[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 11 09:10:28 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6764dd07 by security tracker role at 2021-08-11T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,309 @@
+CVE-2021-38540
+ RESERVED
+CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
+ TODO: check
+CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ TODO: check
+CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ TODO: check
+CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ TODO: check
+CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ TODO: check
+CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+ TODO: check
+CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. ...)
+ TODO: check
+CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...)
+ TODO: check
+CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ TODO: check
+CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ TODO: check
+CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ TODO: check
+CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ TODO: check
+CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...)
+ TODO: check
+CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...)
+ TODO: check
+CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ TODO: check
+CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...)
+ TODO: check
+CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ TODO: check
+CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ TODO: check
+CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ TODO: check
+CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...)
+ TODO: check
+CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...)
+ TODO: check
+CVE-2021-38510
+ RESERVED
+CVE-2021-38509
+ RESERVED
+CVE-2021-38508
+ RESERVED
+CVE-2021-38507
+ RESERVED
+CVE-2021-38506
+ RESERVED
+CVE-2021-38505
+ RESERVED
+CVE-2021-38504
+ RESERVED
+CVE-2021-38503
+ RESERVED
+CVE-2021-38502
+ RESERVED
+CVE-2021-38501
+ RESERVED
+CVE-2021-38500
+ RESERVED
+CVE-2021-38499
+ RESERVED
+CVE-2021-38498
+ RESERVED
+CVE-2021-38497
+ RESERVED
+CVE-2021-38496
+ RESERVED
+CVE-2021-38495
+ RESERVED
+CVE-2021-38494
+ RESERVED
+CVE-2021-38493
+ RESERVED
+CVE-2021-38492
+ RESERVED
+CVE-2021-38491
+ RESERVED
+CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...)
+ TODO: check
+CVE-2021-38489
+ RESERVED
+CVE-2021-38488
+ RESERVED
+CVE-2021-38487
+ RESERVED
+CVE-2021-38486
+ RESERVED
+CVE-2021-38485
+ RESERVED
+CVE-2021-38484
+ RESERVED
+CVE-2021-38483
+ RESERVED
+CVE-2021-38482
+ RESERVED
+CVE-2021-38481
+ RESERVED
+CVE-2021-38480
+ RESERVED
+CVE-2021-38479
+ RESERVED
+CVE-2021-38478
+ RESERVED
+CVE-2021-38477
+ RESERVED
+CVE-2021-38476
+ RESERVED
+CVE-2021-38475
+ RESERVED
+CVE-2021-38474
+ RESERVED
+CVE-2021-38473
+ RESERVED
+CVE-2021-38472
+ RESERVED
+CVE-2021-38471
+ RESERVED
+CVE-2021-38470
+ RESERVED
+CVE-2021-38469
+ RESERVED
+CVE-2021-38468
+ RESERVED
+CVE-2021-38467
+ RESERVED
+CVE-2021-38466
+ RESERVED
+CVE-2021-38465
+ RESERVED
+CVE-2021-38464
+ RESERVED
+CVE-2021-38463
+ RESERVED
+CVE-2021-38462
+ RESERVED
+CVE-2021-38461
+ RESERVED
+CVE-2021-38460
+ RESERVED
+CVE-2021-38459
+ RESERVED
+CVE-2021-38458
+ RESERVED
+CVE-2021-38457
+ RESERVED
+CVE-2021-38456
+ RESERVED
+CVE-2021-38455
+ RESERVED
