[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 10 08:10:23 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7889a584 by security tracker role at 2021-03-10T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-28124
+ RESERVED
+CVE-2021-28123
+ RESERVED
+CVE-2021-28122
+ RESERVED
+CVE-2021-28121
+ RESERVED
+CVE-2021-28120
+ RESERVED
+CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...)
+ TODO: check
+CVE-2021-28118
+ RESERVED
+CVE-2021-28117
+ RESERVED
+CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...)
+ TODO: check
+CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...)
+ TODO: check
+CVE-2021-28114
+ RESERVED
+CVE-2021-28113
+ RESERVED
+CVE-2021-28112
+ RESERVED
+CVE-2021-28111
+ RESERVED
+CVE-2021-28110
+ RESERVED
+CVE-2021-28109
+ RESERVED
CVE-2021-XXXX [world-readable user data information]
- courier-authlib 0.71.1-2 (bug #984810)
CVE-2021-3426
@@ -2002,8 +2034,7 @@ CVE-2021-27206
RESERVED
CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
NOT-FOR-US: OpenZFS
-CVE-2021-3411
- RESERVED
+CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10. A viol ...)
- linux 5.9.15-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4295,8 +4326,8 @@ CVE-2021-3312
RESERVED
CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
NOT-FOR-US: October CMS
-CVE-2021-3310
- RESERVED
+CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...)
+ TODO: check
CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...)
NOT-FOR-US: Wekan
CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
@@ -11074,8 +11105,8 @@ CVE-2021-23275
RESERVED
CVE-2021-23274
RESERVED
-CVE-2021-23273
- RESERVED
+CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ TODO: check
CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
NOT-FOR-US: TIBCO
CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX ...)
@@ -16503,8 +16534,7 @@ CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution.
NOT-FOR-US: PrestaShop
CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...)
NOT-FOR-US: Wire
-CVE-2021-21300
- RESERVED
+CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...)
- git <unfixed>
[buster] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/
@@ -19004,8 +19034,7 @@ CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...)
NOT-FOR-US: Red Hat Satellite
-CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion]
- RESERVED
+CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...)
- qemu <unfixed> (bug #984451)
[buster] - qemu <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
@@ -19102,12 +19131,14 @@ CVE-2021-20236 [Stack overflow on server running PUB/XPUB socket]
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488
CVE-2021-20235 [Heap overflow when receiving malformed ZMTP v1 packets]
RESERVED
+ {DLA-2588-1}
- zeromq3 4.3.3-1
NOTE: https://github.com/zeromq/libzmq/pull/3902
NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984
CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/ZAP]
RESERVED
+ {DLA-2588-1}
- zeromq3 4.3.3-1
NOTE: https://github.com/zeromq/libzmq/pull/3918
NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
@@ -19665,26 +19696,22 @@ CVE-2020-35526
RESERVED
CVE-2020-35525
RESERVED
-CVE-2020-35524 [Heap-based buffer overflow in TIFF2PDF tool]
- RESERVED
+CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
- tiff 4.1.0+git201212-1
[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
-CVE-2020-35523 [Integer overflow in tif_getimage.c]
- RESERVED
+CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
- tiff 4.1.0+git201212-1
[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
-CVE-2020-35522 [Memory allocation failure in tif_pixarlog.c]
- RESERVED
+CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...)
- tiff 4.1.0+git201212-1 (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/98a254f5b92cea22f5436555ff7fceb12afee84d
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
NOTE: Crash in CLI tool, no security impact
-CVE-2020-35521 [Memory allocation failure in tif_read.c]
- RESERVED
+CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation failure in tif ...)
- tiff 4.1.0+git201212-1 (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
@@ -23650,8 +23677,8 @@ CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An a
NOT-FOR-US: Lepton-CMS
CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...)
NOT-FOR-US: Online Birth Certificate System Project
-CVE-2020-29238
- RESERVED
+CVE-2020-29238 (An integer buffer overflow in the Nginx webserver of ExpressVPN Router ...)
+ TODO: check
CVE-2020-29237
RESERVED
CVE-2020-29236
@@ -24278,8 +24305,8 @@ CVE-2020-28954 (web/controllers/ApiController.groovy in BigBlueButton before 2.2
NOT-FOR-US: BigBlueButton
CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once in a si ...)
NOT-FOR-US: BigBlueButton
-CVE-2020-28952
- RESERVED
+CVE-2020-28952 (An issue was discovered on Athom Homey and Homey Pro devices before 5. ...)
+ TODO: check
CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter ...)
NOT-FOR-US: libuci in OpenWrt
CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210310/af29ac2b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list