Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43a5275e by security tracker role at 2021-06-11T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2021-3598
+ RESERVED
+CVE-2021-3597
+ RESERVED
CVE-2021-34674
RESERVED
CVE-2021-34673
@@ -277,8 +281,8 @@ CVE-2021-34542
RESERVED
CVE-2021-34541
RESERVED
-CVE-2021-34540
- RESERVED
+CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the
username column ...)
+ TODO: check
CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A
lack of va ...)
NOT-FOR-US: CubeCoders AMP
CVE-2021-34538
@@ -3204,8 +3208,8 @@ CVE-2021-33207
RESERVED
CVE-2021-33206
RESERVED
-CVE-2021-33205
- RESERVED
+CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of
privileges ...)
+ TODO: check
CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices
API in ...)
- libvirt <not-affected> (Vulnerable code never in a released version)
NOTE: Fixed by:
https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a
(v7.0.0-rc1)
@@ -3280,7 +3284,7 @@ CVE-2021-33195
- golang-1.7 <removed>
NOTE: https://github.com/golang/go/issues/46241
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
-CVE-2021-33194 (Go through 1.15.12 and 1.16.x through 1.16.4 has a
golang.org/x/net/ht ...)
+CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023
allows atta ...)
- golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4
- golang-golang-x-net-dev <removed>
NOTE:
https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
@@ -3865,12 +3869,12 @@ CVE-2021-32934
RESERVED
CVE-2021-32933
RESERVED
-CVE-2021-32932
- RESERVED
+CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which
may allow ...)
+ TODO: check
CVE-2021-32931
RESERVED
-CVE-2021-32930
- RESERVED
+CVE-2021-32930 (The affected product’s configuration is vulnerable due
to missin ...)
+ TODO: check
CVE-2021-32929
RESERVED
CVE-2021-32928
@@ -11522,8 +11526,8 @@ CVE-2021-29756
RESERVED
CVE-2021-29755
RESERVED
-CVE-2021-29754
- RESERVED
+CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable ...)
+ TODO: check
CVE-2021-29753
RESERVED
CVE-2021-29752
@@ -14108,8 +14112,7 @@ CVE-2021-28690 [x86: TSX Async Abort protections not
restored after S3]
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-377.html
-CVE-2021-28689 [x86: Speculative vulnerabilities with bare (non-shim) 32-bit
PV guests]
- RESERVED
+CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit
PV guests ...)
- xen <unfixed> (unimportant)
NOTE: https://xenbits.xen.org/xsa/advisory-370.html
NOTE: Unfixable design/architecture limitation, no fix planned
@@ -14207,8 +14210,7 @@ CVE-2021-3449 (An OpenSSL TLS server may crash if sent
a maliciously crafted ren
NOTE: Prerequisite (test):
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
NOTE: Fixed by:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148
(OpenSSL_1_1_1k)
NOTE: Followup:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
-CVE-2021-28687 [HVM soft-reset crashes toolstack]
- RESERVED
+CVE-2021-28687 (HVM soft-reset crashes toolstack libxl requires all data
structures pa ...)
- xen <unfixed>
[bullseye] - xen <postponed> (Fix along with next round of updates)
[buster] - xen <not-affected> (Vulnerable code introduced later)
@@ -15211,20 +15213,18 @@ CVE-2021-28215
RESERVED
CVE-2021-28214
RESERVED
-CVE-2021-28213
- RESERVED
+CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present
potenti ...)
+ TODO: check
CVE-2021-28212
RESERVED
-CVE-2021-28211 [possible heap corruption with LzmaUefiDecompressGetInfo]
- RESERVED
+CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK
II. ...)
{DLA-2645-1}
- edk2 2020.11-1
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816
NOTE: https://github.com/tianocore/edk2/pull/1138
NOTE:
https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0
-CVE-2021-28210 [unlimited FV recursion, round 2]
- RESERVED
+CVE-2021-28210 (An unlimited recursion in DxeCore in EDK II. ...)
