Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e532950e by security tracker role at 2021-06-22T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote
attackers to ex ...)
+ TODO: check
+CVE-2021-35195
+ RESERVED
+CVE-2021-35194
+ RESERVED
+CVE-2021-35193
+ RESERVED
+CVE-2021-35192
+ RESERVED
+CVE-2021-35191
+ RESERVED
+CVE-2021-35190
+ RESERVED
+CVE-2021-35189
+ RESERVED
+CVE-2021-35188
+ RESERVED
+CVE-2021-35187
+ RESERVED
+CVE-2021-35186
+ RESERVED
+CVE-2021-35185
+ RESERVED
+CVE-2021-35184
+ RESERVED
+CVE-2021-35183
+ RESERVED
+CVE-2021-35182
+ RESERVED
+CVE-2021-35181
+ RESERVED
+CVE-2021-35180
+ RESERVED
+CVE-2021-35179
+ RESERVED
+CVE-2021-35178
+ RESERVED
+CVE-2021-35177
+ RESERVED
+CVE-2021-35176
+ RESERVED
+CVE-2021-35175
+ RESERVED
+CVE-2021-35174
+ RESERVED
+CVE-2021-35173
+ RESERVED
+CVE-2021-35172
+ RESERVED
+CVE-2021-35171
+ RESERVED
+CVE-2021-35170
+ RESERVED
+CVE-2021-35169
+ RESERVED
+CVE-2021-35168
+ RESERVED
+CVE-2021-35167
+ RESERVED
+CVE-2021-35166
+ RESERVED
+CVE-2021-35165
+ RESERVED
+CVE-2021-35164
+ RESERVED
+CVE-2021-35163
+ RESERVED
+CVE-2021-35162
+ RESERVED
+CVE-2021-35161
+ RESERVED
+CVE-2021-35160
+ RESERVED
+CVE-2021-35159
+ RESERVED
+CVE-2021-35158
+ RESERVED
+CVE-2021-35157
+ RESERVED
+CVE-2021-35156
+ RESERVED
+CVE-2021-35155
+ RESERVED
+CVE-2021-35154
+ RESERVED
+CVE-2021-35153
+ RESERVED
+CVE-2021-35152
+ RESERVED
+CVE-2021-35151
+ RESERVED
+CVE-2021-35150
+ RESERVED
+CVE-2021-35149
+ RESERVED
+CVE-2021-35148
+ RESERVED
+CVE-2021-35147
+ RESERVED
+CVE-2021-35146
+ RESERVED
+CVE-2021-35145
+ RESERVED
+CVE-2021-35144
+ RESERVED
+CVE-2021-35143
+ RESERVED
+CVE-2021-35142
+ RESERVED
+CVE-2021-35141
+ RESERVED
+CVE-2021-35140
+ RESERVED
+CVE-2021-35139
+ RESERVED
+CVE-2021-35138
+ RESERVED
+CVE-2021-35137
+ RESERVED
+CVE-2021-35136
+ RESERVED
+CVE-2021-35135
+ RESERVED
+CVE-2021-35134
+ RESERVED
+CVE-2021-35133
+ RESERVED
+CVE-2021-35132
+ RESERVED
+CVE-2021-35131
+ RESERVED
+CVE-2021-35130
+ RESERVED
+CVE-2021-35129
+ RESERVED
+CVE-2021-35128
+ RESERVED
+CVE-2021-35127
+ RESERVED
+CVE-2021-35126
+ RESERVED
+CVE-2021-35125
+ RESERVED
+CVE-2021-35124
+ RESERVED
+CVE-2021-35123
+ RESERVED
+CVE-2021-35122
+ RESERVED
+CVE-2021-35121
+ RESERVED
+CVE-2021-35120
+ RESERVED
+CVE-2021-35119
+ RESERVED
+CVE-2021-35118
+ RESERVED
+CVE-2021-35117
+ RESERVED
+CVE-2021-35116
+ RESERVED
+CVE-2021-35115
+ RESERVED
+CVE-2021-35114
+ RESERVED
+CVE-2021-35113
+ RESERVED
+CVE-2021-35112
+ RESERVED
+CVE-2021-35111
+ RESERVED
+CVE-2021-35110
+ RESERVED
+CVE-2021-35109
+ RESERVED
+CVE-2021-35108
+ RESERVED
+CVE-2021-35107
+ RESERVED
+CVE-2021-35106
+ RESERVED
+CVE-2021-35105
+ RESERVED
+CVE-2021-35104
+ RESERVED
+CVE-2021-35103
+ RESERVED
+CVE-2021-35102
+ RESERVED
+CVE-2021-35101
+ RESERVED
+CVE-2021-35100
+ RESERVED
+CVE-2021-35099
