Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a44e7e6c by security tracker role at 2021-06-16T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,211 @@
+CVE-2021-3604
+ RESERVED
+CVE-2021-34797
+ RESERVED
+CVE-2021-34796
+ RESERVED
+CVE-2021-34795
+ RESERVED
+CVE-2021-34794
+ RESERVED
+CVE-2021-34793
+ RESERVED
+CVE-2021-34792
+ RESERVED
+CVE-2021-34791
+ RESERVED
+CVE-2021-34790
+ RESERVED
+CVE-2021-34789
+ RESERVED
+CVE-2021-34788
+ RESERVED
+CVE-2021-34787
+ RESERVED
+CVE-2021-34786
+ RESERVED
+CVE-2021-34785
+ RESERVED
+CVE-2021-34784
+ RESERVED
+CVE-2021-34783
+ RESERVED
+CVE-2021-34782
+ RESERVED
+CVE-2021-34781
+ RESERVED
+CVE-2021-34780
+ RESERVED
+CVE-2021-34779
+ RESERVED
+CVE-2021-34778
+ RESERVED
+CVE-2021-34777
+ RESERVED
+CVE-2021-34776
+ RESERVED
+CVE-2021-34775
+ RESERVED
+CVE-2021-34774
+ RESERVED
+CVE-2021-34773
+ RESERVED
+CVE-2021-34772
+ RESERVED
+CVE-2021-34771
+ RESERVED
+CVE-2021-34770
+ RESERVED
+CVE-2021-34769
+ RESERVED
+CVE-2021-34768
+ RESERVED
+CVE-2021-34767
+ RESERVED
+CVE-2021-34766
+ RESERVED
+CVE-2021-34765
+ RESERVED
+CVE-2021-34764
+ RESERVED
+CVE-2021-34763
+ RESERVED
+CVE-2021-34762
+ RESERVED
+CVE-2021-34761
+ RESERVED
+CVE-2021-34760
+ RESERVED
+CVE-2021-34759
+ RESERVED
+CVE-2021-34758
+ RESERVED
+CVE-2021-34757
+ RESERVED
+CVE-2021-34756
+ RESERVED
+CVE-2021-34755
+ RESERVED
+CVE-2021-34754
+ RESERVED
+CVE-2021-34753
+ RESERVED
+CVE-2021-34752
+ RESERVED
+CVE-2021-34751
+ RESERVED
+CVE-2021-34750
+ RESERVED
+CVE-2021-34749
+ RESERVED
+CVE-2021-34748
+ RESERVED
+CVE-2021-34747
+ RESERVED
+CVE-2021-34746
+ RESERVED
+CVE-2021-34745
+ RESERVED
+CVE-2021-34744
+ RESERVED
+CVE-2021-34743
+ RESERVED
+CVE-2021-34742
+ RESERVED
+CVE-2021-34741
+ RESERVED
+CVE-2021-34740
+ RESERVED
+CVE-2021-34739
+ RESERVED
+CVE-2021-34738
+ RESERVED
+CVE-2021-34737
+ RESERVED
+CVE-2021-34736
+ RESERVED
+CVE-2021-34735
+ RESERVED
+CVE-2021-34734
+ RESERVED
+CVE-2021-34733
+ RESERVED
+CVE-2021-34732
+ RESERVED
+CVE-2021-34731
+ RESERVED
+CVE-2021-34730
+ RESERVED
+CVE-2021-34729
+ RESERVED
+CVE-2021-34728
+ RESERVED
+CVE-2021-34727
+ RESERVED
+CVE-2021-34726
+ RESERVED
+CVE-2021-34725
+ RESERVED
+CVE-2021-34724
+ RESERVED
+CVE-2021-34723
+ RESERVED
+CVE-2021-34722
+ RESERVED
+CVE-2021-34721
+ RESERVED
+CVE-2021-34720
+ RESERVED
+CVE-2021-34719
+ RESERVED
+CVE-2021-34718
+ RESERVED
+CVE-2021-34717
+ RESERVED
+CVE-2021-34716
+ RESERVED
+CVE-2021-34715
+ RESERVED
+CVE-2021-34714
+ RESERVED
+CVE-2021-34713
+ RESERVED
+CVE-2021-34712
+ RESERVED
+CVE-2021-34711
+ RESERVED
+CVE-2021-34710
+ RESERVED
+CVE-2021-34709
+ RESERVED
+CVE-2021-34708
+ RESERVED
+CVE-2021-34707
+ RESERVED
+CVE-2021-34706
+ RESERVED
+CVE-2021-34705
+ RESERVED
+CVE-2021-34704
+ RESERVED
+CVE-2021-34703
+ RESERVED
+CVE-2021-34702
+ RESERVED
+CVE-2021-34701
+ RESERVED
+CVE-2021-34700
+ RESERVED
+CVE-2021-34699
+ RESERVED
+CVE-2021-34698
+ RESERVED
+CVE-2021-34697
+ RESERVED
+CVE-2021-34696
+ RESERVED
CVE-2021-3605 [Heap buffer overflow in the rleUncompress function]
+ RESERVED
- openexr <unfixed>
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
CVE-2021-3603
@@ -301,8 +508,7 @@ CVE-2021-34559
RESERVED
CVE-2021-3596
RESERVED
-CVE-2021-3595 [slirp: invalid pointer initialization may lead to information
disclosure (tftp)]
- RESERVED
+CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP
network ...)
