Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4883f5d by security tracker role at 2021-04-21T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-31524
+ RESERVED
+CVE-2021-31522
+ RESERVED
CVE-2021-3510
RESERVED
CVE-2021-3509
@@ -28,7 +32,7 @@ CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was
found in fs/f2fs/no
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
NOTE:
https://lore.kernel.org/lkml/[email protected]/
-CVE-2021-31523 [xscreensaver allows starting external programs with
cap_net_raw]
+CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver
has cap_ ...)
- xscreensaver <unfixed> (bug #987149)
[buster] - xscreensaver <no-dsa> (Minor issue)
[stretch] - xscreensaver <no-dsa> (Minor issue)
@@ -429,12 +433,12 @@ CVE-2021-31331
RESERVED
CVE-2021-31330
RESERVED
-CVE-2021-31329
- RESERVED
+CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the
"Chat" and "P ...)
+ TODO: check
CVE-2021-31328
RESERVED
-CVE-2021-31327
- RESERVED
+CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine
Name Fi ...)
+ TODO: check
CVE-2021-31326
RESERVED
CVE-2021-31325
@@ -3051,8 +3055,8 @@ CVE-2021-30141 (** DISPUTED **
Module/Settings/UserExport.php in Friendica throu
NOT-FOR-US: Friendica
CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email"
functionali ...)
NOT-FOR-US: LiquidFiles
-CVE-2021-30139
- RESERVED
+CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser
allows a b ...)
+ TODO: check
CVE-2021-30138
REJECTED
CVE-2021-30137
@@ -3276,7 +3280,7 @@ CVE-2021-30033
CVE-2021-30032
RESERVED
CVE-2021-30031
- RESERVED
+ REJECTED
CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full
Name fie ...)
NOT-FOR-US: Remote Clinic
CVE-2021-30029
@@ -3450,7 +3454,7 @@ CVE-2021-29951
RESERVED
CVE-2021-29950
RESERVED
- {DSA-4876-1}
+ {DSA-4876-1 DLA-2609-1}
- thunderbird 1:78.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
CVE-2021-29949
@@ -4578,8 +4582,8 @@ CVE-2021-29457 (Exiv2 is a command-line utility and C++
library for reading, wri
NOTE:
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
NOTE: https://github.com/Exiv2/exiv2/issues/1529
NOTE: https://github.com/Exiv2/exiv2/pull/1534
-CVE-2021-29456
- RESERVED
+CVE-2021-29456 (Authelia is an open-source authentication and authorization
server pro ...)
+ TODO: check
CVE-2021-29455 (Grassroot Platform is an application to make it faster,
cheaper and ea ...)
NOT-FOR-US: Grassroot Platform
CVE-2021-29454
@@ -7473,8 +7477,8 @@ CVE-2021-28169
RESERVED
CVE-2021-28168
RESERVED
-CVE-2021-28167
- RESERVED
+CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the
jdk.internal.reflect ...)
+ TODO: check
CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an
authenticated clien ...)
- mosquitto 2.0.10-1 (bug #986701)
[buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
@@ -22503,23 +22507,17 @@ CVE-2021-21649
RESERVED
CVE-2021-21648
RESERVED
-CVE-2021-21647
- RESERVED
+CVE-2021-21647 (Jenkins CloudBees CD Plugin 1.1.21 and earlier does not
perform a perm ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21646
- RESERVED
+CVE-2021-21646 (Jenkins Templating Engine Plugin 2.1 and earlier does not
protect its ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21645
- RESERVED
+CVE-2021-21645 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not
perform ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21644
- RESERVED
+CVE-2021-21644 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Config Fi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21643
- RESERVED
+CVE-2021-21643 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not
correct ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21642
- RESERVED
+CVE-2021-21642 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not
configu ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins
promoted ...)
NOT-FOR-US: Jenkins plugin
@@ -23194,14 +23192,14 @@ CVE-2020-35984
RESERVED
CVE-2020-35983
RESERVED
-CVE-2020-35982
- RESERVED
-CVE-2020-35981
- RESERVED
-CVE-2020-35980
- RESERVED
-CVE-2020-35979
- RESERVED
+CVE-2020-35982 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is an i ...)
+ TODO: check
+CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is an i ...)
+ TODO: check
+CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is a us ...)
+ TODO: check
+CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There
is heap ...)
+ TODO: check
CVE-2020-35978
RESERVED
CVE-2020-35977
@@ -26615,8 +26613,8 @@ CVE-2021-20503 (IBM Jazz Foundation Products are
vulnerable to cross-site script
NOT-FOR-US: IBM
CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External
Entity ...)
