Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
00fd70da by security tracker role at 2021-07-14T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-36745
+ RESERVED
+CVE-2021-36744
+ RESERVED
+CVE-2021-36743
+ RESERVED
+CVE-2021-36742
+ RESERVED
+CVE-2021-36741
+ RESERVED
+CVE-2021-3648
+ RESERVED
+CVE-2021-3647
+ RESERVED
+CVE-2021-3646
+ RESERVED
+CVE-2021-3645
+ RESERVED
+CVE-2021-3644
+ RESERVED
+CVE-2020-36419
+ RESERVED
CVE-2021-36739
RESERVED
CVE-2021-36738
@@ -24,7 +46,7 @@ CVE-2021-36728
RESERVED
CVE-2021-36727
RESERVED
-CVE-2021-36740 [Varnish VSV00007]
+CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling
and VCL a ...)
- varnish <unfixed> (bug #991040)
NOTE: https://varnish-cache.org/security/VSV00007.html
NOTE:
https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf
(6.0.8)
@@ -49,8 +71,8 @@ CVE-2021-36718
RESERVED
CVE-2021-36717
RESERVED
-CVE-2021-36716
- RESERVED
+CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found
in the S ...)
+ TODO: check
CVE-2021-3643
RESERVED
CVE-2021-XXXX [RUSTSEC-2021-0074]
@@ -2663,8 +2685,8 @@ CVE-2021-35529
RESERVED
CVE-2021-35528
RESERVED
-CVE-2021-35527
- RESERVED
+CVE-2021-35527 (Password autocomplete vulnerability in the web application
password fi ...)
+ TODO: check
CVE-2021-35526
RESERVED
CVE-2021-3624 [buffer-overflow caused by integer-overflow in
foveon_load_camf()]
@@ -2831,8 +2853,8 @@ CVE-2021-35471
RESERVED
CVE-2021-35470
RESERVED
-CVE-2021-35469
- RESERVED
+CVE-2021-35469 (The Lexmark Printer Software G2, G3 and G4 Installation
Packages have ...)
+ TODO: check
CVE-2021-35468
RESERVED
CVE-2021-35467
@@ -4920,90 +4942,90 @@ CVE-2021-34531
RESERVED
CVE-2021-34530
RESERVED
-CVE-2021-34529
- RESERVED
-CVE-2021-34528
- RESERVED
+CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
CVE-2021-34527 (Windows Print Spooler Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34526
RESERVED
-CVE-2021-34525
- RESERVED
+CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
CVE-2021-34524
RESERVED
-CVE-2021-34523
- RESERVED
-CVE-2021-34522
- RESERVED
-CVE-2021-34521
- RESERVED
-CVE-2021-34520
- RESERVED
-CVE-2021-34519
- RESERVED
-CVE-2021-34518
- RESERVED
-CVE-2021-34517
- RESERVED
-CVE-2021-34516
- RESERVED
+CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability
This CV ...)
+ TODO: check
+CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-34521 (Raw Image Extension Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-34520 (Microsoft SharePoint Server Remote Code Execution
Vulnerability This C ...)
+ TODO: check
+CVE-2021-34519 (Microsoft SharePoint Server Information Disclosure
Vulnerability ...)
+ TODO: check
+CVE-2021-34518 (Microsoft Excel Remote Code Execution Vulnerability This CVE
ID is uni ...)
+ TODO: check
+CVE-2021-34517 (Microsoft SharePoint Server Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-34516 (Win32k Elevation of Privilege Vulnerability This CVE ID is
unique from ...)
+ TODO: check
CVE-2021-34515
RESERVED
-CVE-2021-34514
- RESERVED
-CVE-2021-34513
- RESERVED
-CVE-2021-34512
- RESERVED
-CVE-2021-34511
- RESERVED
-CVE-2021-34510
- RESERVED
-CVE-2021-34509
- RESERVED
-CVE-2021-34508
- RESERVED
-CVE-2021-34507
- RESERVED
+CVE-2021-34514 (Windows Kernel Elevation of Privilege Vulnerability This CVE
ID is uni ...)
+ TODO: check
+CVE-2021-34513 (Storage Spaces Controller Elevation of Privilege Vulnerability
This CV ...)