- libslirp <unfixed>
- qemu 1:4.1-2
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
(v4.6.0)
@@ -310,24 +516,21 @@ CVE-2021-3595 [slirp: invalid pointer initialization may
lead to information dis
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30
(v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
TODO: check completeness
-CVE-2021-3594 [slirp: invalid pointer initialization may lead to information
disclosure (udp)]
- RESERVED
+CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP
network ...)
- libslirp <unfixed>
- qemu 1:4.1-2
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
(v4.6.0)
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824
(v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
TODO: check completeness
-CVE-2021-3593 [slirp: invalid pointer initialization may lead to information
disclosure (udp6)]
- RESERVED
+CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP
network ...)
- libslirp <unfixed>
- qemu 1:4.1-2
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
(v4.6.0)
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b
(v4.6.0)
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
TODO: check completeness
-CVE-2021-3592 [slirp: invalid pointer initialization may lead to information
disclosure (bootp)]
- RESERVED
+CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP
network ...)
- libslirp <unfixed>
- qemu 1:4.1-2
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17
(v4.6.0)
@@ -1159,8 +1362,8 @@ CVE-2021-34172
RESERVED
CVE-2021-34171
RESERVED
-CVE-2021-34170
- RESERVED
+CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote
attackers to ex ...)
+ TODO: check
CVE-2021-34169
RESERVED
CVE-2021-34168
@@ -1241,10 +1444,10 @@ CVE-2021-34131
RESERVED
CVE-2021-34130
RESERVED
-CVE-2021-34129
- RESERVED
-CVE-2021-34128
- RESERVED
+CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete
arbitrary f ...)
+ TODO: check
+CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute
arbitrary ...)
+ TODO: check
CVE-2021-34127
RESERVED
CVE-2021-34126
@@ -1763,8 +1966,8 @@ CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow
for years that exceed
NOTE:
https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
NOTE:
https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
NOTE: https://trac.nginx.org/nginx/ticket/1368
-CVE-2021-33887
- RESERVED
+CVE-2021-33887 (Insufficient verification of data authenticity in Peloton
TTR01 up to ...)
+ TODO: check
CVE-2021-33886
RESERVED
CVE-2021-33885
@@ -2395,8 +2598,8 @@ CVE-2021-33624
RESERVED
CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1
for Node.j ...)
NOT-FOR-US: Node.js trim-newlines package
-CVE-2021-33622
- RESERVED
+CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before
3.5-8, h ...)
+ TODO: check
CVE-2021-33621
RESERVED
CVE-2021-33619
@@ -3999,7 +4202,7 @@ CVE-2021-32923 (HashiCorp Vault and Vault Enterprise
allowed the renewal of near
CVE-2021-32922
RESERVED
CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not
use a co ...)
- {DSA-4916-1}
+ {DSA-4916-1 DLA-2687-1}
- prosody 0.11.9-1 (bug #988668)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
@@ -4036,7 +4239,7 @@ CVE-2021-32918 (An issue was discovered in Prosody before
0.11.9. Default settin
NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5
NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db
CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65
componen ...)
- {DSA-4916-1}
+ {DSA-4916-1 DLA-2687-1}
- prosody 0.11.9-1 (bug #988668)
NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
NOTE: https://prosody.im/security/advisory_20210512.txt
@@ -4503,12 +4706,12 @@ CVE-2021-32687
RESERVED
CVE-2021-32686
RESERVED
-CVE-2021-32685
- RESERVED
+CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the
browser ( ...)
+ TODO: check
CVE-2021-32684 (magento-scripts contains scripts and configuration used by
Create Mage ...)
NOT-FOR-US: Create Magento app
-CVE-2021-32683
- RESERVED
+CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source
messenger. A cr ...)
+ TODO: check
CVE-2021-32682 (elFinder is an open-source file manager for web, written in
JavaScript ...)
NOT-FOR-US: elFinder
CVE-2021-32681
@@ -4523,8 +4726,8 @@ CVE-2021-32677 (FastAPI is a web framework for building
APIs with Python 3.6+ ba
- fastapi <unfixed>
NOTE:
https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7
NOTE:
https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d
(0.65.2)
-CVE-2021-32676
- RESERVED
+CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat
communicati ...)