+CVE-2021-38454
+ RESERVED
+CVE-2021-38453
+ RESERVED
+CVE-2021-38452
+ RESERVED
+CVE-2021-38451
+ RESERVED
+CVE-2021-38450
+ RESERVED
+CVE-2021-38449
+ RESERVED
+CVE-2021-38448
+ RESERVED
+CVE-2021-38447
+ RESERVED
+CVE-2021-38446
+ RESERVED
+CVE-2021-38445
+ RESERVED
+CVE-2021-38444
+ RESERVED
+CVE-2021-38443
+ RESERVED
+CVE-2021-38442
+ RESERVED
+CVE-2021-38441
+ RESERVED
+CVE-2021-38440
+ RESERVED
+CVE-2021-38439
+ RESERVED
+CVE-2021-38438
+ RESERVED
+CVE-2021-38437
+ RESERVED
+CVE-2021-38436
+ RESERVED
+CVE-2021-38435
+ RESERVED
+CVE-2021-38434
+ RESERVED
+CVE-2021-38433
+ RESERVED
+CVE-2021-38432
+ RESERVED
+CVE-2021-38431
+ RESERVED
+CVE-2021-38430
+ RESERVED
+CVE-2021-38429
+ RESERVED
+CVE-2021-38428
+ RESERVED
+CVE-2021-38427
+ RESERVED
+CVE-2021-38426
+ RESERVED
+CVE-2021-38425
+ RESERVED
+CVE-2021-38424
+ RESERVED
+CVE-2021-38423
+ RESERVED
+CVE-2021-38422
+ RESERVED
+CVE-2021-38421
+ RESERVED
+CVE-2021-38420
+ RESERVED
+CVE-2021-38419
+ RESERVED
+CVE-2021-38418
+ RESERVED
+CVE-2021-38417
+ RESERVED
+CVE-2021-38416
+ RESERVED
+CVE-2021-38415
+ RESERVED
+CVE-2021-38414
+ RESERVED
+CVE-2021-38413
+ RESERVED
+CVE-2021-38412
+ RESERVED
+CVE-2021-38411
+ RESERVED
+CVE-2021-38410
+ RESERVED
+CVE-2021-38409
+ RESERVED
+CVE-2021-38408
+ RESERVED
+CVE-2021-38407
+ RESERVED
+CVE-2021-38406
+ RESERVED
+CVE-2021-38405
+ RESERVED
+CVE-2021-38404
+ RESERVED
+CVE-2021-38403
+ RESERVED
+CVE-2021-38402
+ RESERVED
+CVE-2021-38401
+ RESERVED
+CVE-2021-38400
+ RESERVED
+CVE-2021-38399
+ RESERVED
+CVE-2021-38398
+ RESERVED
+CVE-2021-38397
+ RESERVED
+CVE-2021-38396
+ RESERVED
+CVE-2021-38395
+ RESERVED
+CVE-2021-38394
+ RESERVED
+CVE-2021-38393
+ RESERVED
+CVE-2021-38392
+ RESERVED
+CVE-2021-38391
+ RESERVED
+CVE-2021-38390
+ RESERVED
+CVE-2021-38389
+ RESERVED
+CVE-2021-38388
+ RESERVED
CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
NOT-FOR-US: Contiki
CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...)
@@ -2190,8 +2496,8 @@ CVE-2021-37427
RESERVED
CVE-2021-37426
RESERVED
-CVE-2021-37425
- RESERVED
+CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...)
+ TODO: check
CVE-2021-37424
RESERVED
CVE-2021-37423
@@ -10702,8 +11008,8 @@ CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspa
NOT-FOR-US: Siemens
CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
NOT-FOR-US: Siemens
-CVE-2021-33708
- RESERVED
+CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can ...)
+ TODO: check
CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...)
NOT-FOR-US: SAP
CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...)
@@ -14373,8 +14679,8 @@ CVE-2021-32124
RESERVED
CVE-2021-32123
RESERVED
-CVE-2021-32122
- RESERVED
+CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...)
+ TODO: check
CVE-2021-32121
RESERVED
CVE-2021-32120
@@ -21620,8 +21926,8 @@ CVE-2021-29402
RESERVED
CVE-2021-29401
RESERVED
-CVE-2021-29400
- RESERVED
+CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP Conta ...)
+ TODO: check
CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
NOT-FOR-US: XMB
CVE-2021-29398
@@ -21840,12 +22146,12 @@ CVE-2021-29298 (Improper Input Validation in Emerson GE Automation Proficy Machi
NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
CVE-2021-29297 (Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 ...)
NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
-CVE-2021-29296
- RESERVED
-CVE-2021-29295
- RESERVED
-CVE-2021-29294
- RESERVED
+CVE-2021-29296 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...)
+ TODO: check
+CVE-2021-29295 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...)
+ TODO: check
+CVE-2021-29294 (** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability ...)
+ TODO: check
CVE-2021-29293
RESERVED
CVE-2021-29292
@@ -22928,10 +23234,10 @@ CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of s
NOT-FOR-US: Mintty
CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...)
NOT-FOR-US: MobaXterm
-CVE-2021-28846
- RESERVED
-CVE-2021-28845
- RESERVED
+CVE-2021-28846 (A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW ...)
+ TODO: check
+CVE-2021-28845 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ TODO: check
CVE-2021-28844 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
NOT-FOR-US: TRENDnet
CVE-2021-28843 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
@@ -45695,8 +46001,8 @@ CVE-2021-20034
RESERVED
CVE-2021-20033
RESERVED
-CVE-2021-20032
- RESERVED
+CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...)
+ TODO: check
CVE-2021-20031
RESERVED
CVE-2021-20030
@@ -69850,10 +70156,10 @@ CVE-2020-21932 (A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 B
NOT-FOR-US: Motorola
CVE-2020-21931
RESERVED
-CVE-2020-21930
- RESERVED
-CVE-2020-21929
- RESERVED
+CVE-2020-21930 (A stored cross site scripting (XSS) vulnerability in the web_attr_2 fi ...)
+ TODO: check
+CVE-2020-21929 (A stored cross site scripting (XSS) vulnerability in the web_copyright ...)
+ TODO: check
CVE-2020-21928
RESERVED
CVE-2020-21927
@@ -70316,8 +70622,8 @@ CVE-2020-21699
RESERVED
CVE-2020-21698
RESERVED
-CVE-2020-21697
- RESERVED
+CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
+ TODO: check
CVE-2020-21696
RESERVED
CVE-2020-21695
@@ -70330,38 +70636,38 @@ CVE-2020-21692
RESERVED
CVE-2020-21691
RESERVED
-CVE-2020-21690
- RESERVED
+CVE-2020-21690 (A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 a ...)
+ TODO: check
CVE-2020-21689
RESERVED
-CVE-2020-21688
- RESERVED
+CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
+ TODO: check
CVE-2020-21687
RESERVED
CVE-2020-21686
RESERVED
CVE-2020-21685
RESERVED
-CVE-2020-21684
- RESERVED
-CVE-2020-21683
- RESERVED
-CVE-2020-21682
- RESERVED
-CVE-2020-21681
- RESERVED
-CVE-2020-21680
- RESERVED
+CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...)
+ TODO: check
+CVE-2020-21683 (A global buffer overflow in the shade_or_tint_name_after_declare_color ...)
+ TODO: check
+CVE-2020-21682 (A global buffer overflow in the set_fill component in genge.c of fig2d ...)
+ TODO: check
+CVE-2020-21681 (A global buffer overflow in the set_color component in genge.c of fig2 ...)
+ TODO: check
+CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in genpict2 ...)
+ TODO: check
CVE-2020-21679
RESERVED
-CVE-2020-21678
- RESERVED
-CVE-2020-21677
- RESERVED
-CVE-2020-21676
- RESERVED
-CVE-2020-21675
- RESERVED
+CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...)
+ TODO: check
+CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...)
+ TODO: check
+CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
+ TODO: check
+CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...)
+ TODO: check
CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...)
- libarchive <not-affected> (Vulnerable code not present in a released version)
NOTE: https://github.com/libarchive/libarchive/issues/1298
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6764dd0750bb6008f2e6054a86e241bb0b3ba03b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6764dd0750bb6008f2e6054a86e241bb0b3ba03b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210811/f545ba74/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list