[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 9 21:10:35 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4e567fe by security tracker role at 2021-09-09T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,67 @@
+CVE-2021-40837
+ RESERVED
+CVE-2021-40836
+ RESERVED
+CVE-2021-40835
+ RESERVED
+CVE-2021-40834
+ RESERVED
+CVE-2021-40833
+ RESERVED
+CVE-2021-40832
+ RESERVED
+CVE-2021-40831
+ RESERVED
+CVE-2021-40830
+ RESERVED
+CVE-2021-40829
+ RESERVED
+CVE-2021-40828
+ RESERVED
+CVE-2021-40827
+ RESERVED
+CVE-2021-40826
+ RESERVED
+CVE-2021-40825
+ RESERVED
+CVE-2021-40824
+ RESERVED
+CVE-2021-40823
+ RESERVED
+CVE-2021-40822
+ RESERVED
+CVE-2021-40821
+ RESERVED
+CVE-2021-40820
+ RESERVED
+CVE-2021-40819
+ RESERVED
+CVE-2021-3793
+ RESERVED
+CVE-2021-3792
+ RESERVED
+CVE-2021-3791
+ RESERVED
+CVE-2021-3790
+ RESERVED
+CVE-2021-3789
+ RESERVED
+CVE-2021-3788
+ RESERVED
+CVE-2021-3787
+ RESERVED
+CVE-2021-3786
+ RESERVED
+CVE-2021-3785
+ RESERVED
+CVE-2021-3784
+ RESERVED
+CVE-2021-3783
+ RESERVED
+CVE-2021-3782
+ RESERVED
CVE-2021-3781 [Include device specifier strings in access validation]
+ RESERVED
- ghostscript 9.53.3~dfsg-8 (bug #994011)
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
NOTE: https://twitter.com/ducnt_/status/1434534373416574983
@@ -1017,8 +1080,8 @@ CVE-2021-40355
RESERVED
CVE-2021-40354
RESERVED
-CVE-2021-3761
- RESERVED
+CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...)
+ TODO: check
CVE-2021-3760
RESERVED
CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
@@ -1035,10 +1098,11 @@ CVE-2021-40348
RESERVED
CVE-2021-40347 [Check a user owns the email they are trying to unsubscribe]
RESERVED
+ {DSA-4970-1}
- postorius 1.3.5-1 (bug #993746)
NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b
NOTE: https://phabricator.wikimedia.org/T289798
-CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_h ...)
+CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...)
{DSA-4968-1}
- haproxy 2.2.16-3
[buster] - haproxy <not-affected> (Vulnerable code not present)
@@ -1215,8 +1279,8 @@ CVE-2021-40286
RESERVED
CVE-2021-40285
RESERVED
-CVE-2021-40284
- RESERVED
+CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...)
+ TODO: check
CVE-2021-40283
RESERVED
CVE-2021-40282
@@ -1337,10 +1401,10 @@ CVE-2021-40225
RESERVED
CVE-2021-40224
RESERVED
-CVE-2021-40223
- RESERVED
-CVE-2021-40222
- RESERVED
+CVE-2021-40223 (Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitiz ...)
+ TODO: check
+CVE-2021-40222 (Rittal CMC PU III Web management Version affected: V3.11.00_2. Version ...)
+ TODO: check
CVE-2021-40221
RESERVED
CVE-2021-40220
@@ -2958,10 +3022,10 @@ CVE-2021-39461
RESERVED
CVE-2021-39460
RESERVED
-CVE-2021-39459
- RESERVED
-CVE-2021-39458
- RESERVED
+CVE-2021-39459 (Remote code execution in the modules component in Yakamara Media Redax ...)
+ TODO: check
+CVE-2021-39458 (Triggering an error page of the import process in Yakamara Media Redax ...)