+ TODO: check
CVE-2021-32675
RESERVED
CVE-2021-32674 (Zope is an open-source web application server. This advisory
extends t ...)
@@ -4642,8 +4845,8 @@ CVE-2021-32625 (Redis is an open source (BSD licensed),
in-memory data structure
NOTE: CVE is result of incomplete fix by CVE-2021-29477.
CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js
application ...)
NOT-FOR-US: Keystone CMS
-CVE-2021-32623
- RESERVED
+CVE-2021-32623 (Opencast is a free and open source solution for automated
video captur ...)
+ TODO: check
CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix
chat/voip ...)
NOT-FOR-US: Matrix-React-SDK
CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
@@ -5903,8 +6106,8 @@ CVE-2021-3537 (A vulnerability found in libxml2 in
versions before 2.9.11 shows
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final
while crea ...)
- wildfly <itp> (bug #752018)
-CVE-2021-3535
- RESERVED
+CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site
scripting ...)
+ TODO: check
CVE-2021-32061
RESERVED
CVE-2021-32060
@@ -7501,56 +7704,56 @@ CVE-2021-31504
RESERVED
CVE-2021-31503
RESERVED
-CVE-2021-31502
- RESERVED
-CVE-2021-31501
- RESERVED
-CVE-2021-31500
- RESERVED
-CVE-2021-31499
- RESERVED
-CVE-2021-31498
- RESERVED
-CVE-2021-31497
- RESERVED
-CVE-2021-31496
- RESERVED
-CVE-2021-31495
- RESERVED
-CVE-2021-31494
- RESERVED
-CVE-2021-31493
- RESERVED
-CVE-2021-31492
- RESERVED
-CVE-2021-31491
- RESERVED
-CVE-2021-31490
- RESERVED
-CVE-2021-31489
- RESERVED
-CVE-2021-31488
- RESERVED
-CVE-2021-31487
- RESERVED
-CVE-2021-31486
- RESERVED
-CVE-2021-31485
- RESERVED
-CVE-2021-31484
- RESERVED
-CVE-2021-31483
- RESERVED
-CVE-2021-31482
- RESERVED
-CVE-2021-31481
- RESERVED
-CVE-2021-31480
- RESERVED
-CVE-2021-31479
- RESERVED
-CVE-2021-31478
- RESERVED
+CVE-2021-31502 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31501 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-31500 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31499 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31498 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-31497 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31496 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31495 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31494 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31493 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31492 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31491 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31490 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31489 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31488 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31487 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31486 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31485 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31484 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31483 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31482 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31481 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31480 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31479 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-31478 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2021-31477
RESERVED
CVE-2021-31476
@@ -9610,44 +9813,34 @@ CVE-2021-30555
RESERVED
CVE-2021-30554
RESERVED
-CVE-2021-30553
- RESERVED
+CVE-2021-30553 (Use after free in Network service in Google Chrome prior to
91.0.4472. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30552
- RESERVED
+CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to
91.0.4472.101 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30551
- RESERVED
+CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101
allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30550
- RESERVED
+CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to
91.0.4472.10 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30549
- RESERVED
+CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to
91.0.4472.101 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30548
- RESERVED
+CVE-2021-30548 (Use after free in Loader in Google Chrome prior to
91.0.4472.101 allow ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30547
- RESERVED
+CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to
91.0.4472.101 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30546
- RESERVED
+CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to
91.0.4472.101 all ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30545
- RESERVED
+CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to
91.0.4472.101 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30544
- RESERVED
+CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to
91.0.4472.101 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to
91.0.4472.77 all ...)
@@ -13901,10 +14094,10 @@ CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an
attacker can add or alter
NOT-FOR-US: Node mixme
CVE-2021-28859
RESERVED
-CVE-2021-28858
- RESERVED
-CVE-2021-28857
- RESERVED
+CVE-2021-28858 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not
use SSL b ...)
+ TODO: check
+CVE-2021-28857 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username
and passw ...)
+ TODO: check
CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can
cause a div ...)
NOT-FOR-US: Deark
CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can
cause a NULL ...)
@@ -14002,8 +14195,8 @@ CVE-2021-28817 (The Windows Installation component of
TIBCO Software Inc.'s TIBC
NOT-FOR-US: TIBCO
CVE-2021-28816
RESERVED
-CVE-2021-28815
- RESERVED
+CVE-2021-28815 (Insecure storage of sensitive information has been reported to
affect ...)
+ TODO: check
CVE-2021-28814 (An improper access control vulnerability has been reported to
affect Q ...)
