[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 25 21:10:34 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bff60510 by security tracker role at 2021-10-25T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3904
+ RESERVED
+CVE-2021-3903
+ RESERVED
+CVE-2020-36503
+ RESERVED
CVE-2021-43010
RESERVED
CVE-2021-43009
@@ -4021,8 +4027,8 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach
NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
CVE-2021-3839
RESERVED
-CVE-2017-20007
- RESERVED
+CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...)
+ TODO: check
CVE-2021-41772
RESERVED
CVE-2021-41771
@@ -5343,8 +5349,8 @@ CVE-2021-41178
RESERVED
CVE-2021-41177
RESERVED
-CVE-2021-41176
- RESERVED
+CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...)
+ TODO: check
CVE-2021-41175
RESERVED
CVE-2021-41174
@@ -5689,8 +5695,8 @@ CVE-2021-41037
RESERVED
CVE-2021-41036
RESERVED
-CVE-2021-41035
- RESERVED
+CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
+ TODO: check
CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
NOT-FOR-US: Eclipse Che
CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
@@ -6061,8 +6067,7 @@ CVE-2021-3798 [Soft token does not check if an EC key is valid]
NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780
NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0)
NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0
-CVE-2021-40865
- RESERVED
+CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...)
NOT-FOR-US: Apache Storm
CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
NOT-FOR-US: Hestia Control Panel
@@ -6863,10 +6868,10 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai
NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding
NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on
NOTE: a query).
-CVE-2021-40527
- RESERVED
-CVE-2021-40526
- RESERVED
+CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...)
+ TODO: check
+CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
+ TODO: check
CVE-2021-40525
RESERVED
CVE-2021-3776
@@ -10001,10 +10006,10 @@ CVE-2021-39223
RESERVED
CVE-2021-39222
RESERVED
-CVE-2021-39221
- RESERVED
-CVE-2021-39220
- RESERVED
+CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ TODO: check
+CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
+ TODO: check
CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...)
NOT-FOR-US: wasmtime
CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...)
@@ -12182,8 +12187,7 @@ CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into
NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting
CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
- yii <itp> (bug #597899)
-CVE-2021-38294
- RESERVED
+CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...)
NOT-FOR-US: Apache Storm
CVE-2021-38293
RESERVED
@@ -13889,8 +13893,7 @@ CVE-2021-37626 (Contao is an open source CMS that allows you to create websites
NOT-FOR-US: Contao CMS
CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...)
NOT-FOR-US: Skytable
-CVE-2021-37624
- RESERVED
+CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
- freeswitch <itp> (bug #389591)
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
@@ -19503,8 +19506,8 @@ CVE-2021-35233
RESERVED
CVE-2021-35232
RESERVED
-CVE-2021-35231
- RESERVED
+CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
+ TODO: check
CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
NOT-FOR-US: Kiwi CatTools Installation Wizard
CVE-2021-35229
@@ -20302,28 +20305,28 @@ CVE-2021-34866
NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
CVE-2021-34865
RESERVED
-CVE-2021-34864
- RESERVED
-CVE-2021-34863
- RESERVED
-CVE-2021-34862
- RESERVED
-CVE-2021-34861
- RESERVED
-CVE-2021-34860
- RESERVED
-CVE-2021-34859
- RESERVED
+CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ TODO: check
+CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2021-34858
RESERVED
-CVE-2021-34857
- RESERVED
-CVE-2021-34856
- RESERVED
-CVE-2021-34855
- RESERVED
-CVE-2021-34854
- RESERVED
+CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ TODO: check
+CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -26116,7 +26119,7 @@ CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x befor
NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575
-CVE-2021-3546 (A flaw was found in vhost-user-gpu of QEMU in versions up to and inclu ...)
+CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...)
{DSA-4980-1}
- qemu 1:6.1+dfsg-1 (bug #989042)
[buster] - qemu <no-dsa> (Minor issue)
@@ -33294,7 +33297,7 @@ CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1,
NOT-FOR-US: IBM
CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...)
NOT-FOR-US: IBM
-CVE-2021-29764 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
+CVE-2021-29764 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...)
NOT-FOR-US: IBM
CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
@@ -42634,8 +42637,8 @@ CVE-2021-25979
RESERVED
CVE-2021-25978
RESERVED
-CVE-2021-25977
- RESERVED
+CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
+ TODO: check
CVE-2021-25976
RESERVED
CVE-2021-25975
@@ -44456,7 +44459,7 @@ CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser
NOT-FOR-US: SmartAgent
CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...)
NOT-FOR-US: ChurchRota
-CVE-2021-3163 (A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attac ...)
+CVE-2021-3163 (** DISPUTED ** A vulnerability in the HTML editor of Slab Quill 4.8.0 ...)
NOT-FOR-US: Slab Quill
CVE-2021-25301
RESERVED
@@ -45419,10 +45422,10 @@ CVE-2021-24887
RESERVED
CVE-2021-24886
RESERVED
-CVE-2021-24885
- RESERVED
-CVE-2021-24884
- RESERVED
+CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...)