+ TODO: check
CVE-2021-39457
RESERVED
CVE-2021-39456
@@ -3332,8 +3396,8 @@ CVE-2021-39298
RESERVED
CVE-2021-39297
RESERVED
-CVE-2021-39296
- RESERVED
+CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
+ TODO: check
CVE-2021-39295
RESERVED
CVE-2021-3727
@@ -3439,66 +3503,79 @@ CVE-2021-39265
CVE-2021-39264
RESERVED
CVE-2021-39263 (A crafted NTFS image can trigger a heap-based buffer overflow, caused ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39262 (A crafted NTFS image can cause an out-of-bounds access in ntfs_decompr ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39261 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_co ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39260 (A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_s ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39259 (A crafted NTFS image can trigger an out-of-bounds access, caused by an ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39258 (A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find a ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39257 (A crafted NTFS image with an unallocated bitmap can lead to a endless ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39256 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_in ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39255 (A crafted NTFS image can trigger an out-of-bounds read, caused by an i ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39254 (A crafted NTFS image can cause an integer overflow in memmove, leading ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39253 (A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_ ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39252 (A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39251 (A crafted NTFS image can cause a NULL pointer dereference in ntfs_exte ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
@@ -4655,20 +4732,20 @@ CVE-2021-38729
RESERVED
CVE-2021-38728
RESERVED
-CVE-2021-38727
- RESERVED
+CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...)
+ TODO: check
CVE-2021-38726
RESERVED
-CVE-2021-38725
- RESERVED
+CVE-2021-38725 (Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/co ...)
+ TODO: check
CVE-2021-38724
RESERVED
-CVE-2021-38723
- RESERVED
+CVE-2021-38723 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...)
+ TODO: check
CVE-2021-38722
RESERVED
-CVE-2021-38721
- RESERVED
+CVE-2021-38721 (FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) ...)
+ TODO: check
CVE-2021-38720
RESERVED
CVE-2021-38719
@@ -5096,8 +5173,7 @@ CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust.
- rust-tar <unfixed> (bug #992173)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html
NOTE: https://github.com/alexcrichton/tar-rs/issues/238
-CVE-2021-38540
- RESERVED
+CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...)
- airflow <itp> (bug #819700)
CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
NOT-FOR-US: Netgear
@@ -5195,6 +5271,7 @@ CVE-2021-38494
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
CVE-2021-38493
RESERVED
+ {DSA-4969-1}
- firefox 92.0-1
- firefox-esr 78.14.0esr-1
- thunderbird 1:78.14.0-1
@@ -5377,8 +5454,8 @@ CVE-2021-38410
RESERVED
CVE-2021-38409
RESERVED
-CVE-2021-38408
- RESERVED
+CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...)
+ TODO: check
CVE-2021-38407
RESERVED
CVE-2021-38406
@@ -5576,26 +5653,26 @@ CVE-2021-38327
RESERVED
CVE-2021-38326
RESERVED
-CVE-2021-38325
- RESERVED
-CVE-2021-38324
- RESERVED
-CVE-2021-38323
- RESERVED
-CVE-2021-38322
- RESERVED
-CVE-2021-38321
- RESERVED
-CVE-2021-38320
- RESERVED
-CVE-2021-38319
- RESERVED
-CVE-2021-38318
- RESERVED
-CVE-2021-38317
- RESERVED
-CVE-2021-38316
- RESERVED
+CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...)
+ TODO: check
+CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2021-38323 (The RentPress WordPress plugin is vulnerable to Reflected Cross-Site S ...)
+ TODO: check
+CVE-2021-38322 (The Twitter Friends Widget WordPress plugin is vulnerable to Reflected ...)
+ TODO: check
+CVE-2021-38321 (The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2021-38320 (The simpleSAMLphp Authentication WordPress plugin is vulnerable to Ref ...)
+ TODO: check
+CVE-2021-38319 (The More From Google WordPress plugin is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2021-38318 (The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2021-38317 (The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected ...)
+ TODO: check
+CVE-2021-38316 (The WP Academic People List WordPress plugin is vulnerable to Reflecte ...)