+ TODO: check
+CVE-2021-34512 (Storage Spaces Controller Elevation of Privilege Vulnerability
This CV ...)
+ TODO: check
+CVE-2021-34511 (Windows Installer Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-34510 (Storage Spaces Controller Elevation of Privilege Vulnerability
This CV ...)
+ TODO: check
+CVE-2021-34509 (Storage Spaces Controller Information Disclosure Vulnerability
...)
+ TODO: check
+CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability This CVE ID
is uniq ...)
+ TODO: check
+CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability
...)
+ TODO: check
CVE-2021-34506
RESERVED
CVE-2021-34505
RESERVED
-CVE-2021-34504
- RESERVED
-CVE-2021-34503
- RESERVED
+CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-34503 (Microsoft Windows Media Foundation Remote Code Execution
Vulnerability ...)
+ TODO: check
CVE-2021-34502
RESERVED
-CVE-2021-34501
- RESERVED
-CVE-2021-34500
- RESERVED
-CVE-2021-34499
- RESERVED
-CVE-2021-34498
- RESERVED
-CVE-2021-34497
- RESERVED
-CVE-2021-34496
- RESERVED
+CVE-2021-34501 (Microsoft Excel Remote Code Execution Vulnerability This CVE
ID is uni ...)
+ TODO: check
+CVE-2021-34500 (Windows Kernel Memory Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-34499 (Windows DNS Server Denial of Service Vulnerability This CVE ID
is uniq ...)
+ TODO: check
+CVE-2021-34498 (Windows GDI Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-34497 (Windows MSHTML Platform Remote Code Execution Vulnerability
This CVE I ...)
+ TODO: check
+CVE-2021-34496 (Windows GDI Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-34495
RESERVED
-CVE-2021-34494
- RESERVED
-CVE-2021-34493
- RESERVED
-CVE-2021-34492
- RESERVED
-CVE-2021-34491
- RESERVED
-CVE-2021-34490
- RESERVED
-CVE-2021-34489
- RESERVED
-CVE-2021-34488
- RESERVED
+CVE-2021-34494 (Windows DNS Server Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-34493 (Windows Partition Management Driver Elevation of Privilege
Vulnerabili ...)
+ TODO: check
+CVE-2021-34492 (Windows Certificate Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-34491 (Win32k Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-34490 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE
ID is u ...)
+ TODO: check
+CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability
...)
+ TODO: check
CVE-2021-34487
RESERVED
CVE-2021-34486
@@ -5020,30 +5042,30 @@ CVE-2021-34481
RESERVED
CVE-2021-34480
RESERVED
-CVE-2021-34479
- RESERVED
+CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-34478
RESERVED
-CVE-2021-34477
- RESERVED
-CVE-2021-34476
- RESERVED
+CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege
Vulnerability ...)
+ TODO: check
+CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability ...)
+ TODO: check
CVE-2021-34475
RESERVED
-CVE-2021-34474
- RESERVED
-CVE-2021-34473
- RESERVED
+CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability
...)
+ TODO: check
+CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability
This CVE ...)
+ TODO: check
CVE-2021-34472
RESERVED
CVE-2021-34471
RESERVED
-CVE-2021-34470
- RESERVED
-CVE-2021-34469
- RESERVED
-CVE-2021-34468
- RESERVED
+CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability
This CV ...)
+ TODO: check
+CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-34468 (Microsoft SharePoint Server Remote Code Execution
Vulnerability This C ...)
+ TODO: check
CVE-2021-34467
RESERVED
CVE-2021-34466
@@ -5682,10 +5704,10 @@ CVE-2021-34176
RESERVED
CVE-2021-34175
RESERVED
-CVE-2021-34174
- RESERVED
-CVE-2021-34173
- RESERVED
+CVE-2021-34174 (A vulnerability exists in Broadcom BCM4352 and BCM43684 chips.
Any wir ...)
+ TODO: check
+CVE-2021-34173 (An attacker can cause a Denial of Service and kernel panic in
v4.2 and ...)
