Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7889a584 by security tracker role at 2021-03-10T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,35 @@ +CVE-2021-28124 + RESERVED +CVE-2021-28123 + RESERVED +CVE-2021-28122 + RESERVED +CVE-2021-28121 + RESERVED +CVE-2021-28120 + RESERVED +CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...) + TODO: check +CVE-2021-28118 + RESERVED +CVE-2021-28117 + RESERVED +CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...) + TODO: check +CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...) + TODO: check +CVE-2021-28114 + RESERVED +CVE-2021-28113 + RESERVED +CVE-2021-28112 + RESERVED +CVE-2021-28111 + RESERVED +CVE-2021-28110 + RESERVED +CVE-2021-28109 + RESERVED CVE-2021-XXXX [world-readable user data information] - courier-authlib 0.71.1-2 (bug #984810) CVE-2021-3426 @@ -2002,8 +2034,7 @@ CVE-2021-27206 RESERVED CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...) NOT-FOR-US: OpenZFS -CVE-2021-3411 - RESERVED +CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10. A viol ...) - linux 5.9.15-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -4295,8 +4326,8 @@ CVE-2021-3312 RESERVED CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...) NOT-FOR-US: October CMS -CVE-2021-3310 - RESERVED +CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...) + TODO: check CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...) NOT-FOR-US: Wekan CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) @@ -11074,8 +11105,8 @@ CVE-2021-23275 RESERVED CVE-2021-23274 RESERVED -CVE-2021-23273 - RESERVED +CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) + TODO: check CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...) NOT-FOR-US: TIBCO CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX ...) @@ -16503,8 +16534,7 @@ CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution. NOT-FOR-US: PrestaShop CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...) NOT-FOR-US: Wire -CVE-2021-21300 - RESERVED +CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...) - git <unfixed> [buster] - git <no-dsa> (Minor issue) NOTE: https://lore.kernel.org/git/xmqqim6019yd....@gitster.c.googlers.com/ @@ -19004,8 +19034,7 @@ CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors] NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...) NOT-FOR-US: Red Hat Satellite -CVE-2021-20255 [net: eepro100: stack overflow via infinite recursion] - RESERVED +CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...) - qemu <unfixed> (bug #984451) [buster] - qemu <postponed> (Minor issue) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html @@ -19102,12 +19131,14 @@ CVE-2021-20236 [Stack overflow on server running PUB/XPUB socket] NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488 CVE-2021-20235 [Heap overflow when receiving malformed ZMTP v1 packets] RESERVED + {DLA-2588-1} - zeromq3 4.3.3-1 NOTE: https://github.com/zeromq/libzmq/pull/3902 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984 CVE-2021-20234 [Memory leak in client induced by malicious server without CURVE/ZAP] RESERVED + {DLA-2588-1} - zeromq3 4.3.3-1 NOTE: https://github.com/zeromq/libzmq/pull/3918 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 @@ -19665,26 +19696,22 @@ CVE-2020-35526 RESERVED CVE-2020-35525 RESERVED -CVE-2020-35524 [Heap-based buffer overflow in TIFF2PDF tool] - RESERVED +CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...) - tiff 4.1.0+git201212-1 [stretch] - tiff <no-dsa> (can be fixed along in next DLA) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159 -CVE-2020-35523 [Integer overflow in tif_getimage.c] - RESERVED +CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...) - tiff 4.1.0+git201212-1 [stretch] - tiff <no-dsa> (can be fixed along in next DLA) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160 -CVE-2020-35522 [Memory allocation failure in tif_pixarlog.c] - RESERVED +CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...) - tiff 4.1.0+git201212-1 (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/98a254f5b92cea22f5436555ff7fceb12afee84d NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165 NOTE: Crash in CLI tool, no security impact -CVE-2020-35521 [Memory allocation failure in tif_read.c] - RESERVED +CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation failure in tif ...) - tiff 4.1.0+git201212-1 (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165 @@ -23650,8 +23677,8 @@ CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An a NOT-FOR-US: Lepton-CMS CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...) NOT-FOR-US: Online Birth Certificate System Project -CVE-2020-29238 - RESERVED +CVE-2020-29238 (An integer buffer overflow in the Nginx webserver of ExpressVPN Router ...) + TODO: check CVE-2020-29237 RESERVED CVE-2020-29236 @@ -24278,8 +24305,8 @@ CVE-2020-28954 (web/controllers/ApiController.groovy in BigBlueButton before 2.2 NOT-FOR-US: BigBlueButton CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once in a si ...) NOT-FOR-US: BigBlueButton -CVE-2020-28952 - RESERVED +CVE-2020-28952 (An issue was discovered on Athom Homey and Homey Pro devices before 5. ...) + TODO: check CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter ...) NOT-FOR-US: libuci in OpenWrt CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7889a584625f2aef0f1bf8c21fbe50ee1ed772a9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits