Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7fb5b56 by security tracker role at 2021-08-02T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a
remote att ...)
+ TODO: check
+CVE-2021-37842
+ RESERVED
+CVE-2021-37841
+ RESERVED
+CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking
(CSWH) in ...)
+ TODO: check
+CVE-2021-37839
+ RESERVED
+CVE-2021-3674
+ RESERVED
+CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper
input ...)
+ TODO: check
CVE-2021-37838
RESERVED
CVE-2021-37837
@@ -1301,8 +1315,8 @@ CVE-2021-3658
[buster] - bluez <no-dsa> (Minor issue)
[stretch] - bluez <no-dsa> (Minor issue)
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
-CVE-2021-37216
- RESERVED
+CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter
special ch ...)
+ TODO: check
CVE-2021-37215
RESERVED
CVE-2021-37214
@@ -1399,22 +1413,22 @@ CVE-2021-37169
RESERVED
CVE-2021-37168
RESERVED
-CVE-2021-37167
- RESERVED
-CVE-2021-37166
- RESERVED
-CVE-2021-37165
- RESERVED
-CVE-2021-37164
- RESERVED
-CVE-2021-37163
- RESERVED
-CVE-2021-37162
- RESERVED
-CVE-2021-37161
- RESERVED
-CVE-2021-37160
- RESERVED
+CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control
Panel in ...)
+ TODO: check
+CVE-2021-37166 (A buffer overflow issue leading to denial of service was
discovered in ...)
+ TODO: check
+CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel
in Swissl ...)
+ TODO: check
+CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel
in Swissl ...)
+ TODO: check
+CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control
Panel in ...)
+ TODO: check
+CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel
in Swissl ...)
+ TODO: check
+CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control
Panel conta ...)
+ TODO: check
+CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control
Panel in Sw ...)
+ TODO: check
CVE-2021-37158
RESERVED
CVE-2021-37157
@@ -5307,7 +5321,7 @@ CVE-2021-35466
RESERVED
CVE-2021-35465
RESERVED
-CVE-2021-35464 (ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a
Java deseri ...)
+CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization
vulnerabilit ...)
NOT-FOR-US: ForgeRock
CVE-2021-35463
RESERVED
@@ -5335,8 +5349,8 @@ CVE-2021-35452
RESERVED
CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an
unauthenti ...)
NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
-CVE-2021-35450
- RESERVED
+CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console
6.3.9 an ...)
+ TODO: check
CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below,
G2 driv ...)
NOT-FOR-US: Lexmark
CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows
attackers to ex ...)
@@ -7239,10 +7253,10 @@ CVE-2021-34577
RESERVED
CVE-2021-34576
RESERVED
-CVE-2021-34575
- RESERVED
-CVE-2021-34574
- RESERVED
+CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions
<= 2.8.0 ...)
+ TODO: check
+CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions
<= 2.8.0 ...)
+ TODO: check
CVE-2021-34573
RESERVED
CVE-2021-34572
@@ -9700,10 +9714,10 @@ CVE-2021-33529 (In Weidmueller Industrial WLAN devices
in multiple versions the
NOT-FOR-US: Weidmueller Industrial WLAN devices
CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an
exploit ...)
NOT-FOR-US: Weidmueller Industrial WLAN devices
-CVE-2021-33527
- RESERVED
-CVE-2021-33526
- RESERVED
+CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low
privileged lo ...)
+ TODO: check
+CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low
privileged lo ...)
+ TODO: check
CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command
Execution (b ...)
NOT-FOR-US: EyesOfNetwork (EON) eonweb
CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI
device in ...)
