[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 11 21:10:40 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cdcb10d2 by security tracker role at 2021-08-11T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2021-38562
+ RESERVED
+CVE-2021-38561
+ RESERVED
+CVE-2021-38560
+ RESERVED
+CVE-2021-38559
+ RESERVED
+CVE-2021-38558
+ RESERVED
+CVE-2021-38557
+ RESERVED
+CVE-2021-38556
+ RESERVED
+CVE-2021-38555
+ RESERVED
+CVE-2021-38554
+ RESERVED
+CVE-2021-38553
+ RESERVED
+CVE-2021-38552
+ RESERVED
+CVE-2021-38551
+ RESERVED
+CVE-2021-38550
+ RESERVED
+CVE-2021-38549 (MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific ...)
+ TODO: check
+CVE-2021-38548 (JBL Go 2 devices through 2021-08-09 allow remote attackers to recover ...)
+ TODO: check
+CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote attack ...)
+ TODO: check
+CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...)
+ TODO: check
+CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...)
+ TODO: check
+CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...)
+ TODO: check
+CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...)
+ TODO: check
+CVE-2021-38542
+ RESERVED
+CVE-2021-38541
+ RESERVED
+CVE-2021-3699
+ RESERVED
+CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...)
+ TODO: check
CVE-2021-XXXX [RUSTSEC-2021-0078]
- rust-hyper <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html
@@ -6,7 +54,7 @@ CVE-2021-XXXX [RUSTSEC-2021-0079]
- rust-hyper <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html
NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9
-CVE-2021-38511 [RUSTSEC-2021-0080]
+CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...)
- rust-tar <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html
NOTE: https://github.com/alexcrichton/tar-rs/issues/238
@@ -1095,8 +1143,8 @@ CVE-2021-38087
RESERVED
CVE-2021-38086
RESERVED
-CVE-2021-38085
- RESERVED
+CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...)
+ TODO: check
CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...)
- courier <unfixed> (bug #989375)
[bullseye] - courier <no-dsa> (Minor issue)
@@ -1933,8 +1981,8 @@ CVE-2021-37696
RESERVED
CVE-2021-37695
RESERVED
-CVE-2021-37694
- RESERVED
+CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
+ TODO: check
CVE-2021-37693
RESERVED
CVE-2021-37692
@@ -8829,8 +8877,8 @@ CVE-2021-34642
RESERVED
CVE-2021-34641
RESERVED
-CVE-2021-34640
- RESERVED
+CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...)
+ TODO: check
CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 a ...)
NOT-FOR-US: WordPress Download Manager
CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager <= ...)
@@ -11254,10 +11302,10 @@ CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secu
NOT-FOR-US: F-Secure
CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...)
NOT-FOR-US: F-Secure
-CVE-2021-33595
- RESERVED
-CVE-2021-33594
- RESERVED
+CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Browser fo ...)
+ TODO: check
+CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...)
+ TODO: check
CVE-2021-33593
RESERVED
CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...)
@@ -12770,8 +12818,8 @@ CVE-2021-32949
RESERVED
CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32947
- RESERVED
+CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
+ TODO: check
CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32945
@@ -12786,8 +12834,8 @@ CVE-2021-32941
RESERVED
CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32939
- RESERVED
+CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
+ TODO: check
CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32937
@@ -12802,8 +12850,8 @@ CVE-2021-32933
RESERVED
CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
NOT-FOR-US: Advantech
-CVE-2021-32931
- RESERVED
+CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...)
+ TODO: check
CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...)
NOT-FOR-US: Advantech
CVE-2021-32929
@@ -24492,7 +24540,7 @@ CVE-2021-28304
RESERVED
CVE-2021-28303
RESERVED
-CVE-2021-28302 (A stack overflow in pupnp 1.16.1 can cause the denial of service throu ...)
+CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the denial o ...)
- pupnp-1.8 <unfixed> (bug #986833)
[bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
[buster] - pupnp-1.8 <no-dsa> (Minor issue)
@@ -36205,10 +36253,10 @@ CVE-2021-23423
RESERVED
CVE-2021-23422
RESERVED
-CVE-2021-23421
- RESERVED
-CVE-2021-23420
- RESERVED
+CVE-2021-23421 (All versions of package merge-change are vulnerable to Prototype Pollu ...)
+ TODO: check
+CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0 and before ...)
+ TODO: check
CVE-2021-23419 (This affects the package open-graph before 0.2.6. The function parse c ...)
TODO: check
CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML External Entity ...)
@@ -36780,18 +36828,18 @@ CVE-2021-3052
RESERVED
CVE-2021-3051
RESERVED
-CVE-2021-3050
- RESERVED
+CVE-2021-3050 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ TODO: check
CVE-2021-3049
RESERVED
-CVE-2021-3048
- RESERVED
-CVE-2021-3047
- RESERVED
-CVE-2021-3046
- RESERVED
-CVE-2021-3045
- RESERVED
+CVE-2021-3048 (Certain invalid URL entries contained in an External Dynamic List (EDL ...)
+ TODO: check
+CVE-2021-3047 (A cryptographically weak pseudo-random number generator (PRNG) is used ...)
+ TODO: check
+CVE-2021-3046 (An improper authentication vulnerability exists in Palo Alto Networks ...)
+ TODO: check
+CVE-2021-3045 (An OS command argument injection vulnerability in the Palo Alto Networ ...)
+ TODO: check
CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...)
NOT-FOR-US: Palo Alto Networks
CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...)
@@ -44548,8 +44596,8 @@ CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could dis
NOT-FOR-US: IBM
CVE-2021-20428 (IBM Security Guardium 11.2 could allow a remote attacker to obtain sen ...)
