[Git][security-tracker-team/security-tracker][master] automatic update

Fri May 21 09:10:31 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9cc1ca90 by security tracker role at 2021-05-21T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,15 @@
+CVE-2021-3562
+	RESERVED
+CVE-2021-33484
+	RESERVED
+CVE-2021-33483
+	RESERVED
+CVE-2021-33482
+	RESERVED
+CVE-2021-33478
+	RESERVED
 CVE-2021-3561 [Global buffer overflow in fig2dev/read.c in function read_objects]
+	RESERVED
 	- fig2dev 1:3.2.8-3
 	[buster] - fig2dev <no-dsa> (Minor issue)
 	- transfig <removed>
@@ -602,19 +613,22 @@ CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonControl
 CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...)
 	NOT-FOR-US: Smartstore (aka SmartStoreNET)
 CVE-2021-33481 [stack-based buffer overflow in try_to_divide_boxes() in pgm2asc.c]
+	RESERVED
 	- gocr <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/jocr/bugs/42/
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-33480 [use-after-free in context_correction() in pgm2asc.c]
+	RESERVED
 	- gocr <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/jocr/bugs/40/
 	NOTE: https://sourceforge.net/p/jocr/bugs/41/
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-33479 [stack-based buffer overflow in measure_pitch() in pgm2asc.c]
+	RESERVED
 	- gocr <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/jocr/bugs/39/
 	NOTE: Crash in CLI tool, no security impact
-CVE-2021-33477 [(remote) code execution via ESC G Q]
+CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...)
 	- rxvt <removed>
 	- rxvt-unicode <unfixed> (bug #988763)
 	- mrxvt <removed>
@@ -3100,8 +3114,8 @@ CVE-2021-32034
 	RESERVED
 CVE-2021-32033
 	RESERVED
-CVE-2021-32032
-	RESERVED
+CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated  ...)
+	TODO: check
 CVE-2021-32031
 	RESERVED
 CVE-2020-36362
@@ -10931,8 +10945,8 @@ CVE-2021-28800
 	RESERVED
 CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
 	NOT-FOR-US: QNAP
-CVE-2021-28798
-	RESERVED
+CVE-2021-28798 (A relative path traversal vulnerability has been reported to affect QN ...)
+	TODO: check
 CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...)
 	NOT-FOR-US: QNAP NAS devices
 CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
@@ -25887,8 +25901,8 @@ CVE-2021-22411
 	RESERVED
 CVE-2021-22410
 	RESERVED
-CVE-2021-22409
-	RESERVED
+CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...)
+	TODO: check
 CVE-2021-22408
 	RESERVED
 CVE-2021-22407
@@ -26027,8 +26041,8 @@ CVE-2021-22341
 	RESERVED
 CVE-2021-22340
 	RESERVED
-CVE-2021-22339
-	RESERVED
+CVE-2021-22339 (There is a denial of service vulnerability in some versions of ManageO ...)
+	TODO: check
 CVE-2021-22338
 	RESERVED
 CVE-2021-22337
@@ -45222,8 +45236,8 @@ CVE-2020-27211
 	RESERVED
 CVE-2020-27210
 	RESERVED
-CVE-2020-27209
-	RESERVED
+CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simp ...)
+	TODO: check
 CVE-2020-27208
 	RESERVED
 CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...)
@@ -64428,8 +64442,8 @@ CVE-2020-18222
 	RESERVED
 CVE-2020-18221
 	RESERVED
-CVE-2020-18220
-	RESERVED
+CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...)
+	TODO: check
 CVE-2020-18219
 	RESERVED
 CVE-2020-18218



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc1ca90114f70644fff50a8beea1489c37c5f2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc1ca90114f70644fff50a8beea1489c37c5f2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210521/0515c7a1/attachment-0001.htm>
