[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 13 20:10:31 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2898dc82 by security tracker role at 2021-11-13T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
+ TODO: check
CVE-2021-43615
RESERVED
CVE-2021-43614
@@ -141,8 +143,8 @@ CVE-2021-3947 [NVME: Arbitrary Memory Read]
NOTE: https://lore.kernel.org/qemu-devel/20211111153125.2258176-1-philmd@redhat.com/
CVE-2021-3946
RESERVED
-CVE-2021-3945
- RESERVED
+CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ TODO: check
CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...)
TODO: check
CVE-2021-3944
@@ -273,8 +275,8 @@ CVE-2021-43522
RESERVED
CVE-2021-3939
RESERVED
-CVE-2021-3938
- RESERVED
+CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ TODO: check
CVE-2021-3937
RESERVED
CVE-2021-3936
@@ -520,8 +522,8 @@ CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When
- hurd 1:0.9.git20210404-9
CVE-2021-43410
RESERVED
-CVE-2021-3932
- RESERVED
+CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-43409
RESERVED
CVE-2021-43408
@@ -540,8 +542,8 @@ CVE-2021-43402
RESERVED
CVE-2021-43401
RESERVED
-CVE-2021-3931
- RESERVED
+CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
RESERVED
- qemu <unfixed>
@@ -1993,8 +1995,8 @@ CVE-2021-43205
RESERVED
CVE-2021-43204
RESERVED
-CVE-2021-3921
- RESERVED
+CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3920
RESERVED
CVE-2021-3919
@@ -2057,8 +2059,8 @@ CVE-2021-43176
RESERVED
CVE-2021-43175
RESERVED
-CVE-2021-3918
- RESERVED
+CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
+ TODO: check
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
- routinator <itp> (bug #929024)
NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
@@ -2261,8 +2263,8 @@ CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Over
NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master)
NOTE: CVE description is wrong, this doesn't affect 8.1, only 9.x/master:
NOTE: Introduced with https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396 (9.1.0-rc0)
-CVE-2021-3915
- RESERVED
+CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
+ TODO: check
CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
NOT-FOR-US: WordPress plugin
CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
@@ -6866,8 +6868,8 @@ CVE-2021-41655
RESERVED
CVE-2021-41654
RESERVED
-CVE-2021-41653
- RESERVED
+CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...)
+ TODO: check
CVE-2021-41652
RESERVED
CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
@@ -9494,10 +9496,10 @@ CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TT
NOT-FOR-US: Peleton
CVE-2021-40525
RESERVED
-CVE-2021-3776
- RESERVED
-CVE-2021-3775
- RESERVED
+CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
CVE-2021-3773
@@ -14878,7 +14880,7 @@ CVE-2021-38293
CVE-2021-38292
RESERVED
CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
- {DSA-4998-1 DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1
NOTE: https://trac.ffmpeg.org/ticket/9312
@@ -15419,8 +15421,8 @@ CVE-2021-3685
RESERVED
CVE-2021-3684
RESERVED
-CVE-2021-3683
- RESERVED
+CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...)
@@ -85573,7 +85575,7 @@ CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
CVE-2020-22055
RESERVED
CVE-2020-22054 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- {DSA-4990-1}
+ {DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8315
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f2a3958cfac135c60b509a61a4fd39432d8f9a9
@@ -85591,12 +85593,13 @@ CVE-2020-22051 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
CVE-2020-22050
RESERVED
CVE-2020-22049 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- {DSA-4990-1}
+ {DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8314
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=373c1c9b691fd4c6831b3a114a006b639304c2af
NOTE: Negligible security impact
CVE-2020-22048 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8303
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fddef964e8aa4a2c123e470db1436a082ff6bcf3
@@ -85604,6 +85607,7 @@ CVE-2020-22048 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
CVE-2020-22047
RESERVED
CVE-2020-22046 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8294
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=097c917c147661f5378dae8fe3f7e46f43236426
@@ -85611,6 +85615,7 @@ CVE-2020-22046 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
CVE-2020-22045
RESERVED
CVE-2020-22044 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8295
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad
@@ -85628,6 +85633,7 @@ CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
NOTE: https://trac.ffmpeg.org/ticket/8267
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84
CVE-2020-22041 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8296
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f
@@ -85647,7 +85653,7 @@ CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a
NOTE: https://trac.ffmpeg.org/ticket/8285
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013
CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
- {DSA-4998-1 DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8281
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7bba0dd6382e30d646cb406034a66199e071d713
@@ -89098,7 +89104,7 @@ CVE-2020-20455
CVE-2020-20454
RESERVED
CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...)
- {DSA-4998-1 DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8003
NOTE: Negligible security impact
@@ -89106,6 +89112,7 @@ CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/
CVE-2020-20452
RESERVED
CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...)
+ {DLA-2818-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8094
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb
@@ -89132,13 +89139,13 @@ CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcode
CVE-2020-20447
RESERVED
CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...)
- {DSA-4998-1 DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg 7:4.4.1-1 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7995
NOTE: Negligible security impact
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002
CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...)
- {DSA-4998-1 DSA-4990-1}
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7996
NOTE: Negligible security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898dc82f7cd1b55c6376f9ce84fde3669526808
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2898dc82f7cd1b55c6376f9ce84fde3669526808
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211113/d30f0708/attachment.htm>
More information about the debian-security-tracker-commits
mailing list