automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-04-01 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-04-01 20:10:22 +0000
commit: 12e730e45fe95ef05516352c69900d7a5fe6cf3b (patch)
tree: f4626c377d185e7b81e37b0a783649d461c59cc8 /data/CVE/2021.list
parent: 2aa6d2230dd93889377197611ada3e434855547a (diff)
1 files changed, 46 insertions, 49 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 89b5300c8b..fa6096295a 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,7 @@
+CVE-2021-3481
+	RESERVED
+CVE-2021-29943
+	RESERVED
 CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
 	TODO: check
 CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
@@ -2197,8 +2201,7 @@ CVE-2021-28920
 	RESERVED
 CVE-2021-28919
 	RESERVED
-CVE-2021-28918
-	RESERVED
+CVE-2021-28918 (Improper input validation of octal strings in netmask npm package v1.0 ...)
 	NOT-FOR-US: netmask nodejs module
 	NOTE: https://sick.codes/sick-2021-011
 	NOTE: https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
@@ -2377,6 +2380,7 @@ CVE-2021-28833
 CVE-2021-28832
 	RESERVED
 CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...)
+	{DLA-2614-1}
 	- busybox <unfixed> (bug #985674)
 	[buster] - busybox <no-dsa> (Minor issue)
 	NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
@@ -2782,8 +2786,7 @@ CVE-2021-3448 [fixed outgoing port used when --server is used with an interface
 	[stretch] - dnsmasq <postponed> (Probably easier to base the patch on a backported version)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939368
 	NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
-CVE-2021-3447
-	RESERVED
+CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...)
 	- ansible <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
 	NOTE: check, details on upstream status not yet clear
@@ -3008,10 +3011,10 @@ CVE-2021-28548
 	RESERVED
 CVE-2021-28547
 	RESERVED
-CVE-2021-28546
-	RESERVED
-CVE-2021-28545
-	RESERVED
+CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+	TODO: check
+CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+	TODO: check
 CVE-2021-28544
 	RESERVED
 CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)
@@ -3816,12 +3819,12 @@ CVE-2021-28167
 	RESERVED
 CVE-2021-28166
 	RESERVED
-CVE-2021-28165
-	RESERVED
-CVE-2021-28164
-	RESERVED
-CVE-2021-28163
-	RESERVED
+CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...)
+	TODO: check
+CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...)
+	TODO: check
+CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...)
+	TODO: check
 CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)
@@ -5020,8 +5023,8 @@ CVE-2021-27655
 	RESERVED
 CVE-2021-27654
 	RESERVED
-CVE-2021-27653
-	RESERVED
+CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...)
+	TODO: check
 CVE-2021-27652
 	RESERVED
 CVE-2021-27651
@@ -7097,8 +7100,8 @@ CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.
 	NOTE: Fixed by removing the avahi-daemon-check-dns.sh script.
 CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...)
 	NOT-FOR-US: gradle-enterprise-test-distribution-agent
-CVE-2021-26718
-	RESERVED
+CVE-2021-26718 (KIS for macOS in some use cases was vulnerable to AV bypass that poten ...)
+	TODO: check
 CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x  ...)
 	- asterisk 1:16.16.1~dfsg-1 (bug #983157)
 	[buster] - asterisk <not-affected> (Introduced in 16.15.0)
@@ -7376,8 +7379,7 @@ CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 all
 	NOT-FOR-US: Pryaniki
 CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...)
 	NOT-FOR-US: Millennium Millewin
-CVE-2021-3393 [postgres: information leak in error message]
-	RESERVED
+CVE-2021-3393 (An information leak was discovered in postgresql in versions before 13 ...)
 	- postgresql-13 13.2-1
 	- postgresql-11 <removed>
 	[buster] - postgresql-11 11.11-0+deb10u1
@@ -7419,10 +7421,10 @@ CVE-2021-26583
 	RESERVED
 CVE-2021-26582
 	RESERVED
-CVE-2021-26581
-	RESERVED
-CVE-2021-26580
-	RESERVED
+CVE-2021-26581 (A potential security vulnerability has been identified in HPE Superdom ...)
+	TODO: check
+CVE-2021-26580 (A potential security vulnerability has been identified in HPE iLO Ampl ...)
+	TODO: check
 CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...)
 	NOT-FOR-US: HPE
 CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network  ...)
@@ -8679,8 +8681,8 @@ CVE-2021-26074
 	RESERVED
 CVE-2021-26073
 	RESERVED
-CVE-2021-26072
-	RESERVED
+CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence Data Ce ...)
