[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 27 21:10:28 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b87d57a6 by security tracker role at 2021-09-27T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-41766
+ RESERVED
+CVE-2021-3836
+ RESERVED
+CVE-2021-3835
+ RESERVED
+CVE-2021-3834
+ RESERVED
+CVE-2021-3833
+ RESERVED
+CVE-2021-3832
+ RESERVED
+CVE-2021-3831
+ RESERVED
CVE-2021-41765
RESERVED
CVE-2021-41764
@@ -22,8 +36,8 @@ CVE-2021-41755
RESERVED
CVE-2021-41754
RESERVED
-CVE-2021-41753
- RESERVED
+CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ TODO: check
CVE-2021-41752
RESERVED
CVE-2021-41751
@@ -367,8 +381,8 @@ CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the abili
NOT-FOR-US: Gradle Enterprise
CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2021-3828
- RESERVED
+CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+ TODO: check
CVE-2021-41585
RESERVED
CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...)
@@ -431,14 +445,14 @@ CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers
NOT-FOR-US: OpenVPN Access Server
CVE-2021-3823
RESERVED
-CVE-2021-3822
- RESERVED
+CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...)
+ TODO: check
CVE-2021-41560
RESERVED
CVE-2021-41559
RESERVED
-CVE-2021-41558
- RESERVED
+CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
+ TODO: check
CVE-2021-41557
RESERVED
CVE-2021-41556
@@ -507,14 +521,14 @@ CVE-2021-41525 (An issue related to modification of otherwise restricted files t
NOT-FOR-US: FlexNet
CVE-2021-3821
RESERVED
-CVE-2021-3820
- RESERVED
+CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...)
+ TODO: check
CVE-2021-41524
RESERVED
-CVE-2021-3819
- RESERVED
-CVE-2021-3818
- RESERVED
+CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...)
+ TODO: check
CVE-2021-3817
RESERVED
CVE-2021-41523
@@ -1412,8 +1426,8 @@ CVE-2021-41099
RESERVED
CVE-2021-41098
RESERVED
-CVE-2021-41097
- RESERVED
+CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...)
+ TODO: check
CVE-2021-41096
RESERVED
CVE-2021-41095
@@ -1902,8 +1916,8 @@ CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication
NOT-FOR-US: Netgear
CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...)
NOT-FOR-US: Netgear
-CVE-2021-3799
- RESERVED
+CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI ...)
+ TODO: check
CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...)
- atftp 0.7.git20210915-1 (bug #994895)
[bullseye] - atftp <no-dsa> (Minor issue; can be fixed via point release)
@@ -2280,18 +2294,18 @@ CVE-2021-40716
RESERVED
CVE-2021-40715
RESERVED
-CVE-2021-40714
- RESERVED
-CVE-2021-40713
- RESERVED
-CVE-2021-40712
- RESERVED
-CVE-2021-40711
- RESERVED
+CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2021-40713 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2021-40712 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ TODO: check
+CVE-2021-40711 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ TODO: check
CVE-2021-40710
RESERVED
-CVE-2021-40709
- RESERVED
+CVE-2021-40709 (Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) ...)
+ TODO: check
CVE-2021-40708
RESERVED
CVE-2021-40707
@@ -2302,14 +2316,14 @@ CVE-2021-40705
RESERVED
CVE-2021-40704
RESERVED
-CVE-2021-40703
- RESERVED
-CVE-2021-40702
- RESERVED
-CVE-2021-40701
- RESERVED
-CVE-2021-40700
- RESERVED
+CVE-2021-40703 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ TODO: check
+CVE-2021-40702 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ TODO: check
+CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ TODO: check
+CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ TODO: check
CVE-2021-40699
RESERVED
CVE-2021-40698
@@ -2329,6 +2343,7 @@ CVE-2021-40692
CVE-2021-40691
RESERVED
CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
+ {DLA-2767-1}
- libxml-security-java 2.1.7-1 (bug #994569)
NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc
CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...)
@@ -3205,8 +3220,8 @@ CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repos
[buster] - git <no-dsa> (Minor issue)
[stretch] - git <no-dsa> (Minor issue)
NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
-CVE-2021-40329
- RESERVED
+CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...)
+ TODO: check
CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...)
- libmobi <itp> (bug #966677)
CVE-2021-40328
@@ -3730,20 +3745,20 @@ CVE-2021-40111
RESERVED
CVE-2021-40110
RESERVED
-CVE-2021-40109
- RESERVED
-CVE-2021-40108
- RESERVED
+CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...)