@@ -10426,8 +10440,7 @@ CVE-2021-33200 (kernel/bpf/verifier.c in the Linux
kernel through 5.12.7 enforce
NOTE: Issue introduced due to fixes applied for CVE-2021-29155
CVE-2021-33199
RESERVED
-CVE-2021-33198
- RESERVED
+CVE-2021-33198 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to
allocate excess ...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
- golang-1.11 <removed>
@@ -10438,8 +10451,7 @@ CVE-2021-33198
NOTE: https://github.com/golang/go/issues/45910
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE: Introduced by
https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788
(go1.13beta1)
-CVE-2021-33197
- RESERVED
+CVE-2021-33197 (Go before 1.15.12 and 1.16.x before 1.16.5 acts as an
Unintended Proxy ...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
- golang-1.11 <removed>
@@ -10451,8 +10463,7 @@ CVE-2021-33197
NOTE: https://github.com/golang/go/issues/46313
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE:
https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76
(1.15)
-CVE-2021-33196 [archive/zip: malformed archive may cause panic or memory
exhaustion]
- RESERVED
+CVE-2021-33196 (Go before 1.15.12 and 1.16.x before 1.16.5 attempts to
allocate excess ...)
- golang-1.16 1.16.5-1 (bug #989492)
- golang-1.15 1.15.9-4
- golang-1.11 <removed>
@@ -10465,8 +10476,7 @@ CVE-2021-33196 [archive/zip: malformed archive may
cause panic or memory exhaust
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE:
https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10
(1.15)
-CVE-2021-33195
- RESERVED
+CVE-2021-33195 (Go before 1.15.12 and 1.16.x before 1.16.5 allows injection.
...)
- golang-1.16 1.16.5-1
- golang-1.15 1.15.9-5
- golang-1.11 <removed>
@@ -11367,16 +11377,16 @@ CVE-2021-32812
RESERVED
CVE-2021-32811
RESERVED
-CVE-2021-32810
- RESERVED
+CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for
building task ...)
+ TODO: check
CVE-2021-32809
RESERVED
CVE-2021-32808
RESERVED
CVE-2021-32807 (The module `AccessControl` defines security policies for
Python code u ...)
NOT-FOR-US: Zope AccessControl
-CVE-2021-32806
- RESERVED
+CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal
method in Pl ...)
+ TODO: check
CVE-2021-32805
RESERVED
CVE-2021-32804
@@ -19185,8 +19195,8 @@ CVE-2021-29759 (IBM App Connect Enterprise Certified
Container 1.0, 1.1, 1.2, an
NOT-FOR-US: IBM
CVE-2021-29758
RESERVED
-CVE-2021-29757
- RESERVED
+CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to
cross-site r ...)
+ TODO: check
CVE-2021-29756
RESERVED
CVE-2021-29755
@@ -19217,8 +19227,8 @@ CVE-2021-29743
RESERVED
CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to
imperso ...)
NOT-FOR-US: IBM
-CVE-2021-29741
- RESERVED
+CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to
exploit a v ...)
+ TODO: check
CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through
5.1.0.3 sys ...)
NOT-FOR-US: IBM
CVE-2021-29739
@@ -19305,10 +19315,10 @@ CVE-2021-29699 (IBM Security Verify Access Docker
10.0.0 could allow a remote pr
NOT-FOR-US: IBM
CVE-2021-29698
RESERVED
-CVE-2021-29697
- RESERVED
-CVE-2021-29696
- RESERVED
+CVE-2021-29697 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0,
1.6.1.0, ...)
+ TODO: check
+CVE-2021-29696 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0,
1.6.1.0, ...)
+ TODO: check
CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote
attacker t ...)
NOT-FOR-US: IBM
CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker
than expec ...)
@@ -31964,10 +31974,10 @@ CVE-2021-24506
RESERVED
CVE-2021-24505
RESERVED
-CVE-2021-24504
- RESERVED
-CVE-2021-24503
- RESERVED
+CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin
through ...)
+ TODO: check
+CVE-2021-24503 (The Popular Brand Icons – Simple Icons WordPress plugin
before 2 ...)
+ TODO: check
CVE-2021-24502
RESERVED
CVE-2021-24501
@@ -31976,94 +31986,94 @@ CVE-2021-24500
RESERVED
CVE-2021-24499
RESERVED
-CVE-2021-24498
- RESERVED
+CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01
does not ...)
+ TODO: check
CVE-2021-24497
RESERVED
-CVE-2021-24496
- RESERVED
+CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not
sanitise, ...)
+ TODO: check
CVE-2021-24495
RESERVED
CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not
escape s ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24493
RESERVED
-CVE-2021-24492
- RESERVED
+CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome
Testimon ...)
+ TODO: check
CVE-2021-24491
RESERVED
CVE-2021-24490
RESERVED
CVE-2021-24489
RESERVED
-CVE-2021-24488
- RESERVED
+CVE-2021-24488 (The slider import search feature and tab parameter of the Post
Grid Wo ...)
+ TODO: check
CVE-2021-24487
RESERVED
CVE-2021-24486
RESERVED
CVE-2021-24485
RESERVED
-CVE-2021-24484
- RESERVED
-CVE-2021-24483
- RESERVED
+CVE-2021-24484 (The get_reports() function in the Secure Copy Content
Protection and C ...)
+ TODO: check
+CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports()
functions in ...)
+ TODO: check
CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24481
- RESERVED
-CVE-2021-24480
- RESERVED
-CVE-2021-24479
- RESERVED
-CVE-2021-24478
- RESERVED
-CVE-2021-24477
- RESERVED
-CVE-2021-24476
- RESERVED
+CVE-2021-24481 (The Any Hostname WordPress plugin through 1.0.6 does not
sanitise or e ...)
+ TODO: check
+CVE-2021-24480 (The Event Geek WordPress plugin through 2.5.2 does not
sanitise or esc ...)
+ TODO: check
+CVE-2021-24479 (The DrawBlog WordPress plugin through 0.90 does not sanitise
or valida ...)
+ TODO: check
+CVE-2021-24478 (The Bookshelf WordPress plugin through 2.0.4 does not sanitise
or esca ...)
+ TODO: check
+CVE-2021-24477 (The Migrate Users WordPress plugin through 1.0.1 does not
sanitise or ...)
+ TODO: check
+CVE-2021-24476 (The Steam Group Viewer WordPress plugin through 2.1 does not
sanitise ...)
+ TODO: check
CVE-2021-24475
RESERVED
-CVE-2021-24474
- RESERVED
-CVE-2021-24473
- RESERVED
-CVE-2021-24472
- RESERVED
+CVE-2021-24474 (The Awesome Weather Widget WordPress plugin through 3.0.2 does
not san ...)
+ TODO: check
+CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was
affected by ...)
+ TODO: check
+CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio
WordPress ...)
+ TODO: check
CVE-2021-24471
RESERVED
-CVE-2021-24470
- RESERVED
+CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise,
validate ...)
+ TODO: check
CVE-2021-24469
RESERVED
-CVE-2021-24468
- RESERVED
+CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape
some sho ...)
+ TODO: check
CVE-2021-24467
RESERVED
CVE-2021-24466
RESERVED
CVE-2021-24465
RESERVED
-CVE-2021-24464
- RESERVED
-CVE-2021-24463
- RESERVED
-CVE-2021-24462
- RESERVED
-CVE-2021-24461
- RESERVED
-CVE-2021-24460
- RESERVED
-CVE-2021-24459
- RESERVED
-CVE-2021-24458
- RESERVED
-CVE-2021-24457
- RESERVED
-CVE-2021-24456
- RESERVED
-CVE-2021-24455
- RESERVED
+CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress
plugin bef ...)
+ TODO: check
+CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays-
Responsive Slid ...)
+ TODO: check
+CVE-2021-24462 (The get_gallery_categories() and get_galleries() functions in
the Phot ...)
+ TODO: check
+CVE-2021-24461 (The get_faqs() function in the FAQ Builder AYS WordPress
plugin before ...)
+ TODO: check
+CVE-2021-24460 (The get_fb_likeboxes() function in the Popup Like box –
Page Plu ...)