+ TODO: check
CVE-2021-34172
RESERVED
CVE-2021-34171
@@ -6584,104 +6606,104 @@ CVE-2021-33790 (The RebornCore library before 4.7.3
allows remote code execution
NOT-FOR-US: RebornCore
CVE-2021-33789
RESERVED
-CVE-2021-33788
- RESERVED
+CVE-2021-33788 (Windows LSA Denial of Service Vulnerability ...)
+ TODO: check
CVE-2021-33787
RESERVED
-CVE-2021-33786
- RESERVED
-CVE-2021-33785
- RESERVED
-CVE-2021-33784
- RESERVED
-CVE-2021-33783
- RESERVED
-CVE-2021-33782
- RESERVED
-CVE-2021-33781
- RESERVED
-CVE-2021-33780
- RESERVED
-CVE-2021-33779
- RESERVED
-CVE-2021-33778
- RESERVED
-CVE-2021-33777
- RESERVED
-CVE-2021-33776
- RESERVED
-CVE-2021-33775
- RESERVED
-CVE-2021-33774
- RESERVED
-CVE-2021-33773
- RESERVED
-CVE-2021-33772
- RESERVED
-CVE-2021-33771
- RESERVED
+CVE-2021-33786 (Windows LSA Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-33785 (Windows AF_UNIX Socket Provider Denial of Service
Vulnerability ...)
+ TODO: check
+CVE-2021-33784 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2021-33783 (Windows SMB Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-33782 (Windows Authenticode Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-33781 (Active Directory Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-33780 (Windows DNS Server Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-33779 (Windows ADFS Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-33778 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
+ TODO: check
+CVE-2021-33777 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
+ TODO: check
+CVE-2021-33776 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
+ TODO: check
+CVE-2021-33775 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
+ TODO: check
+CVE-2021-33774 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-33773 (Windows Remote Access Connection Manager Elevation of
Privilege Vulner ...)
+ TODO: check
+CVE-2021-33772 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE
ID is u ...)
+ TODO: check
+CVE-2021-33771 (Windows Kernel Elevation of Privilege Vulnerability This CVE
ID is uni ...)
+ TODO: check
CVE-2021-33770
RESERVED
CVE-2021-33769
RESERVED
-CVE-2021-33768
- RESERVED
-CVE-2021-33767
- RESERVED
-CVE-2021-33766
- RESERVED
-CVE-2021-33765
- RESERVED
-CVE-2021-33764
- RESERVED
-CVE-2021-33763
- RESERVED
+CVE-2021-33768 (Microsoft Exchange Server Elevation of Privilege Vulnerability
This CV ...)
+ TODO: check
+CVE-2021-33767 (Open Enclave SDK Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-33766 (Microsoft Exchange Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-33765 (Windows Installer Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-33764 (Windows Key Distribution Center Information Disclosure
Vulnerability ...)
+ TODO: check
+CVE-2021-33763 (Windows Remote Access Connection Manager Information
Disclosure Vulner ...)
+ TODO: check
CVE-2021-33762
RESERVED
-CVE-2021-33761
- RESERVED
-CVE-2021-33760
- RESERVED
-CVE-2021-33759
- RESERVED
-CVE-2021-33758
- RESERVED
-CVE-2021-33757
- RESERVED
-CVE-2021-33756
- RESERVED
-CVE-2021-33755
- RESERVED
-CVE-2021-33754
- RESERVED
-CVE-2021-33753
- RESERVED
-CVE-2021-33752
- RESERVED
-CVE-2021-33751
- RESERVED
-CVE-2021-33750
- RESERVED
-CVE-2021-33749
- RESERVED
+CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of
Privilege Vulner ...)
+ TODO: check
+CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-33759 (Windows Desktop Bridge Elevation of Privilege Vulnerability
...)
+ TODO: check
+CVE-2021-33758 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is
unique ...)
+ TODO: check
+CVE-2021-33757 (Windows Security Account Manager Remote Protocol Security
Feature Bypa ...)
+ TODO: check
+CVE-2021-33756 (Windows DNS Snap-in Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-33755 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is
unique ...)
+ TODO: check
+CVE-2021-33754 (Windows DNS Server Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-33753 (Microsoft Bing Search Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-33752 (Windows DNS Snap-in Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-33751 (Storage Spaces Controller Elevation of Privilege Vulnerability
This CV ...)