{DLA-2645-1}
- edk2 2020.11-1
[buster] - edk2 <no-dsa> (Minor issue)
@@ -17159,12 +17159,12 @@ CVE-2021-27412
RESERVED
CVE-2021-27411
RESERVED
-CVE-2021-27410
- RESERVED
+CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write,
which ma ...)
+ TODO: check
CVE-2021-27409
RESERVED
-CVE-2021-27408
- RESERVED
+CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read,
which can ...)
+ TODO: check
CVE-2021-27407
RESERVED
CVE-2021-27406
@@ -17677,8 +17677,8 @@ CVE-2021-XXXX [several security fixes: PHP injections,
XSS and secrets stored in
[stretch] - spip 3.1.4-4~deb9u4+deb9u1
CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote
authenticated ...)
NOT-FOR-US: Endian Firewall Community (aka EFW)
-CVE-2021-27200
- RESERVED
+CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account
due to t ...)
+ TODO: check
CVE-2021-27199
RESERVED
CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server
through 11.0 ...)
@@ -18114,16 +18114,16 @@ CVE-2021-26999
RESERVED
CVE-2021-26998
RESERVED
-CVE-2021-26997
- RESERVED
-CVE-2021-26996
- RESERVED
-CVE-2021-26995
- RESERVED
+CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior
to 11.7 ...)
+ TODO: check
+CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior
to 11.7 ...)
+ TODO: check
+CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior
to 11.7 ...)
+ TODO: check
CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are
susceptibl ...)
NOT-FOR-US: Clustered Data ONTAP (NetApp)
-CVE-2021-26993
- RESERVED
+CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior
to 11.7 ...)
+ TODO: check
CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a
vulnerabili ...)
NOT-FOR-US: Cloud Manager (NetApp)
CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure
Cross-Origin ...)
@@ -18558,10 +18558,10 @@ CVE-2021-26831
RESERVED
CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows
remote att ...)
NOT-FOR-US: Tribalsystems Zenario CMS
-CVE-2021-26829
- RESERVED
-CVE-2021-26828
- RESERVED
+CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on
Windows a ...)
+ TODO: check
+CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on
Windows a ...)
+ TODO: check
CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the
TL-WR2041+ route ...)
NOT-FOR-US: TP-Link
CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and
is caused ...)
@@ -20308,20 +20308,20 @@ CVE-2021-26124
RESERVED
CVE-2021-23232
RESERVED
-CVE-2021-23230
- RESERVED
+CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of
Gallagher Comm ...)
+ TODO: check
CVE-2021-23224
RESERVED
CVE-2021-23220
RESERVED
CVE-2021-23212
RESERVED
-CVE-2021-23211
- RESERVED
-CVE-2021-23205
- RESERVED
-CVE-2021-23204
- RESERVED
+CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory
vulnerability in ...)
+ TODO: check
+CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre
Server allow ...)
+ TODO: check
+CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2021-23199
RESERVED
CVE-2021-23197
@@ -20330,8 +20330,8 @@ CVE-2021-23193
RESERVED
CVE-2021-23185
RESERVED
-CVE-2021-23182
- RESERVED
+CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory
vulnerability in ...)
+ TODO: check
CVE-2021-23167
RESERVED
CVE-2021-23162
@@ -20340,10 +20340,10 @@ CVE-2021-23155
RESERVED
CVE-2021-23146
RESERVED
-CVE-2021-23140
- RESERVED
-CVE-2021-23136
- RESERVED
+CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command
Centre Serve ...)
+ TODO: check
+CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command
Centre Serve ...)
+ TODO: check
CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm,
login.wiht ...)
NOT-FOR-US: LivingLogic XIST4C
CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm
or feedb ...)
