[Git][security-tracker-team/security-tracker][master] 3 commits: Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 12 08:36:03 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
627de489 by Salvatore Bonaccorso at 2021-06-12T09:35:48+02:00
Process several NFUs
- - - - -
360fddc1 by Salvatore Bonaccorso at 2021-06-12T09:35:49+02:00
Add CVE-2021-22915/nextcloud-server
- - - - -
279fb8cf by Salvatore Bonaccorso at 2021-06-12T09:35:49+02:00
Add CVE-2020-25467/lrzip
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -282,7 +282,7 @@ CVE-2021-34542
CVE-2021-34541
RESERVED
CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...)
NOT-FOR-US: CubeCoders AMP
CVE-2021-34538
@@ -3210,7 +3210,7 @@ CVE-2021-33207
CVE-2021-33206
RESERVED
CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...)
- libvirt <not-affected> (Vulnerable code never in a released version)
NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1)
@@ -3871,11 +3871,11 @@ CVE-2021-32934
CVE-2021-32933
RESERVED
CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2021-32931
RESERVED
CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2021-32929
RESERVED
CVE-2021-32928
@@ -13852,7 +13852,7 @@ CVE-2021-28816
CVE-2021-28815
RESERVED
CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-28813
RESERVED
CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...)
@@ -13870,7 +13870,7 @@ CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been repor
CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...)
NOT-FOR-US: QNAP
CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-28804
RESERVED
CVE-2021-28803
@@ -13878,7 +13878,7 @@ CVE-2021-28803
CVE-2021-28802
RESERVED
CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-28800
RESERVED
CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
@@ -17162,11 +17162,11 @@ CVE-2021-27412
CVE-2021-27411
RESERVED
CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
- TODO: check
+ NOT-FOR-US: Welch Allyn
CVE-2021-27409
RESERVED
CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...)
- TODO: check
+ NOT-FOR-US: Welch Allyn
CVE-2021-27407
RESERVED
CVE-2021-27406
@@ -17680,7 +17680,7 @@ CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in
CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...)
NOT-FOR-US: Endian Firewall Community (aka EFW)
CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...)
- TODO: check
+ NOT-FOR-US: WoWonder
CVE-2021-27199
RESERVED
CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server through 11.0 ...)
@@ -18117,15 +18117,15 @@ CVE-2021-26999
CVE-2021-26998
RESERVED
CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
- TODO: check
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
- TODO: check
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
- TODO: check
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...)
NOT-FOR-US: Clustered Data ONTAP (NetApp)
CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
- TODO: check
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
NOT-FOR-US: Cloud Manager (NetApp)
CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...)
@@ -18561,9 +18561,9 @@ CVE-2021-26831
CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...)
NOT-FOR-US: Tribalsystems Zenario CMS
CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
- TODO: check
+ NOT-FOR-US: OpenPLC ScadaBR
CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
- TODO: check
+ NOT-FOR-US: OpenPLC ScadaBR
CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...)
NOT-FOR-US: TP-Link
CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
@@ -20319,11 +20319,11 @@ CVE-2021-23220
CVE-2021-23212
RESERVED
CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23199
RESERVED
CVE-2021-23197
@@ -20333,7 +20333,7 @@ CVE-2021-23193
CVE-2021-23185
RESERVED
CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23167
RESERVED
CVE-2021-23162
@@ -20343,9 +20343,9 @@ CVE-2021-23155
CVE-2021-23146
RESERVED
CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...)
NOT-FOR-US: LivingLogic XIST4C
CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...)
@@ -22102,91 +22102,91 @@ CVE-2021-25427
CVE-2021-25426
RESERVED
CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...)
- TODO: check
+ NOT-FOR-US: Watch Active2 PlugIn
CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to ...)
- TODO: check
+ NOT-FOR-US: Watch Active2 PlugIn
CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...)
- TODO: check
+ NOT-FOR-US: Galaxy Watch3 PlugIn
CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to ...)
- TODO: check
+ NOT-FOR-US: Galaxy Watch PlugIn
CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...)
NOT-FOR-US: Samsung
CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...)
@@ -25148,7 +25148,7 @@ CVE-2021-24037
CVE-2021-24036
RESERVED
CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2021-24034
RESERVED
CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
@@ -27687,11 +27687,11 @@ CVE-2021-22917
CVE-2021-22916
RESERVED
CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2021-22914
RESERVED
CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Deck
CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...)
TODO: check
CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
@@ -27707,7 +27707,7 @@ CVE-2021-22907 (An improper access control vulnerability exists in Citrix Worksp
CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers ...)
TODO: check
CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Android App (com.nextcloud.client)
CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...)
{DSA-4929-1 DLA-2655-1}
- rails 2:6.0.3.7+dfsg-1 (bug #988214)
@@ -28037,45 +28037,45 @@ CVE-2021-22770
CVE-2021-22769 (A CWE-269: Improper Privilege Management vulnerability exists in Enerl ...)
TODO: check
CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
- TODO: check
+ NOT-FOR-US: PowerLogic EGX300
CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
- TODO: check
+ NOT-FOR-US: PowerLogic EGX300
CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
- TODO: check
+ NOT-FOR-US: PowerLogic EGX300
CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
- TODO: check
+ NOT-FOR-US: PowerLogic
CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic ...)
