[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 28 Dec 2021 00:10:27 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8bd91efa by security tracker role at 2021-12-28T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,71 @@
-CVE-2021-45884
+CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based 
buffer  ...)
+       TODO: check
+CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based 
buffer  ...)
+       TODO: check
+CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based 
buffer  ...)
+       TODO: check
+CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a 
stack-based buffer ...)
+       TODO: check
+CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a 
stack-based buffer ...)
+       TODO: check
+CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. ...)
+       TODO: check
+CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. 
...)
+       TODO: check
+CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name 
screen. ...)
+       TODO: check
+CVE-2021-45903
+       RESERVED
+CVE-2021-45902
+       RESERVED
+CVE-2021-45901
+       RESERVED
+CVE-2021-45900
+       RESERVED
+CVE-2021-45899
+       RESERVED
+CVE-2021-45898
+       RESERVED
+CVE-2021-45897
+       RESERVED
+CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege 
escalation by an ...)
+       TODO: check
+CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 
allows  ...)
+       TODO: check
+CVE-2021-45894
+       RESERVED
+CVE-2021-45893
+       RESERVED
+CVE-2021-45892
+       RESERVED
+CVE-2021-45891
+       RESERVED
+CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows 
authenti ...)
+       TODO: check
+CVE-2021-45889
+       RESERVED
+CVE-2021-45888
+       RESERVED
+CVE-2021-45887
+       RESERVED
+CVE-2021-45886
+       RESERVED
+CVE-2021-45885
+       RESERVED
+CVE-2021-4186
+       RESERVED
+CVE-2021-4185
        RESERVED
+CVE-2021-4184
+       RESERVED
+CVE-2021-4183
+       RESERVED
+CVE-2021-4182
+       RESERVED
+CVE-2021-4181
+       RESERVED
+CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when 
CNAME-based a ...)
+       TODO: check
 CVE-2021-45883
        RESERVED
 CVE-2021-45882
@@ -404,8 +470,8 @@ CVE-2021-44460
        RESERVED
 CVE-2021-4178
        RESERVED
-CVE-2021-4177
-       RESERVED
+CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message 
Containing ...)
+       TODO: check
 CVE-2021-4176
        RESERVED
 CVE-2021-4175
@@ -6355,8 +6421,8 @@ CVE-2021-43860
        RESERVED
 CVE-2021-43859
        RESERVED
-CVE-2021-43858
-       RESERVED
+CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. 
Prior to v ...)
+       TODO: check
 CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy 
prior to  ...)
        TODO: check
 CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and 
earlier is ...)
@@ -67488,8 +67554,8 @@ CVE-2021-20875 (Open redirect vulnerability in 
GroupSession Free edition ver5.1.
        NOT-FOR-US: GroupSession
 CVE-2021-20874 (Incorrect permission assignment for critical resource 
vulnerability in ...)
        NOT-FOR-US: GroupSession
-CVE-2021-20873
-       RESERVED
+CVE-2021-20873 (Yappli is an application development platform which provides 
the funct ...)
+       TODO: check
 CVE-2021-20872
        RESERVED
 CVE-2021-20871
@@ -95816,12 +95882,12 @@ CVE-2020-21240
        RESERVED
 CVE-2020-21239
        RESERVED
-CVE-2020-21238
-       RESERVED
-CVE-2020-21237
-       RESERVED
-CVE-2020-21236
-       RESERVED
+CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers 
to hijac ...)
+       TODO: check
+CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers 
to hija ...)
+       TODO: check
+CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit 
of Dami ...)
+       TODO: check
 CVE-2020-21235
        RESERVED
 CVE-2020-21234
@@ -96414,18 +96480,18 @@ CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 
v1.5 padding for RSA in Micro
        NOT-FOR-US: Microchip Libraries for Applications
 CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in 
STM32 crypt ...)
        NOT-FOR-US: STM32 cryptographic firmware library
-CVE-2020-20948
-       RESERVED
+CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows 
attacker ...)
+       TODO: check
 CVE-2020-20947
        RESERVED
-CVE-2020-20946
-       RESERVED
-CVE-2020-20945
-       RESERVED
-CVE-2020-20944
-       RESERVED
-CVE-2020-20943
-       RESERVED
+CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS) 
vulnerability ...)
+       TODO: check
+CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in 
/admin/index.php?lfj=member&amp ...)
+       TODO: check
+CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&amp;action=del of 
Qibosoft v7 a ...)
+       TODO: check
+CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in 
/member/post.php?job=postnew&am ...)
+       TODO: check
 CVE-2020-20942
        RESERVED
 CVE-2020-20941
@@ -101629,6 +101695,7 @@ CVE-2020-18444
 CVE-2020-18443
        RESERVED
 CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to 
cause a d ...)
+       {DLA-2859-1}
        - zziplib 0.13.72+dfsg.1-1
        [bullseye] - zziplib <no-dsa> (Minor issue)
        [buster] - zziplib <no-dsa> (Minor issue)
@@ -126232,7 +126299,7 @@ CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 
64-bit platforms allows loca
 CVE-2020-9360
        RESERVED
 CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action 
link in a ...)
-       {DLA-2159-1}
+       {DLA-2856-1 DLA-2159-1}
        - okular 4:19.12.3-2 (bug #954891)
        [buster] - okular 4:17.12.2-2.2+deb10u1
        NOTE: 
https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
@@ -188636,7 +188703,7 @@ CVE-2017-18360 (In change_port_settings in 
drivers/usb/serial/io_ti.c in the Lin
        [jessie] - linux 3.16.48-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b
 CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows 
remote attac ...)
-       {DLA-1653-1}
+       {DLA-2857-1 DLA-1653-1}
        - postgis 2.3.3+dfsg-1 (low)
        NOTE: https://trac.osgeo.org/postgis/ticket/3704
        NOTE: https://trac.osgeo.org/postgis/changeset/15444
@@ -271506,6 +271573,7 @@ CVE-2017-14108 (libgedit.a in GNOME gedit through 
3.22.1 allows remote attackers
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037
        NOTE: negligible security impact
 CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 
1.3.0 mis ...)
+       {DLA-2858-1}
        [experimental] - libzip 1.3.0+dfsg.1-1
        - libzip 1.5.1-3 (low; bug #874010)
        [jessie] - libzip <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bd91efa01dcaebdf6e12045919bb144acb4c110

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bd91efa01dcaebdf6e12045919bb144acb4c110
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to