+ TODO: check
+CVE-2021-33750 (Windows DNS Snap-in Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-33749 (Windows DNS Snap-in Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
CVE-2021-33748
RESERVED
CVE-2021-33747
RESERVED
-CVE-2021-33746
- RESERVED
-CVE-2021-33745
- RESERVED
-CVE-2021-33744
- RESERVED
-CVE-2021-33743
- RESERVED
+CVE-2021-33746 (Windows DNS Server Remote Code Execution Vulnerability This
CVE ID is ...)
+ TODO: check
+CVE-2021-33745 (Windows DNS Server Denial of Service Vulnerability This CVE ID
is uniq ...)
+ TODO: check
+CVE-2021-33744 (Windows Secure Kernel Mode Security Feature Bypass
Vulnerability ...)
+ TODO: check
+CVE-2021-33743 (Windows Projected File System Elevation of Privilege
Vulnerability ...)
+ TODO: check
CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability
...)
NOT-FOR-US: Microsoft
CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-33740
- RESERVED
+CVE-2021-33740 (Windows Media Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege
Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-36381
@@ -6828,34 +6850,34 @@ CVE-2021-33691
RESERVED
CVE-2021-33690
RESERVED
-CVE-2021-33689
- RESERVED
+CVE-2021-33689 (When user with insufficient privileges tries to access any
application ...)
+ TODO: check
CVE-2021-33688
RESERVED
-CVE-2021-33687
- RESERVED
+CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10,
7.20, 7.30 ...)
+ TODO: check
CVE-2021-33686
RESERVED
CVE-2021-33685
RESERVED
-CVE-2021-33684
- RESERVED
-CVE-2021-33683
- RESERVED
-CVE-2021-33682
- RESERVED
-CVE-2021-33681
- RESERVED
-CVE-2021-33680
- RESERVED
+CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC
7.21, 7. ...)
+ TODO: check
+CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM),
versions ...)
+ TODO: check
+CVE-2021-33682 (SAP Lumira Server version 2.4 does not sufficiently encode
user contro ...)
+ TODO: check
+CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
+CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to
open ma ...)
+ TODO: check
CVE-2021-33679
RESERVED
-CVE-2021-33678
- RESERVED
-CVE-2021-33677
- RESERVED
-CVE-2021-33676
- RESERVED
+CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation
Framework), ...)
+ TODO: check
+CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700,
702, 730, ...)
+ TODO: check
+CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701,
702, 712, 7 ...)
+ TODO: check
CVE-2021-33675
RESERVED
CVE-2021-33674
@@ -6864,16 +6886,16 @@ CVE-2021-33673
RESERVED
CVE-2021-33672
RESERVED
-CVE-2021-33671
- RESERVED
-CVE-2021-33670
- RESERVED
+CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset),
versions - 7 ...)
+ TODO: check
+CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter),
versions - ...)
+ TODO: check
CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider
allows a ...)
NOT-FOR-US: SAP
CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP
queries can ...)
NOT-FOR-US: SAP
-CVE-2021-33667
- RESERVED
+CVE-2021-33667 (Under certain conditions, SAP Business Objects Web
Intelligence (BI La ...)
+ TODO: check
CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript
storefront, it ...)
NOT-FOR-US: SAP
CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on
SAP GUI f ...)
@@ -7868,12 +7890,12 @@ CVE-2021-33215 (An issue was discovered in CommScope
Ruckus IoT Controller 1.7.1
NOT-FOR-US: CommScope Ruckus IoT Controller
CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem
permissions could ...)
NOT-FOR-US: HMS Ewon eCatcher
-CVE-2021-33213
- RESERVED
-CVE-2021-33212
- RESERVED
-CVE-2021-33211
- RESERVED
+CVE-2021-33213 (An SSRF vulnerability in the "Upload from URL" feature in
Elements-IT ...)
+ TODO: check
+CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in
Browser" fe ...)
+ TODO: check
+CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in
Elements-I ...)
+ TODO: check
CVE-2021-33210
RESERVED
CVE-2021-33209
@@ -10817,8 +10839,8 @@ CVE-2021-31986
RESERVED
CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-31984
- RESERVED
+CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is
unique fro ...)
NOT-FOR-US: Microsoft
CVE-2021-31982
@@ -10827,8 +10849,8 @@ CVE-2021-31981
RESERVED
CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution
Vulnerabil ...)
NOT-FOR-US: Microsoft
-CVE-2021-31979
- RESERVED
+CVE-2021-31979 (Windows Kernel Elevation of Privilege Vulnerability This CVE
ID is uni ...)
+ TODO: check
CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability ...)
@@ -10863,8 +10885,8 @@ CVE-2021-31963 (Microsoft SharePoint Server Remote Code
Execution Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability
...)
NOT-FOR-US: Microsoft
-CVE-2021-31961
- RESERVED
+CVE-2021-31961 (Windows InstallService Elevation of Privilege Vulnerability
...)
+ TODO: check
CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure
Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...)
@@ -10891,8 +10913,8 @@ CVE-2021-31949 (Microsoft Outlook Remote Code Execution
Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID
is uniq ...)
NOT-FOR-US: Microsoft
-CVE-2021-31947
- RESERVED
+CVE-2021-31947 (HEVC Video Extensions Remote Code Execution Vulnerability This
CVE ID ...)
+ TODO: check
CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability This CVE ID is
unique fro ...)
NOT-FOR-US: Microsoft
CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability This CVE ID is
unique fro ...)
@@ -11175,8 +11197,8 @@ CVE-2021-31861
RESERVED
CVE-2021-31860
RESERVED
-CVE-2021-31859
- RESERVED
+CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft
SafeQ 6 ...)
+ TODO: check
CVE-2021-31858
RESERVED
CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build
11104, att ...)
@@ -12879,8 +12901,8 @@ CVE-2021-31208 (Windows Container Manager Service
Elevation of Privilege Vulnera
NOT-FOR-US: Microsoft
CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass
Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-31206
- RESERVED
+CVE-2021-31206 (Microsoft Exchange Server Remote Code Execution Vulnerability
This CVE ...)
+ TODO: check
CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability
...)
@@ -12899,8 +12921,8 @@ CVE-2021-31198 (Microsoft Exchange Server Remote Code
Execution Vulnerability Th
NOT-FOR-US: Microsoft
CVE-2021-31197
RESERVED
-CVE-2021-31196
- RESERVED
+CVE-2021-31196 (Microsoft Exchange Server Remote Code Execution Vulnerability
This CVE ...)
+ TODO: check
CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability
This CVE ...)
NOT-FOR-US: Microsoft
CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability ...)
@@ -12925,8 +12947,8 @@ CVE-2021-31185 (Windows Desktop Bridge Denial of
Service Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information
Disclos ...)
NOT-FOR-US: Microsoft
-CVE-2021-31183
- RESERVED
+CVE-2021-31183 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE
ID is u ...)
+ TODO: check
CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
@@ -14353,6 +14375,7 @@ CVE-2021-30548 (Use after free in Loader in Google
Chrome prior to 91.0.4472.101
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to
91.0.4472.101 a ...)
+ {DSA-4939-1}
- chromium <unfixed> (bug #990079)
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 90.0-1
@@ -15872,6 +15895,7 @@ CVE-2021-29977
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
CVE-2021-29976
RESERVED
+ {DSA-4939-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
- thunderbird <unfixed>
@@ -15900,6 +15924,7 @@ CVE-2021-29971
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971
CVE-2021-29970
RESERVED
+ {DSA-4939-1}
- firefox 90.0-1
- firefox-esr 78.12.0esr-1
- thunderbird <unfixed>
@@ -25724,8 +25749,8 @@ CVE-2021-25955
RESERVED
CVE-2021-25954
RESERVED
-CVE-2021-25953
- RESERVED
+CVE-2021-25953 (Prototype pollution vulnerability in 'putil-merge'
versions1.0.0 throu ...)
+ TODO: check
CVE-2021-25952 (Prototype pollution vulnerability in
‘just-safe-set’ versi ...)
TODO: check
CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an
attacker to ca ...)