+ RESERVED
+CVE-2021-35098
+ RESERVED
+CVE-2021-35097
+ RESERVED
+CVE-2021-35096
+ RESERVED
+CVE-2021-35095
+ RESERVED
+CVE-2021-35094
+ RESERVED
+CVE-2021-35093
+ RESERVED
+CVE-2021-35092
+ RESERVED
+CVE-2021-35091
+ RESERVED
+CVE-2021-35090
+ RESERVED
+CVE-2021-35089
+ RESERVED
+CVE-2021-35088
+ RESERVED
+CVE-2021-35087
+ RESERVED
+CVE-2021-35086
+ RESERVED
+CVE-2021-35085
+ RESERVED
+CVE-2021-35084
+ RESERVED
+CVE-2021-35083
+ RESERVED
+CVE-2021-35082
+ RESERVED
+CVE-2021-35081
+ RESERVED
+CVE-2021-35080
+ RESERVED
+CVE-2021-35079
+ RESERVED
+CVE-2021-35078
+ RESERVED
+CVE-2021-35077
+ RESERVED
+CVE-2021-35076
+ RESERVED
+CVE-2021-35075
+ RESERVED
+CVE-2021-35074
+ RESERVED
+CVE-2021-35073
+ RESERVED
+CVE-2021-35072
+ RESERVED
+CVE-2021-35071
+ RESERVED
+CVE-2021-35070
+ RESERVED
+CVE-2021-35069
+ RESERVED
+CVE-2021-35068
+ RESERVED
+CVE-2021-35067
+ RESERVED
CVE-2021-3612 [joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()]
RESERVED
- linux <unfixed>
@@ -1511,14 +1771,14 @@ CVE-2021-34391
RESERVED
CVE-2021-34390
RESERVED
-CVE-2021-34389
- RESERVED
-CVE-2021-34388
- RESERVED
-CVE-2021-34387
- RESERVED
-CVE-2021-34386
- RESERVED
+CVE-2021-34389 (Trusty contains a vulnerability in NVIDIA OTE protocol message
parsing ...)
+ TODO: check
+CVE-2021-34388 (Bootloader contains a vulnerability in NVIDIA MB2 where a
potential he ...)
+ TODO: check
+CVE-2021-34387 (The ARM TrustZone Technology on which Trusty is based on
contains a vu ...)
+ TODO: check
+CVE-2021-34386 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel
where an ...)
+ TODO: check
CVE-2021-34385
RESERVED
CVE-2021-34384
@@ -2535,6 +2795,7 @@ CVE-2018-25015 (An issue was discovered in the Linux
kernel before 4.14.16. Ther
NOTE:
https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f
CVE-2021-3587 [nfc: fix NULL ptr dereference in llcp_sock_getname() after
failed connect]
RESERVED
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
@@ -2828,6 +3089,7 @@ CVE-2021-33796
RESERVED
CVE-2021-3573
RESERVED
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
@@ -3478,6 +3740,7 @@ CVE-2021-33526
CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command
Execution (b ...)
NOT-FOR-US: EyesOfNetwork (EON) eonweb
CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI
device in ...)
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
@@ -4613,6 +4876,7 @@ CVE-2021-33036
CVE-2021-33035
RESERVED
CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c
has a use ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
@@ -5329,8 +5593,8 @@ CVE-2021-32700
RESERVED
CVE-2021-32699
RESERVED
-CVE-2021-32698
- RESERVED
+CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research
labs. T ...)
+ TODO: check
CVE-2021-32697 (neos/forms is an open source framework to build web forms. By
crafting ...)