@@ -22099,92 +22099,92 @@ CVE-2021-25427
RESERVED
CVE-2021-25426
RESERVED
-CVE-2021-25425
- RESERVED
-CVE-2021-25424
- RESERVED
-CVE-2021-25423
- RESERVED
-CVE-2021-25422
- RESERVED
-CVE-2021-25421
- RESERVED
-CVE-2021-25420
- RESERVED
-CVE-2021-25419
- RESERVED
-CVE-2021-25418
- RESERVED
-CVE-2021-25417
- RESERVED
-CVE-2021-25416
- RESERVED
-CVE-2021-25415
- RESERVED
-CVE-2021-25414
- RESERVED
-CVE-2021-25413
- RESERVED
-CVE-2021-25412
- RESERVED
-CVE-2021-25411
- RESERVED
-CVE-2021-25410
- RESERVED
-CVE-2021-25409
- RESERVED
-CVE-2021-25408
- RESERVED
-CVE-2021-25407
- RESERVED
-CVE-2021-25406
- RESERVED
-CVE-2021-25405
- RESERVED
-CVE-2021-25404
- RESERVED
-CVE-2021-25403
- RESERVED
-CVE-2021-25402
- RESERVED
-CVE-2021-25401
- RESERVED
-CVE-2021-25400
- RESERVED
-CVE-2021-25399
- RESERVED
-CVE-2021-25398
- RESERVED
-CVE-2021-25397
- RESERVED
-CVE-2021-25396
- RESERVED
-CVE-2021-25395
- RESERVED
-CVE-2021-25394
- RESERVED
-CVE-2021-25393
- RESERVED
-CVE-2021-25392
- RESERVED
-CVE-2021-25391
- RESERVED
-CVE-2021-25390
- RESERVED
-CVE-2021-25389
- RESERVED
-CVE-2021-25388
- RESERVED
-CVE-2021-25387
- RESERVED
-CVE-2021-25386
- RESERVED
-CVE-2021-25385
- RESERVED
-CVE-2021-25384
- RESERVED
-CVE-2021-25383
- RESERVED
+CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to
version 6.17 a ...)
+ TODO: check
+CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk
prior to ...)
+ TODO: check
+CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn
prior to ...)
+ TODO: check
+CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn
prior to ...)
+ TODO: check
+CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn
prior to ...)
+ TODO: check
+CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn
prior to ...)
+ TODO: check
+CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung
Internet ...)
+ TODO: check
+CVE-2021-25418 (Improper component protection vulnerability in Samsung
Internet prior ...)
+ TODO: check
+CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021
Release 1 allo ...)
+ TODO: check
+CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in
RKP pri ...)
+ TODO: check
+CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in
RKP pri ...)
+ TODO: check
+CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts
prior to ...)
+ TODO: check
+CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts
prior to ...)
+ TODO: check
+CVE-2021-25412 (An improper access control vulnerability in genericssoservice
prior to ...)
+ TODO: check
+CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to
SMR JUN- ...)
+ TODO: check
+CVE-2021-25410 (Improper access control of a component in CallBGProvider prior
to SMR ...)
+ TODO: check
+CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021
Release ...)
+ TODO: check
+CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior
to SMR JU ...)
+ TODO: check
+CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver
prior to SM ...)
+ TODO: check
+CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to
version 2 ...)
+ TODO: check
+CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity
in Samsu ...)
+ TODO: check
+CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to
version 1.7 ...)
+ TODO: check
+CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to
version 1 ...)
+ TODO: check
+CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to
version 4 ...)
+ TODO: check
+CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to
version 6. ...)
+ TODO: check
+CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to
version ...)
+ TODO: check
+CVE-2021-25399 (Improper configuration in Smart Manager prior to version
11.0.05.0 all ...)
+ TODO: check
+CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to
version 3.1.1 ...)
+ TODO: check
+CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior
to SMR M ...)
+ TODO: check
+CVE-2021-25396 (An improper input validation vulnerability in NPU firmware
prior to SM ...)
+ TODO: check
+CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021
Release 1 ...)
+ TODO: check
+CVE-2021-25394 (A use after free vulnerability via race condition in MFC
charger drive ...)
+ TODO: check
+CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior
to SMR M ...)
+ TODO: check
+CVE-2021-25392 (Improper protection of backup path configuration in Samsung
Dex prior ...)
+ TODO: check
+CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR
MAY-202 ...)
+ TODO: check
+CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR
MAY-2021 R ...)
+ TODO: check
+CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021
Release ...)
+ TODO: check
+CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR
MAY-2021 ...)