+ TODO: check
+CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...)
+ TODO: check
CVE-2021-40107
RESERVED
-CVE-2021-40106
- RESERVED
-CVE-2021-40105
- RESERVED
-CVE-2021-40104
- RESERVED
-CVE-2021-40103
- RESERVED
+CVE-2021-40106 (An issue was discovered in Concrete CMS through 8.5.5. There is unauth ...)
+ TODO: check
+CVE-2021-40105 (An issue was discovered in Concrete CMS through 8.5.5. There is XSS vi ...)
+ TODO: check
+CVE-2021-40104 (An issue was discovered in Concrete CMS through 8.5.5. There is an SVG ...)
+ TODO: check
+CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...)
+ TODO: check
CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...)
NOT-FOR-US: Concrete CMS
CVE-2021-40101
@@ -3752,10 +3767,10 @@ CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XS
NOT-FOR-US: Concrete CMS
CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...)
NOT-FOR-US: Concrete CMS
-CVE-2021-40098
- RESERVED
-CVE-2021-40097
- RESERVED
+CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...)
+ TODO: check
+CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...)
+ TODO: check
CVE-2021-40096
RESERVED
CVE-2021-40095
@@ -4311,28 +4326,28 @@ CVE-2021-39830
RESERVED
CVE-2021-39829
RESERVED
-CVE-2021-39828
- RESERVED
-CVE-2021-39827
- RESERVED
-CVE-2021-39826
- RESERVED
-CVE-2021-39825
- RESERVED
-CVE-2021-39824
- RESERVED
-CVE-2021-39823
- RESERVED
+CVE-2021-39828 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a p ...)
+ TODO: check
+CVE-2021-39827 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...)
+ TODO: check
+CVE-2021-39826 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...)
+ TODO: check
+CVE-2021-39825 (Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and e ...)
+ TODO: check
+CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ TODO: check
+CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...)
+ TODO: check
CVE-2021-39822
RESERVED
CVE-2021-39821
RESERVED
CVE-2021-39820
RESERVED
-CVE-2021-39819
- RESERVED
-CVE-2021-39818
- RESERVED
+CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
+ TODO: check
+CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
+ TODO: check
CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
@@ -8514,7 +8529,8 @@ CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in l
[buster] - ffmpeg <ignored> (Minor issue)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
NOTE: https://trac.ffmpeg.org/ticket/8263
-CVE-2021-38089 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
+CVE-2021-38089
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <ignored> (Minor issue)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0749082eb93ea02fa4b770da86597450cec84054
@@ -9212,8 +9228,8 @@ CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 cou
NOT-FOR-US: Gurock TestRail
CVE-2021-37787
RESERVED
-CVE-2021-37786
- RESERVED
+CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...)
+ TODO: check
CVE-2021-37785
RESERVED
CVE-2021-37784
@@ -9262,8 +9278,8 @@ CVE-2021-37763
RESERVED
CVE-2021-37762
RESERVED
-CVE-2021-37761
- RESERVED
+CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...)
+ TODO: check
CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...)
- graylog2 <itp> (bug #652273)
CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...)
@@ -9775,8 +9791,8 @@ CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the pass
NOT-FOR-US: JetBrains
CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...)
NOT-FOR-US: JetBrains
-CVE-2021-37539
- RESERVED
+CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestri ...)
+ TODO: check
CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
NOT-FOR-US: Node body-parser-xml
CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
@@ -11205,20 +11221,20 @@ CVE-2021-36882
RESERVED
CVE-2021-36881
RESERVED
-CVE-2021-36880
- RESERVED
-CVE-2021-36879
- RESERVED
-CVE-2021-36878
- RESERVED
-CVE-2021-36877
- RESERVED
-CVE-2021-36876
- RESERVED
-CVE-2021-36875
- RESERVED
-CVE-2021-36874
- RESERVED
+CVE-2021-36880 (Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListi ...)
+ TODO: check
+CVE-2021-36879 (Unauthenticated Privilege Escalation vulnerability in WordPress uListi ...)
+ TODO: check
+CVE-2021-36878 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...)
+ TODO: check
+CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...)
+ TODO: check
+CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...)
+ TODO: check
+CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...)
+ TODO: check
+CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...)
