Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7159cfca by security tracker role at 2021-02-23T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,21 @@ +CVE-2021-27574 + RESERVED +CVE-2021-27573 + RESERVED +CVE-2021-27572 + RESERVED +CVE-2021-27571 + RESERVED +CVE-2021-27570 + RESERVED +CVE-2021-27569 + RESERVED +CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...) + TODO: check +CVE-2021-27567 + RESERVED +CVE-2021-27566 + RESERVED CVE-2021-3414 RESERVED NOT-FOR-US: Red Hat Satellite @@ -820,8 +838,8 @@ CVE-2021-3408 RESERVED CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...) NOT-FOR-US: PEEL Shopping cart -CVE-2021-27189 - RESERVED +CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...) + TODO: check CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...) NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...) @@ -1332,7 +1350,7 @@ CVE-2021-26940 RESERVED CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...) NOT-FOR-US: henriquedornas -CVE-2021-26938 (A stored XSS issue exists in henriquedornas 5.2.17 via online live cha ...) +CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via ...) NOT-FOR-US: henriquedornas CVE-2021-27135 (xterm through Patch #365 allows remote attackers to cause a denial of ...) {DLA-2558-1} @@ -1859,10 +1877,10 @@ CVE-2021-26727 RESERVED CVE-2021-26726 RESERVED -CVE-2021-26725 - RESERVED -CVE-2021-26724 - RESERVED +CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...) + TODO: check +CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...) + TODO: check CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. ...) NOT-FOR-US: Jenzabar CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...) @@ -2886,7 +2904,7 @@ CVE-2021-3338 RESERVED CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...) NOT-FOR-US: MyBB -CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not ...) +CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...) - wolfssl 4.6.0-3 NOTE: https://github.com/wolfSSL/wolfssl/pull/3676 CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...) @@ -2997,8 +3015,8 @@ CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow NOT-FOR-US: Atlassian CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...) NOT-FOR-US: Atlassian -CVE-2020-36232 - RESERVED +CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before version 4 ...) + TODO: check CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...) @@ -8645,8 +8663,8 @@ CVE-2021-23829 RESERVED CVE-2021-23828 RESERVED -CVE-2021-23827 - RESERVED +CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...) + TODO: check CVE-2021-23826 RESERVED CVE-2021-23825 @@ -11159,20 +11177,20 @@ CVE-2021-22651 RESERVED CVE-2021-22650 RESERVED -CVE-2021-22649 - RESERVED +CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + TODO: check CVE-2021-22648 RESERVED -CVE-2021-22647 - RESERVED +CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + TODO: check CVE-2021-22646 RESERVED -CVE-2021-22645 - RESERVED +CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + TODO: check CVE-2021-22644 RESERVED -CVE-2021-22643 - RESERVED +CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + TODO: check CVE-2021-22642 RESERVED CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the ...) @@ -14333,8 +14351,8 @@ CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in t NOT-FOR-US: Textpattern CMS CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...) NOT-FOR-US: 4images Image Gallery Management System -CVE-2020-35852 - RESERVED +CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker has to ...) + TODO: check CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...) NOT-FOR-US: HGiga MailSherlock CVE-2021-21443 @@ -15490,48 +15508,39 @@ CVE-2021-21159 RESERVED CVE-2021-21158 RESERVED -CVE-2021-21157 - RESERVED +CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior to 88.0. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21156 - RESERVED +CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 all ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21155 - RESERVED +CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21154 - RESERVED +CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21153 - RESERVED +CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux prior t ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21152 - RESERVED +CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21151 - RESERVED +CVE-2021-21151 (Use after free in Payments in Google Chrome prior to 88.0.4324.182 all ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21150 - RESERVED +CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior to 88.0. ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2021-21149 - RESERVED +CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on Linux prior ...) {DSA-4858-1} - chromium 88.0.4324.182-1 [stretch] - chromium <end-of-life> (see DSA 4562) @@ -22546,8 +22555,8 @@ CVE-2020-29077 RESERVED CVE-2020-29076 RESERVED -CVE-2020-29075 - RESERVED +CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.3001 ...) + TODO: check CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...) {DSA-4799-1 DLA-2490-1} - x11vnc 0.9.16-5 (bug #975875) @@ -28298,8 +28307,7 @@ CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the CVE-2020-27820 [use-after-free in nouveau kernel module] RESERVED - linux <unfixed> -CVE-2020-27819 [NULL pointer dereference via crafted xls file] - RESERVED +CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...) - r-cran-readxl <not-affected> (Embeds libxls, but not affected) NOTE: https://github.com/libxls/libxls/issues/84 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...) @@ -28485,8 +28493,7 @@ CVE-2020-27769 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d -CVE-2020-27768 - RESERVED +CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick <ignored> (Minor issue) [stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning) @@ -33765,8 +33772,7 @@ CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer ove NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505 CVE-2020-25691 RESERVED -CVE-2020-25690 - RESERVED +CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions before ...) - fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7159cfca60efaf405f65512275828852ab453a21 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7159cfca60efaf405f65512275828852ab453a21 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits