[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 11 09:10:28 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6764dd07 by security tracker role at 2021-08-11T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,309 @@
+CVE-2021-38540
+	RESERVED
+CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
+	TODO: check
+CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+	TODO: check
+CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+	TODO: check
+CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+	TODO: check
+CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+	TODO: check
+CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+	TODO: check
+CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. ...)
+	TODO: check
+CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...)
+	TODO: check
+CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+	TODO: check
+CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+	TODO: check
+CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+	TODO: check
+CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
+	TODO: check
+CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...)
+	TODO: check
+CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...)
+	TODO: check
+CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...)
+	TODO: check
+CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...)
+	TODO: check
+CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the  ...)
+	TODO: check
+CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+	TODO: check
+CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+	TODO: check
+CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+	TODO: check
+CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...)
+	TODO: check
+CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When  ...)
+	TODO: check
+CVE-2021-38510
+	RESERVED
+CVE-2021-38509
+	RESERVED
+CVE-2021-38508
+	RESERVED
+CVE-2021-38507
+	RESERVED
+CVE-2021-38506
+	RESERVED
+CVE-2021-38505
+	RESERVED
+CVE-2021-38504
+	RESERVED
+CVE-2021-38503
+	RESERVED
+CVE-2021-38502
+	RESERVED
+CVE-2021-38501
+	RESERVED
+CVE-2021-38500
+	RESERVED
+CVE-2021-38499
+	RESERVED
+CVE-2021-38498
+	RESERVED
+CVE-2021-38497
+	RESERVED
+CVE-2021-38496
+	RESERVED
+CVE-2021-38495
+	RESERVED
+CVE-2021-38494
+	RESERVED
+CVE-2021-38493
+	RESERVED
+CVE-2021-38492
+	RESERVED
+CVE-2021-38491
+	RESERVED
+CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...)
+	TODO: check
+CVE-2021-38489
+	RESERVED
+CVE-2021-38488
+	RESERVED
+CVE-2021-38487
+	RESERVED
+CVE-2021-38486
+	RESERVED
+CVE-2021-38485
+	RESERVED
+CVE-2021-38484
+	RESERVED
+CVE-2021-38483
+	RESERVED
+CVE-2021-38482
+	RESERVED
+CVE-2021-38481
+	RESERVED
+CVE-2021-38480
+	RESERVED
+CVE-2021-38479
+	RESERVED
+CVE-2021-38478
+	RESERVED
+CVE-2021-38477
+	RESERVED
+CVE-2021-38476
+	RESERVED
+CVE-2021-38475
+	RESERVED
+CVE-2021-38474
+	RESERVED
+CVE-2021-38473
+	RESERVED
+CVE-2021-38472
+	RESERVED
+CVE-2021-38471
+	RESERVED
+CVE-2021-38470
+	RESERVED
+CVE-2021-38469
+	RESERVED
+CVE-2021-38468
+	RESERVED
+CVE-2021-38467
+	RESERVED
+CVE-2021-38466
+	RESERVED
+CVE-2021-38465
+	RESERVED
+CVE-2021-38464
+	RESERVED
+CVE-2021-38463
+	RESERVED
+CVE-2021-38462
+	RESERVED
+CVE-2021-38461
+	RESERVED
+CVE-2021-38460
+	RESERVED
+CVE-2021-38459
+	RESERVED
+CVE-2021-38458
+	RESERVED
+CVE-2021-38457
+	RESERVED
+CVE-2021-38456
+	RESERVED
+CVE-2021-38455
+	RESERVED
+CVE-2021-38454
+	RESERVED
+CVE-2021-38453
+	RESERVED
+CVE-2021-38452
+	RESERVED
+CVE-2021-38451
+	RESERVED
+CVE-2021-38450
+	RESERVED
+CVE-2021-38449
+	RESERVED
+CVE-2021-38448
+	RESERVED
+CVE-2021-38447
+	RESERVED
+CVE-2021-38446
+	RESERVED
+CVE-2021-38445
+	RESERVED
+CVE-2021-38444
+	RESERVED
+CVE-2021-38443
+	RESERVED
+CVE-2021-38442
+	RESERVED
+CVE-2021-38441
+	RESERVED
+CVE-2021-38440
+	RESERVED
+CVE-2021-38439
+	RESERVED
+CVE-2021-38438
+	RESERVED
+CVE-2021-38437
+	RESERVED
+CVE-2021-38436
+	RESERVED
+CVE-2021-38435
+	RESERVED
+CVE-2021-38434
+	RESERVED
+CVE-2021-38433
+	RESERVED
+CVE-2021-38432
+	RESERVED
+CVE-2021-38431
+	RESERVED
+CVE-2021-38430
+	RESERVED
+CVE-2021-38429
+	RESERVED
+CVE-2021-38428
+	RESERVED
+CVE-2021-38427
+	RESERVED
+CVE-2021-38426
+	RESERVED
+CVE-2021-38425
+	RESERVED
+CVE-2021-38424
+	RESERVED
+CVE-2021-38423
+	RESERVED
+CVE-2021-38422
+	RESERVED
+CVE-2021-38421
+	RESERVED
+CVE-2021-38420
+	RESERVED
+CVE-2021-38419
+	RESERVED
+CVE-2021-38418
+	RESERVED
+CVE-2021-38417
+	RESERVED
+CVE-2021-38416
+	RESERVED
+CVE-2021-38415
+	RESERVED
+CVE-2021-38414
+	RESERVED
+CVE-2021-38413
+	RESERVED
+CVE-2021-38412
+	RESERVED
+CVE-2021-38411
+	RESERVED
+CVE-2021-38410
+	RESERVED
+CVE-2021-38409
+	RESERVED
+CVE-2021-38408
+	RESERVED
+CVE-2021-38407
+	RESERVED
+CVE-2021-38406
+	RESERVED
+CVE-2021-38405
+	RESERVED
+CVE-2021-38404
+	RESERVED
+CVE-2021-38403
+	RESERVED
+CVE-2021-38402
+	RESERVED
+CVE-2021-38401
+	RESERVED
+CVE-2021-38400
+	RESERVED
+CVE-2021-38399
+	RESERVED
+CVE-2021-38398
+	RESERVED
+CVE-2021-38397
+	RESERVED
+CVE-2021-38396
+	RESERVED
+CVE-2021-38395
+	RESERVED
+CVE-2021-38394
+	RESERVED
+CVE-2021-38393
+	RESERVED
+CVE-2021-38392
+	RESERVED
+CVE-2021-38391
+	RESERVED
+CVE-2021-38390
+	RESERVED
+CVE-2021-38389
+	RESERVED
+CVE-2021-38388
+	RESERVED
 CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
 	NOT-FOR-US: Contiki
 CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote  ...)
@@ -2190,8 +2496,8 @@ CVE-2021-37427
 	RESERVED
 CVE-2021-37426
 	RESERVED
-CVE-2021-37425
-	RESERVED
+CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...)
+	TODO: check
 CVE-2021-37424
 	RESERVED
 CVE-2021-37423
@@ -10702,8 +11008,8 @@ CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspa
 	NOT-FOR-US: Siemens
 CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-33708
-	RESERVED
+CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can  ...)
+	TODO: check
 CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...)
 	NOT-FOR-US: SAP
 CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by  ...)
@@ -14373,8 +14679,8 @@ CVE-2021-32124
 	RESERVED
 CVE-2021-32123
 	RESERVED
-CVE-2021-32122
-	RESERVED
+CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...)
+	TODO: check
 CVE-2021-32121
 	RESERVED
 CVE-2021-32120
@@ -21620,8 +21926,8 @@ CVE-2021-29402
 	RESERVED
 CVE-2021-29401
 	RESERVED
-CVE-2021-29400
-	RESERVED
+CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP Conta ...)
+	TODO: check
 CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
 	NOT-FOR-US: XMB
 CVE-2021-29398
@@ -21840,12 +22146,12 @@ CVE-2021-29298 (Improper Input Validation in Emerson GE Automation Proficy Machi
 	NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
 CVE-2021-29297 (Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0  ...)
 	NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
-CVE-2021-29296
-	RESERVED
-CVE-2021-29295
-	RESERVED
-CVE-2021-29294
-	RESERVED
+CVE-2021-29296 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability  ...)
+	TODO: check
+CVE-2021-29295 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability  ...)
+	TODO: check
+CVE-2021-29294 (** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability ...)
+	TODO: check
 CVE-2021-29293
 	RESERVED
 CVE-2021-29292
@@ -22928,10 +23234,10 @@ CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of s
 	NOT-FOR-US: Mintty
 CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...)
 	NOT-FOR-US: MobaXterm
-CVE-2021-28846
-	RESERVED
-CVE-2021-28845
-	RESERVED
+CVE-2021-28846 (A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW ...)
+	TODO: check
+CVE-2021-28845 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+	TODO: check
 CVE-2021-28844 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
 	NOT-FOR-US: TRENDnet
 CVE-2021-28843 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
@@ -45695,8 +46001,8 @@ CVE-2021-20034
 	RESERVED
 CVE-2021-20033
 	RESERVED
-CVE-2021-20032
-	RESERVED
+CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...)
+	TODO: check
 CVE-2021-20031
 	RESERVED
 CVE-2021-20030
@@ -69850,10 +70156,10 @@ CVE-2020-21932 (A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 B
 	NOT-FOR-US: Motorola
 CVE-2020-21931
 	RESERVED
-CVE-2020-21930
-	RESERVED
-CVE-2020-21929
-	RESERVED
+CVE-2020-21930 (A stored cross site scripting (XSS) vulnerability in the web_attr_2 fi ...)
+	TODO: check
+CVE-2020-21929 (A stored cross site scripting (XSS) vulnerability in the web_copyright ...)
+	TODO: check
 CVE-2020-21928
 	RESERVED
 CVE-2020-21927
@@ -70316,8 +70622,8 @@ CVE-2020-21699
 	RESERVED
 CVE-2020-21698
 	RESERVED
-CVE-2020-21697
-	RESERVED
+CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
+	TODO: check
 CVE-2020-21696
 	RESERVED
 CVE-2020-21695
@@ -70330,38 +70636,38 @@ CVE-2020-21692
 	RESERVED
 CVE-2020-21691
 	RESERVED
-CVE-2020-21690
-	RESERVED
+CVE-2020-21690 (A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 a ...)
+	TODO: check
 CVE-2020-21689
 	RESERVED
-CVE-2020-21688
-	RESERVED
+CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
+	TODO: check
 CVE-2020-21687
 	RESERVED
 CVE-2020-21686
 	RESERVED
 CVE-2020-21685
 	RESERVED
-CVE-2020-21684
-	RESERVED
-CVE-2020-21683
-	RESERVED
-CVE-2020-21682
-	RESERVED
-CVE-2020-21681
-	RESERVED
-CVE-2020-21680
-	RESERVED
+CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...)
+	TODO: check
+CVE-2020-21683 (A global buffer overflow in the shade_or_tint_name_after_declare_color ...)
+	TODO: check
+CVE-2020-21682 (A global buffer overflow in the set_fill component in genge.c of fig2d ...)
+	TODO: check
+CVE-2020-21681 (A global buffer overflow in the set_color component in genge.c of fig2 ...)
+	TODO: check
+CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in genpict2 ...)
+	TODO: check
 CVE-2020-21679
 	RESERVED
-CVE-2020-21678
-	RESERVED
-CVE-2020-21677
-	RESERVED
-CVE-2020-21676
-	RESERVED
-CVE-2020-21675
-	RESERVED
+CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...)
+	TODO: check
+CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...)
+	TODO: check
+CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
+	TODO: check
+CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...)
+	TODO: check
 CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...)
 	- libarchive <not-affected> (Vulnerable code not present in a released version)
 	NOTE: https://github.com/libarchive/libarchive/issues/1298



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6764dd0750bb6008f2e6054a86e241bb0b3ba03b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6764dd0750bb6008f2e6054a86e241bb0b3ba03b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210811/f545ba74/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list