NOT-FOR-US: neos/forms
CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's
strip_tags i ...)
@@ -6049,6 +6313,7 @@ CVE-2021-32401
CVE-2021-32400
RESERVED
CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2
has a r ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2
@@ -7204,6 +7469,7 @@ CVE-2021-31917
RESERVED
NOT-FOR-US: Infinispan
CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in
list_devices in ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
@@ -7494,6 +7760,7 @@ CVE-2021-3514 (When using a sync_repl client in
389-ds-base, an authenticated at
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://github.com/389ds/389-ds-base/issues/4711
CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1
performs unde ...)
+ {DLA-2690-1}
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -8303,6 +8570,7 @@ CVE-2021-3507 (A heap buffer overflow was found in the
floppy disk emulator of Q
[stretch] - qemu <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in
fs/f2fs/node.c ...)
+ {DLA-2690-1}
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux <ignored> (f2fs is not supportable)
@@ -10196,6 +10464,7 @@ CVE-2020-36323 (In the standard library in Rust before
1.52.0, there is an optim
NOTE: https://github.com/rust-lang/rust/issues/80335
NOTE: https://github.com/rust-lang/rust/pull/81728
CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation
in the L ...)
+ {DLA-2689-1}
- linux 5.10.9-1
NOTE:
https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An
out-of-bounds ...)
@@ -11433,6 +11702,7 @@ CVE-2020-36314 (fr-archive-libarchive.c in GNOME
file-roller through 3.38.0, as
CVE-2021-3484
RESERVED
CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This
issue al ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf
@@ -12139,6 +12409,7 @@ CVE-2021-29944
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29944
CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when
a webca ...)
+ {DLA-2689-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
@@ -12800,6 +13071,7 @@ CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has
an Open Redirect in the
CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).
...)
NOT-FOR-US: Pomerium
CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11.
The netfil ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1
@@ -12812,6 +13084,7 @@ CVE-2021-29648 (An issue was discovered in the Linux
kernel before 5.11.11. The
- linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11.
qrtr_recvm ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160
@@ -13817,10 +14090,12 @@ CVE-2021-29266 (An issue was discovered in the Linux
kernel before 5.11.9. drive
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9
CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7.
usbip_sockf ...)
+ {DLA-2689-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22
CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10.
drivers/n ...)
+ {DLA-2690-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
@@ -14061,6 +14336,7 @@ CVE-2021-29157 [oauth2 JWT local validation path
traversal]
CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the
Webfinger ...)
NOT-FOR-US: ForgeRock OpenAM
CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x.
kernel/bpf ...)
+ {DLA-2690-1}
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -14068,6 +14344,7 @@ CVE-2021-29155 (An issue was discovered in the Linux
kernel through 5.11.x. kern
NOTE: Fixes need to be made complete for older series to not open
CVE-2021-33200,
NOTE: cf.
https://lore.kernel.org/stable/[email protected]/
CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have
incorrect c ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1
@@ -14283,12 +14560,12 @@ CVE-2021-29065 (NETGEAR RBR850 devices before
3.2.10.11 are affected by authenti
NOT-FOR-US: NETGEAR
CVE-2021-29064
RESERVED
-CVE-2021-29063
- RESERVED
+CVE-2021-29063 (A Regular Expression Denial of Service (ReDOS) vulnerability
was disco ...)
+ TODO: check
CVE-2021-29062
RESERVED
-CVE-2021-29061
- RESERVED
+CVE-2021-29061 (A Regular Expression Denial of Service (ReDOS) vulnerability
was disco ...)
+ TODO: check
CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability
was disco ...)
TODO: check
CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 4.3.1 and
below where ...)
@@ -14492,15 +14769,18 @@ CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby
before 2.6.7, 2.7.x before 2.
- ruby-rexml <unfixed> (bug #986806)
NOTE:
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel
through 5. ...)
+ {DLA-2690-1}
- linux 5.10.26-1
[buster] - linux 4.19.194-1
[stretch] - linux <ignored> (Driver is specific to IBM Power systems)
NOTE:
https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678
CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in
the Linux ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.26-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea
CVE-2021-28964 (A race condition was discovered in get_old_root in
fs/btrfs/ctree.c in ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.26-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
@@ -14556,6 +14836,7 @@ CVE-2021-28951 (An issue was discovered in
fs/io_uring.c in the Linux kernel thr
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49
CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux
kernel before ...)