+	TODO: check
 CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -8997,8 +8999,8 @@ CVE-2021-25926
 	RESERVED
 CVE-2021-25925
 	RESERVED
-CVE-2021-25924
-	RESERVED
+CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
+	TODO: check
 CVE-2021-25923
 	RESERVED
 CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...)
@@ -14740,7 +14742,7 @@ CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-con
 CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
 	NOT-FOR-US: Node port-killer
 CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...)
-	{DLA-2613-1}
+	{DSA-4883-1 DLA-2613-1}
 	- underscore 1.9.1~dfsg-2 (bug #986171)
 	NOTE: https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
 CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...)
@@ -15680,8 +15682,7 @@ CVE-2021-22892
 	RESERVED
 CVE-2021-22891
 	RESERVED
-CVE-2021-22890 [TLS 1.3 session ticket proxy host mixup]
-	RESERVED
+CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...)
 	{DSA-4881-1}
 	- curl <unfixed>
 	NOTE: https://curl.se/docs/CVE-2021-22890.html
@@ -15728,8 +15729,7 @@ CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cros
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
 	- nextcloud-server <itp> (bug #941708)
-CVE-2021-22876 [Automatic referer leaks credentials]
-	RESERVED
+CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...)
 	{DSA-4881-1}
 	- curl <unfixed>
 	NOTE: https://curl.se/docs/CVE-2021-22876.html
@@ -17118,8 +17118,8 @@ CVE-2021-22197
 	RESERVED
 CVE-2021-22196
 	RESERVED
-CVE-2021-22195
-	RESERVED
+CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
+	TODO: check
 CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys  ...)
 	- gitlab <unfixed>
 CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -17165,8 +17165,8 @@ CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. G
 	- gitlab <unfixed>
 CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
-CVE-2021-22177
-	RESERVED
+CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...)
+	TODO: check
 CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2021-22175
@@ -17580,8 +17580,8 @@ CVE-2021-21984
 	RESERVED
 CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API  ...)
 	NOT-FOR-US: vRealize Operations Manager API (Vmware)
-CVE-2021-21982
-	RESERVED
+CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...)
+	TODO: check
 CVE-2021-21981
 	RESERVED
 CVE-2021-21980
@@ -21273,8 +21273,7 @@ CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkMana
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942741 (not yet public)
 	NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
-CVE-2021-20296
-	RESERVED
+CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...)
 	- openexr <unfixed>
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
@@ -21298,8 +21297,8 @@ CVE-2021-20292 [RM Memory Management Double Free Privilege Escalation Vulnerabil
 	[buster] - linux 4.19.146-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686
 	NOTE: https://git.kernel.org/linus/5de5b6ecf97a021f29403aa272cb4e03318ef586
-CVE-2021-20291
-	RESERVED
+CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/storage'  ...)
+	TODO: check
 CVE-2021-20290
 	RESERVED
 CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...)
@@ -21558,15 +21557,13 @@ CVE-2021-20236 [Stack overflow on server running PUB/XPUB socket]
 	NOTE: https://github.com/zeromq/libzmq/pull/3959
 	NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488
-CVE-2021-20235 [Heap overflow when receiving malformed ZMTP v1 packets]
-	RESERVED
+CVE-2021-20235 (There's a flaw in the zeromq server in versions before 4.3.3 in src/de ...)
 	{DLA-2588-1}
 	- zeromq3 4.3.3-1
 	NOTE: https://github.com/zeromq/libzmq/pull/3902
 	NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984
-CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/ZAP]
-	RESERVED
+CVE-2021-20234 (An uncontrolled resource consumption (memory leak) flaw was found in t ...)
 	{DLA-2588-1}
 	- zeromq3 4.3.3-1
 	NOTE: https://github.com/zeromq/libzmq/pull/3918
@@ -22048,8 +22045,8 @@ CVE-2021-20080
 	RESERVED
 CVE-2021-20079
 	RESERVED
-CVE-2021-20078
-	RESERVED
+CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...)
+	TODO: check
 CVE-2021-20077 (Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently  ...)
 	NOT-FOR-US: Nessus Agent
 CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-04-01 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-04-01 20:10:22 +0000
commit	12e730e45fe95ef05516352c69900d7a5fe6cf3b (patch)
tree	f4626c377d185e7b81e37b0a783649d461c59cc8 /data/CVE/2021.list
parent	2aa6d2230dd93889377197611ada3e434855547a (diff)