+ TODO: check
+CVE-2021-25387 (An improper input validation vulnerability in
sflacfd_get_frm() in lib ...)
+ TODO: check
+CVE-2021-25386 (An improper input validation vulnerability in
sdfffd_parse_chunk_FVER( ...)
+ TODO: check
+CVE-2021-25385 (An improper input validation vulnerability in
sdfffd_parse_chunk_PROP( ...)
+ TODO: check
+CVE-2021-25384 (An improper input validation vulnerability in
sdfffd_parse_chunk_PROP( ...)
+ TODO: check
+CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read()
in libs ...)
+ TODO: check
CVE-2021-25382 (An improper authorization of using debugging command in Secure
Folder ...)
NOT-FOR-US: Samsung
CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions
10.8.0.4 in ...)
@@ -27684,14 +27684,14 @@ CVE-2021-22917
RESERVED
CVE-2021-22916
RESERVED
-CVE-2021-22915
- RESERVED
+CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable
to brut ...)
+ TODO: check
CVE-2021-22914
RESERVED
-CVE-2021-22913
- RESERVED
-CVE-2021-22912
- RESERVED
+CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information
disclos ...)
+ TODO: check
+CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information
disclosure vuln ...)
+ TODO: check
CVE-2021-22911 (A improper input sanitization vulnerability exists in
Rocket.Chat serv ...)
NOT-FOR-US: Rocket.Chat
CVE-2021-22910
@@ -27702,31 +27702,27 @@ CVE-2021-22908 (A buffer overflow vulnerability
exists in Windows File Resource
NOT-FOR-US: Windows File Resource Profiles
CVE-2021-22907 (An improper access control vulnerability exists in Citrix
Workspace Ap ...)
NOT-FOR-US: Citrix
-CVE-2021-22906
- RESERVED
-CVE-2021-22905
- RESERVED
-CVE-2021-22904 [Possible DoS Vulnerability in Action Controller Token
Authentication]
- RESERVED
+CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1
suffers ...)
+ TODO: check
+CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is
vulnera ...)
+ TODO: check
+CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6,
5.2.6 suffer ...)
{DSA-4929-1 DLA-2655-1}
- rails 2:6.0.3.7+dfsg-1 (bug #988214)
NOTE:
https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e
(main)
NOTE:
https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2
(v6.0.3.7)
NOTE:
https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c
(v5.2.4.6)
-CVE-2021-22903
- RESERVED
+CVE-2021-22903 (The actionpack ruby gem before 6.1.3.2 suffers from a possible
open re ...)
- rails <not-affected> (Vulnerable code introduced in 6.1.0.rc2)
NOTE: Introduced by:
https://github.com/rails/rails/commit/9bc7ea5dab34c8657c91d0258bb5afd8bfcd3a8f
(main)
NOTE: Fixed by:
https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7
(main)
-CVE-2021-22902 [Possible Denial of Service vulnerability in Action Dispatch]
- RESERVED
+CVE-2021-22902 (The actionpack ruby gem (a framework for handling and
responding to we ...)
- rails 2:6.0.3.7+dfsg-1 (bug #988214)
[buster] - rails <not-affected> (Vulnerable code introduced later)
[stretch] - rails <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a
(main)
NOTE: Fixed by:
https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a
(v6.0.3.7)
-CVE-2021-22901 [TLS session caching disaster]
- RESERVED
+CVE-2021-22901 (curl 7.75.0 through 7.76.1 suffers from a use-after-free
vulnerability ...)
- curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2021-22901.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6
(7.75.0)
@@ -27735,8 +27731,7 @@ CVE-2021-22900 (A vulnerability allowed multiple
unrestricted uploads in Pulse C
NOT-FOR-US: Pulse Connect Secure
CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect
Secure befor ...)
NOT-FOR-US: Pulse Connect Secure
-CVE-2021-22898 [TELNET stack contents disclosure]
- RESERVED
+CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure
when th ...)
- curl <unfixed> (bug #989228)
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
@@ -27744,17 +27739,16 @@ CVE-2021-22898 [TELNET stack contents disclosure]
NOTE: https://curl.se/docs/CVE-2021-22898.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4
(7.7)
NOTE: Fixed by:
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
(7.77.0)
-CVE-2021-22897 [schannel cipher selection surprise]
- RESERVED
+CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data
element to wr ...)
