Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f182512a by Moritz Muehlenhoff at 2021-04-09T09:24:53+02:00
new ffmpeg issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,9 +39,9 @@ CVE-2021-30465
CVE-2021-30464
RESERVED
CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges
by creati ...)
- TODO: check
+ NOT-FOR-US: VestaCP
CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate
privileges ...)
- TODO: check
+ NOT-FOR-US: VestaCP
CVE-2021-30461
RESERVED
CVE-2021-30460
@@ -793,7 +793,11 @@ CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related
to inventory history,
CVE-2021-30124
RESERVED
CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in
libavcodec ...)
- TODO: check
+ - ffmpeg <unfixed>
+ NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+ NOTE: https://trac.ffmpeg.org/ticket/8845
+ NOTE: https://trac.ffmpeg.org/ticket/8863
+ NOTE: CVE description is wrong, this landed in 4.4 only
CVE-2021-30122
RESERVED
CVE-2021-30121
@@ -811,13 +815,13 @@ CVE-2021-30116
CVE-2021-30115
RESERVED
CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery
(CSRF) vuln ...)
- TODO: check
+ NOT-FOR-US: Web-School ERP
CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via
(Add Even ...)
- TODO: check
+ NOT-FOR-US: Web-School ERP
CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery
(CSRF) vuln ...)
- TODO: check
+ NOT-FOR-US: Web-School ERP
CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via
(Add Eve ...)
- TODO: check
+ NOT-FOR-US: Web-School ERP
CVE-2021-30110
RESERVED
CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS).
Under c ...)
@@ -1858,7 +1862,7 @@ CVE-2021-29643
CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to
change the U ...)
NOT-FOR-US: GistPad
CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to
execute a ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2021-29640
RESERVED
CVE-2021-29639
@@ -1886,9 +1890,9 @@ CVE-2021-29629
CVE-2021-29628
RESERVED
CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before
r369525, 13. ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before
r369551, 11. ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
CVE-2021-29625
RESERVED
CVE-2021-29624
@@ -3442,9 +3446,9 @@ CVE-2021-28927 (The text-to-speech engine in libretro
RetroArch for Windows 0.11
CVE-2021-28926
RESERVED
CVE-2021-28925 (SQL injection vulnerability in Nagios Network Analyzer before
2.4.3 vi ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyzer
CVE-2021-28924 (Self Authenticated XSS in Nagios Network Analyzer before 2.4.2
via the ...)
- TODO: check
+ NOT-FOR-US: Nagios Network Analyzer
CVE-2021-28923
RESERVED
CVE-2021-28922
@@ -3933,9 +3937,9 @@ CVE-2021-28688 (The fix for XSA-365 includes
initialization of pointers such tha
NOTE: https://xenbits.xen.org/xsa/advisory-371.html
NOTE:
https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before
2.3.0.3 allow ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before
2.3.0.3 allow ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2021-28684
RESERVED
CVE-2021-28683
@@ -5063,7 +5067,7 @@ CVE-2021-28176 (The DNS configuration function in ASUS
BMC’s firmware Web
CVE-2021-28175 (The Radius configuration function in ASUS BMC’s firmware
Web man ...)
NOT-FOR-US: ASUS
CVE-2021-28174 (Mitake smart stock selection system contains a broken
authentication v ...)
- TODO: check
+ NOT-FOR-US: Mitake smart stock selection system
CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does
not perf ...)
NOT-FOR-US: Vangene deltaFlow E-platform
CVE-2021-28172 (There is a Path Traversal vulnerability in the file download
function ...)
@@ -5687,7 +5691,7 @@ CVE-2021-27947 (SQL Injection vulnerability in MyBB
before 1.8.26 via the Copy F
CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll
vote count. ...)
NOT-FOR-US: MyBB
CVE-2021-27945 (The Squirro Insights Engine was affected by a Reflected
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: Squirro Insights Engine
CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through
5.11.3, as u ...)
- linux 5.10.24-1 (unimportant)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -6650,7 +6654,7 @@ CVE-2021-27524
CVE-2021-27523
RESERVED
CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Learnsite
CVE-2021-27521
RESERVED
CVE-2021-27520 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows
remote att ...)
@@ -8419,7 +8423,7 @@ CVE-2021-26760
CVE-2021-26759
RESERVED
CVE-2021-26758 (Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed
web serve ...)
- TODO: check
+ NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed
CVE-2021-26757
RESERVED
CVE-2021-26756
@@ -9575,7 +9579,7 @@ CVE-2021-3330
CVE-2021-3329
RESERVED
CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1
and 2.1 ...)
- TODO: check
+ NOT-FOR-US: Aprelium Abyss Web Server
CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the
post_t ...)
NOT-FOR-US: Ovation Dynamic Content
CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and
WebMail ...)
@@ -18226,7 +18230,7 @@ CVE-2021-22509
CVE-2021-22508
RESERVED
CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations
Bridge M ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2021-22506 (Advance configuration exposing Information Leakage
vulnerability in Mi ...)
NOT-FOR-US: Micro Focus
CVE-2021-22505
@@ -18617,7 +18621,7 @@ CVE-2021-22314 (There is a local privilege escalation
vulnerability in some vers
CVE-2021-22313
RESERVED
CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products.
An authe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22311 (There is an improper permission assignment vulnerability in
Huawei Man ...)
NOT-FOR-US: Huawei
CVE-2021-22310 (There is an information leakage vulnerability in some huawei
products. ...)
@@ -19345,7 +19349,7 @@ CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04,
the hotspot login page i
CVE-2021-3013
RESERVED
CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link
of doc ...)
- TODO: check
+ NOT-FOR-US: ESRI ArcGIS Online
CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on
NXP Smart ...)
NOT-FOR-US: NXP
CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS)
vulnerabiliti ...)
@@ -21714,7 +21718,7 @@ CVE-2021-21427
CVE-2021-21426
RESERVED
CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a
way to con ...)
- TODO: check
+ NOT-FOR-US: Grav Admin Plugin
CVE-2021-21424
RESERVED
CVE-2021-21423 (`projen` is a project generation tool that synthesizes project
configu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f182512a4136ea31630c4c4ef91420a06a8cac55
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f182512a4136ea31630c4c4ef91420a06a8cac55
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