- TODO: check
+ NOT-FOR-US: PowerLogic
CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
- TODO: check
+ NOT-FOR-US: PowerLogic
CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2021-22748
RESERVED
CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
@@ -30136,7 +30136,7 @@ CVE-2021-21835
CVE-2021-21834
RESERVED
CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2021-21832
RESERVED
CVE-2021-21831
@@ -30154,7 +30154,7 @@ CVE-2021-21826
CVE-2021-21825
RESERVED
CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2021-21823
RESERVED
CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
@@ -30186,7 +30186,7 @@ CVE-2021-21810
CVE-2021-21809
RESERVED
CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2021-21807
RESERVED
CVE-2021-21806
@@ -30212,7 +30212,7 @@ CVE-2021-21797
CVE-2021-21796
RESERVED
CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2021-21794
RESERVED
CVE-2021-21793
@@ -34212,7 +34212,7 @@ CVE-2021-20734
CVE-2021-20733
RESERVED
CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...)
- TODO: check
+ NOT-FOR-US: ATOM (ATOM - Smart life App)
CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...)
NOT-FOR-US: WSR-1166DHP3 firmware
CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...)
@@ -34220,7 +34220,7 @@ CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware V
CVE-2021-20729
RESERVED
CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...)
- TODO: check
+ NOT-FOR-US: goo blog App
CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
NOT-FOR-US: Zettlr
CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
@@ -34497,7 +34497,7 @@ CVE-2021-20593
CVE-2021-20592
RESERVED
CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model all ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
@@ -47052,19 +47052,19 @@ CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for W
CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
NOT-FOR-US: Intel
CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0099
RESERVED
CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0096
RESERVED
CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0093
RESERVED
CVE-2021-0092
@@ -47072,7 +47072,7 @@ CVE-2021-0092
CVE-2021-0091
RESERVED
CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -47104,27 +47104,27 @@ CVE-2021-0079
CVE-2021-0078
RESERVED
CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0076
RESERVED
CVE-2021-0075
RESERVED
CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0072
RESERVED
CVE-2021-0071
RESERVED
CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0069
RESERVED
CVE-2021-0068
RESERVED
CVE-2021-0067 ( Improper access control in system firmware for some Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0066
RESERVED
CVE-2021-0065
@@ -47142,21 +47142,21 @@ CVE-2021-0060
CVE-2021-0059
RESERVED
CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0053
RESERVED
CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2021-0050
RESERVED
CVE-2021-0049
@@ -47256,7 +47256,7 @@ CVE-2021-0003
CVE-2021-0002
RESERVED
CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-27669
RESERVED
CVE-2020-27668
@@ -47894,7 +47894,7 @@ CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9
CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) ...)
NOT-FOR-US: FlexDotnetCMS
CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...)
- TODO: check
+ NOT-FOR-US: Guild Wars 2 launcher
CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...)
TODO: check
CVE-2020-27382
@@ -50833,7 +50833,7 @@ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access P
NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
NOTE: https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/
CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
- python-urllib3 1.25.9-1
[buster] - python-urllib3 <no-dsa> (Minor issue)
@@ -52594,7 +52594,10 @@ CVE-2020-25469
CVE-2020-25468
RESERVED
CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...)
- TODO: check
+ - lrzip <undetermined>
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
+ NOTE: https://github.com/ckolivas/lrzip/issues/163
+ TODO: check fixing commit
CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
NOT-FOR-US: CRMEB
CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...)
@@ -54388,15 +54391,15 @@ CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection ex
CVE-2020-24672
RESERVED
CVE-2020-24671 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...)
- TODO: check
+ NOT-FOR-US: Trace Financial CRESTBridge
CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
NOT-FOR-US: Hitachi
CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...)
NOT-FOR-US: Hitachi
CVE-2020-24668 (Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulner ...)
- TODO: check
+ NOT-FOR-US: Trace Financial CRESTBridge
CVE-2020-24667 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...)
- TODO: check
+ NOT-FOR-US: Trace Financial CRESTBridge
CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...)
NOT-FOR-US: Hitachi
CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
@@ -54404,7 +54407,7 @@ CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.
CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
NOT-FOR-US: Hitachi
CVE-2020-24663 (Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnera ...)
- TODO: check
+ NOT-FOR-US: Trace Financial CRESTBridge
CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...)
TODO: check
CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...)
@@ -54766,11 +54769,11 @@ CVE-2020-24518
CVE-2020-24517
RESERVED
CVE-2020-24516 (Modification of assumed-immutable data in subsystem in Intel(R) CSME v ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs may al ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24514 (Improper authentication in some Intel(R) RealSense(TM) IDs may allow a ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24513 (Domain-bypass transient execution vulnerability in some Intel Atom(R) ...)
- intel-microcode 3.20210608.1 (bug #989615)
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bfbb0e632d8d2774a2d5323fe1f3845bb002f761...279fb8cf7f7cc306fc42e423750ee33da0e8119d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bfbb0e632d8d2774a2d5323fe1f3845bb002f761...279fb8cf7f7cc306fc42e423750ee33da0e8119d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210612/86fcce6a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list