+ TODO: check
+CVE-2021-24459 (The get_results() and get_items() functions in the Survey
Maker WordPr ...)
+ TODO: check
+CVE-2021-24458 (The get_ays_popupboxes() and get_popup_categories() functions
of the P ...)
+ TODO: check
+CVE-2021-24457 (The get_portfolios() and get_portfolio_attributes() functions
in the c ...)
+ TODO: check
+CVE-2021-24456 (The Quiz Maker WordPress plugin before 6.2.0.9 did not
properly saniti ...)
+ TODO: check
+CVE-2021-24455 (The Tutor LMS – eLearning and online course solution
WordPress p ...)
+ TODO: check
CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is
created ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to
path tr ...)
@@ -32072,22 +32082,22 @@ CVE-2021-24452 (The W3 Total Cache WordPress plugin
before 2.1.5 was affected by
NOT-FOR-US: WordPress plugin
CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did
not escap ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24450
- RESERVED
+CVE-2021-24450 (The User Registration, User Profiles, Login & Membership
– P ...)
+ TODO: check
CVE-2021-24449
RESERVED
-CVE-2021-24448
- RESERVED
+CVE-2021-24448 (The User Registration & User Profile – Profile
Builder WordP ...)
+ TODO: check
CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not
validate its ta ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24446
RESERVED
CVE-2021-24445
RESERVED
-CVE-2021-24444
- RESERVED
-CVE-2021-24443
- RESERVED
+CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags,
Categories W ...)
+ TODO: check
+CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress
Community, User ...)
+ TODO: check
CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress
plugin bef ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not
sanitis ...)
@@ -32112,18 +32122,18 @@ CVE-2021-24432
RESERVED
CVE-2021-24431
RESERVED
-CVE-2021-24430
- RESERVED
+CVE-2021-24430 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite
WordPress ...)
+ TODO: check
CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does
not proper ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24428
- RESERVED
+CVE-2021-24428 (The RSS for Yandex Turbo WordPress plugin through 1.30 does
not saniti ...)
+ TODO: check
CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not
sanitise or e ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24426 (The Backup by 10Web – Backup and Restore Plugin
WordPress plugin ...)
NOT-FOR-US: Wordpress plugin
-CVE-2021-24425
- RESERVED
+CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and
Sticky Heade ...)
+ TODO: check
CVE-2021-24424 (The WP Reset – Most Advanced WordPress Reset Tool
WordPress plug ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24423
@@ -32230,8 +32240,8 @@ CVE-2021-24373 (The WP Hardening – Fix Your
WordPress Security WordPress p
NOT-FOR-US: WordPress plugin
CVE-2021-24372 (The WP Hardening – Fix Your WordPress Security WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24371
- RESERVED
+CVE-2021-24371 (The Import feature of the RSVPMaker WordPress plugin before
8.7.3 (/wp ...)
+ TODO: check
CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9
allows unauth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the
contribut ...)
@@ -36474,8 +36484,8 @@ CVE-2021-22554
RESERVED
CVE-2021-22553 (Any git operation is passed through Jetty and a session is
created. No ...)
- gerrit <itp> (bug #589436)
-CVE-2021-22552
- RESERVED
+CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to
0.6.1 a ...)
+ TODO: check
CVE-2021-22551
RESERVED
CVE-2021-22550 (An attacker can modify the pointers in enclave memory to
overwrite arb ...)
@@ -36687,32 +36697,32 @@ CVE-2021-22449
RESERVED
CVE-2021-22448
RESERVED
-CVE-2021-22447
- RESERVED
-CVE-2021-22446
- RESERVED
-CVE-2021-22445
- RESERVED
-CVE-2021-22444
- RESERVED
-CVE-2021-22443
- RESERVED
-CVE-2021-22442
- RESERVED
+CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional
Conditions Vulne ...)
+ TODO: check
+CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei
Smartphone. ...)