+ {DLA-2689-1}
- linux 5.10.24-1
NOTE:
https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed
CVE-2021-28949
@@ -15158,6 +15439,7 @@ CVE-2021-28689 (x86: Speculative vulnerabilities with
bare (non-shim) 32-bit PV
NOTE: https://xenbits.xen.org/xsa/advisory-370.html
NOTE: Unfixable design/architecture limitation, no fix planned
CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such
that subs ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE: https://xenbits.xen.org/xsa/advisory-371.html
@@ -15255,7 +15537,7 @@ CVE-2021-28687 (HVM soft-reset crashes toolstack libxl
requires all data structu
[stretch] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-368.html
CVE-2021-28660 (rtw_wx_set_scan in
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
- {DLA-2610-1}
+ {DLA-2689-1 DLA-2610-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
@@ -16480,7 +16762,7 @@ CVE-2021-3429
NOTE:
https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
RESERVED
- {DLA-2610-1}
+ {DLA-2689-1 DLA-2610-1}
- linux 5.8.7-1
[buster] - linux 4.19.181-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
@@ -25493,52 +25775,52 @@ CVE-2021-24385
RESERVED
CVE-2021-24384
RESERVED
-CVE-2021-24383
- RESERVED
+CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not
sanitise, va ...)
+ TODO: check
CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before
3.5.0.9 did n ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24381
RESERVED
CVE-2021-24380
RESERVED
-CVE-2021-24379
- RESERVED
-CVE-2021-24378
- RESERVED
-CVE-2021-24377
- RESERVED
-CVE-2021-24376
- RESERVED
+CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows
users t ...)
+ TODO: check
+CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check
for malic ...)
+ TODO: check
+CVE-2021-24377 (The Autoptimize WordPress plugin before 2.7.8 attempts to
remove poten ...)
+ TODO: check
+CVE-2021-24376 (The Autoptimize WordPress plugin before 2.7.8 attempts to
delete malic ...)
+ TODO: check
CVE-2021-24375
RESERVED
-CVE-2021-24374
- RESERVED
-CVE-2021-24373
- RESERVED
-CVE-2021-24372
- RESERVED
+CVE-2021-24374 (The Jetpack Carousel module of the JetPack WordPress plugin
before 9.8 ...)
+ TODO: check
+CVE-2021-24373 (The WP Hardening – Fix Your WordPress Security WordPress
plugin ...)
+ TODO: check
+CVE-2021-24372 (The WP Hardening – Fix Your WordPress Security WordPress
plugin ...)
+ TODO: check
CVE-2021-24371
RESERVED
-CVE-2021-24370
- RESERVED
-CVE-2021-24369
- RESERVED
+CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9
allows unauth ...)
+ TODO: check
+CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the
contribut ...)
+ TODO: check
CVE-2021-24368 (The Quiz And Survey Master – Best Quiz, Exam and Survey
Plugin W ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24367
- RESERVED
-CVE-2021-24366
- RESERVED
+CVE-2021-24367 (The WP Config File Editor WordPress plugin through 1.7.1 was
affected ...)
+ TODO: check
+CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin
Columns P ...)
+ TODO: check
CVE-2021-24365
RESERVED
-CVE-2021-24364
- RESERVED
+CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly
sanitize the ...)
+ TODO: check
CVE-2021-24363
RESERVED
CVE-2021-24362
RESERVED
-CVE-2021-24361
- RESERVED
+CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the
AJAX act ...)
+ TODO: check
CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not
sanitise its s ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24359 (The Plus Addons for Elementor Page Builder WordPress plugin
before 4.1 ...)
@@ -25581,10 +25863,10 @@ CVE-2021-24341 (When deleting a date in the Xllentech
English Islamic Calendar W
NOT-FOR-US: WordPress plugin
CVE-2021-24340 (The WP Statistics WordPress plugin before 13.0.8 relied on
using the W ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24339
- RESERVED
-CVE-2021-24338
- RESERVED
+CVE-2021-24339 (The Pods – Custom Content Types and Fields WordPress
plugin befo ...)
