[Git][security-tracker-team/security-tracker][master] automatic update

Sat Aug 21 09:10:30 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
462d67da by security tracker role at 2021-08-21T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23886,6 +23886,7 @@ CVE-2021-29378
 CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerabil ...)
 	NOT-FOR-US: Pear Admin Think
 CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
+	{DLA-2746-1}
 	- ircii-pana <removed>
 	- ircii 20210314-1 (bug #986214)
 	[buster] - ircii 20190117-1+deb10u1
@@ -41839,12 +41840,12 @@ CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Dec
 	NOT-FOR-US: Xmill (AT&T Labs)
 CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
 	NOT-FOR-US: Xmill (AT&T Labs)
-CVE-2021-21828
-	RESERVED
-CVE-2021-21827
-	RESERVED
-CVE-2021-21826
-	RESERVED
+CVE-2021-21828 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+	TODO: check
+CVE-2021-21827 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+	TODO: check
+CVE-2021-21826 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+	TODO: check
 CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
 	NOT-FOR-US: AT&T Labs Xmill
 CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420  ...)
@@ -67625,8 +67626,8 @@ CVE-2020-24132
 	RESERVED
 CVE-2020-24131
 	RESERVED
-CVE-2020-24130
-	RESERVED
+CVE-2020-24130 (A cross site request forgery (CSRF) vulnerability in the configure.htm ...)
+	TODO: check
 CVE-2020-24129
 	RESERVED
 CVE-2020-24128
@@ -189425,7 +189426,7 @@ CVE-2018-17990 (An issue was discovered on D-Link DSL-3782 devices with firmware
 	NOT-FOR-US: D-Link
 CVE-2018-17989 (A stored XSS vulnerability exists in the web interface on D-Link DSL-3 ...)
 	NOT-FOR-US: D-Link
-CVE-2018-17988 (LayerBB 1.1.1 has SQL Injection via the search.php search_query parame ...)
+CVE-2018-17988 (LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_qu ...)
 	NOT-FOR-US: LayerBB
 CVE-2018-17987 (The determineWinner function of a smart contract implementation for Ha ...)
 	NOT-FOR-US: Some Ethereum application



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/462d67da8b4f8c0ad4ad120d6ceaf50b1e4acf50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/462d67da8b4f8c0ad4ad120d6ceaf50b1e4acf50
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210821/ee7d60b4/attachment-0001.htm>
