[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 17 09:10:28 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2912e523 by security tracker role at 2021-09-17T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,41 @@
+CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
+	TODO: check
+CVE-2021-41313
+	RESERVED
+CVE-2021-41312
+	RESERVED
+CVE-2021-41311
+	RESERVED
+CVE-2021-41310
+	RESERVED
+CVE-2021-41309
+	RESERVED
+CVE-2021-41308
+	RESERVED
+CVE-2021-41307
+	RESERVED
+CVE-2021-41306
+	RESERVED
+CVE-2021-41305
+	RESERVED
+CVE-2021-41304
+	RESERVED
+CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web  ...)
+	TODO: check
+CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web  ...)
+	TODO: check
+CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...)
+	TODO: check
 CVE-2021-3809
 	RESERVED
 CVE-2021-3808
 	RESERVED
-CVE-2021-3807
-	RESERVED
+CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...)
+	TODO: check
 CVE-2021-3806
 	RESERVED
-CVE-2021-3805
-	RESERVED
+CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...)
+	TODO: check
 CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request may cause an authentication bypass]
 	RESERVED
 	- shiro <unfixed>
@@ -47,8 +75,8 @@ CVE-2021-41287
 	RESERVED
 CVE-2021-41286
 	RESERVED
-CVE-2021-3804
-	RESERVED
+CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...)
+	TODO: check
 CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...)
 	- openssh <unfixed> (unimportant)
 	NOTE: https://github.com/openssh/openssh-portable/pull/270
@@ -471,8 +499,8 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1
 	NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
 	NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44)
 	NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64)
-CVE-2021-3803
-	RESERVED
+CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...)
+	TODO: check
 CVE-2021-3802
 	RESERVED
 CVE-2021-41078
@@ -26190,11 +26218,9 @@ CVE-2021-30263
 	RESERVED
 CVE-2021-30262
 	RESERVED
-CVE-2021-30261
-	RESERVED
+CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30260
-	RESERVED
+CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30259
 	RESERVED
@@ -50595,14 +50621,14 @@ CVE-2021-20830
 	RESERVED
 CVE-2021-20829
 	RESERVED
-CVE-2021-20828
-	RESERVED
+CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
+	TODO: check
 CVE-2021-20827
 	RESERVED
 CVE-2021-20826
 	RESERVED
-CVE-2021-20825
-	RESERVED
+CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...)
+	TODO: check
 CVE-2021-20824
 	RESERVED
 CVE-2021-20823
@@ -50669,10 +50695,10 @@ CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Aud
 	NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP Music Transfer
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions  ...)
 	NOT-FOR-US: Quiz And Survey Master
-CVE-2021-20791
-	RESERVED
-CVE-2021-20790
-	RESERVED
+CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...)
+	TODO: check
+CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...)
+	TODO: check
 CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...)
 	NOT-FOR-US: GroupSession
 CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...)
@@ -54961,8 +54987,7 @@ CVE-2021-1978
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1977
 	RESERVED
-CVE-2021-1976
-	RESERVED
+CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1975
 	RESERVED
@@ -55020,8 +55045,7 @@ CVE-2021-1949
 	RESERVED
 CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1947
-	RESERVED
+CVE-2021-1947 (Use-after-free vulnerability in kernel graphics driver because of stor ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation while pr ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -55037,8 +55061,7 @@ CVE-2021-1941 (Possible buffer over read issue due to improper length check on W
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...)
 	NOT-FOR-US: Snapdragon
-CVE-2021-1939
-	RESERVED
+CVE-2021-1939 (Null pointer dereference occurs due to improper validation when the pr ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1938 (Possible assertion due to improper verification while creating and del ...)
 	NOT-FOR-US: Snapdragon
@@ -77809,32 +77832,32 @@ CVE-2020-21608
 	RESERVED
 CVE-2020-21607
 	RESERVED
-CVE-2020-21606
-	RESERVED
-CVE-2020-21605
-	RESERVED
-CVE-2020-21604
-	RESERVED
-CVE-2020-21603
-	RESERVED
-CVE-2020-21602
-	RESERVED
-CVE-2020-21601
-	RESERVED
-CVE-2020-21600
-	RESERVED
-CVE-2020-21599
-	RESERVED
-CVE-2020-21598
-	RESERVED
-CVE-2020-21597
-	RESERVED
-CVE-2020-21596
-	RESERVED
-CVE-2020-21595
-	RESERVED
-CVE-2020-21594
-	RESERVED
+CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...)
+	TODO: check
+CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
+	TODO: check
+CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
+	TODO: check
+CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
+	TODO: check
+CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
+	TODO: check
+CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
+	TODO: check
+CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
+	TODO: check
+CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
+	TODO: check
+CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
+	TODO: check
+CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
+	TODO: check
+CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
+	TODO: check
+CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
+	TODO: check
+CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...)
+	TODO: check
 CVE-2020-21593
 	RESERVED
 CVE-2020-21592
@@ -77951,20 +77974,20 @@ CVE-2020-21537
 	RESERVED
 CVE-2020-21536
 	RESERVED
-CVE-2020-21535
-	RESERVED
-CVE-2020-21534
-	RESERVED
-CVE-2020-21533
-	RESERVED
-CVE-2020-21532
-	RESERVED
-CVE-2020-21531
-	RESERVED
-CVE-2020-21530
-	RESERVED
-CVE-2020-21529
-	RESERVED
+CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...)
+	TODO: check
+CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...)
+	TODO: check
+CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...)
+	TODO: check
+CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...)
+	TODO: check
+CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...)
+	TODO: check
+CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...)
+	TODO: check
+CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...)
+	TODO: check
 CVE-2020-21528
 	RESERVED
 CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2912e523987e868283d0596e37a3321ed434b0dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2912e523987e868283d0596e37a3321ed434b0dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210917/9050aee9/attachment.htm>

More information about the debian-security-tracker-commits mailing list