- curl <not-affected> (Windows only)
NOTE: https://curl.se/docs/CVE-2021-22897.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28
(7.61.0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511
(7.77.0)
NOTE: Only affect builds with schannel support (which is Windows only)
-CVE-2021-22896
- RESERVED
-CVE-2021-22895
- RESERVED
+CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access
control due t ...)
+ TODO: check
+CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to
improper certif ...)
+ TODO: check
CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure
before ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to
an authen ...)
@@ -28038,48 +28032,48 @@ CVE-2021-22771
RESERVED
CVE-2021-22770
RESERVED
-CVE-2021-22769
- RESERVED
-CVE-2021-22768
- RESERVED
-CVE-2021-22767
- RESERVED
-CVE-2021-22766
- RESERVED
-CVE-2021-22765
- RESERVED
-CVE-2021-22764
- RESERVED
-CVE-2021-22763
- RESERVED
-CVE-2021-22762
- RESERVED
-CVE-2021-22761
- RESERVED
-CVE-2021-22760
- RESERVED
-CVE-2021-22759
- RESERVED
-CVE-2021-22758
- RESERVED
-CVE-2021-22757
- RESERVED
-CVE-2021-22756
- RESERVED
-CVE-2021-22755
- RESERVED
-CVE-2021-22754
- RESERVED
-CVE-2021-22753
- RESERVED
-CVE-2021-22752
- RESERVED
-CVE-2021-22751
- RESERVED
-CVE-2021-22750
- RESERVED
-CVE-2021-22749
- RESERVED
+CVE-2021-22769 (A CWE-269: Improper Privilege Management vulnerability exists
in Enerl ...)
+ TODO: check
+CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input
Validation vu ...)
+ TODO: check
+CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input
Validation vu ...)
+ TODO: check
+CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input
Validation vu ...)
+ TODO: check
+CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input
Validation vu ...)
+ TODO: check
+CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in
PowerLogic ...)
+ TODO: check
+CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten
Password vul ...)
+ TODO: check
+CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
+ TODO: check
+CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the
Bounds of a M ...)
+ TODO: check
+CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference
vulnerability exist ...)
+ TODO: check
+CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS
Definition (Def. ...)
+ TODO: check
+CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability
exists inIGSS ...)
+ TODO: check
+CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS
Definition ( ...)
+ TODO: check
+CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS
Definition ( ...)
+ TODO: check
+CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS
Definition ...)
+ TODO: check
+CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS
Definition ...)
+ TODO: check
+CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS
Definition ( ...)
+ TODO: check
+CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS
Definition ...)
+ TODO: check
+CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS
Definition ...)
+ TODO: check
+CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS
Definition ...)
+ TODO: check
+CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an
Unauthorized Actor ...)
+ TODO: check
CVE-2021-22748
RESERVED
CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions
vulnerability exi ...)
@@ -29398,8 +29392,7 @@ CVE-2021-22183 (An issue has been discovered in GitLab
affecting all versions st
CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions
starting ...)
[experimental] - gitlab 13.7.7-1
- gitlab <not-affected> (Affected version never uploaded to unstable)
-CVE-2021-22181
- RESERVED
+CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting
all versio ...)
- gitlab <unfixed>
CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
@@ -29411,8 +29404,8 @@ CVE-2021-22177 (Potential DoS was identified in
gitlab-shell in GitLab CE/EE ver
- gitlab <unfixed>
CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
-CVE-2021-22175
- RESERVED
+CVE-2021-22175 (When requests to the internal network for webhooks are
enabled, a serv ...)
+ TODO: check
CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows
denial o ...)
- wireshark 3.4.3-1 (bug #981791)
[buster] - wireshark <not-affected> (Affected code not present)
@@ -29852,8 +29845,8 @@ CVE-2021-21972 (The vSphere Client (HTML5) contains a
remote code execution vuln
NOT-FOR-US: VMware
CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page
is vul ...)