+ TODO: check
CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...)
@@ -7356,8 +7433,8 @@ CVE-2021-37581
RESERVED
CVE-2021-37580
RESERVED
-CVE-2021-37579
- RESERVED
+CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...)
+ TODO: check
CVE-2021-3667
RESERVED
- libvirt <unfixed> (bug #991594)
@@ -8383,8 +8460,8 @@ CVE-2021-37103
RESERVED
CVE-2021-37102
RESERVED
-CVE-2021-37101
- RESERVED
+CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
+ TODO: check
CVE-2021-37100
RESERVED
CVE-2021-37099
@@ -8882,10 +8959,10 @@ CVE-2021-36873
RESERVED
CVE-2021-36872
RESERVED
-CVE-2021-36871
- RESERVED
-CVE-2021-36870
- RESERVED
+CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ TODO: check
+CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ TODO: check
CVE-2021-36869
RESERVED
CVE-2021-36868
@@ -10514,8 +10591,8 @@ CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. T
NOT-FOR-US: Apache Dubbo
CVE-2021-36162 (Apache Dubbo supports various rules to support configuration override ...)
NOT-FOR-US: Apache Dubbo
-CVE-2021-36161
- RESERVED
+CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...)
+ TODO: check
CVE-2021-36160
RESERVED
CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
@@ -12651,21 +12728,25 @@ CVE-2021-35271
CVE-2021-35270
RESERVED
CVE-2021-35269 (NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribu ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-35268 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inod ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-35267 (NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur whe ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-35266 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inod ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
@@ -17218,6 +17299,7 @@ CVE-2021-33291
CVE-2021-33290
RESERVED
CVE-2021-33289 (In NTFS-3G versions < 2021.8.22, when a specially crafted MFT secti ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
@@ -17225,16 +17307,19 @@ CVE-2021-33289 (In NTFS-3G versions < 2021.8.22, when a specially crafted MFT
CVE-2021-33288
RESERVED
CVE-2021-33287 (In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attrib ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-33286 (In NTFS-3G versions < 2021.8.22, when a specially crafted unicode s ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-33285 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attr ...)
+ {DSA-4971-1}
[experimental] - ntfs-3g 1:2021.8.22-1
- ntfs-3g 1:2021.8.22-2 (bug #988386)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
@@ -19235,14 +19320,14 @@ CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yu
NOT-FOR-US: Yubico yubihsm-shell
CVE-2021-32488
RESERVED
-CVE-2021-32487
- RESERVED
-CVE-2021-32486
- RESERVED
-CVE-2021-32485
- RESERVED
-CVE-2021-32484
- RESERVED
+CVE-2021-32487 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ TODO: check
+CVE-2021-32486 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ TODO: check
+CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ TODO: check
+CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ TODO: check
CVE-2021-32483
RESERVED
CVE-2021-32482
@@ -24882,18 +24967,18 @@ CVE-2021-30297
RESERVED
CVE-2021-30296
RESERVED
-CVE-2021-30295
- RESERVED
-CVE-2021-30294
- RESERVED
+CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...)
+ TODO: check
+CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...)
+ TODO: check
CVE-2021-30293
RESERVED
CVE-2021-30292
RESERVED
CVE-2021-30291
RESERVED
-CVE-2021-30290
- RESERVED
+CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...)
+ TODO: check
CVE-2021-30289
RESERVED
CVE-2021-30288
@@ -28440,18 +28525,18 @@ CVE-2021-28916
RESERVED
CVE-2021-28915
RESERVED
-CVE-2021-28914
- RESERVED
-CVE-2021-28913
- RESERVED
-CVE-2021-28912
- RESERVED
-CVE-2021-28911
- RESERVED
-CVE-2021-28910
- RESERVED
-CVE-2021-28909
- RESERVED
+CVE-2021-28914 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to ...)
+ TODO: check
+CVE-2021-28913 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ TODO: check
+CVE-2021-28912 (BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard c ...)