+ TODO: check
+CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...)
+ TODO: check
CVE-2021-24883
RESERVED
CVE-2021-24882
@@ -45619,8 +45622,8 @@ CVE-2021-24787
RESERVED
CVE-2021-24786
RESERVED
-CVE-2021-24785
- RESERVED
+CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...)
+ TODO: check
CVE-2021-24784
RESERVED
CVE-2021-24783
@@ -45631,8 +45634,8 @@ CVE-2021-24781
RESERVED
CVE-2021-24780
RESERVED
-CVE-2021-24779
- RESERVED
+CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
+ TODO: check
CVE-2021-24778
RESERVED
CVE-2021-24777
@@ -45641,8 +45644,8 @@ CVE-2021-24776
RESERVED
CVE-2021-24775
RESERVED
-CVE-2021-24774
- RESERVED
+CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...)
+ TODO: check
CVE-2021-24773
RESERVED
CVE-2021-24772
@@ -45651,8 +45654,8 @@ CVE-2021-24771
RESERVED
CVE-2021-24770
RESERVED
-CVE-2021-24769
- RESERVED
+CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
+ TODO: check
CVE-2021-24768
RESERVED
CVE-2021-24767
@@ -45701,8 +45704,8 @@ CVE-2021-24746
RESERVED
CVE-2021-24745
RESERVED
-CVE-2021-24744
- RESERVED
+CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
+ TODO: check
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24742
@@ -45791,8 +45794,8 @@ CVE-2021-24701
RESERVED
CVE-2021-24700
RESERVED
-CVE-2021-24699
- RESERVED
+CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...)
+ TODO: check
CVE-2021-24698
RESERVED
CVE-2021-24697
@@ -45865,8 +45868,8 @@ CVE-2021-24664
RESERVED
CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24662
- RESERVED
+CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...)
+ TODO: check
CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
@@ -45883,8 +45886,8 @@ CVE-2021-24655
RESERVED
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24653
- RESERVED
+CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
+ TODO: check
CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...)
@@ -45973,8 +45976,8 @@ CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implem
NOT-FOR-US: WordPress plugin
CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24608
- RESERVED
+CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey & Quiz Fo ...)
+ TODO: check
CVE-2021-24607
RESERVED
CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...)
@@ -46101,10 +46104,10 @@ CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress
NOT-FOR-US: WordPress plugin
CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24544
- RESERVED
-CVE-2021-24543
- RESERVED
+CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...)
+ TODO: check
+CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...)
+ TODO: check
CVE-2021-24542
RESERVED
CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...)
@@ -46159,10 +46162,10 @@ CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms W
NOT-FOR-US: WordPress plugin
CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24515
- RESERVED
-CVE-2021-24514
- RESERVED
+CVE-2021-24515 (The Video Gallery – Vimeo and YouTube Gallery WordPress plugin t ...)
+ TODO: check
+CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...)
+ TODO: check
CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
@@ -46211,16 +46214,16 @@ CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF c
NOT-FOR-US: WordPress plugin
CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24489
- RESERVED
+CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...)
+ TODO: check
CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24487
- RESERVED
+CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...)
+ TODO: check
CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24485
- RESERVED
+CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...)
+ TODO: check
CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...)
@@ -46361,8 +46364,8 @@ CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery plugin Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24414
- RESERVED
+CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...)
+ TODO: check
CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress plugin befor ...)
@@ -46427,8 +46430,8 @@ CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24381
- RESERVED
+CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not ...)
+ TODO: check
CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...)
@@ -54945,8 +54948,8 @@ CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin t
NOT-FOR-US: Node fastify-reply-from
CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...)
NOT-FOR-US: Node matrix-react-sdk
-CVE-2021-21319
- RESERVED
+CVE-2021-21319 (Galette is a membership management web application geared towards non ...)
+ TODO: check
CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...)
NOT-FOR-US: Opencast
CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...)
@@ -66120,20 +66123,16 @@ CVE-2021-0943
RESERVED
CVE-2021-0942
RESERVED
-CVE-2021-0941 [bpf: Remove MTU check in __bpf_skb_max_len]
- RESERVED
+CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds ...)
- linux 5.10.28-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae
-CVE-2021-0940
- RESERVED
+CVE-2021-0940 (In TBD of TBD, there is a possible out of bounds write due to improper ...)
NOT-FOR-US: Pixel components
-CVE-2021-0939
- RESERVED
+CVE-2021-0939 (In set_default_passthru_cfg of passthru.c, there is a possible out of ...)
NOT-FOR-US: Pixel components
-CVE-2021-0938
- RESERVED
+CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypass of ...)