NOT-FOR-US: IBM
-CVE-2021-20501
- RESERVED
+CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to
send em ...)
+ TODO: check
CVE-2021-20500
RESERVED
CVE-2021-20499
@@ -26709,8 +26707,8 @@ CVE-2021-20456
RESERVED
CVE-2021-20455
RESERVED
-CVE-2021-20454
- RESERVED
+CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
+ TODO: check
CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is
vulnerable to a ...)
NOT-FOR-US: IBM
CVE-2021-20452
@@ -32599,8 +32597,8 @@ CVE-2020-28984
(prive/formulaires/configurer_preferences.php in SPIP before 3.2.
NOTE:
https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324,
as used i ...)
NOTE: disputed libsvm non issue
-CVE-2020-28973
- RESERVED
+CVE-2020-28973 (The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17)
fails to p ...)
+ TODO: check
CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware
vcenter, vsp ...)
- salt 3002.5+dfsg1-1 (bug #983632)
NOTE:
https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
@@ -47889,16 +47887,16 @@ CVE-2020-23934 (An issue was discovered in RiteCMS
2.2.1. An authenticated user
NOT-FOR-US: RiteCMS
CVE-2020-23933
REJECTED
-CVE-2020-23932
- RESERVED
-CVE-2020-23931
- RESERVED
-CVE-2020-23930
- RESERVED
+CVE-2020-23932 (An issue was discovered in gpac before 1.0.1. A NULL pointer
dereferen ...)
+ TODO: check
+CVE-2020-23931 (An issue was discovered in gpac before 1.0.1. The
abst_box_read functi ...)
+ TODO: check
+CVE-2020-23930 (An issue was discovered in gpac through 20200801. A NULL
pointer deref ...)
+ TODO: check
CVE-2020-23929
RESERVED
-CVE-2020-23928
- RESERVED
+CVE-2020-23928 (An issue was discovered in gpac before 1.0.1. The
abst_box_read functi ...)
+ TODO: check
CVE-2020-23927
RESERVED
CVE-2020-23926
@@ -47909,10 +47907,10 @@ CVE-2020-23924
RESERVED
CVE-2020-23923
RESERVED
-CVE-2020-23922
- RESERVED
-CVE-2020-23921
- RESERVED
+CVE-2020-23922 (An issue was discovered in giflib through 5.1.4.
DumpScreen2RGB in gif ...)
+ TODO: check
+CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex()
in asn_c ...)
+ TODO: check
CVE-2020-23920
RESERVED
CVE-2020-23919
@@ -47923,14 +47921,14 @@ CVE-2020-23917
RESERVED
CVE-2020-23916
RESERVED
-CVE-2020-23915
- RESERVED
-CVE-2020-23914
- RESERVED
+CVE-2020-23915 (An issue was discovered in cpp-peglib through v0.1.12.
peg::resolve_es ...)
+ TODO: check
+CVE-2020-23914 (An issue was discovered in cpp-peglib through v0.1.12. A NULL
pointer ...)
+ TODO: check
CVE-2020-23913
RESERVED
-CVE-2020-23912
- RESERVED
+CVE-2020-23912 (An issue was discovered in Bento4 through v1.6.0-637. A NULL
pointer d ...)
+ TODO: check
CVE-2020-23911
RESERVED
CVE-2020-23910
@@ -47939,8 +47937,8 @@ CVE-2020-23909
RESERVED
CVE-2020-23908
RESERVED
-CVE-2020-23907
- RESERVED
+CVE-2020-23907 (An issue was discovered in retdec v3.3. In function
canSplitFunctionOn ...)
+ TODO: check
CVE-2020-23906
RESERVED
CVE-2020-23905
@@ -64717,7 +64715,7 @@ CVE-2020-15805
CVE-2020-15804
RESERVED
CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through
4.4.x bef ...)
- {DLA-2311-1}
+ {DLA-2631-1 DLA-2311-1}
- zabbix 1:5.0.2+dfsg-1 (bug #966146)
[buster] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-18057
@@ -119502,6 +119500,7 @@ CVE-2019-15133 (In GIFLIB before 2019-02-16, a
malformed GIF file triggers a div
NOTE:
https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/
NOTE: https://sourceforge.net/p/giflib/bugs/119/
CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login
request ...)
+ {DLA-2631-1}
- zabbix 1:5.0.7+dfsg-1 (bug #935027)
[buster] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4883f5d3ac5209bd51f3e922ce7d01430cb8104
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4883f5d3ac5209bd51f3e922ce7d01430cb8104
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
