Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7889a584 by security tracker role at 2021-03-10T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2021-28124
+ RESERVED
+CVE-2021-28123
+ RESERVED
+CVE-2021-28122
+ RESERVED
+CVE-2021-28121
+ RESERVED
+CVE-2021-28120
+ RESERVED
+CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote
command e ...)
+ TODO: check
+CVE-2021-28118
+ RESERVED
+CVE-2021-28117
+ RESERVED
+CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some
configurations, allo ...)
+ TODO: check
+CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via
the com ...)
+ TODO: check
+CVE-2021-28114
+ RESERVED
+CVE-2021-28113
+ RESERVED
+CVE-2021-28112
+ RESERVED
+CVE-2021-28111
+ RESERVED
+CVE-2021-28110
+ RESERVED
+CVE-2021-28109
+ RESERVED
CVE-2021-XXXX [world-readable user data information]
- courier-authlib 0.71.1-2 (bug #984810)
CVE-2021-3426
@@ -2002,8 +2034,7 @@ CVE-2021-27206
RESERVED
CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS
share is ...)
NOT-FOR-US: OpenZFS
-CVE-2021-3411
- RESERVED
+CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10.
A viol ...)
- linux 5.9.15-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4295,8 +4326,8 @@ CVE-2021-3312
RESERVED
CVE-2021-3311 (An issue was discovered in October through build 471. It
reactivates a ...)
NOT-FOR-US: October CMS
-CVE-2021-3310
- RESERVED
+CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle
Symbol ...)
+ TODO: check
CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can
process co ...)
NOT-FOR-US: Wekan
CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor
4 befor ...)
@@ -11074,8 +11105,8 @@ CVE-2021-23275
RESERVED
CVE-2021-23274
RESERVED
-CVE-2021-23273
- RESERVED
+CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
+ TODO: check
CVE-2021-23272 (The Application Development Clients component of TIBCO
Software Inc.'s ...)
NOT-FOR-US: TIBCO
CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s
TIBCO EBX ...)
@@ -16503,8 +16534,7 @@ CVE-2021-21302 (PrestaShop is a fully scalable open
source e-commerce solution.
NOT-FOR-US: PrestaShop
CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS
(iPhone ...)
NOT-FOR-US: Wire
-CVE-2021-21300
- RESERVED
+CVE-2021-21300 (Git is an open-source distributed revision control system. In
affected ...)
- git <unfixed>
[buster] - git <no-dsa> (Minor issue)
NOTE:
https://lore.kernel.org/git/[email protected]/
@@ -19004,8 +19034,7 @@ CVE-2021-20257 [net: e1000: infinite loop while
processing transmit descriptors]
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface
exposes the p ...)
NOT-FOR-US: Red Hat Satellite
-CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion]
- RESERVED
+CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was
found in ...)
- qemu <unfixed> (bug #984451)
[buster] - qemu <postponed> (Minor issue)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
@@ -19102,12 +19131,14 @@ CVE-2021-20236 [Stack overflow on server running
PUB/XPUB socket]
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488
CVE-2021-20235 [Heap overflow when receiving malformed ZMTP v1 packets]
RESERVED
+ {DLA-2588-1}
- zeromq3 4.3.3-1
NOTE: https://github.com/zeromq/libzmq/pull/3902
NOTE:
https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984
CVE-2021-20234 [Memory leak in client induced by malicious server without
CURVE/ZAP]
RESERVED
+ {DLA-2588-1}
- zeromq3 4.3.3-1
NOTE: https://github.com/zeromq/libzmq/pull/3918
NOTE:
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
@@ -19665,26 +19696,22 @@ CVE-2020-35526
RESERVED
CVE-2020-35525
RESERVED
-CVE-2020-35524 [Heap-based buffer overflow in TIFF2PDF tool]
- RESERVED
+CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the
handling ...)
- tiff 4.1.0+git201212-1
[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
-CVE-2020-35523 [Integer overflow in tif_getimage.c]
- RESERVED
+CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in
the tif_g ...)
- tiff 4.1.0+git201212-1
[stretch] - tiff <no-dsa> (can be fixed along in next DLA)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
-CVE-2020-35522 [Memory allocation failure in tif_pixarlog.c]
- RESERVED
+CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in
tif_pixarlog.c. A craf ...)
- tiff 4.1.0+git201212-1 (unimportant)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/98a254f5b92cea22f5436555ff7fceb12afee84d
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
NOTE: Crash in CLI tool, no security impact
-CVE-2020-35521 [Memory allocation failure in tif_read.c]
- RESERVED
+CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation
failure in tif ...)
- tiff 4.1.0+git201212-1 (unimportant)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
@@ -23650,8 +23677,8 @@ CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by
cross-site scripting (XSS). An a
NOT-FOR-US: Lepton-CMS
CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by
cross-sit ...)
NOT-FOR-US: Online Birth Certificate System Project
-CVE-2020-29238
- RESERVED
+CVE-2020-29238 (An integer buffer overflow in the Nginx webserver of
ExpressVPN Router ...)
+ TODO: check
CVE-2020-29237
RESERVED
CVE-2020-29236
@@ -24278,8 +24305,8 @@ CVE-2020-28954 (web/controllers/ApiController.groovy in
BigBlueButton before 2.2
NOT-FOR-US: BigBlueButton
CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once
in a si ...)
NOT-FOR-US: BigBlueButton
-CVE-2020-28952
- RESERVED
+CVE-2020-28952 (An issue was discovered on Athom Homey and Homey Pro devices
before 5. ...)
+ TODO: check
CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may
encounter ...)
NOT-FOR-US: libuci in OpenWrt
CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior
to KART 4 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
