Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
935f1509 by security tracker role at 2021-05-28T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-33614
+ RESERVED
+CVE-2021-33613
+ RESERVED
+CVE-2021-33612
+ RESERVED
+CVE-2021-33611
+ RESERVED
+CVE-2021-33610
+ RESERVED
+CVE-2021-33609
+ RESERVED
+CVE-2021-33608
+ RESERVED
+CVE-2021-33607
+ RESERVED
+CVE-2021-33606
+ RESERVED
+CVE-2021-33605
+ RESERVED
+CVE-2021-33604
+ RESERVED
CVE-2021-33603
RESERVED
CVE-2021-33602
@@ -423,8 +445,8 @@ CVE-2021-33410
RESERVED
CVE-2021-33409
RESERVED
-CVE-2021-33408
- RESERVED
+CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio
Control>Center befo ...)
+ TODO: check
CVE-2021-33407
RESERVED
CVE-2021-33406
@@ -13654,8 +13676,8 @@ CVE-2021-27854
RESERVED
CVE-2021-27853
RESERVED
-CVE-2021-27852
- RESERVED
+CVE-2021-27852 (Deserialization of Untrusted Data vulnerability in
CheckboxWeb.dll of ...)
+ TODO: check
CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability
was fou ...)
NOT-FOR-US: Apache Tapestry
CVE-2021-27849
@@ -33690,8 +33712,8 @@ CVE-2021-20028
RESERVED
CVE-2021-20027
RESERVED
-CVE-2021-20026
- RESERVED
+CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an
authent ...)
+ TODO: check
CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and
earlier ...)
NOT-FOR-US: SonicWall
CVE-2021-20024
@@ -71316,61 +71338,61 @@ CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP
dissector could go into an
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html
CVE-2020-15465
- RESERVED
+ REJECTED
CVE-2020-15464
- RESERVED
+ REJECTED
CVE-2020-15463
- RESERVED
+ REJECTED
CVE-2020-15462
- RESERVED
+ REJECTED
CVE-2020-15461
- RESERVED
+ REJECTED
CVE-2020-15460
- RESERVED
+ REJECTED
CVE-2020-15459
- RESERVED
+ REJECTED
CVE-2020-15458
- RESERVED
+ REJECTED
CVE-2020-15457
- RESERVED
+ REJECTED
CVE-2020-15456
- RESERVED
+ REJECTED
CVE-2020-15455
- RESERVED
+ REJECTED
CVE-2020-15454
- RESERVED
+ REJECTED
CVE-2020-15453
- RESERVED
+ REJECTED
CVE-2020-15452
- RESERVED
+ REJECTED
CVE-2020-15451
- RESERVED
+ REJECTED
CVE-2020-15450
- RESERVED
+ REJECTED
CVE-2020-15449
- RESERVED
+ REJECTED
CVE-2020-15448
- RESERVED
+ REJECTED
CVE-2020-15447
- RESERVED
+ REJECTED
CVE-2020-15446
- RESERVED
+ REJECTED
CVE-2020-15445
- RESERVED
+ REJECTED
CVE-2020-15444
- RESERVED
+ REJECTED
CVE-2020-15443
- RESERVED
+ REJECTED
CVE-2020-15442
- RESERVED
+ REJECTED
CVE-2020-15441
- RESERVED
+ REJECTED
CVE-2020-15440
- RESERVED
+ REJECTED
CVE-2020-15439
- RESERVED
+ REJECTED
CVE-2020-15438
- RESERVED
+ REJECTED
CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL
pointer de ...)
- linux 5.7.17-1
[buster] - linux 4.19.146-1
@@ -71995,8 +72017,7 @@ CVE-2020-15182 (The SOY Inquiry component of SOY CMS is
affected by Cross-site R
NOT-FOR-US: SoyCMS
CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies
on untr ...)
NOT-FOR-US: Alfresco Reset Password add-on
-CVE-2020-15180
- RESERVED
+CVE-2020-15180 (A flaw was found in the mysql-wsrep component of mariadb. Lack
of inpu ...)