NOT-FOR-US: MikroTik RouterOS
-CVE-2021-3013
- RESERVED
+CVE-2021-3013 (ripgrep before 13 allows attackers to trigger execution of
arbitrary p ...)
+ TODO: check
CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link
of doc ...)
NOT-FOR-US: ESRI ArcGIS Online
CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on
NXP Smart ...)
@@ -30140,8 +30133,8 @@ CVE-2021-21835
RESERVED
CVE-2021-21834
RESERVED
-CVE-2021-21833
- RESERVED
+CVE-2021-21833 (An improper array index validation vulnerability exists in the
TIF IP_ ...)
+ TODO: check
CVE-2021-21832
RESERVED
CVE-2021-21831
@@ -30158,8 +30151,8 @@ CVE-2021-21826
RESERVED
CVE-2021-21825
RESERVED
-CVE-2021-21824
- RESERVED
+CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG
Handle_JPEG420 ...)
+ TODO: check
CVE-2021-21823
RESERVED
CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
@@ -30190,8 +30183,8 @@ CVE-2021-21810
RESERVED
CVE-2021-21809
RESERVED
-CVE-2021-21808
- RESERVED
+CVE-2021-21808 (A memory corruption vulnerability exists in the PNG
png_palette_proces ...)
+ TODO: check
CVE-2021-21807
RESERVED
CVE-2021-21806
@@ -30216,8 +30209,8 @@ CVE-2021-21797
RESERVED
CVE-2021-21796
RESERVED
-CVE-2021-21795
- RESERVED
+CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD
read_icc_ ...)
+ TODO: check
CVE-2021-21794
RESERVED
CVE-2021-21793
@@ -33545,7 +33538,7 @@ CVE-2021-21044 (Acrobat Reader DC versions versions
2020.013.20074 (and earlier)
NOT-FOR-US: Adobe
CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a
Reflected Cross ...)
NOT-FOR-US: Adobe
-CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier),
2020.001.3001 ...)
+CVE-2021-21042 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
@@ -34501,8 +34494,8 @@ CVE-2021-20593
RESERVED
CVE-2021-20592
RESERVED
-CVE-2021-20591
- RESERVED
+CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi
Electric ...)
+ TODO: check
CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27
model all ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20589 (Buffer access with incorrect length value vulnerability in
GOT2000 ser ...)
@@ -34891,8 +34884,8 @@ CVE-2021-20398
RESERVED
CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site
scripting. Thi ...)
NOT-FOR-US: IBM
-CVE-2021-20396
- RESERVED
+CVE-2021-20396 (IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM
QRadar SIEM ...)
+ TODO: check
CVE-2021-20395
RESERVED
CVE-2021-20394
@@ -44471,82 +44464,60 @@ CVE-2021-0500
RESERVED
CVE-2021-0499
RESERVED
-CVE-2021-0498
- RESERVED
+CVE-2021-0498 (In memory management driver, there is a possible memory
corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0497
- RESERVED
+CVE-2021-0497 (In memory management driver, there is a possible memory
corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0496
- RESERVED
+CVE-2021-0496 (In memory management driver, there is a possible memory
corruption due ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0495
- RESERVED
+CVE-2021-0495 (In memory management driver, there is a possible out of bounds
write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0494
- RESERVED
+CVE-2021-0494 (In memory management driver, there is a possible out of bounds
write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0493
- RESERVED
+CVE-2021-0493 (In memory management driver, there is a possible out of bounds
write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0492
- RESERVED
+CVE-2021-0492 (In memory management driver, there is a possible out of bounds
write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0491
- RESERVED
+CVE-2021-0491 (In memory management driver, there is a possible escalation of
privile ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0490
- RESERVED
+CVE-2021-0490 (In memory management driver, there is a possible out of bounds
write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0489
- RESERVED
+CVE-2021-0489 (In memory management driver, there is a possible out of bounds
write d ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds
write du ...)
NOT-FOR-US: Android
-CVE-2021-0487
- RESERVED
+CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible
way to ...)
NOT-FOR-US: Android
CVE-2021-0486
RESERVED
-CVE-2021-0485
- RESERVED
+CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a
possible bypa ...)
