[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Feb 22 20:10:48 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
146fe271 by security tracker role at 2021-02-22T20:10:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2021-3414
+	RESERVED
+CVE-2021-27565
+	RESERVED
+CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is authentic ...)
+	TODO: check
+CVE-2021-27563
+	RESERVED
+CVE-2021-27562
+	RESERVED
+CVE-2021-27561
+	RESERVED
+CVE-2021-27560
+	RESERVED
+CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
+	TODO: check
 CVE-2021-27558
 	RESERVED
 CVE-2021-27557
@@ -16,8 +32,8 @@ CVE-2021-27551
 	RESERVED
 CVE-2021-27550
 	RESERVED
-CVE-2021-27549
-	RESERVED
+CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...)
+	TODO: check
 CVE-2021-27548
 	RESERVED
 CVE-2021-27547
@@ -412,14 +428,14 @@ CVE-2021-27373
 	RESERVED
 CVE-2021-27372
 	RESERVED
-CVE-2021-27371
-	RESERVED
-CVE-2021-27370
-	RESERVED
-CVE-2021-27369
-	RESERVED
-CVE-2021-27368
-	RESERVED
+CVE-2021-27371 (The Contact page in Monica 2.19.1 allows stored XSS via the Descriptio ...)
+	TODO: check
+CVE-2021-27370 (The Contact page in Monica 2.19.1 allows stored XSS via the Last Name  ...)
+	TODO: check
+CVE-2021-27369 (The Contact page in Monica 2.19.1 allows stored XSS via the Middle Nam ...)
+	TODO: check
+CVE-2021-27368 (The Contact page in Monica 2.19.1 allows stored XSS via the First Name ...)
+	TODO: check
 CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend/Filem ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2021-27366
@@ -599,8 +615,8 @@ CVE-2021-27281
 	RESERVED
 CVE-2021-27280
 	RESERVED
-CVE-2021-27279
-	RESERVED
+CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCo ...)
+	TODO: check
 CVE-2021-27278
 	RESERVED
 CVE-2021-27277
@@ -705,8 +721,8 @@ CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim nav
 	[buster] - mumble <no-dsa> (Minor issue)
 	NOTE: https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
 	NOTE: https://github.com/mumble-voip/mumble/pull/4733
-CVE-2021-27228
-	RESERVED
+CVE-2021-27228 (An issue was discovered in Shinobi through ocean version 1. lib/auth.j ...)
+	TODO: check
 CVE-2021-27227
 	RESERVED
 CVE-2021-27226
@@ -8584,8 +8600,8 @@ CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH server
 CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...)
 	- golang-gogoprotobuf 1.3.2-1
 	NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
-CVE-2021-3120
-	RESERVED
+CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...)
+	TODO: check
 CVE-2021-3119
 	RESERVED
 CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
@@ -37312,8 +37328,8 @@ CVE-2020-24177
 	RESERVED
 CVE-2020-24176
 	RESERVED
-CVE-2020-24175
-	RESERVED
+CVE-2020-24175 (Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius  ...)
+	TODO: check
 CVE-2020-24174
 	RESERVED
 CVE-2020-24173
@@ -40718,10 +40734,10 @@ CVE-2020-22477
 	RESERVED
 CVE-2020-22476
 	RESERVED
-CVE-2020-22475
-	RESERVED
-CVE-2020-22474
-	RESERVED
+CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by insecure permi ...)
+	TODO: check
+CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to specify th ...)
+	TODO: check
 CVE-2020-22473
 	RESERVED
 CVE-2020-22472
@@ -43225,8 +43241,8 @@ CVE-2020-21226
 	RESERVED
 CVE-2020-21225
 	RESERVED
-CVE-2020-21224
-	RESERVED
+CVE-2020-21224 (A Remote Code Execution vulnerability has been found in Inspur Cluster ...)
+	TODO: check
 CVE-2020-21223
 	RESERVED
 CVE-2020-21222
@@ -46157,8 +46173,8 @@ CVE-2020-19764
 	RESERVED
 CVE-2020-19763
 	RESERVED
-CVE-2020-19762
-	RESERVED
+CVE-2020-19762 (Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows  ...)
+	TODO: check
 CVE-2020-19761
 	RESERVED
 CVE-2020-19760



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/146fe2715ac28934df9e2d46b8824256f324af85

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/146fe2715ac28934df9e2d46b8824256f324af85
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210222/70def1b2/attachment.htm>

More information about the debian-security-tracker-commits mailing list