to
upload fil ...)
+ TODO: check
CVE-2021-29446
RESERVED
CVE-2021-29445
@@ -4277,12 +4308,12 @@ CVE-2021-29434
RESERVED
CVE-2021-29433 (### Impact Missing input validation of some parameters on the
endpoint ...)
TODO: check
-CVE-2021-29432
- RESERVED
-CVE-2021-29431
- RESERVED
-CVE-2021-29430
- RESERVED
+CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user
could a ...)
+ TODO: check
+CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be
induced to ...)
+ TODO: check
+CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not
limit th ...)
+ TODO: check
CVE-2021-29429 (In Gradle before version 7.0, files created with open
permissions in t ...)
- gradle <unfixed>
NOTE:
https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8
@@ -8340,10 +8371,10 @@ CVE-2021-27694
RESERVED
CVE-2021-27693
RESERVED
-CVE-2021-27692
- RESERVED
-CVE-2021-27691
- RESERVED
+CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware
versions v1 ...)
+ TODO: check
+CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions
v15.11.0. ...)
+ TODO: check
CVE-2021-27690
RESERVED
CVE-2021-27689
@@ -12183,10 +12214,10 @@ CVE-2021-26076 (The jira.editor.user.mode cookie set
by the Jira Editor Plugin i
NOT-FOR-US: Atlassian
CVE-2021-26075 (The Jira importers plugin AttachTemporaryFile rest resource in
Jira Se ...)
NOT-FOR-US: Atlassian
-CVE-2021-26074
- RESERVED
-CVE-2021-26073
- RESERVED
+CVE-2021-26074 (Broken Authentication in Atlassian Connect Spring Boot (ACSB)
from ver ...)
+ TODO: check
+CVE-2021-26073 (Broken Authentication in Atlassian Connect Express (ACE) from
version ...)
+ TODO: check
CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence
Data Ce ...)
NOT-FOR-US: Atlassian
CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data
Center bef ...)
@@ -23833,8 +23864,8 @@ CVE-2021-21407
RESERVED
CVE-2021-21406
RESERVED
-CVE-2021-21405
- RESERVED
+CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in
Go. BLS ...)
+ TODO: check
CVE-2021-21404 (Syncthing is a continuous file synchronization program. In
Syncthing b ...)
- syncthing <unfixed> (bug #986593)
[buster] - syncthing <no-dsa> (Minor issue)
@@ -158781,8 +158812,8 @@ CVE-2018-19944 (A cleartext transmission of sensitive
information vulnerability
NOT-FOR-US: QNAP
CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
NOT-FOR-US: QNAP
-CVE-2018-19942
- RESERVED
+CVE-2018-19942 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If
exploited, th ...)
NOT-FOR-US: QNAP
CVE-2018-19940
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a85b8d9fa40608cbaf4af3589c0a469dfc852b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93a85b8d9fa40608cbaf4af3589c0a469dfc852b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