+ TODO: check
+CVE-2021-22445 (There is an Input Verification Vulnerability in Huawei
Smartphone.Succ ...)
+ TODO: check
+CVE-2021-22444 (There is an Input Verification Vulnerability in Huawei
Smartphone.Succ ...)
+ TODO: check
+CVE-2021-22443 (There is an Input Verification Vulnerability in Huawei
Smartphone.Succ ...)
+ TODO: check
+CVE-2021-22442 (There is an Improper Validation of Integrity Check Value
Vulnerability ...)
+ TODO: check
CVE-2021-22441
RESERVED
CVE-2021-22440 (There is a path traversal vulnerability in some Huawei
products. The v ...)
NOT-FOR-US: Huawei
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice
V200R006C ...)
NOT-FOR-US: Huawei
-CVE-2021-22438
- RESERVED
+CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit
Vulnerability in Hua ...)
+ TODO: check
CVE-2021-22437
RESERVED
CVE-2021-22436
RESERVED
-CVE-2021-22435
- RESERVED
+CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei
Smartphone.Suc ...)
+ TODO: check
CVE-2021-22434
RESERVED
CVE-2021-22433
@@ -36725,10 +36735,10 @@ CVE-2021-22430
RESERVED
CVE-2021-22429
RESERVED
-CVE-2021-22428
- RESERVED
-CVE-2021-22427
- RESERVED
+CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei
Smartphone.Succ ...)
+ TODO: check
+CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei
Smartpho ...)
+ TODO: check
CVE-2021-22426
RESERVED
CVE-2021-22425
@@ -36751,14 +36761,14 @@ CVE-2021-22417
RESERVED
CVE-2021-22416
RESERVED
-CVE-2021-22415
- RESERVED
-CVE-2021-22414
- RESERVED
-CVE-2021-22413
- RESERVED
-CVE-2021-22412
- RESERVED
+CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability
in Huaw ...)
+ TODO: check
+CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei
Smartphone.Suc ...)
+ TODO: check
+CVE-2021-22413 (There is an Integer Overflow Vulnerability in Huawei
Smartphone.Succes ...)
+ TODO: check
+CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei
Smartphone.Succes ...)
+ TODO: check
CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei
products. ...)
NOT-FOR-US: Huawei
CVE-2021-22410
@@ -36785,46 +36795,46 @@ CVE-2021-22400
RESERVED
CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS
vulnerabil ...)
NOT-FOR-US: Huawei
-CVE-2021-22398
- RESERVED
-CVE-2021-22397
- RESERVED
-CVE-2021-22396
- RESERVED
+CVE-2021-22398 (There is a logic error vulnerability in several smartphones.
The softw ...)
+ TODO: check
+CVE-2021-22397 (There is a privilege escalation vulnerability in Huawei
ManageOne 8.0. ...)
+ TODO: check
+CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei
products. ...)
+ TODO: check
CVE-2021-22395
RESERVED
CVE-2021-22394
RESERVED
CVE-2021-22393 (There is a denial of service vulnerability in some versions of
CloudEn ...)
NOT-FOR-US: CloudEngine (Huawei)
-CVE-2021-22392
- RESERVED
-CVE-2021-22391
- RESERVED
-CVE-2021-22390
- RESERVED
-CVE-2021-22389
- RESERVED
-CVE-2021-22388
- RESERVED
-CVE-2021-22387
- RESERVED
+CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei
Smartphone. ...)
+ TODO: check
+CVE-2021-22391 (There is an Incorrect Calculation of Buffer Size in Huawei
Smartphone. ...)
+ TODO: check
+CVE-2021-22390 (There is a Memory Buffer Improper Operation Limit
Vulnerability in Hua ...)
+ TODO: check
+CVE-2021-22389 (There is a Permission Control Vulnerability in Huawei
Smartphone.Succe ...)
+ TODO: check
+CVE-2021-22388 (There is an Integer Overflow Vulnerability in Huawei
Smartphone.Succes ...)