@@ -29980,14 +30005,14 @@ CVE-2021-24121
RESERVED
CVE-2021-24120
RESERVED
-CVE-2021-24119
- RESERVED
+CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel
vulnerability in b ...)
+ TODO: check
CVE-2021-24118
RESERVED
-CVE-2021-24117
- RESERVED
-CVE-2021-24116
- RESERVED
+CVE-2021-24117 (In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM
file dec ...)
+ TODO: check
+CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in
base64 PEM f ...)
+ TODO: check
CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not
used for ce ...)
- botan 2.17.3+dfsg-1
[buster] - botan <no-dsa> (Minor issue)
@@ -31656,8 +31681,8 @@ CVE-2021-23409
RESERVED
CVE-2021-23408
RESERVED
-CVE-2021-23407
- RESERVED
+CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before
1.2.4. Th ...)
+ TODO: check
CVE-2021-23406
RESERVED
CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This
issue exi ...)
@@ -33016,16 +33041,16 @@ CVE-2021-22784
RESERVED
CVE-2021-22783
RESERVED
-CVE-2021-22782
- RESERVED
-CVE-2021-22781
- RESERVED
-CVE-2021-22780
- RESERVED
-CVE-2021-22779
- RESERVED
-CVE-2021-22778
- RESERVED
+CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in
EcoStruxu ...)
+ TODO: check
+CVE-2021-22781 (Insufficiently Protected Credentials vulnerability exists in
EcoStruxu ...)
+ TODO: check
+CVE-2021-22780 (Insufficiently Protected Credentials vulnerability exists in
EcoStruxu ...)
+ TODO: check
+CVE-2021-22779 (Authentication Bypass by Spoofing vulnerability exists in
EcoStruxure ...)
+ TODO: check
+CVE-2021-22778 (Insufficiently Protected Credentials vulnerability exists in
EcoStruxu ...)
+ TODO: check
CVE-2021-22777
RESERVED
CVE-2021-22776
@@ -34104,8 +34129,8 @@ CVE-2021-22320 (There is a denial of service
vulnerability in Huawei products. A
NOT-FOR-US: Huawei
CVE-2021-22319
RESERVED
-CVE-2021-22318
- RESERVED
+CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer
Dereference Vulner ...)
+ TODO: check
CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei
Smartphone. ...)
NOT-FOR-US: Huawei
CVE-2021-22316 (There is a Missing Authentication for Critical Function
vulnerability ...)
@@ -45313,10 +45338,10 @@ CVE-2020-29149
RESERVED
CVE-2020-29148
RESERVED
-CVE-2020-29147
- RESERVED
-CVE-2020-29146
- RESERVED
+CVE-2020-29147 (A SQL injection vulnerability in
wy_controlls/wy_side_visitor.php of W ...)
+ TODO: check
+CVE-2020-29146 (A cross site scripting (XSS) vulnerability in index.php of
Wayang-CMS ...)
+ TODO: check
CVE-2020-29145 (In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a
web bas ...)
NOT-FOR-US: Ericsson
CVE-2020-29144 (In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a
web base ...)
@@ -49184,8 +49209,8 @@ CVE-2021-0656
RESERVED
CVE-2021-0655
RESERVED
-CVE-2021-0654
- RESERVED
+CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible
data ex ...)
+ TODO: check
CVE-2021-0653
RESERVED
CVE-2021-0652
@@ -49288,46 +49313,46 @@ CVE-2021-0605 (In pfkey_dump of af_key.c, there is a
possible out-of-bounds read
[buster] - linux 4.19.152-1
[stretch] - linux 4.9.240-1
NOTE:
https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac
-CVE-2021-0604
- RESERVED
-CVE-2021-0603
- RESERVED
-CVE-2021-0602
- RESERVED
-CVE-2021-0601
- RESERVED
-CVE-2021-0600
- RESERVED
-CVE-2021-0599
- RESERVED
+CVE-2021-0604 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is
a possi ...)
+ TODO: check
+CVE-2021-0603 (In onCreate of ContactSelectionActivity.java, there is a
possible way ...)
+ TODO: check
+CVE-2021-0602 (In onCreateOptionsMenu of WifiNetworkDetailsFragment.java,
there is a ...)