+ TODO: check
+CVE-2021-24338 (The Pods – Custom Content Types and Fields WordPress
plugin befo ...)
+ TODO: check
CVE-2021-24337 (The id GET parameter of one of the Video Embed WordPress
plugin throug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24336 (The FlightLog WordPress plugin through 3.0.2 does not
sanitise, valida ...)
@@ -28319,11 +28601,13 @@ CVE-2021-23234
CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere
vulnerabilit ...)
NOT-FOR-US: Argo CD
CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux
Kernel before ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4
CVE-2021-23133 (A race condition in Linux kernel SCTP sockets
(net/sctp/socket.c) befo ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f
@@ -35287,30 +35571,30 @@ CVE-2021-20746
RESERVED
CVE-2021-20745
RESERVED
-CVE-2021-20744
- RESERVED
-CVE-2021-20743
- RESERVED
-CVE-2021-20742
- RESERVED
-CVE-2021-20741
- RESERVED
+CVE-2021-20744 (Cross-site scripting vulnerability in EC-CUBE Category
contents plugin ...)
+ TODO: check
+CVE-2021-20743 (Cross-site scripting vulnerability in EC-CUBE Email
newsletters manage ...)
+ TODO: check
+CVE-2021-20742 (Cross-site scripting vulnerability in EC-CUBE Business form
output plu ...)
+ TODO: check
+CVE-2021-20741 (Cross-site scripting vulnerability in Hitachi Application
Server Help ...)
+ TODO: check
CVE-2021-20740
RESERVED
CVE-2021-20739
RESERVED
CVE-2021-20738
RESERVED
-CVE-2021-20737
- RESERVED
-CVE-2021-20736
- RESERVED
-CVE-2021-20735
- RESERVED
-CVE-2021-20734
- RESERVED
-CVE-2021-20733
- RESERVED
+CVE-2021-20737 (Improper authentication vulnerability in GROWI versions prior
to v4.2. ...)
+ TODO: check
+CVE-2021-20736 (NoSQL injection vulnerability in GROWI versions prior to
v4.2.20 allow ...)
+ TODO: check
+CVE-2021-20735 (Cross-site scripting vulnerability in ETUNA EC-CUBE plugins
(Delivery ...)
+ TODO: check
+CVE-2021-20734 (Cross-site scripting vulnerability in Welcart e-Commerce
versions prio ...)
+ TODO: check
+CVE-2021-20733 (Improper authorization in handler for custom URL scheme
vulnerability ...)
+ TODO: check
CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to
1.8.1 an ...)
NOT-FOR-US: ATOM (ATOM - Smart life App)
CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4
firmware Ver ...)
@@ -36258,6 +36542,7 @@ CVE-2021-20293 (A reflected Cross-Site Scripting (XSS)
flaw was found in RESTEas
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819
CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions
before 5.9 in ...)
+ {DLA-2689-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686
@@ -40845,6 +41130,7 @@ CVE-2020-29376 (An issue was discovered on V-SOL V1600D
V2.03.69 and V2.03.57, V
CVE-2020-29375 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57,
V1600D4 ...)
NOT-FOR-US: V-SOL devices
CVE-2020-29374 (An issue was discovered in the Linux kernel before 5.7.3,
related to m ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.7.6-1
[buster] - linux 4.19.194-1
NOTE:
https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f
@@ -45507,6 +45793,7 @@ CVE-2021-0514
CVE-2021-0513 (In deleteNotificationChannel and related functions of
NotificationMana ...)
NOT-FOR-US: Android
CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c,
there is a ...)
+ {DLA-2689-1}
- linux 5.10.19-1
[buster] - linux 4.19.181-1
NOTE:
https://git.kernel.org/linus/ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f
@@ -48059,6 +48346,7 @@ CVE-2021-0131 (Use of cryptographically weak
pseudo-random number generator (PRN
CVE-2021-0130
RESERVED
CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated
user to po ...)
