[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Feb 23 08:10:26 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7159cfca by security tracker role at 2021-02-23T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-27574
+	RESERVED
+CVE-2021-27573
+	RESERVED
+CVE-2021-27572
+	RESERVED
+CVE-2021-27571
+	RESERVED
+CVE-2021-27570
+	RESERVED
+CVE-2021-27569
+	RESERVED
+CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...)
+	TODO: check
+CVE-2021-27567
+	RESERVED
+CVE-2021-27566
+	RESERVED
 CVE-2021-3414
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite
@@ -820,8 +838,8 @@ CVE-2021-3408
 	RESERVED
 CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...)
 	NOT-FOR-US: PEEL Shopping cart
-CVE-2021-27189
-	RESERVED
+CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...)
+	TODO: check
 CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...)
 	NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
 CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...)
@@ -1332,7 +1350,7 @@ CVE-2021-26940
 	RESERVED
 CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...)
 	NOT-FOR-US: henriquedornas
-CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...)
+CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via  ...)
 	NOT-FOR-US: henriquedornas
 CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of  ...)
 	{DLA-2558-1}
@@ -1859,10 +1877,10 @@ CVE-2021-26727
 	RESERVED
 CVE-2021-26726
 	RESERVED
-CVE-2021-26725
-	RESERVED
-CVE-2021-26724
-	RESERVED
+CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
+	TODO: check
+CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
+	TODO: check
 CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. ...)
 	NOT-FOR-US: Jenzabar
 CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because  ...)
@@ -2886,7 +2904,7 @@ CVE-2021-3338
 	RESERVED
 CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
 	NOT-FOR-US: MyBB
-CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not  ...)
+CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...)
 	- wolfssl 4.6.0-3
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/3676
 CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...)
@@ -2997,8 +3015,8 @@ CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow
 	NOT-FOR-US: Atlassian
 CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...)
 	NOT-FOR-US: Atlassian
-CVE-2020-36232
-	RESERVED
+CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before version 4 ...)
+	TODO: check
 CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
@@ -8645,8 +8663,8 @@ CVE-2021-23829
 	RESERVED
 CVE-2021-23828
 	RESERVED
-CVE-2021-23827
-	RESERVED
+CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...)
+	TODO: check
 CVE-2021-23826
 	RESERVED
 CVE-2021-23825
@@ -11159,20 +11177,20 @@ CVE-2021-22651
 	RESERVED
 CVE-2021-22650
 	RESERVED
-CVE-2021-22649
-	RESERVED
+CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22648
 	RESERVED
-CVE-2021-22647
-	RESERVED
+CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22646
 	RESERVED
-CVE-2021-22645
-	RESERVED
+CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22644
 	RESERVED
-CVE-2021-22643
-	RESERVED
+CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions  ...)
+	TODO: check
 CVE-2021-22642
 	RESERVED
 CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the  ...)
@@ -14333,8 +14351,8 @@ CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in t
 	NOT-FOR-US: Textpattern CMS
 CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...)
 	NOT-FOR-US: 4images Image Gallery Management System
-CVE-2020-35852
-	RESERVED
+CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker has to  ...)
+	TODO: check
 CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
 	NOT-FOR-US: HGiga MailSherlock
 CVE-2021-21443
@@ -15490,48 +15508,39 @@ CVE-2021-21159
 	RESERVED
 CVE-2021-21158
 	RESERVED
-CVE-2021-21157
-	RESERVED
+CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior to 88.0. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21156
-	RESERVED
+CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 all ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21155
-	RESERVED
+CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21154
-	RESERVED
+CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21153
-	RESERVED
+CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux prior t ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21152
-	RESERVED
+CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21151
-	RESERVED
+CVE-2021-21151 (Use after free in Payments in Google Chrome prior to 88.0.4324.182 all ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21150
-	RESERVED
+CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior to 88.0. ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21149
-	RESERVED
+CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on Linux prior ...)
 	{DSA-4858-1}
 	- chromium 88.0.4324.182-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -22546,8 +22555,8 @@ CVE-2020-29077
 	RESERVED
 CVE-2020-29076
 	RESERVED
-CVE-2020-29075
-	RESERVED
+CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.3001 ...)
+	TODO: check
 CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...)
 	{DSA-4799-1 DLA-2490-1}
 	- x11vnc 0.9.16-5 (bug #975875)
@@ -28298,8 +28307,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the
 CVE-2020-27820 [use-after-free in nouveau kernel module]
 	RESERVED
 	- linux <unfixed>
-CVE-2020-27819 [NULL pointer dereference via crafted xls file]
-	RESERVED
+CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...)
 	- r-cran-readxl <not-affected> (Embeds libxls, but not affected)
 	NOTE: https://github.com/libxls/libxls/issues/84
 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...)
@@ -28485,8 +28493,7 @@ CVE-2020-27769
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d
-CVE-2020-27768
-	RESERVED
+CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values  ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
@@ -33765,8 +33772,7 @@ CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer ove
 	NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505
 CVE-2020-25691
 	RESERVED
-CVE-2020-25690
-	RESERVED
+CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions before  ...)
 	- fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not applied)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7159cfca60efaf405f65512275828852ab453a21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7159cfca60efaf405f65512275828852ab453a21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210223/afe86b10/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list