[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2021-40978/python-mkdocs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 11 09:54:59 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
068d6c58 by Salvatore Bonaccorso at 2021-10-11T10:54:41+02:00
Add CVE-2021-40978/python-mkdocs
- - - - -
b877ba97 by Salvatore Bonaccorso at 2021-10-11T10:54:42+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2649,7 +2649,8 @@ CVE-2021-40980
CVE-2021-40979
RESERVED
CVE-2021-40978 (** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory t ...)
- TODO: check
+ - python-mkdocs <unfixed> (unimportant)
+ NOTE: https://github.com/mkdocs/mkdocs/issues/2601
CVE-2021-40977
RESERVED
CVE-2021-40976
@@ -12625,7 +12626,7 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succ
NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x)
CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a challen ...)
- TODO: check
+ NOT-FOR-US: Digi RealPort
CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
NOT-FOR-US: Concrete5
CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...)
@@ -14522,11 +14523,11 @@ CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.00
CVE-2021-35980
RESERVED
CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
- TODO: check
+ NOT-FOR-US: Digi RealPort
CVE-2021-35978
RESERVED
CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...)
- TODO: check
+ NOT-FOR-US: Digi RealPort
CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
NOT-FOR-US: Plesk Obsidian
CVE-2021-35975
@@ -19967,7 +19968,7 @@ CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-fl
CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
NOT-FOR-US: com.vaadin:flow-server
CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...)
NOT-FOR-US: F-Secure
CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...)
@@ -34047,7 +34048,7 @@ CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session
CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applicati ...)
NOT-FOR-US: Dr.Web Firewall
CVE-2021-28129 (While working on Apache OpenOffice 4.1.8 a developer discovered that t ...)
- TODO: check
+ NOT-FOR-US: Apache OpenOffice
CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...)
NOT-FOR-US: Strapi
CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...)
@@ -39342,7 +39343,7 @@ CVE-2021-25968
CVE-2021-25967
RESERVED
CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...)
- TODO: check
+ NOT-FOR-US: Orchard CMS
CVE-2021-25965
RESERVED
CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...)
@@ -40649,55 +40650,55 @@ CVE-2021-25493 (Lack of boundary checking of a buffer in libSPenBase library of
CVE-2021-25492 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...)
NOT-FOR-US: Samsung
CVE-2021-25491 (A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows m ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25490 (A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25489 (Assuming radio permission is gained, missing input validation in modem ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25488 (Lack of boundary checking of a buffer in recv_data() of modem interfac ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25487 (Lack of boundary checking of a buffer in set_skb_priv() of modem inter ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25486 (Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25485 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR O ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25484 (Improper authentication in InputManagerService prior to SMR Oct-2021 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25483 (Lack of boundary checking of a buffer in livfivextractor library prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25482 (SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25481 (An improper error handling in Exynos CP booting driver prior to SMR Oc ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25480 (A lack of replay attack protection in GUTI REALLOCATION COMMAND messag ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25479 (A possible heap-based buffer overflow vulnerability in Exynos CP Chips ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25478 (A possible stack-based buffer overflow vulnerability in Exynos CP Chip ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25477 (An improper error handling in Mediatek RRC Protocol stack prior to SMR ...)
NOT-FOR-US: Mediatek
CVE-2021-25476 (An information disclosure vulnerability in Widevine TA log prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25475 (A possible heap-based buffer overflow vulnerability in DSP kernel driv ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25474 (Assuming a shell privilege is gained, an improper exception handling f ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25473 (Assuming a shell privilege is gained, an improper exception handling f ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25472 (An improper access control vulnerability in BluetoothSettingsProvider ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25471 (A lack of replay attack protection in Security Mode Command process pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25470 (An improper caller check logic of SMC call in TEEGRIS secure OS prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25469 (A possible stack-based buffer overflow vulnerability in Widevine trust ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25468 (A possible guessing and confirming a byte memory vulnerability in Wide ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25467 (Assuming system privilege is gained, possible buffer overflow vulnerab ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25466 (Improper scheme check vulnerability in Samsung Internet prior to versi ...)
NOT-FOR-US: Samsung
CVE-2021-25465 (An improper scheme check vulnerability in Samsung Themes prior to vers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d20541e7c9cc8b1733a7f7879738f73086a7ebe5...b877ba972258bdb58933c706e4d384196dc6a960
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d20541e7c9cc8b1733a7f7879738f73086a7ebe5...b877ba972258bdb58933c706e4d384196dc6a960
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211011/3f75a648/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list