+ TODO: check
+CVE-2021-0601 (In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out
of boun ...)
+ TODO: check
+CVE-2021-0600 (In onCreate of DeviceAdminAdd.java, there is a possible way to
mislead ...)
+ TODO: check
+CVE-2021-0599 (In scheduleTimeoutLocked of NotificationRecord.java, there is a
possib ...)
+ TODO: check
CVE-2021-0598
RESERVED
-CVE-2021-0597
- RESERVED
-CVE-2021-0596
- RESERVED
+CVE-2021-0597 (In notifyProfileAdded and notifyProfileRemoved of
SipService.java, the ...)
+ TODO: check
+CVE-2021-0596 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a
possibl ...)
+ TODO: check
CVE-2021-0595
RESERVED
-CVE-2021-0594
- RESERVED
+CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible
remote bypa ...)
+ TODO: check
CVE-2021-0593
RESERVED
-CVE-2021-0592
- RESERVED
+CVE-2021-0592 (In various functions in WideVine, there are possible out of
bounds wri ...)
+ TODO: check
CVE-2021-0591
RESERVED
-CVE-2021-0590
- RESERVED
-CVE-2021-0589
- RESERVED
-CVE-2021-0588
- RESERVED
-CVE-2021-0587
- RESERVED
-CVE-2021-0586
- RESERVED
-CVE-2021-0585
- RESERVED
+CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there
is a p ...)
+ TODO: check
+CVE-2021-0589 (In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of
bounds ...)
+ TODO: check
+CVE-2021-0588 (In processInboundMessage of MceStateMachine.java, there is a
possible ...)
+ TODO: check
+CVE-2021-0587 (In StreamOut::prepareForWriting of StreamOut.cpp, there is a
possible ...)
+ TODO: check
+CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible
way to t ...)
+ TODO: check
+CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a
possible ...)
+ TODO: check
CVE-2021-0584
RESERVED
CVE-2021-0583
@@ -49342,8 +49367,8 @@ CVE-2021-0579
RESERVED
CVE-2021-0578
RESERVED
-CVE-2021-0577
- RESERVED
+CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due
to a hea ...)
+ TODO: check
CVE-2021-0576
RESERVED
CVE-2021-0575
@@ -49460,16 +49485,16 @@ CVE-2021-0520 (In several functions of
MemoryFileSystem.cpp and related files, t
NOT-FOR-US: Android media framework
CVE-2021-0519
RESERVED
-CVE-2021-0518
- RESERVED
+CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java,
there i ...)
+ TODO: check
CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a
possible ...)
NOT-FOR-US: Android
CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible
out of b ...)
NOT-FOR-US: Android
-CVE-2021-0515
- RESERVED
-CVE-2021-0514
- RESERVED
+CVE-2021-0515 (In Factory::CreateStrictFunctionMap of factory.cc, there is a
possible ...)
+ TODO: check
+CVE-2021-0514 (In several functions of the V8 library, there is a possible use
after ...)
+ TODO: check
CVE-2021-0513 (In deleteNotificationChannel and related functions of
NotificationMana ...)
NOT-FOR-US: Android
CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c,
there is a ...)
@@ -49527,8 +49552,8 @@ CVE-2021-0488 (In pb_write of pb_encode.c, there is a
possible out of bounds wri
NOT-FOR-US: Android
CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible
way to ...)
NOT-FOR-US: Android
-CVE-2021-0486
- RESERVED
+CVE-2021-0486 (In onPackageAddedInternal of PermissionManagerService.java,
there is p ...)
+ TODO: check
CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a
possible bypa ...)
NOT-FOR-US: Android
CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of
uniniti ...)
@@ -49619,8 +49644,8 @@ CVE-2021-0443 (In several functions of
ScreenshotHelper.java and related files,
NOT-FOR-US: Android
CVE-2021-0442 (In updateInfo of
android_hardware_input_InputApplicationHandle.cpp, th ...)
NOT-FOR-US: Android
-CVE-2021-0441
- RESERVED
+CVE-2021-0441 (In onCreate of PermissionActivity.java, there is a possible
permission ...)