NOT-FOR-US: IBM
-CVE-2021-20427
- RESERVED
+CVE-2021-20427 (IBM Security Guardium 11.2 uses an inadequate account lockout setting ...)
+ TODO: check
CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such as a ...)
NOT-FOR-US: IBM
CVE-2021-20425
@@ -44562,12 +44610,12 @@ CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive info
NOT-FOR-US: IBM
CVE-2021-20421
RESERVED
-CVE-2021-20420
- RESERVED
+CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive information due to ...)
+ TODO: check
CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...)
NOT-FOR-US: IBM
-CVE-2021-20418
- RESERVED
+CVE-2021-20418 (IBM Security Guardium 11.2 does not require that users should have str ...)
+ TODO: check
CVE-2021-20417 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...)
NOT-FOR-US: IBM
CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a r ...)
@@ -44785,6 +44833,7 @@ CVE-2021-20315
RESERVED
CVE-2021-20314 [Remote stack buffer overflow in libspf2]
RESERVED
+ {DSA-4955-1 DLA-2739-1}
- libspf2 1.2.10-7.1
[bullseye] - libspf2 1.2.10-7.1~deb11u1
NOTE: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
@@ -52370,8 +52419,8 @@ CVE-2020-28590 (An out-of-bounds read vulnerability exists in the Obj File Trian
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1213
NOTE: https://github.com/slic3r/Slic3r/issues/5074
NOTE: Crash in enduser application, no security impact
-CVE-2020-28589
- RESERVED
+CVE-2020-28589 (An improper array index validation vulnerability exists in the LoadObj ...)
+ TODO: check
CVE-2020-28588 (An information disclosure vulnerability exists in the /proc/pid/syscal ...)
- linux 5.9.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -56709,8 +56758,8 @@ CVE-2021-0198
RESERVED
CVE-2021-0197
RESERVED
-CVE-2021-0196
- RESERVED
+CVE-2021-0196 (Improper access control in kernel mode driver for some Intel(R) NUC 9 ...)
+ TODO: check
CVE-2021-0195
RESERVED
CVE-2021-0194
@@ -56781,8 +56830,8 @@ CVE-2021-0162
RESERVED
CVE-2021-0161
RESERVED
-CVE-2021-0160
- RESERVED
+CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...)
+ TODO: check
CVE-2021-0159
RESERVED
CVE-2021-0158
@@ -56946,10 +56995,10 @@ CVE-2021-0086 (Observable response discrepancy in floating-point operations for
NOT-FOR-US: Intel
CVE-2021-0085
RESERVED
-CVE-2021-0084
- RESERVED
-CVE-2021-0083
- RESERVED
+CVE-2021-0084 (Improper input validation in the Intel(R) Ethernet Controllers X722 an ...)
+ TODO: check
+CVE-2021-0083 (Improper input validation in some Intel(R) Optane(TM) PMem versions be ...)
+ TODO: check
CVE-2021-0082
RESERVED
CVE-2021-0081
@@ -56990,10 +57039,10 @@ CVE-2021-0064
RESERVED
CVE-2021-0063
RESERVED
-CVE-2021-0062
- RESERVED
-CVE-2021-0061
- RESERVED
+CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers before ver ...)
+ TODO: check
+CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...)
+ TODO: check
CVE-2021-0060
RESERVED
CVE-2021-0059
@@ -57090,28 +57139,28 @@ CVE-2021-0014
RESERVED
CVE-2021-0013
RESERVED
-CVE-2021-0012
- RESERVED
+CVE-2021-0012 (Use after free in some Intel(R) Graphics Driver before version 27.20.1 ...)
+ TODO: check
CVE-2021-0011
RESERVED
CVE-2021-0010
RESERVED
-CVE-2021-0009
- RESERVED
-CVE-2021-0008
- RESERVED
-CVE-2021-0007
- RESERVED
-CVE-2021-0006
- RESERVED
-CVE-2021-0005
- RESERVED
-CVE-2021-0004
- RESERVED
-CVE-2021-0003
- RESERVED
-CVE-2021-0002
- RESERVED
+CVE-2021-0009 (Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 ...)
+ TODO: check
+CVE-2021-0008 (Uncontrolled resource consumption in firmware for Intel(R) Ethernet Ad ...)
+ TODO: check
+CVE-2021-0007 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...)
+ TODO: check
+CVE-2021-0006 (Improper conditions check in firmware for Intel(R) Ethernet Adapters 8 ...)
+ TODO: check
+CVE-2021-0005 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...)
+ TODO: check
+CVE-2021-0004 (Improper buffer restrictions in the firmware of Intel(R) Ethernet Adap ...)
+ TODO: check
+CVE-2021-0003 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...)
+ TODO: check
+CVE-2021-0002 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...)
+ TODO: check
CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...)
NOT-FOR-US: Intel
CVE-2020-27669
@@ -70092,8 +70141,8 @@ CVE-2020-21978
RESERVED
CVE-2020-21977
RESERVED
-CVE-2020-21976
- RESERVED
+CVE-2020-21976 (An arbitrary file upload in the <input type="file" name="user_image ...)
+ TODO: check
CVE-2020-21975
RESERVED
CVE-2020-21974
@@ -70664,8 +70713,8 @@ CVE-2020-21692
RESERVED
CVE-2020-21691
RESERVED
-CVE-2020-21690 (A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 a ...)
- TODO: check
+CVE-2020-21690
+ REJECTED
CVE-2020-21689
RESERVED
CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcb10d24bd62ad98a100f79b228be5bc90486d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcb10d24bd62ad98a100f79b228be5bc90486d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210811/365cd2a9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list