+ TODO: check
CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
@@ -11275,16 +11291,16 @@ CVE-2021-36847
RESERVED
CVE-2021-36846
RESERVED
-CVE-2021-36845
- RESERVED
+CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
+ TODO: check
CVE-2021-36844
RESERVED
CVE-2021-36843
RESERVED
CVE-2021-36842
RESERVED
-CVE-2021-36841
- RESERVED
+CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...)
+ TODO: check
CVE-2021-36840
RESERVED
CVE-2021-36839
@@ -12737,10 +12753,10 @@ CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition
NOTE: https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15)
CVE-2021-36220
RESERVED
-CVE-2021-36219
- RESERVED
-CVE-2021-36218
- RESERVED
+CVE-2021-36219 (An issue was discovered in SKALE sgxwallet 1.58.3. The provided input ...)
+ TODO: check
+CVE-2021-36218 (An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GC ...)
+ TODO: check
CVE-2021-36217
REJECTED
CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...)
@@ -12932,8 +12948,8 @@ CVE-2021-36136
RESERVED
CVE-2021-36135
RESERVED
-CVE-2021-36134
- RESERVED
+CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
+ TODO: check
CVE-2021-36133
RESERVED
CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
@@ -16566,8 +16582,8 @@ CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sen
NOT-FOR-US: Enbra EWM
CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...)
NOT-FOR-US: Enbra
-CVE-2021-34570
- RESERVED
+CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to ...)
+ TODO: check
CVE-2021-34569
RESERVED
CVE-2021-34568
@@ -16974,24 +16990,24 @@ CVE-2021-34418
RESERVED
CVE-2021-34417
RESERVED
-CVE-2021-34416
- RESERVED
-CVE-2021-34415
- RESERVED
-CVE-2021-34414
- RESERVED
-CVE-2021-34413
- RESERVED
-CVE-2021-34412
- RESERVED
-CVE-2021-34411
- RESERVED
-CVE-2021-34410
- RESERVED
-CVE-2021-34409
- RESERVED
-CVE-2021-34408
- RESERVED
+CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...)
+ TODO: check
+CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...)
+ TODO: check
+CVE-2021-34414 (The network proxy page on the web portal for the Zoom on-premise Meeti ...)
+ TODO: check
+CVE-2021-34413 (All versions of the Zoom Plugin for Microsoft Outlook for MacOS before ...)
+ TODO: check
+CVE-2021-34412 (During the installation process for all versions of the Zoom Client fo ...)
+ TODO: check
+CVE-2021-34411 (During the installation process forZoom Rooms for Conference Room for ...)
+ TODO: check
+CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...)
+ TODO: check
+CVE-2021-34409 (User-writable pre and post-install scripts unpacked during the Zoom Cl ...)
+ TODO: check
+CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...)
+ TODO: check
CVE-2021-34407
REJECTED
CVE-2021-34406
@@ -18089,8 +18105,8 @@ CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html
-CVE-2021-33907
- RESERVED
+CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...)
+ TODO: check
CVE-2021-33906
RESERVED
CVE-2021-33905
@@ -31769,8 +31785,8 @@ CVE-2021-28615 (Adobe After Effects version 18.2 (and earlier) is affected by an
NOT-FOR-US: Adobe
CVE-2021-28614 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
NOT-FOR-US: Adobe
-CVE-2021-28613
- RESERVED
+CVE-2021-28613 (Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is ...)
+ TODO: check
CVE-2021-28612 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
NOT-FOR-US: Adobe
CVE-2021-28611 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
@@ -36560,8 +36576,8 @@ CVE-2021-26589
RESERVED
CVE-2021-26588
RESERVED
-CVE-2021-26587
- RESERVED
+CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...)
+ TODO: check
CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...)
NOT-FOR-US: HPE
CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
@@ -41350,18 +41366,18 @@ CVE-2021-24673
RESERVED
CVE-2021-24672
RESERVED
-CVE-2021-24671
- RESERVED
-CVE-2021-24670
- RESERVED
+CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...)
+ TODO: check
+CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...)
+ TODO: check
CVE-2021-24669
RESERVED
CVE-2021-24668
RESERVED
CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
NOT-FOR-US: FortiGuard
-CVE-2021-24666
- RESERVED
+CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ...)
+ TODO: check
CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24664
@@ -41370,12 +41386,12 @@ CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1
NOT-FOR-US: WordPress plugin
CVE-2021-24662
RESERVED
-CVE-2021-24661
- RESERVED
-CVE-2021-24660
- RESERVED
-CVE-2021-24659
- RESERVED
+CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ TODO: check
+CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ TODO: check
+CVE-2021-24659 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ TODO: check
CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 d ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...)