+ TODO: check
+CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code
Resources Vu ...)
+ TODO: check
CVE-2021-22386
RESERVED
CVE-2021-22385
RESERVED
-CVE-2021-22384
- RESERVED
+CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei
Smartphone. ...)
+ TODO: check
CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD
V100R005C10 ...)
NOT-FOR-US: Huawei
CVE-2021-22382 (Huawei LTE USB Dongle products have an improper permission
assignment ...)
NOT-FOR-US: Huawei
-CVE-2021-22381
- RESERVED
+CVE-2021-22381 (There is an Input Verification Vulnerability in Huawei
Smartphone.Succ ...)
+ TODO: check
CVE-2021-22380 (There is a Cleartext Transmission of Sensitive Information
Vulnerabili ...)
NOT-FOR-US: Huawei
-CVE-2021-22379
- RESERVED
+CVE-2021-22379 (There is an Integer Underflow (Wrap or Wraparound)
Vulnerability in Hu ...)
+ TODO: check
CVE-2021-22378 (There is a race condition vulnerability in eCNS280_TD
V100R005C00 and ...)
NOT-FOR-US: Huawei
CVE-2021-22377 (There is a command injection vulnerability in S12700
V200R019C00SPC500 ...)
@@ -42434,7 +42444,7 @@ CVE-2021-20592
RESERVED
CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi
Electric ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27
model all ...)
+CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27
model VNC ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20589 (Buffer access with incorrect length value vulnerability in
GOT2000 ser ...)
NOT-FOR-US: Mitsubishi
@@ -42532,12 +42542,12 @@ CVE-2021-20543
RESERVED
CVE-2021-20542
RESERVED
-CVE-2021-20541
- RESERVED
-CVE-2021-20540
- RESERVED
-CVE-2021-20539
- RESERVED
+CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0,
1.6.1.0, ...)
+ TODO: check
+CVE-2021-20540 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0,
1.6.1.0, ...)
+ TODO: check
+CVE-2021-20539 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0,
1.6.1.0, ...)
+ TODO: check
CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could
allow a us ...)
NOT-FOR-US: IBM
CVE-2021-20537 (IBM Security Verify Access Docker 10.0.0 contains hard-coded
credentia ...)
@@ -42952,8 +42962,8 @@ CVE-2021-20333 (Sending specially crafted commands to a
MongoDB Server may resul
- mongodb <removed>
[stretch] - mongodb <end-of-life>
(https://lists.debian.org/debian-lts/2020/11/msg00058.html)
NOTE: https://jira.mongodb.org/browse/SERVER-50605
-CVE-2021-20332
- RESERVED
+CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials
used by ...)
+ TODO: check
CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously
publish eve ...)
NOT-FOR-US: MongoDB C# Driver
CVE-2021-20330
@@ -45045,7 +45055,8 @@ CVE-2020-35139
RESERVED
CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS
contain a ...)
NOT-FOR-US: MobileIron
-CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS
contain a ...)
+CVE-2020-35137
+ REJECTED
NOT-FOR-US: MobileIron
CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code
Execution. ...)
- dolibarr <removed>
@@ -104325,7 +104336,7 @@ CVE-2020-7624 (effect through 1.0.4 is vulnerable to
Command Injection. It allow
NOT-FOR-US: effect node module
CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It
allows ex ...)
NOT-FOR-US: Node jscover
-CVE-2020-7622 (All versions of Jooby before 2.2.1 are vulnerable to HTTP
Response Spl ...)
+CVE-2020-7622 (This affects the package io.jooby:jooby-netty before 1.6.9,
from 2.0.0 ...)
NOT-FOR-US: Jooby
CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command
Injecti ...)
NOT-FOR-US: Node strong-nginx-controller
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7fb5b56af83a8c9ddd20d9b7c1e66aefa900c72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7fb5b56af83a8c9ddd20d9b7c1e66aefa900c72
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