+ TODO: check
+CVE-2021-28911 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ TODO: check
+CVE-2021-28910 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSR ...)
+ TODO: check
+CVE-2021-28909 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ TODO: check
CVE-2021-28908
RESERVED
CVE-2021-28907
@@ -29460,20 +29545,20 @@ CVE-2021-28501
RESERVED
CVE-2021-28500
RESERVED
-CVE-2021-28499
- RESERVED
-CVE-2021-28498
- RESERVED
-CVE-2021-28497
- RESERVED
+CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ TODO: check
+CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ TODO: check
+CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ TODO: check
CVE-2021-28496
RESERVED
-CVE-2021-28495
- RESERVED
-CVE-2021-28494
- RESERVED
-CVE-2021-28493
- RESERVED
+CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ TODO: check
+CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ TODO: check
+CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ TODO: check
CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...)
- linux 5.10.19-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -33956,8 +34041,8 @@ CVE-2021-26610
RESERVED
CVE-2021-26609
RESERVED
-CVE-2021-26608
- RESERVED
+CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...)
+ TODO: check
CVE-2021-26607
RESERVED
CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...)
@@ -33966,8 +34051,8 @@ CVE-2021-26605 (An improper input validation vulnerability in the service of ezP
NOT-FOR-US: ezPDFReader
CVE-2021-26604
RESERVED
-CVE-2021-26603
- RESERVED
+CVE-2021-26603 (A heap overflow issue was found in ARK library of bandisoft Co., Ltd w ...)
+ TODO: check
CVE-2021-26602
RESERVED
CVE-2021-26601
@@ -36986,42 +37071,42 @@ CVE-2021-25468
RESERVED
CVE-2021-25467
RESERVED
-CVE-2021-25466
- RESERVED
-CVE-2021-25465
- RESERVED
-CVE-2021-25464
- RESERVED
-CVE-2021-25463
- RESERVED
-CVE-2021-25462
- RESERVED
-CVE-2021-25461
- RESERVED
-CVE-2021-25460
- RESERVED
-CVE-2021-25459
- RESERVED
-CVE-2021-25458
- RESERVED
-CVE-2021-25457
- RESERVED
-CVE-2021-25456
- RESERVED
-CVE-2021-25455
- RESERVED
-CVE-2021-25454
- RESERVED
-CVE-2021-25453
- RESERVED
-CVE-2021-25452
- RESERVED
-CVE-2021-25451
- RESERVED
-CVE-2021-25450
- RESERVED
-CVE-2021-25449
- RESERVED
+CVE-2021-25466 (Improper scheme check vulnerability in Samsung Internet prior to versi ...)
+ TODO: check
+CVE-2021-25465 (An improper scheme check vulnerability in Samsung Themes prior to vers ...)
+ TODO: check
+CVE-2021-25464 (An improper file management vulnerability in SamsungCapture prior to v ...)
+ TODO: check
+CVE-2021-25463 (Improper access control vulnerability in PENUP prior to version 3.8.00 ...)
+ TODO: check
+CVE-2021-25462 (NULL pointer dereference vulnerability in NPU driver prior to SMR Sep- ...)
+ TODO: check
+CVE-2021-25461 (An improper length check in APAService prior to SMR Sep-2021 Release 1 ...)
+ TODO: check
+CVE-2021-25460 (An improper access control vulnerability in sspExit() in BlockchainTZS ...)
+ TODO: check
+CVE-2021-25459 (An improper access control vulnerability in sspInit() in BlockchainTZS ...)
+ TODO: check
+CVE-2021-25458 (NULL pointer dereference vulnerability in ION driver prior to SMR Sep- ...)
+ TODO: check
+CVE-2021-25457 (An improper input validation vulnerability in DSP driver prior to SMR ...)
+ TODO: check
+CVE-2021-25456 (OOB read vulnerability in libswmfextractor.so library prior to SMR Sep ...)