NOT-FOR-US: Android
-CVE-2021-0484
- RESERVED
+CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of
uniniti ...)
NOT-FOR-US: Android media framework
CVE-2021-0483
RESERVED
-CVE-2021-0482
- RESERVED
+CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible
memory co ...)
NOT-FOR-US: Android media framework
-CVE-2021-0481
- RESERVED
+CVE-2021-0481 (In onActivityResult of EditUserPhotoController.java, there is a
possib ...)
NOT-FOR-US: Android
-CVE-2021-0480
- RESERVED
+CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a
possible broad ...)
NOT-FOR-US: Android
CVE-2021-0479
RESERVED
CVE-2021-0478
RESERVED
NOT-FOR-US: Android
-CVE-2021-0477
- RESERVED
+CVE-2021-0477 (In notifyScreenshotError of
ScreenshotNotificationsController.java, th ...)
NOT-FOR-US: Android
-CVE-2021-0476
- RESERVED
+CVE-2021-0476 (In FindOrCreatePeer of btif_av.cc, there is a possible use
after free ...)
NOT-FOR-US: Android
-CVE-2021-0475
- RESERVED
+CVE-2021-0475 (In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible
memory c ...)
NOT-FOR-US: Android
-CVE-2021-0474
- RESERVED
+CVE-2021-0474 (In avrc_msg_cback of avrc_api.cc, there is a possible out of
bounds wr ...)
NOT-FOR-US: Android
-CVE-2021-0473
- RESERVED
+CVE-2021-0473 (In rw_t3t_process_error of rw_t3t.cc, there is a possible
double free ...)
NOT-FOR-US: Android
-CVE-2021-0472
- RESERVED
+CVE-2021-0472 (In shouldLockKeyguard of LockTaskController.java, there is a
possible ...)
NOT-FOR-US: Android
CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of
bounds ...)
NOT-FOR-US: Android media framework
@@ -44559,8 +44530,7 @@ CVE-2021-0468 (In LK, there is a possible escalation of
privilege due to an inse
CVE-2021-0467
RESERVED
NOT-FOR-US: AMLogic
-CVE-2021-0466
- RESERVED
+CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible
identifie ...)
NOT-FOR-US: Android
CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of
bounds writ ...)
NOT-FOR-US: Android/Pixel kernel component not in mainline
@@ -79066,8 +79036,8 @@ CVE-2020-13690
RESERVED
CVE-2020-13689
RESERVED
-CVE-2020-13688
- RESERVED
+CVE-2020-13688 (Cross-site scripting vulnerability in l Drupal Core allows an
attacker ...)
+ TODO: check
CVE-2020-13687
RESERVED
CVE-2020-13686
@@ -79122,8 +79092,7 @@ CVE-2020-13665 (Access bypass vulnerability in Drupal
Core allows JSON:API when
CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core
under certai ...)
- drupal7 <not-affected> (Drupal 7 not affected)
NOTE: https://www.drupal.org/sa-core-2020-005
-CVE-2020-13663 [Drupal SA 2020-004]
- RESERVED
+CVE-2020-13663 (Cross Site Request Forgery vulnerability in Drupal Core Form
API does ...)
{DSA-4706-1 DLA-2263-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-004
@@ -95588,8 +95557,8 @@ CVE-2020-7862
RESERVED
CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows
directo ...)
NOT-FOR-US: AnySupport
-CVE-2020-7860
- RESERVED
+CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow
vulnerability, ...)
+ TODO: check
CVE-2020-7859
RESERVED
CVE-2020-7858 (There is a directory traversing vulnerability in the download
page url ...)
@@ -96379,7 +96348,7 @@ CVE-2020-7508 (A CWE-307 Improper Restriction of
Excessive Authentication Attemp
NOT-FOR-US: Easergy T300
CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability
exists in E ...)
NOT-FOR-US: Easergy T300
-CVE-2020-7506 (A CWE-538: File and Directory Information Exposure
vulnerability exist ...)
+CVE-2020-7506 (A CWE-200: Information Exposure vulnerability exists in Easergy
T300, ...)
