[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 11 08:10:21 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cde47063 by security tracker role at 2021-11-11T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,8 +6,8 @@ CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded passwo
NOT-FOR-US: KNX ETS6
CVE-2021-43574
RESERVED
-CVE-2021-43573
- RESERVED
+CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
+ TODO: check
CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...)
TODO: check
CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...)
@@ -409,8 +409,8 @@ CVE-2021-43399
CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in ...)
- libcrypto++ <unfixed>
NOTE: https://github.com/weidai11/cryptopp/issues/1080
-CVE-2021-43397
- RESERVED
+CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
+ TODO: check
CVE-2021-43395
RESERVED
CVE-2021-43394
@@ -2650,8 +2650,8 @@ CVE-2021-3898
RESERVED
CVE-2021-3897
RESERVED
-CVE-2021-42847
- RESERVED
+CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...)
+ TODO: check
CVE-2021-42846
RESERVED
CVE-2021-42845
@@ -5837,8 +5837,8 @@ CVE-2021-42004
RESERVED
CVE-2021-42003
RESERVED
-CVE-2021-42002
- RESERVED
+CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter ...)
+ TODO: check
CVE-2021-42001
RESERVED
CVE-2021-42000
@@ -6208,8 +6208,8 @@ CVE-2021-41838
RESERVED
CVE-2021-41837
RESERVED
-CVE-2021-41833
- RESERVED
+CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...)
+ TODO: check
CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...)
NOT-FOR-US: Trend Micro
CVE-2021-3847 [low-privileged user privileges escalation]
@@ -7967,10 +7967,10 @@ CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affec
NOT-FOR-US: Dada Mail
CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...)
NOT-FOR-US: Discourse
-CVE-2021-41081
- RESERVED
-CVE-2021-41080
- RESERVED
+CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before  ...)
+ TODO: check
+CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before  ...)
+ TODO: check
CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...)
{DSA-4986-1 DLA-2764-1}
- tomcat9 9.0.53-1
@@ -8438,12 +8438,12 @@ CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3
NOT-FOR-US: Gurock TestRail
CVE-2021-40874
RESERVED
-CVE-2021-40873
- RESERVED
-CVE-2021-40872
- RESERVED
-CVE-2021-40871
- RESERVED
+CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
+ TODO: check
+CVE-2021-40872 (An issue was discovered in Softing Industrial Automation uaToolkit Emb ...)
+ TODO: check
+CVE-2021-40871 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
+ TODO: check
CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...)
NOT-FOR-US: Aviatrix Controller
CVE-2021-40869
@@ -25233,8 +25233,8 @@ CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version
NOT-FOR-US: UniFi Protect G3 FLEX Camera
CVE-2021-33817
RESERVED
-CVE-2021-33816
- RESERVED
+CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...)
+ TODO: check
CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...)
[experimental] - ffmpeg <unfixed>
- ffmpeg <not-affected> (Vulnerable code not present, introduced in cc85ca1cb34)
@@ -25745,8 +25745,8 @@ CVE-2021-33621
RESERVED
CVE-2021-33619
RESERVED
-CVE-2021-33618
- RESERVED
+CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstr ...)
+ TODO: check
CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-33616
@@ -81521,52 +81521,52 @@ CVE-2020-23908
RESERVED
CVE-2020-23907 (An issue was discovered in retdec v3.3. In function canSplitFunctionOn ...)
NOT-FOR-US: retdec
-CVE-2020-23906
- RESERVED
+CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of servi ...)
+ TODO: check
CVE-2020-23905
RESERVED
-CVE-2020-23904
- RESERVED
-CVE-2020-23903
- RESERVED
-CVE-2020-23902
- RESERVED
-CVE-2020-23901
- RESERVED
-CVE-2020-23900
- RESERVED
-CVE-2020-23899
- RESERVED
-CVE-2020-23898
- RESERVED
-CVE-2020-23897
- RESERVED
-CVE-2020-23896
- RESERVED
-CVE-2020-23895
- RESERVED
-CVE-2020-23894
- RESERVED
-CVE-2020-23893
- RESERVED
+CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...)
+ TODO: check
+CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...)
+ TODO: check
+CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
+ TODO: check
+CVE-2020-23901 (A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows at ...)
+ TODO: check
+CVE-2020-23900 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
+ TODO: check
+CVE-2020-23899 (A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows at ...)
+ TODO: check
+CVE-2020-23898 (A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows at ...)
+ TODO: check
+CVE-2020-23897 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec ...)
+ TODO: check
+CVE-2020-23896 (A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows at ...)
+ TODO: check
+CVE-2020-23895 (A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows at ...)
+ TODO: check
+CVE-2020-23894 (A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit ...)
+ TODO: check
+CVE-2020-23893 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 ...)
+ TODO: check
CVE-2020-23892
RESERVED
-CVE-2020-23891
- RESERVED
-CVE-2020-23890
- RESERVED
-CVE-2020-23889
- RESERVED
-CVE-2020-23888
- RESERVED
-CVE-2020-23887
- RESERVED
-CVE-2020-23886
- RESERVED
+CVE-2020-23891 (A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows at ...)
+ TODO: check
+CVE-2020-23890 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
+ TODO: check
+CVE-2020-23889 (A User Mode Write AV starting at Editor!TMethodImplementationIntercept ...)
+ TODO: check
+CVE-2020-23888 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 ...)
+ TODO: check
+CVE-2020-23887 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...)
+ TODO: check
+CVE-2020-23886 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...)
+ TODO: check
CVE-2020-23885
RESERVED
-CVE-2020-23884
- RESERVED
+CVE-2020-23884 (A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial ...)
+ TODO: check
CVE-2020-23883
RESERVED
CVE-2020-23882
@@ -81575,22 +81575,22 @@ CVE-2020-23881
RESERVED
CVE-2020-23880
RESERVED
-CVE-2020-23879
- RESERVED
-CVE-2020-23878
- RESERVED
-CVE-2020-23877
- RESERVED
-CVE-2020-23876
- RESERVED
+CVE-2020-23879 (pdf2json v0.71 was discovered to contain a NULL pointer dereference in ...)
+ TODO: check
+CVE-2020-23878 (pdf2json v0.71 was discovered to contain a stack buffer overflow in th ...)
+ TODO: check
+CVE-2020-23877 (pdf2xml v2.0 was discovered to contain a stack buffer overflow in the ...)
+ TODO: check
+CVE-2020-23876 (pdf2xml v2.0 was discovered to contain a memory leak in the function T ...)
+ TODO: check
CVE-2020-23875
RESERVED
-CVE-2020-23874
- RESERVED
-CVE-2020-23873
- RESERVED
-CVE-2020-23872
- RESERVED
+CVE-2020-23874 (pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the f ...)
+ TODO: check
+CVE-2020-23873 (pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the f ...)
+ TODO: check
+CVE-2020-23872 (A NULL pointer dereference in the function TextPage::restoreState of p ...)
+ TODO: check
CVE-2020-23871
RESERVED
CVE-2020-23870
@@ -112838,7 +112838,7 @@ CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead t
CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...)
NOT-FOR-US: October CMS
CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...)
- {DLA-2763-1}
+ {DSA-5005-1 DLA-2763-1}
- ruby-kaminari 1.0.1-6 (bug #961847)
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cde470632e85b7a57887dab81d7ddcf8eabf106c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cde470632e85b7a57887dab81d7ddcf8eabf106c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211111/d6c040cb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list