+ TODO: check
+CVE-2021-25455 (OOB read vulnerability in libsaviextractor.so library prior to SMR Sep ...)
+ TODO: check
+CVE-2021-25454 (OOB read vulnerability in libsaacextractor.so library prior to SMR Sep ...)
+ TODO: check
+CVE-2021-25453 (Some improper access control in Bluetooth APIs prior to SMR Sep-2021 R ...)
+ TODO: check
+CVE-2021-25452 (An improper input validation vulnerability in loading graph file in DS ...)
+ TODO: check
+CVE-2021-25451 (A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR ...)
+ TODO: check
+CVE-2021-25450 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR S ...)
+ TODO: check
+CVE-2021-25449 (An improper input validation vulnerability in libsapeextractor library ...)
+ TODO: check
CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...)
NOT-FOR-US: Samsung
CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version ...)
@@ -44292,8 +44377,7 @@ CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versi
- gitlab <unfixed>
CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2021-22239
- RESERVED
+CVE-2021-22239 (An unauthorized user was able to insert metadata when creating new iss ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -51203,10 +51287,10 @@ CVE-2021-20120
RESERVED
CVE-2021-20119
RESERVED
-CVE-2021-20118
- RESERVED
-CVE-2021-20117
- RESERVED
+CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
+ TODO: check
+CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
+ TODO: check
CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam <= ...)
NOT-FOR-US: TCExam
CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam <= ...)
@@ -53702,14 +53786,14 @@ CVE-2021-1976
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1975
RESERVED
-CVE-2021-1974
- RESERVED
+CVE-2021-1974 (Possible buffer over read due to lack of alignment between map or unma ...)
+ TODO: check
CVE-2021-1973
RESERVED
CVE-2021-1972 (Possible buffer overflow due to improper validation of device types du ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1971
- RESERVED
+CVE-2021-1971 (Possible assertion due to lack of physical layer state validation in S ...)
+ TODO: check
CVE-2021-1970 (Possible out of bound read due to lack of length check of FT sub-eleme ...)
NOT-FOR-US: Snapdragon
CVE-2021-1969
@@ -53724,43 +53808,43 @@ CVE-2021-1965 (Possible buffer overflow due to lack of parameter length check du
NOT-FOR-US: Snapdragon
CVE-2021-1964 (Possible buffer over read due to improper validation of IE size while ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1963
- RESERVED
-CVE-2021-1962
- RESERVED
-CVE-2021-1961
- RESERVED
-CVE-2021-1960
- RESERVED
+CVE-2021-1963 (Possible use-after-free due to lack of validation for the rule count i ...)
+ TODO: check
+CVE-2021-1962 (Buffer Overflow while processing IOCTL for getting peripheral endpoint ...)
+ TODO: check
+CVE-2021-1961 (Possible buffer overflow due to lack of offset length check while upda ...)
+ TODO: check
+CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted opcode in LM ...)
+ TODO: check
CVE-2021-1959
RESERVED
-CVE-2021-1958
- RESERVED
-CVE-2021-1957
- RESERVED
-CVE-2021-1956
- RESERVED
+CVE-2021-1958 (A race condition in fastrpc kernel driver for dynamic process creation ...)
+ TODO: check
+CVE-2021-1957 (Improper Access Control when ACL link encryption is failed and ACL lin ...)
+ TODO: check
+CVE-2021-1956 (Improper handling of ASB-U packet with L2CAP channel ID by slave host ...)
+ TODO: check
CVE-2021-1955 (Denial of service in SAP case due to improper handling of connections ...)
NOT-FOR-US: SAP
CVE-2021-1954 (Possible buffer over read due to improper validation of data pointer w ...)
NOT-FOR-US: Snapdragon
CVE-2021-1953 (Improper handling of received malformed FTMR request frame can lead to ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1952
- RESERVED
+CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of reques ...)
+ TODO: check
CVE-2021-1951
RESERVED
CVE-2021-1950
RESERVED
CVE-2021-1949
RESERVED
-CVE-2021-1948
- RESERVED
+CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...)