@@ -41388,8 +41404,8 @@ CVE-2021-24654
RESERVED
CVE-2021-24653
RESERVED
-CVE-2021-24652
- RESERVED
+CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ TODO: check
CVE-2021-24651
RESERVED
CVE-2021-24650
@@ -41406,8 +41422,8 @@ CVE-2021-24645
RESERVED
CVE-2021-24644
RESERVED
-CVE-2021-24643
- RESERVED
+CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...)
+ TODO: check
CVE-2021-24642
RESERVED
CVE-2021-24641
@@ -41424,12 +41440,12 @@ CVE-2021-24636 (The Print My Blog WordPress Plugin before 3.4.2 does not enforce
NOT-FOR-US: WordPress plugin
CVE-2021-24635 (The Visual Link Preview WordPress plugin before 2.2.3 does not enforce ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24634
- RESERVED
-CVE-2021-24633
- RESERVED
-CVE-2021-24632
- RESERVED
+CVE-2021-24634 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does no ...)
+ TODO: check
+CVE-2021-24633 (The Countdown Block WordPress plugin before 1.1.2 does not have author ...)
+ TODO: check
+CVE-2021-24632 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does no ...)
+ TODO: check
CVE-2021-24631
RESERVED
CVE-2021-24630
@@ -41472,8 +41488,8 @@ CVE-2021-24612
RESERVED
CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24610
- RESERVED
+CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implement a ...)
+ TODO: check
CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24608
@@ -41554,8 +41570,8 @@ CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some o
NOT-FOR-US: WordPress plugin
CVE-2021-24570
RESERVED
-CVE-2021-24569
- RESERVED
+CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...)
+ TODO: check
CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24567
@@ -44095,8 +44111,8 @@ CVE-2021-23447
RESERVED
CVE-2021-23446
RESERVED
-CVE-2021-23445
- RESERVED
+CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
+ TODO: check
CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...)
NOT-FOR-US: Node jointjs
CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion vulner ...)
@@ -44586,8 +44602,8 @@ CVE-2021-23245
RESERVED
CVE-2021-23244
RESERVED
-CVE-2021-23243
- RESERVED
+CVE-2021-23243 (In Oppo's battery application, the third-party SDK provides the functi ...)
+ TODO: check
CVE-2021-3112
RESERVED
CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via ...)
@@ -44946,8 +44962,8 @@ CVE-2021-23056
RESERVED
CVE-2021-23055
RESERVED
-CVE-2021-23054
- RESERVED
+CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...)
+ TODO: check
CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...)
NOT-FOR-US: F5 BIG-IP
CVE-2021-23052 (On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open ...)
@@ -46792,8 +46808,8 @@ CVE-2021-22274
RESERVED
CVE-2021-22273
RESERVED
-CVE-2021-22272
- RESERVED
+CVE-2021-22272 (The vulnerability origins in the commissioning process where an attack ...)
+ TODO: check
CVE-2021-22271
RESERVED
CVE-2021-22270
@@ -52939,8 +52955,7 @@ CVE-2021-20319
RESERVED
CVE-2021-20318
RESERVED
-CVE-2021-20317
- RESERVED
+CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...)
- linux 5.4.6-1
NOTE: https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1)
CVE-2021-20316
@@ -54201,10 +54216,10 @@ CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit)
NOT-FOR-US: SonicWall
CVE-2021-20036
RESERVED
-CVE-2021-20035
- RESERVED
-CVE-2021-20034
- RESERVED
+CVE-2021-20035 (Improper neutralization of special elements in the SMA100 management i ...)
+ TODO: check
+CVE-2021-20034 (An improper access control vulnerability in SMA100 allows a remote una ...)
+ TODO: check
CVE-2021-20033
RESERVED
CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...)
@@ -62158,8 +62173,8 @@ CVE-2021-0662
RESERVED
CVE-2021-0661
RESERVED
-CVE-2021-0660
- RESERVED
+CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...)
+ TODO: check
CVE-2021-0659
RESERVED
CVE-2021-0658
@@ -62257,12 +62272,12 @@ CVE-2021-0614
RESERVED
CVE-2021-0613
RESERVED
-CVE-2021-0612
- RESERVED
-CVE-2021-0611
- RESERVED
-CVE-2021-0610
- RESERVED
+CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...)
+ TODO: check
+CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...)
