[Git][security-tracker-team/security-tracker][master] automatic update

Tue Dec 28 08:10:18 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8bd91efa by security tracker role at 2021-12-28T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,71 @@
-CVE-2021-45884
+CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer  ...)
+	TODO: check
+CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer  ...)
+	TODO: check
+CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer  ...)
+	TODO: check
+CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+	TODO: check
+CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+	TODO: check
+CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. ...)
+	TODO: check
+CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ...)
+	TODO: check
+CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...)
+	TODO: check
+CVE-2021-45903
+	RESERVED
+CVE-2021-45902
+	RESERVED
+CVE-2021-45901
+	RESERVED
+CVE-2021-45900
+	RESERVED
+CVE-2021-45899
+	RESERVED
+CVE-2021-45898
+	RESERVED
+CVE-2021-45897
+	RESERVED
+CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...)
+	TODO: check
+CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows  ...)
+	TODO: check
+CVE-2021-45894
+	RESERVED
+CVE-2021-45893
+	RESERVED
+CVE-2021-45892
+	RESERVED
+CVE-2021-45891
+	RESERVED
+CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...)
+	TODO: check
+CVE-2021-45889
+	RESERVED
+CVE-2021-45888
+	RESERVED
+CVE-2021-45887
+	RESERVED
+CVE-2021-45886
+	RESERVED
+CVE-2021-45885
+	RESERVED
+CVE-2021-4186
+	RESERVED
+CVE-2021-4185
 	RESERVED
+CVE-2021-4184
+	RESERVED
+CVE-2021-4183
+	RESERVED
+CVE-2021-4182
+	RESERVED
+CVE-2021-4181
+	RESERVED
+CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
+	TODO: check
 CVE-2021-45883
 	RESERVED
 CVE-2021-45882
@@ -404,8 +470,8 @@ CVE-2021-44460
 	RESERVED
 CVE-2021-4178
 	RESERVED
-CVE-2021-4177
-	RESERVED
+CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
+	TODO: check
 CVE-2021-4176
 	RESERVED
 CVE-2021-4175
@@ -6355,8 +6421,8 @@ CVE-2021-43860
 	RESERVED
 CVE-2021-43859
 	RESERVED
-CVE-2021-43858
-	RESERVED
+CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...)
+	TODO: check
 CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to  ...)
 	TODO: check
 CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...)
@@ -67488,8 +67554,8 @@ CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.
 	NOT-FOR-US: GroupSession
 CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...)
 	NOT-FOR-US: GroupSession
-CVE-2021-20873
-	RESERVED
+CVE-2021-20873 (Yappli is an application development platform which provides the funct ...)
+	TODO: check
 CVE-2021-20872
 	RESERVED
 CVE-2021-20871
@@ -95816,12 +95882,12 @@ CVE-2020-21240
 	RESERVED
 CVE-2020-21239
 	RESERVED
-CVE-2020-21238
-	RESERVED
-CVE-2020-21237
-	RESERVED
-CVE-2020-21236
-	RESERVED
+CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers to hijac ...)
+	TODO: check
+CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers to hija ...)
+	TODO: check
+CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit of Dami ...)
+	TODO: check
 CVE-2020-21235
 	RESERVED
 CVE-2020-21234
@@ -96414,18 +96480,18 @@ CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Micro
 	NOT-FOR-US: Microchip Libraries for Applications
 CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...)
 	NOT-FOR-US: STM32 cryptographic firmware library
-CVE-2020-20948
-	RESERVED
+CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows attacker ...)
+	TODO: check
 CVE-2020-20947
 	RESERVED
-CVE-2020-20946
-	RESERVED
-CVE-2020-20945
-	RESERVED
-CVE-2020-20944
-	RESERVED
-CVE-2020-20943
-	RESERVED
+CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability ...)
+	TODO: check
+CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&amp ...)
+	TODO: check
+CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 a ...)
+	TODO: check
+CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&am ...)
+	TODO: check
 CVE-2020-20942
 	RESERVED
 CVE-2020-20941
@@ -101629,6 +101695,7 @@ CVE-2020-18444
 CVE-2020-18443
 	RESERVED
 CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...)
+	{DLA-2859-1}
 	- zziplib 0.13.72+dfsg.1-1
 	[bullseye] - zziplib <no-dsa> (Minor issue)
 	[buster] - zziplib <no-dsa> (Minor issue)
@@ -126232,7 +126299,7 @@ CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows loca
 CVE-2020-9360
 	RESERVED
 CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
-	{DLA-2159-1}
+	{DLA-2856-1 DLA-2159-1}
 	- okular 4:19.12.3-2 (bug #954891)
 	[buster] - okular 4:17.12.2-2.2+deb10u1
 	NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
@@ -188636,7 +188703,7 @@ CVE-2017-18360 (In change_port_settings in drivers/usb/serial/io_ti.c in the Lin
 	[jessie] - linux 3.16.48-1
 	NOTE: Fixed by: https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b
 CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attac ...)
-	{DLA-1653-1}
+	{DLA-2857-1 DLA-1653-1}
 	- postgis 2.3.3+dfsg-1 (low)
 	NOTE: https://trac.osgeo.org/postgis/ticket/3704
 	NOTE: https://trac.osgeo.org/postgis/changeset/15444
@@ -271506,6 +271573,7 @@ CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037
 	NOTE: negligible security impact
 CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...)
+	{DLA-2858-1}
 	[experimental] - libzip 1.3.0+dfsg.1-1
 	- libzip 1.5.1-3 (low; bug #874010)
 	[jessie] - libzip <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bd91efa01dcaebdf6e12045919bb144acb4c110

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bd91efa01dcaebdf6e12045919bb144acb4c110
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211228/afbb7533/attachment.htm>
