[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jun 7 09:10:30 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a28dca40 by security tracker role at 2021-06-07T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2021-33899
+	RESERVED
+CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...)
+	TODO: check
+CVE-2021-33897
+	RESERVED
+CVE-2021-33896
+	RESERVED
+CVE-2021-33895
+	RESERVED
+CVE-2021-33894
+	RESERVED
+CVE-2021-33893
+	RESERVED
+CVE-2021-33892
+	RESERVED
+CVE-2021-33891
+	RESERVED
+CVE-2021-33890
+	RESERVED
+CVE-2021-33889
+	RESERVED
+CVE-2021-33888
+	RESERVED
+CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...)
+	TODO: check
 CVE-2021-33887
 	RESERVED
 CVE-2021-33886
@@ -14,8 +40,8 @@ CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interru
 	NOT-FOR-US: NXP
 CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...)
 	TODO: check
-CVE-2021-33879
-	RESERVED
+CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure  ...)
+	TODO: check
 CVE-2021-33878
 	RESERVED
 CVE-2021-33877
@@ -9284,7 +9310,7 @@ CVE-2021-29968
 	RESERVED
 CVE-2021-29967
 	RESERVED
-	{DSA-4927-1 DSA-4925-1 DLA-2673-1}
+	{DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1}
 	- firefox-esr 78.11.0esr-1
 	- firefox 89.0-1
 	- thunderbird 1:78.11.0-1
@@ -9333,12 +9359,12 @@ CVE-2021-29958
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29958
 CVE-2021-29957
 	RESERVED
-	{DSA-4927-1}
+	{DSA-4927-1 DLA-2679-1}
 	- thunderbird 1:78.10.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957
 CVE-2021-29956
 	RESERVED
-	{DSA-4927-1}
+	{DSA-4927-1 DLA-2679-1}
 	- thunderbird 1:78.10.2-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956
 CVE-2021-29955
@@ -47302,8 +47328,8 @@ CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a D
 	NOT-FOR-US: Fritz OS
 CVE-2020-26886 (Softaculous before 5.5.7 is affected by a code execution vulnerability ...)
 	NOT-FOR-US: Softaculous
-CVE-2020-26885
-	RESERVED
+CVE-2020-26885 (An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability ...)
+	TODO: check
 CVE-2020-26884 (RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulner ...)
 	NOT-FOR-US: RSA Archer
 CVE-2020-26883 (In Play Framework 2.6.0 through 2.8.2, stack consumption can occur bec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a28dca402121c6f3122b0a315217ac49b2a7d76a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a28dca402121c6f3122b0a315217ac49b2a7d76a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210607/2675d51d/attachment-0001.htm>