{DSA-4776-1 DLA-2409-1}
- mariadb-10.5 1:10.5.6-1
[experimental] - mariadb-10.3 1:10.3.27-1~exp1
@@ -74224,8 +74245,7 @@ CVE-2020-14389 (It was found that Keycloak before
version 12.0.0 would permit a
CVE-2020-14388
RESERVED
NOT-FOR-US: 3scale
-CVE-2020-14387 [rsync-ssl does not verify the hostname in the server
certificate when using openssl]
- RESERVED
+CVE-2020-14387 (A flaw was found in rsync in versions since 3.2.0pre1. Rsync
improperl ...)
- rsync 3.2.3-3 (bug #969530)
[buster] - rsync <not-affected> (Vulnerable code introduced later)
[stretch] - rsync <not-affected> (Vulnerable code introduced later)
@@ -74507,14 +74527,11 @@ CVE-2020-14330 (An Improper Output Neutralization for
Logs flaw was found in Ans
NOTE: https://github.com/ansible/ansible/pull/70762
NOTE:
https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
NOTE:
https://github.com/ansible/ansible/commit/76815d3afccc7baffa196456d092f4de94b4fbb1
(v2.9.12)
-CVE-2020-14329
- RESERVED
+CVE-2020-14329 (A data exposure flaw was found in Ansible Tower in versions
before 3.7 ...)
NOT-FOR-US: Ansible Tower
-CVE-2020-14328
- RESERVED
+CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A
Server S ...)
NOT-FOR-US: Ansible Tower
-CVE-2020-14327
- RESERVED
+CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible
Tower i ...)
NOT-FOR-US: Ansible Tower
CVE-2020-14326
RESERVED
@@ -74613,8 +74630,7 @@ CVE-2020-14303 (A flaw was found in the AD DC NBT
server in all Samba versions b
NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external
identity ...)
NOT-FOR-US: Keycloak
-CVE-2020-14301 [leak of sensitive cookie information via dumpxml]
- RESERVED
+CVE-2020-14301 (An information disclosure vulnerability was found in libvirt
in versio ...)
- libvirt <not-affected> (Vulnerable code introduced with 6.2.0)
NOTE: Fixed by:
https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979
NOTE: Fixed by:
https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5
@@ -87102,8 +87118,8 @@ CVE-2020-10147
RESERVED
CVE-2020-10146 (The Microsoft Teams online service contains a stored
cross-site script ...)
NOT-FOR-US: Microsoft Teams
-CVE-2020-10145
- RESERVED
+CVE-2020-10145 (The Adobe ColdFusion installer fails to set a secure
access-control li ...)
+ TODO: check
CVE-2020-10144
RESERVED
CVE-2020-10143 (Macrium Reflect includes an OpenSSL component that specifies
an OPENSS ...)
@@ -109602,8 +109618,7 @@ CVE-2020-1763 (An out-of-bounds buffer read flaw was
found in the pluto daemon o
NOTE: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali
versio ...)
NOT-FOR-US: Kiali
-CVE-2020-1761
- RESERVED
+CVE-2020-1761 (A flaw was found in the OpenShift web console, where the access
token ...)
NOT-FOR-US: OpenShift
CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports
request ...)
{DLA-2171-1}
@@ -109871,11 +109886,9 @@ CVE-2020-1704 (An insecure modification
vulnerability in the /etc/passwd file wa
NOT-FOR-US: openshift
CVE-2020-1703
REJECTED
-CVE-2020-1702
- RESERVED
+CVE-2020-1702 (A malicious container image can consume an unbounded amount of
memory ...)
NOT-FOR-US: Red Hat container manager tooling
-CVE-2020-1701
- RESERVED
+CVE-2020-1701 (A flaw was found in the KubeVirt main virt-handler versions
before 0.2 ...)
NOT-FOR-US: KubeVirt
CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end
handles unexp ...)
- ceph 14.2.7-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935f15094d5aa00eb10eca86e4550047c9e7a2f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/935f15094d5aa00eb10eca86e4550047c9e7a2f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