- linux 5.9.15-1 (unimportant)
[buster] - linux 4.19.171-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -66147,12 +66146,10 @@ CVE-2021-0937
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
NOTE: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d
NOTE: Duplicate of CVE-2021-22555
-CVE-2021-0936
- RESERVED
+CVE-2021-0936 (In acc_read of f_accessory.c, there is a possible memory corruption du ...)
- linux <not-affected> (Pixel or Android-specific driver)
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
-CVE-2021-0935
- RESERVED
+CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds write d ...)
- linux 4.15.17-1
[stretch] - linux 4.9.258-1
NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4
@@ -66701,12 +66698,12 @@ CVE-2021-0665
RESERVED
CVE-2021-0664
RESERVED
-CVE-2021-0663
- RESERVED
-CVE-2021-0662
- RESERVED
-CVE-2021-0661
- RESERVED
+CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ TODO: check
+CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ TODO: check
+CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ TODO: check
CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...)
NOT-FOR-US: Mediatek
CVE-2021-0659
@@ -66759,16 +66756,16 @@ CVE-2021-0636 (When extracting the incorrectly formatted avi file, the memory is
NOT-FOR-US: UniSoc components for Android
CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory is dama ...)
NOT-FOR-US: UniSoc components for Android
-CVE-2021-0634
- RESERVED
-CVE-2021-0633
- RESERVED
-CVE-2021-0632
- RESERVED
-CVE-2021-0631
- RESERVED
-CVE-2021-0630
- RESERVED
+CVE-2021-0634 (In display driver, there is a possible memory corruption due to uninit ...)
+ TODO: check
+CVE-2021-0633 (In display driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2021-0632 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ TODO: check
+CVE-2021-0631 (In wifi driver, there is a possible system crash due to a missing boun ...)
+ TODO: check
+CVE-2021-0630 (In wifi driver, there is a possible system crash due to a missing boun ...)
+ TODO: check
CVE-2021-0629
RESERVED
CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...)
@@ -66777,8 +66774,8 @@ CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integ
NOT-FOR-US: Mediatek
CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...)
NOT-FOR-US: Mediatek
-CVE-2021-0625
- RESERVED
+CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper locking. ...)
+ TODO: check
CVE-2021-0624
RESERVED
CVE-2021-0623
@@ -66791,18 +66788,18 @@ CVE-2021-0620
RESERVED
CVE-2021-0619
RESERVED
-CVE-2021-0618
- RESERVED
-CVE-2021-0617
- RESERVED
-CVE-2021-0616
- RESERVED
-CVE-2021-0615
- RESERVED
-CVE-2021-0614
- RESERVED
-CVE-2021-0613
- RESERVED
+CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ TODO: check
+CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ TODO: check
+CVE-2021-0616 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ TODO: check
+CVE-2021-0615 (In flv extractor, there is a possible out of bounds read due to an int ...)
+ TODO: check
+CVE-2021-0614 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ TODO: check
+CVE-2021-0613 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ TODO: check
CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...)
NOT-FOR-US: Mediatek
CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...)
@@ -67208,18 +67205,18 @@ CVE-2021-0416 (In memory management driver, there is a possible system crash due
NOT-FOR-US: Mediatek
CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...)
NOT-FOR-US: Mediatek
-CVE-2021-0414
- RESERVED
-CVE-2021-0413
- RESERVED
-CVE-2021-0412
- RESERVED
-CVE-2021-0411
- RESERVED
-CVE-2021-0410
- RESERVED
-CVE-2021-0409
- RESERVED
+CVE-2021-0414 (In flv extractor, there is a possible out of bounds read due to a heap ...)
+ TODO: check
+CVE-2021-0413 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+ TODO: check
+CVE-2021-0412 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+ TODO: check
+CVE-2021-0411 (In flv extractor, there is a possible out of bounds read due to an int ...)
+ TODO: check
+CVE-2021-0410 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+ TODO: check
+CVE-2021-0409 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+ TODO: check
CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...)
NOT-FOR-US: Mediatek
CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...)
@@ -85227,8 +85224,8 @@ CVE-2020-20910
RESERVED
CVE-2020-20909
RESERVED
-CVE-2020-20908
- RESERVED
+CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...)
+ TODO: check
CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...)
NOT-FOR-US: MetInfo
CVE-2020-20906
@@ -100588,8 +100585,8 @@ CVE-2020-14266
RESERVED
CVE-2020-14265
RESERVED
-CVE-2020-14264
- RESERVED
+CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
+ TODO: check
CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
NOT-FOR-US: HCL
CVE-2020-14262
@@ -118804,7 +118801,7 @@ CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows di
CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...)
NOT-FOR-US: UnEgg
CVE-2020-7859
- RESERVED
+ REJECTED
CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...)
NOT-FOR-US: AquaNPlayer
CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff60510087638c1556df7e25ed52b7c12020147
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff60510087638c1556df7e25ed52b7c12020147
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211025/71a8ed38/attachment.htm>
More information about the debian-security-tracker-commits
mailing list