[Git][security-tracker-team/security-tracker][master] automatic update

Wed Mar 10 08:10:23 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7889a584 by security tracker role at 2021-03-10T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-28124
+	RESERVED
+CVE-2021-28123
+	RESERVED
+CVE-2021-28122
+	RESERVED
+CVE-2021-28121
+	RESERVED
+CVE-2021-28120
+	RESERVED
+CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...)
+	TODO: check
+CVE-2021-28118
+	RESERVED
+CVE-2021-28117
+	RESERVED
+CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...)
+	TODO: check
+CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...)
+	TODO: check
+CVE-2021-28114
+	RESERVED
+CVE-2021-28113
+	RESERVED
+CVE-2021-28112
+	RESERVED
+CVE-2021-28111
+	RESERVED
+CVE-2021-28110
+	RESERVED
+CVE-2021-28109
+	RESERVED
 CVE-2021-XXXX [world-readable user data information]
 	- courier-authlib 0.71.1-2 (bug #984810)
 CVE-2021-3426
@@ -2002,8 +2034,7 @@ CVE-2021-27206
 	RESERVED
 CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
 	NOT-FOR-US: OpenZFS
-CVE-2021-3411
-	RESERVED
+CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10. A viol ...)
 	- linux 5.9.15-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4295,8 +4326,8 @@ CVE-2021-3312
 	RESERVED
 CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
 	NOT-FOR-US: October CMS
-CVE-2021-3310
-	RESERVED
+CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...)
+	TODO: check
 CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...)
 	NOT-FOR-US: Wekan
 CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
@@ -11074,8 +11105,8 @@ CVE-2021-23275
 	RESERVED
 CVE-2021-23274
 	RESERVED
-CVE-2021-23273
-	RESERVED
+CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
+	TODO: check
 CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
 	NOT-FOR-US: TIBCO
 CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX  ...)
@@ -16503,8 +16534,7 @@ CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution.
 	NOT-FOR-US: PrestaShop
 CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...)
 	NOT-FOR-US: Wire
-CVE-2021-21300
-	RESERVED
+CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...)
 	- git <unfixed>
 	[buster] - git <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/
@@ -19004,8 +19034,7 @@ CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
 CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...)
 	NOT-FOR-US: Red Hat Satellite
-CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion]
-	RESERVED
+CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in  ...)
 	- qemu <unfixed> (bug #984451)
 	[buster] - qemu <postponed> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
@@ -19102,12 +19131,14 @@ CVE-2021-20236 [Stack overflow on server running PUB/XPUB socket]
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488
 CVE-2021-20235 [Heap overflow when receiving malformed ZMTP v1 packets]
 	RESERVED
+	{DLA-2588-1}
 	- zeromq3 4.3.3-1
 	NOTE: https://github.com/zeromq/libzmq/pull/3902
 	NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984
 CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/ZAP]
 	RESERVED
+	{DLA-2588-1}
 	- zeromq3 4.3.3-1
 	NOTE: https://github.com/zeromq/libzmq/pull/3918
 	NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
@@ -19665,26 +19696,22 @@ CVE-2020-35526
 	RESERVED
 CVE-2020-35525
 	RESERVED
-CVE-2020-35524 [Heap-based buffer overflow in TIFF2PDF tool]
-	RESERVED
+CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
 	- tiff 4.1.0+git201212-1
 	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
-CVE-2020-35523 [Integer overflow in tif_getimage.c]
-	RESERVED
+CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
 	- tiff 4.1.0+git201212-1
 	[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
-CVE-2020-35522 [Memory allocation failure in tif_pixarlog.c]
-	RESERVED
+CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...)
 	- tiff 4.1.0+git201212-1 (unimportant)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/98a254f5b92cea22f5436555ff7fceb12afee84d
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
 	NOTE: Crash in CLI tool, no security impact
-CVE-2020-35521 [Memory allocation failure in tif_read.c]
-	RESERVED
+CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation failure in tif ...)
 	- tiff 4.1.0+git201212-1 (unimportant)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
@@ -23650,8 +23677,8 @@ CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An a
 	NOT-FOR-US: Lepton-CMS
 CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...)
 	NOT-FOR-US: Online Birth Certificate System Project
-CVE-2020-29238
-	RESERVED
+CVE-2020-29238 (An integer buffer overflow in the Nginx webserver of ExpressVPN Router ...)
+	TODO: check
 CVE-2020-29237
 	RESERVED
 CVE-2020-29236
@@ -24278,8 +24305,8 @@ CVE-2020-28954 (web/controllers/ApiController.groovy in BigBlueButton before 2.2
 	NOT-FOR-US: BigBlueButton
 CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once in a si ...)
 	NOT-FOR-US: BigBlueButton
-CVE-2020-28952
-	RESERVED
+CVE-2020-28952 (An issue was discovered on Athom Homey and Homey Pro devices before 5. ...)
+	TODO: check
 CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter ...)
 	NOT-FOR-US: libuci in OpenWrt
 CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210310/af29ac2b/attachment.htm>