+ TODO: check
+CVE-2021-0610 (In memory management driver, there is a possible memory corruption due ...)
+ TODO: check
CVE-2021-0609
RESERVED
CVE-2021-0608 (In handleAppLaunch of AppLaunchActivity.java, there is a possible arbi ...)
@@ -62642,16 +62657,16 @@ CVE-2021-0427 (In parseExclusiveStateAnnotation of LogEvent.cpp, there is a poss
NOT-FOR-US: Android
CVE-2021-0426 (In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a pos ...)
NOT-FOR-US: Android
-CVE-2021-0425
- RESERVED
-CVE-2021-0424
- RESERVED
-CVE-2021-0423
- RESERVED
-CVE-2021-0422
- RESERVED
-CVE-2021-0421
- RESERVED
+CVE-2021-0425 (In memory management driver, there is a possible side channel informat ...)
+ TODO: check
+CVE-2021-0424 (In memory management driver, there is a possible system crash due to a ...)
+ TODO: check
+CVE-2021-0423 (In memory management driver, there is a possible information disclosur ...)
+ TODO: check
+CVE-2021-0422 (In memory management driver, there is a possible system crash due to a ...)
+ TODO: check
+CVE-2021-0421 (In memory management driver, there is a possible information disclosur ...)
+ TODO: check
CVE-2021-0420 (In memory management driver, there is a possible system crash due to a ...)
NOT-FOR-US: Mediatek
CVE-2021-0419 (In memory management driver, there is a possible system crash due to i ...)
@@ -79502,7 +79517,7 @@ CVE-2020-21470
RESERVED
CVE-2020-21469
RESERVED
-CVE-2020-21468 (A segmentation fault in the redis-server component of Redis 5.0.7 lead ...)
+CVE-2020-21468 (** DISPUTED ** A segmentation fault in the redis-server component of R ...)
- redis <unfixed> (unimportant)
NOTE: https://github.com/redis/redis/issues/6633
NOTE: Negligible security impact; disputed issue upstream and unreproducible.
@@ -80664,17 +80679,20 @@ CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b97aaf791f6ea3506a6252ecef6a1a0e9a542e04 (4.2.2)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=81672bf00f3b5a3c025034f4b2e33d67b72f3839 (4.2.2)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5)
-CVE-2020-20901 (Buffer Overflow vulnerability in function filter_frame in libavfilter/ ...)
+CVE-2020-20901
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=07050d7bdc32d82e53ee5bb727f5882323d00dba (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8264
-CVE-2020-20900 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...)
+CVE-2020-20900
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/de598f82f8c3f8000e1948548e8088148e2b1f44 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8275
-CVE-2020-20899 (Buffer Overflow vulnerability in function config_props in libavfilter/ ...)
+CVE-2020-20899
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 (4.3)
@@ -80685,7 +80703,8 @@ CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in l
[buster] - ffmpeg <ignored> (Minor issue)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8263
-CVE-2020-20897 (Buffer Overflow vulnerability in function filter_slice in libavfilter/ ...)
+CVE-2020-20897
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0749082eb93ea02fa4b770da86597450cec84054 (4.3)
@@ -80695,17 +80714,20 @@ CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavfo
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8273
-CVE-2020-20895 (Buffer Overflow vulnerability in function filter_vertically_##name in ...)
+CVE-2020-20895
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f069a9c2a65bc20c3462127623127df6dfd06c5b (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8274
-CVE-2020-20894 (Buffer Overflow vulnerability in function gaussian_blur in libavfilter ...)
+CVE-2020-20894
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 (4.3)
NOTE: https://trac.ffmpeg.org/ticket/8260
-CVE-2020-20893 (Buffer Overflow vulnerability in function activate in libavfilter/af_a ...)
+CVE-2020-20893
+ REJECTED
- ffmpeg 7:4.3-2
[buster] - ffmpeg <postponed> (Wait for 4.1.8)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/e1b89c76f66343d1b495165664647317c66764bb (4.3)
@@ -113717,11 +113739,11 @@ CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the pac
- kopanocore <not-affected> (SuSE-specific packaging issue)
CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...)
NOT-FOR-US: chkstat
-CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...)
NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
-CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...)
NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
-CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...)
NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...)
NOT-FOR-US: AVB MOTU devices
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b87d57a66cdb0a09d48c51fb0b3a662376cbec20
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b87d57a66cdb0a09d48c51fb0b3a662376cbec20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210927/19cfa8d4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list