[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 23 Mar 2021 13:10:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
22b90e9a by security tracker role at 2021-03-23T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-3461
+       RESERVED
+CVE-2021-29092
+       RESERVED
+CVE-2021-29091
+       RESERVED
+CVE-2021-29090
+       RESERVED
+CVE-2021-29089
+       RESERVED
+CVE-2021-29088
+       RESERVED
+CVE-2021-29087
+       RESERVED
+CVE-2021-29086
+       RESERVED
+CVE-2021-29085
+       RESERVED
+CVE-2021-29084
+       RESERVED
+CVE-2021-29083
+       RESERVED
 CVE-2021-3460
        RESERVED
 CVE-2021-3459
@@ -1268,8 +1290,7 @@ CVE-2021-28494
        RESERVED
 CVE-2021-28493
        RESERVED
-CVE-2021-3444 [bpf: Fix truncation handling for mod32 dst reg wrt zero]
-       RESERVED
+CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle 
mod32 des ...)
        - linux 5.10.19-1
        NOTE: 
https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2
@@ -2500,8 +2521,8 @@ CVE-2021-27971
        RESERVED
 CVE-2021-27970
        RESERVED
-CVE-2021-27969
-       RESERVED
+CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page 
Builder "wi ...)
+       TODO: check
 CVE-2021-27968
        RESERVED
 CVE-2021-27967
@@ -3491,18 +3512,18 @@ CVE-2021-27533
        RESERVED
 CVE-2021-27532
        RESERVED
-CVE-2021-27531
-       RESERVED
-CVE-2021-27530
-       RESERVED
-CVE-2021-27529
-       RESERVED
-CVE-2021-27528
-       RESERVED
-CVE-2021-27527
-       RESERVED
-CVE-2021-27526
-       RESERVED
+CVE-2021-27531 (A cross-site scripting (XSS) vulnerability in DynPG version 
4.9.2 allo ...)
+       TODO: check
+CVE-2021-27530 (A cross-site scripting (XSS) vulnerability in DynPG version 
4.9.2 allo ...)
+       TODO: check
+CVE-2021-27529 (A cross-site scripting (XSS) vulnerability in DynPG version 
4.9.2 allo ...)
+       TODO: check
+CVE-2021-27528 (A cross-site scripting (XSS) vulnerability in DynPG version 
4.9.2 allo ...)
+       TODO: check
+CVE-2021-27527 (A cross-site scripting (XSS) vulnerability in DynPG version 
4.9.2 allo ...)
+       TODO: check
+CVE-2021-27526 (A cross-site scripting (XSS) vulnerability in DynPG version 
4.9.2 allo ...)
+       TODO: check
 CVE-2021-27525
        RESERVED
 CVE-2021-27524
@@ -3993,10 +4014,10 @@ CVE-2021-27312
        RESERVED
 CVE-2021-27311
        RESERVED
-CVE-2021-27310
-       RESERVED
-CVE-2021-27309
-       RESERVED
+CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via 
"langua ...)
+       TODO: check
+CVE-2021-27309 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via 
"module ...)
+       TODO: check
 CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login 
panel in ...)
        NOT-FOR-US: 4images
 CVE-2021-27307
@@ -5650,8 +5671,7 @@ CVE-2021-3393 [postgres: information leak in error 
message]
        - postgresql-11 <removed>
        [buster] - postgresql-11 <no-dsa> (Minor issue)
        NOTE: 
https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
-CVE-2021-3392 [scsi: mptsas: use-after-free while processing io requests]
-       RESERVED
+CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of 
QEMU. This ...)
        - qemu <unfixed> (bug #984449)
        [buster] - qemu <postponed> (Minor issue)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
@@ -13163,10 +13183,10 @@ CVE-2021-23364
        RESERVED
 CVE-2021-23363
        RESERVED
-CVE-2021-23362
-       RESERVED
+CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to 
Regular Exp ...)
+       TODO: check
 CVE-2021-23361
-       RESERVED
+       REJECTED
 CVE-2021-23360 (This affects the package killport before 1.0.2. If 
(attacker-controlle ...)
        NOT-FOR-US: Node killport
 CVE-2021-23359 (This affects all versions of package port-killer. If 
(attacker-control ...)
@@ -13365,8 +13385,8 @@ CVE-2021-23276
        RESERVED
 CVE-2021-23275
        RESERVED
-CVE-2021-23274
-       RESERVED
+CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API 
Exchange Ga ...)
+       TODO: check
 CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO 
Spotfire  ...)
        NOT-FOR-US: TIBCO
 CVE-2021-23272 (The Application Development Clients component of TIBCO 
Software Inc.'s ...)