+ {DLA-2690-1 DLA-2689-1}
- bluez 5.55-3.1 (bug #989614)
- linux 5.10.40-1
[buster] - linux 4.19.194-1
@@ -48710,8 +48998,8 @@ CVE-2020-27513
RESERVED
CVE-2020-27512
RESERVED
-CVE-2020-27511
- RESERVED
+CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML
components i ...)
+ TODO: check
CVE-2020-27510
RESERVED
CVE-2020-27509
@@ -50891,6 +51179,7 @@ CVE-2020-26559 (Bluetooth Mesh Provisioning in the
Bluetooth Mesh profile 1.0 an
NOTE:
https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960011
CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core
Specification ...)
+ {DLA-2690-1 DLA-2689-1}
- bluez 5.55-3.1 (bug #989614)
- linux 5.10.40-1
[buster] - linux 4.19.194-1
@@ -51861,6 +52150,7 @@ CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c
0.4.5 allows attackers to
NOTE: https://github.com/mity/md4c/issues/130
NOTE:
https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP,
WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
@@ -51900,6 +52190,7 @@ CVE-2020-26140 (An issue was discovered in the ALFA
Windows 10 driver 6.1316.120
NOTE: https://www.fragattacks.com/
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/
CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access
Point ( ...)
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
@@ -53069,16 +53360,19 @@ CVE-2020-25673 (A vulnerability was found in Linux
kernel where non-blocking soc
[buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in
llcp_sock_con ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25671 (A vulnerability was found in Linux Kernel, where a refcount
leak in ll ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
[buster] - linux 4.19.194-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25670 (A vulnerability was found in Linux Kernel where refcount leak
in llcp_ ...)
+ {DLA-2690-1 DLA-2689-1}
- linux 5.10.38-1
[bullseye] - linux <postponed> (Minor issue, revisit once fixed
upstream)
[buster] - linux 4.19.194-1
@@ -55652,6 +55946,7 @@ CVE-2020-24590 (The Management Console in WSO2 API
Manager through 3.1.0 and API
CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and
API Micro ...)
NOT-FOR-US: WSO2
CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
- firmware-nonfree <unfixed>
@@ -55663,6 +55958,7 @@ CVE-2020-24588 (The 802.11 standard that underpins
Wi-Fi Protected Access (WPA,
NOTE:
https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/
NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware
part of the CVE
CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
- firmware-nonfree <unfixed>
@@ -55674,6 +55970,7 @@ CVE-2020-24587 (The 802.11 standard that underpins
Wi-Fi Protected Access (WPA,
NOTE:
https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware
part of the CVE
CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access
(WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
- linux <unfixed>
[buster] - linux 4.19.194-1
- firmware-nonfree <unfixed>
@@ -421329,14 +421626,14 @@ CVE-2010-1437 (Race condition in the
find_keyring_by_name function in security/k
CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions,
does not ...)
- linux-2.6 2.6.32-25
[lenny] - linux-2.6 2.6.26-23
-CVE-2010-1435
- RESERVED
-CVE-2010-1434
- RESERVED
-CVE-2010-1433
- RESERVED
-CVE-2010-1432
- RESERVED
+CVE-2010-1435 (Joomla! Core is prone to a security bypass vulnerability.
Exploiting t ...)
+ TODO: check
+CVE-2010-1434 (Joomla! Core is prone to a session fixation vulnerability. An
attacker ...)
+ TODO: check
+CVE-2010-1433 (Joomla! Core is prone to a vulnerability that lets attackers
upload ar ...)
+ TODO: check
+CVE-2010-1432 (Joomla! Core is prone to an information disclosure
vulnerability. Atta ...)
+ TODO: check
CVE-2010-1430
REJECTED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or
JBEAP) ...)
@@ -424407,7 +424704,7 @@ CVE-2010-0414 (gnome-screensaver before 2.28.2 allows
physically proximate attac
[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0413
- RESERVED
+ REJECTED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the
value of t ...)
- systemtap 1.2-1 (bug #572560)
[lenny] - systemtap <not-affected> (Server component not yet present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e532950e91a3e13fed4817d9154d0b04fe59dd6f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e532950e91a3e13fed4817d9154d0b04fe59dd6f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
