Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7159cfca by security tracker role at 2021-02-23T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2021-27574
+ RESERVED
+CVE-2021-27573
+ RESERVED
+CVE-2021-27572
+ RESERVED
+CVE-2021-27571
+ RESERVED
+CVE-2021-27570
+ RESERVED
+CVE-2021-27569
+ RESERVED
+CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through
2015-10-23 an ...)
+ TODO: check
+CVE-2021-27567
+ RESERVED
+CVE-2021-27566
+ RESERVED
CVE-2021-3414
RESERVED
NOT-FOR-US: Red Hat Satellite
@@ -820,8 +838,8 @@ CVE-2021-3408
RESERVED
CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was
discovered in PEE ...)
NOT-FOR-US: PEEL Shopping cart
-CVE-2021-27189
- RESERVED
+CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL
Certifica ...)
+ TODO: check
CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal
client 1 al ...)
NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal
client 1 st ...)
@@ -1332,7 +1350,7 @@ CVE-2021-26940
RESERVED
CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in
henriquedorna ...)
NOT-FOR-US: henriquedornas
-CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online
live cha ...)
+CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas
5.2.17 via ...)
NOT-FOR-US: henriquedornas
CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a
denial of ...)
{DLA-2558-1}
@@ -1859,10 +1877,10 @@ CVE-2021-26727
RESERVED
CVE-2021-26726
RESERVED
-CVE-2021-26725
- RESERVED
-CVE-2021-26724
- RESERVED
+CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web
GUI of N ...)
+ TODO: check
+CVE-2021-26724 (OS Command Injection vulnerability when changing date settings
or host ...)
+ TODO: check
CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows
/ics?tool=search&query= XSS. ...)
NOT-FOR-US: Jenzabar
CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query
because ...)
@@ -2886,7 +2904,7 @@ CVE-2021-3338
RESERVED
CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB
allows remo ...)
NOT-FOR-US: MyBB
-CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0
does not ...)
+CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0
does not c ...)
- wolfssl 4.6.0-3
NOTE: https://github.com/wolfSSL/wolfssl/pull/3676
CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for
Rust. A use ...)
@@ -2997,8 +3015,8 @@ CVE-2020-36234 (Affected versions of Atlassian Jira
Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server
and Dat ...)
NOT-FOR-US: Atlassian
-CVE-2020-36232
- RESERVED
+CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before
version 4 ...)
+ TODO: check
CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic
Authenticatio ...)
@@ -8645,8 +8663,8 @@ CVE-2021-23829
RESERVED
CVE-2021-23828
RESERVED
-CVE-2021-23827
- RESERVED
+CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and
before 5 ...)
+ TODO: check
CVE-2021-23826
RESERVED
CVE-2021-23825
@@ -11159,20 +11177,20 @@ CVE-2021-22651
RESERVED
CVE-2021-22650
RESERVED
-CVE-2021-22649
- RESERVED
+CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
+ TODO: check
CVE-2021-22648
RESERVED
-CVE-2021-22647
- RESERVED
+CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
+ TODO: check
CVE-2021-22646
RESERVED
-CVE-2021-22645
- RESERVED
+CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
+ TODO: check
CVE-2021-22644
RESERVED
-CVE-2021-22643
- RESERVED
+CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer
versions ...)
+ TODO: check
CVE-2021-22642
RESERVED
CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the
way the ...)
@@ -14333,8 +14351,8 @@ CVE-2020-35854 (Textpattern 4.8.4 is affected by
cross-site scripting (XSS) in t
NOT-FOR-US: Textpattern CMS
CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by
cross-si ...)
NOT-FOR-US: 4images Image Gallery Management System
-CVE-2020-35852
- RESERVED
+CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker
has to ...)
+ TODO: check
CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters
properly. Att ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2021-21443
@@ -15490,48 +15508,39 @@ CVE-2021-21159
RESERVED
CVE-2021-21158
RESERVED
-CVE-2021-21157
- RESERVED
+CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior
to 88.0. ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21156
- RESERVED
+CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to
88.0.4324.182 all ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21155
- RESERVED
+CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows
prior to ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21154
- RESERVED
+CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to
88.0.4324. ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21153
- RESERVED
+CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux
prior t ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21152
- RESERVED
+CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior
to 88.0. ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21151
- RESERVED
+CVE-2021-21151 (Use after free in Payments in Google Chrome prior to
88.0.4324.182 all ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21150
- RESERVED
+CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior
to 88.0. ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21149
- RESERVED
+CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on
Linux prior ...)
{DSA-4858-1}
- chromium 88.0.4324.182-1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -22546,8 +22555,8 @@ CVE-2020-29077
RESERVED
CVE-2020-29076
RESERVED
-CVE-2020-29075
- RESERVED
+CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier),
2020.001.3001 ...)
+ TODO: check
CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls,
which all ...)
{DSA-4799-1 DLA-2490-1}
- x11vnc 0.9.16-5 (bug #975875)
@@ -28298,8 +28307,7 @@ CVE-2020-27821 (A flaw was found in the memory
management API of QEMU during the
CVE-2020-27820 [use-after-free in nouveau kernel module]
RESERVED
- linux <unfixed>
-CVE-2020-27819 [NULL pointer dereference via crafted xls file]
- RESERVED
+CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1
when read ...)
- r-cran-readxl <not-affected> (Embeds libxls, but not affected)
NOTE: https://github.com/libxls/libxls/issues/84
CVE-2020-27818 (A flaw was found in the check_chunk_name() function of
pngcheck-2.4.0. ...)
@@ -28485,8 +28493,7 @@ CVE-2020-27769
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d
-CVE-2020-27768
- RESERVED
+CVE-2020-27768 (In ImageMagick, there is an outside the range of representable
values ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
@@ -33765,8 +33772,7 @@ CVE-2020-25693 (A flaw was found in CImg in versions
prior to 2.9.3. Integer ove
NOTE: Fixed by:
https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505
CVE-2020-25691
RESERVED
-CVE-2020-25690
- RESERVED
+CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions
before ...)
- fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not
applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to
21.0.0.F ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7159cfca60efaf405f65512275828852ab453a21
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7159cfca60efaf405f65512275828852ab453a21
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
