[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 2 09:12:55 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eac75c55 by security tracker role at 2021-10-02T08:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,47 @@
+CVE-2021-41865
+	RESERVED
+CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...)
+	TODO: check
+CVE-2021-41863
+	RESERVED
+CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...)
+	TODO: check
+CVE-2021-41861
+	RESERVED
+CVE-2021-41860
+	RESERVED
+CVE-2021-41859
+	RESERVED
+CVE-2021-41858
+	RESERVED
+CVE-2021-41857
+	RESERVED
+CVE-2021-41856
+	RESERVED
+CVE-2021-41855
+	RESERVED
+CVE-2021-41854
+	RESERVED
+CVE-2021-41853
+	RESERVED
+CVE-2021-41852
+	RESERVED
+CVE-2021-41851
+	RESERVED
+CVE-2021-3851
+	RESERVED
+CVE-2021-3850
+	RESERVED
+CVE-2021-3849
+	RESERVED
 CVE-2021-41850
 	RESERVED
 CVE-2021-41849
 	RESERVED
 CVE-2021-41848
 	RESERVED
-CVE-2021-41847
-	RESERVED
+CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...)
+	TODO: check
 CVE-2021-41846
 	RESERVED
 CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...)
@@ -310,7 +346,7 @@ CVE-2021-41722
 	RESERVED
 CVE-2021-41721
 	RESERVED
-CVE-2021-41720 (A command injection vulnerability in Lodash in 4.17.21 allows attacker ...)
+CVE-2021-41720 (** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 all ...)
 	- node-lodash <unfixed> (unimportant)
 	NOTE: https://github.com/lodash/lodash/issues/5261
 	NOTE: Disputed security impact and validitity of the issue
@@ -8730,32 +8766,32 @@ CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Wind
 	NOT-FOR-US: Amazon AWS client for Windows
 CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...)
 	NOT-FOR-US: DEF CON 27 badge
-CVE-2021-38110
-	RESERVED
-CVE-2021-38109
-	RESERVED
-CVE-2021-38108
-	RESERVED
-CVE-2021-38107
-	RESERVED
-CVE-2021-38106
-	RESERVED
-CVE-2021-38105
-	RESERVED
+CVE-2021-38110 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...)
+	TODO: check
+CVE-2021-38109 (Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Rea ...)
+	TODO: check
+CVE-2021-38108 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...)
+	TODO: check
+CVE-2021-38107 (CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Ou ...)
+	TODO: check
+CVE-2021-38106 (UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+	TODO: check
+CVE-2021-38105 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+	TODO: check
 CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
 	NOT-FOR-US: Corel Presentations
 CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
 	NOT-FOR-US: Corel Presentations
-CVE-2021-38102
-	RESERVED
-CVE-2021-38101
-	RESERVED
-CVE-2021-38100
-	RESERVED
+CVE-2021-38102 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+	TODO: check
+CVE-2021-38101 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
+	TODO: check
+CVE-2021-38100 (Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bou ...)
+	TODO: check
 CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
 	NOT-FOR-US: Corel PhotoPaint Standard
-CVE-2021-38098
-	RESERVED
+CVE-2021-38098 (Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerabilit ...)
+	TODO: check
 CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...)
 	NOT-FOR-US: Corel PDF Fusion
 CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...)
@@ -12816,8 +12852,8 @@ CVE-2021-36311
 	RESERVED
 CVE-2021-36310
 	RESERVED
-CVE-2021-36309
-	RESERVED
+CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...)
+	TODO: check
 CVE-2021-36308
 	RESERVED
 CVE-2021-36307
@@ -12838,8 +12874,8 @@ CVE-2021-36300
 	RESERVED
 CVE-2021-36299
 	RESERVED
-CVE-2021-36298
-	RESERVED
+CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...)
+	TODO: check
 CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search  ...)
 	NOT-FOR-US: SupportAssist Client (Dell)
 CVE-2021-36296
@@ -80278,8 +80314,8 @@ CVE-2020-21230
 	RESERVED
 CVE-2020-21229
 	RESERVED
-CVE-2020-21228
-	RESERVED
+CVE-2020-21228 (JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in  ...)
+	TODO: check
 CVE-2020-21227
 	RESERVED
 CVE-2020-21226



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eac75c55c8fb0fcd0d42875069bb4f25a82d49b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eac75c55c8fb0fcd0d42875069bb4f25a82d49b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211002/ef412877/attachment.htm>