NOT-FOR-US: Easergy T300
CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check
vulnerability exist ...)
NOT-FOR-US: Easergy T300
@@ -100379,33 +100348,33 @@ CVE-2020-6008 (LifterLMS Wordpress plugin version
below 3.37.15 is vulnerable to
CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version
1935144020 ...)
NOT-FOR-US: Philips Hue Bridge model
CVE-2020-6006
- RESERVED
+ REJECTED
CVE-2020-6005
- RESERVED
+ REJECTED
CVE-2020-6004
- RESERVED
+ REJECTED
CVE-2020-6003
- RESERVED
+ REJECTED
CVE-2020-6002
- RESERVED
+ REJECTED
CVE-2020-6001
- RESERVED
+ REJECTED
CVE-2020-6000
- RESERVED
+ REJECTED
CVE-2020-5999
- RESERVED
+ REJECTED
CVE-2020-5998
- RESERVED
+ REJECTED
CVE-2020-5997
- RESERVED
+ REJECTED
CVE-2020-5996
- RESERVED
+ REJECTED
CVE-2020-5995
- RESERVED
+ REJECTED
CVE-2020-5994
- RESERVED
+ REJECTED
CVE-2020-5993
- RESERVED
+ REJECTED
CVE-2020-5992 (NVIDIA GeForce NOW application software on Windows, all
versions prior ...)
NOT-FOR-US: NVIDIA GeForce NOW application software
CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a
vulnerab ...)
@@ -103124,8 +103093,8 @@ CVE-2020-5005
RESERVED
CVE-2020-5004
RESERVED
-CVE-2020-5003
- RESERVED
+CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML
Extern ...)
+ TODO: check
CVE-2020-5002
RESERVED
CVE-2020-5001
@@ -146945,8 +146914,8 @@ CVE-2019-9477
RESERVED
CVE-2019-9476
RESERVED
-CVE-2019-9475
- RESERVED
+CVE-2019-9475 (In /proc/net of the kernel filesystem, there is a possible
information ...)
+ TODO: check
CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
NOT-FOR-US: Android
CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
@@ -267982,23 +267951,23 @@ CVE-2017-3910
CVE-2017-3909
RESERVED
CVE-2017-3908
- RESERVED
+ REJECTED
CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO)
extensi ...)
NOT-FOR-US: McAfee
CVE-2017-3906
- RESERVED
+ REJECTED
CVE-2017-3905
- RESERVED
+ REJECTED
CVE-2017-3904
RESERVED
CVE-2017-3903
- RESERVED
+ REJECTED
CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user
interface (UI ...)
NOT-FOR-US: Intel Security ePO
CVE-2017-3901
- RESERVED
+ REJECTED
CVE-2017-3900
- RESERVED
+ REJECTED
CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat
Defense ...)
NOT-FOR-US: Intel antivirus
CVE-2017-3898 (A man-in-the-middle attack vulnerability in the
non-certificate-based ...)
@@ -275523,27 +275492,27 @@ CVE-2017-1081 (In FreeBSD before 11.0-STABLE,
11.0-RELEASE-p10, 10.3-STABLE, and
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
NOTE: kfreebsd not covered by security support
CVE-2017-1080
- RESERVED
+ REJECTED
CVE-2017-1079
- RESERVED
+ REJECTED
CVE-2017-1078
- RESERVED
+ REJECTED
CVE-2017-1077
- RESERVED
+ REJECTED
CVE-2017-1076
- RESERVED
+ REJECTED
CVE-2017-1075
- RESERVED
+ REJECTED
CVE-2017-1074
- RESERVED
+ REJECTED
CVE-2017-1073
- RESERVED
+ REJECTED
CVE-2017-1072
- RESERVED
+ REJECTED
CVE-2017-1071
- RESERVED
+ REJECTED
CVE-2017-1070
- RESERVED
+ REJECTED
CVE-2017-1069
RESERVED
CVE-2017-1068
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43a5275e636e6f6dd5b31160952dc4d932ecea44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43a5275e636e6f6dd5b31160952dc4d932ecea44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