NOT-FOR-US: QNAP
CVE-2021-28813
@@ -14254,6 +14447,7 @@ CVE-2021-28693 [xen/arm: Boot modules are not scrubbed]
NOTE: https://xenbits.xen.org/xsa/advisory-372.html
CVE-2021-28692 [inappropriate x86 IOMMU timeout detection / handling]
RESERVED
+ {DSA-4931-1}
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-373.html
@@ -14265,6 +14459,7 @@ CVE-2021-28691 [Guest triggered use-after-free in Linux
xen-netback]
NOTE: https://xenbits.xen.org/xsa/advisory-374.html
CVE-2021-28690 [x86: TSX Async Abort protections not restored after S3]
RESERVED
+ {DSA-4931-1}
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-377.html
@@ -17384,8 +17579,8 @@ CVE-2021-27390 (A vulnerability has been identified in
JT2Go (All versions <
NOT-FOR-US: Siemens
CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All
versions ...)
NOT-FOR-US: Opcenter Quality
-CVE-2021-27388
- RESERVED
+CVE-2021-27388 (SINAMICS medium voltage routable products are affected by a
vulnerabil ...)
+ TODO: check
CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2
(All ver ...)
NOT-FOR-US: Simcenter (Siemens)
CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort
Outdoor Pan ...)
@@ -18195,7 +18390,7 @@ CVE-2021-27034
RESERVED
CVE-2021-27033
RESERVED
-CVE-2021-27032 (Autodesk Licensing Services was found to be vulnerable to
privilege es ...)
+CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to
privilege e ...)
NOT-FOR-US: Autodesk
CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which
may expl ...)
NOT-FOR-US: Autodesk
@@ -19930,6 +20125,7 @@ CVE-2021-26314 (Potential floating point value
injection in all supported CPU pr
NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
TODO: check
CVE-2021-26313 (Potential speculative code store bypass in all supported CPU
products, ...)
+ {DSA-4931-1}
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
@@ -25330,8 +25526,8 @@ CVE-2021-24039
RESERVED
CVE-2021-24038
RESERVED
-CVE-2021-24037
- RESERVED
+CVE-2021-24037 (A use after free in hermes, while emitting certain error
messages, pri ...)
+ TODO: check
CVE-2021-24036
RESERVED
CVE-2021-24035 (A lack of filename validation when unzipping archives prior to
WhatsAp ...)
@@ -26872,8 +27068,8 @@ CVE-2021-23397
RESERVED
CVE-2021-23396
RESERVED
-CVE-2021-23395
- RESERVED
+CVE-2021-23395 (This affects all versions of package nedb. The library could
be tricke ...)
+ TODO: check
CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to
Remote ...)
NOT-FOR-US: studio-42/elfinder
CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When
using the ...)
@@ -40315,10 +40511,10 @@ CVE-2020-29217
RESERVED
CVE-2020-29216
RESERVED
-CVE-2020-29215
- RESERVED
-CVE-2020-29214
- RESERVED
+CVE-2020-29215 (A Cross Site Scripting in SourceCodester Employee Management
System 1. ...)
+ TODO: check
+CVE-2020-29214 (SQL injection vulnerability in SourceCodester Alumni
Management System ...)
+ TODO: check
CVE-2020-29213
RESERVED
CVE-2020-29212
@@ -47267,6 +47463,7 @@ CVE-2021-0091
CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version
20.11. ...)
NOT-FOR-US: Intel
CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may
allow ...)
+ {DSA-4931-1}
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
@@ -61613,8 +61810,8 @@ CVE-2020-21318
RESERVED
CVE-2020-21317
RESERVED
-CVE-2020-21316
- RESERVED
+CVE-2020-21316 (A Cross-site scripting (XSS) vulnerability exists in the
comment secti ...)
+ TODO: check
CVE-2020-21315
RESERVED
CVE-2020-21314
@@ -95770,8 +95967,8 @@ CVE-2020-7866
RESERVED
CVE-2020-7865
RESERVED
-CVE-2020-7864
- RESERVED
+CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file
upload ...)
+ TODO: check
CVE-2020-7863
RESERVED
CVE-2020-7862
@@ -96014,7 +96211,7 @@ CVE-2020-7753 (All versions of package trim are
vulnerable to Regular Expression
NOT-FOR-US: Node trim
CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This
packag ...)
NOT-FOR-US: Node systeminformation
-CVE-2020-7751 (This affects all versions of package pathval. ...)
+CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype
pollution. ...)
- node-pathval 1.1.0-4 (bug #972895)
[buster] - node-pathval 1.1.0-3+deb10u1
NOTE: https://snyk.io/vuln/SNYK-JS-PATHVAL-596926
@@ -103375,8 +103572,8 @@ CVE-2020-5002
RESERVED
CVE-2020-5001
RESERVED
-CVE-2020-5000
- RESERVED
+CVE-2020-5000 (IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable
to cro ...)
+ TODO: check
CVE-2020-4999
RESERVED
CVE-2020-4998
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a44e7e6c74fee42b847133ee65870b453267c5fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a44e7e6c74fee42b847133ee65870b453267c5fd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