@@ -18578,8 +18598,8 @@ CVE-2021-21403
        RESERVED
 CVE-2021-21402
        RESERVED
-CVE-2021-21401
-       RESERVED
+CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in 
ansi C. ...)
+       TODO: check
 CVE-2021-21400
        RESERVED
 CVE-2021-21399
@@ -18624,10 +18644,10 @@ CVE-2021-21379 (XWiki Platform is a generic wiki 
platform offering runtime servi
        NOT-FOR-US: XWiki
 CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service 
proxy. In ...)
        NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2021-21377
-       RESERVED
-CVE-2021-21376
-       RESERVED
+CVE-2021-21377 (OMERO.web is open source Django-based software for managing 
microscopy ...)
+       TODO: check
+CVE-2021-21376 (OMERO.web is open source Django-based software for managing 
microscopy ...)
+       TODO: check
 CVE-2021-21375 (PJSIP is a free and open source multimedia communication 
library writt ...)
        - pjproject <removed>
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
@@ -21281,8 +21301,7 @@ CVE-2021-20271
        [buster] - rpm <no-dsa> (Minor issue)
        [stretch] - rpm <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
-CVE-2021-20270
-       RESERVED
+CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 
may lea ...)
        {DSA-4870-1 DLA-2590-1}
        - pygments 2.7.1+dfsg-2 (bug #984664)
        NOTE: https://github.com/pygments/pygments/issues/1625
@@ -21507,8 +21526,7 @@ CVE-2021-20228 [basic.py no_log with fallback option]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
        NOTE: https://github.com/ansible/ansible/pull/73487
        NOTE: Mark ansible/2.10.7-1 fixing which is moving the code to 
ansible-base
-CVE-2021-20227
-       RESERVED
+CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality 
(src/select.c) ...)
        - sqlite3 3.34.1-1
        [buster] - sqlite3 <not-affected> (Introduced in 3.33)
        [stretch] - sqlite3 <not-affected> (Introduced in 3.33)
@@ -21529,8 +21547,7 @@ CVE-2021-20224
        RESERVED
 CVE-2021-20223
        RESERVED
-CVE-2021-20222
-       RESERVED
+CVE-2021-20222 (A flaw was found in keycloak. The new account console in 
keycloak can  ...)
        NOT-FOR-US: Keycloak
 CVE-2021-20221 [GIC: out-of-bound heap buffer access via an interrupt ID field]
        RESERVED
@@ -21543,8 +21560,7 @@ CVE-2021-20220 (A flaw was found in Undertow. A 
regression in the fix for CVE-20
        - undertow <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
        TODO: CVE for incomplete fix for CVE-2020-10687 but not clear if 
affected any Debian released version
-CVE-2021-20219 [improper synchronization in flush_to_ldisc() can lead to DoS]
-       RESERVED
+CVE-2021-20219 (A denial of service vulnerability was found in 
n_tty_receive_char_spec ...)
        - linux <not-affected> (Red Hat specific issue)
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16
@@ -28849,8 +28865,8 @@ CVE-2020-28505
        RESERVED
 CVE-2020-28504
        RESERVED
-CVE-2020-28503
-       RESERVED
+CVE-2020-28503 (The package copy-props before 2.0.5 are vulnerable to 
Prototype Pollut ...)
+       TODO: check
 CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all 
versions of  ...)
        - node-xmlhttprequest 1.8.0-1
        [stretch] - node-xmlhttprequest <end-of-life> (Nodejs in stretch not 
covered by security support)
@@ -39195,7 +39211,7 @@ CVE-2020-25099
 CVE-2020-25098
        RESERVED
 CVE-2020-25097 (An issue was discovered in Squid through 4.13 and 5.x through 
5.0.4. D ...)
-       {DLA-2598-1}
+       {DSA-4873-1 DLA-2598-1}
        - squid 4.13-8 (bug #985068)
        - squid3 <removed>
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
@@ -67589,8 +67605,8 @@ CVE-2020-12485 (The frame touch module does not make 
validity judgments on param
        NOT-FOR-US: Vivo
 CVE-2020-12484
        RESERVED
-CVE-2020-12483
-       RESERVED
+CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, 
and the a ...)
+       TODO: check
 CVE-2020-12482
        RESERVED
 CVE-2020-12481
@@ -82233,8 +82249,8 @@ CVE-2020-7348
        RESERVED
 CVE-2020-7347
        RESERVED
-CVE-2020-7346
-       RESERVED
+CVE-2020-7346 (Privilege Escalation vulnerability in McAfee Data Loss 
Prevention (DLP ...)
+       TODO: check
 CVE-2020-7345
        RESERVED
 CVE-2020-7344



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b90e9abe32a5b6877879b76c379fc8b4b4b702

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b90e9abe32a5b6877879b76c379fc8b4b4b702
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to