+ TODO: check
CVE-2021-0440
RESERVED
CVE-2021-0439 (In setPowerModeWithHandle of
com_android_server_power_PowerManagerServ ...)
@@ -52000,8 +52025,8 @@ CVE-2021-0146
RESERVED
CVE-2021-0145
RESERVED
-CVE-2021-0144
- RESERVED
+CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT
featur ...)
+ TODO: check
CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand
Verificat ...)
NOT-FOR-US: Intel
CVE-2021-0142
@@ -52947,8 +52972,8 @@ CVE-2020-27381
RESERVED
CVE-2020-27380
RESERVED
-CVE-2020-27379
- RESERVED
+CVE-2020-27379 (Cross Site Request Forgery (CSRF) vulnerability in Booking
Core - Ulti ...)
+ TODO: check
CVE-2020-27378
RESERVED
CVE-2020-27377 (A cross-site scripting (XSS) vulnerability was discovered in
the Admin ...)
@@ -57694,10 +57719,10 @@ CVE-2020-25447
RESERVED
CVE-2020-25446
RESERVED
-CVE-2020-25445
- RESERVED
-CVE-2020-25444
- RESERVED
+CVE-2020-25445 (Cross Site Scripting (XSS) vulnerability in Booking Core -
Ultimate Bo ...)
+ TODO: check
+CVE-2020-25444 (Cross Site Scripting (XSS) vulnerability in Booking Core -
Ultimate Bo ...)
+ TODO: check
CVE-2020-25443
RESERVED
CVE-2020-25442
@@ -68747,8 +68772,8 @@ CVE-2020-20233
RESERVED
CVE-2020-20232
RESERVED
-CVE-2020-20231
- RESERVED
+CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a
memory ...)
+ TODO: check
CVE-2020-20230
RESERVED
CVE-2020-20229
@@ -72935,16 +72960,16 @@ CVE-2020-18157
RESERVED
CVE-2020-18156
RESERVED
-CVE-2020-18155
- RESERVED
+CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the
search page i ...)
+ TODO: check
CVE-2020-18154
RESERVED
CVE-2020-18153
RESERVED
CVE-2020-18152
RESERVED
-CVE-2020-18151
- RESERVED
+CVE-2020-18151 (Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF
v5.1.0, w ...)
+ TODO: check
CVE-2020-18150
RESERVED
CVE-2020-18149
@@ -72955,10 +72980,10 @@ CVE-2020-18147
RESERVED
CVE-2020-18146
RESERVED
-CVE-2020-18145
- RESERVED
-CVE-2020-18144
- RESERVED
+CVE-2020-18145 (Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3
via /publi ...)
+ TODO: check
+CVE-2020-18144 (SQL Injection Vulnerability in ECTouch v2 via the integral_min
paramet ...)
+ TODO: check
CVE-2020-18143
RESERVED
CVE-2020-18142
@@ -123617,8 +123642,8 @@ CVE-2020-0419 (In generateInfo of
PackageInstallerSession.java, there is a possi
NOT-FOR-US: Android
CVE-2020-0418 (In getPermissionInfosForGroup of Utils.java, there is a logic
error. T ...)
NOT-FOR-US: Android
-CVE-2020-0417
- RESERVED
+CVE-2020-0417 (In setNiNotification of GpsNetInitiatedHandler.java, there is a
possib ...)
+ TODO: check
CVE-2020-0416 (In multiple settings screens, there are possible tapjacking
attacks du ...)
NOT-FOR-US: Android
CVE-2020-0415 (In various locations in SystemUI, there is a possible
permission bypas ...)
@@ -146457,8 +146482,8 @@ CVE-2019-11100 (Insufficient input validation in the
subsystem for Intel(R) AMT
NOT-FOR-US: Intel
CVE-2019-11099
RESERVED
-CVE-2019-11098
- RESERVED
+CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may
allow an un ...)
+ TODO: check
CVE-2019-11097 (Improper directory permissions in the installer for Intel(R)
Managemen ...)
NOT-FOR-US: Intel
CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218
Adapter driv ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00fd70dab93d3695ea8869e5a66d72fed445a6f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00fd70dab93d3695ea8869e5a66d72fed445a6f7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