+ TODO: check
CVE-2021-1947
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1946
- RESERVED
+CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation while pr ...)
+ TODO: check
CVE-2021-1945 (Possible out of bound read due to lack of length check of Bandwidth-NS ...)
NOT-FOR-US: Snapdragon
CVE-2021-1944
@@ -53769,8 +53853,8 @@ CVE-2021-1943 (Possible buffer out of bound read can occur due to improper valid
NOT-FOR-US: Snapdragon
CVE-2021-1942
RESERVED
-CVE-2021-1941
- RESERVED
+CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...)
+ TODO: check
CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...)
NOT-FOR-US: Snapdragon
CVE-2021-1939
@@ -53782,12 +53866,12 @@ CVE-2021-1937 (Reachable assertion is possible while processing peer association
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1936
RESERVED
-CVE-2021-1935
- RESERVED
-CVE-2021-1934
- RESERVED
-CVE-2021-1933
- RESERVED
+CVE-2021-1935 (Possible null pointer dereference due to lack of validation check for ...)
+ TODO: check
+CVE-2021-1934 (Possible memory corruption due to improper check when application load ...)
+ TODO: check
+CVE-2021-1933 (UE assertion is possible due to improper validation of invite message ...)
+ TODO: check
CVE-2021-1932
RESERVED
CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer length w ...)
@@ -53834,8 +53918,8 @@ CVE-2021-1911
RESERVED
CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1909
- RESERVED
+CVE-2021-1909 (Buffer overflow occurs in trusted applications due to lack of length c ...)
+ TODO: check
CVE-2021-1908
RESERVED
CVE-2021-1907 (Possible buffer overflow due to lack of length check in BA request in ...)
@@ -80764,8 +80848,8 @@ CVE-2020-19517
RESERVED
CVE-2020-19516
RESERVED
-CVE-2020-19515
- RESERVED
+CVE-2020-19515 (qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install ...)
+ TODO: check
CVE-2020-19514
RESERVED
CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...)
@@ -81308,18 +81392,18 @@ CVE-2020-19270
RESERVED
CVE-2020-19269
RESERVED
-CVE-2020-19268
- RESERVED
-CVE-2020-19267
- RESERVED
-CVE-2020-19266
- RESERVED
-CVE-2020-19265
- RESERVED
-CVE-2020-19264
- RESERVED
-CVE-2020-19263
- RESERVED
+CVE-2020-19268 (A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of ...)
+ TODO: check
+CVE-2020-19267 (An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows ...)
+ TODO: check
+CVE-2020-19266 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...)
+ TODO: check
+CVE-2020-19265 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...)
+ TODO: check
+CVE-2020-19264 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...)
+ TODO: check
+CVE-2020-19263 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...)
+ TODO: check
CVE-2020-19262
RESERVED
CVE-2020-19261
@@ -81556,10 +81640,10 @@ CVE-2020-19146
RESERVED
CVE-2020-19145
RESERVED
-CVE-2020-19144
- RESERVED
-CVE-2020-19143
- RESERVED
+CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...)
+ TODO: check
+CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...)
+ TODO: check
CVE-2020-19142 (iCMS 7 attackers to execute arbitrary OS commands via shell metacharac ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2020-19141
@@ -111413,10 +111497,10 @@ CVE-2020-7876
RESERVED
CVE-2020-7875
RESERVED
-CVE-2020-7874
- RESERVED
-CVE-2020-7873
- RESERVED
+CVE-2020-7874 (Download of code without integrity check vulnerability in NEXACRO14 Ru ...)
+ TODO: check
+CVE-2020-7873 (Download of code without integrity check vulnerability in ActiveX cont ...)
+ TODO: check
CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vuln ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e567fef4b8696252efb2db332f075e6f9cbe73
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e567fef4b8696252efb2db332f075e6f9cbe73
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210909/cbe022f1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list