Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
068d6c58 by Salvatore Bonaccorso at 2021-10-11T10:54:41+02:00
Add CVE-2021-40978/python-mkdocs
- - - - -
b877ba97 by Salvatore Bonaccorso at 2021-10-11T10:54:42+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2649,7 +2649,8 @@ CVE-2021-40980
CVE-2021-40979
RESERVED
CVE-2021-40978 (** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows
directory t ...)
- TODO: check
+ - python-mkdocs <unfixed> (unimportant)
+ NOTE: https://github.com/mkdocs/mkdocs/issues/2601
CVE-2021-40977
RESERVED
CVE-2021-40976
@@ -12625,7 +12626,7 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows
any bind attempt to succ
NOTE:
https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7
(master)
NOTE:
https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964
(1.4.4.x)
CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a
challen ...)
- TODO: check
+ NOT-FOR-US: Digi RealPort
CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The
vulnerable co ...)
NOT-FOR-US: Concrete5
CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP
requests ma ...)
@@ -14522,11 +14523,11 @@ CVE-2021-35981 (Acrobat Reader DC versions
2021.005.20054 (and earlier), 2020.00
CVE-2021-35980
RESERVED
CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0.
The 'encry ...)
- TODO: check
+ NOT-FOR-US: Digi RealPort
CVE-2021-35978
RESERVED
CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through
4.8.488.0 ...)
- TODO: check
+ NOT-FOR-US: Digi RealPort
CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0
through 18.0 ...)
NOT-FOR-US: Plesk Obsidian
CVE-2021-35975
@@ -19967,7 +19968,7 @@ CVE-2021-33605 (Improper check in CheckboxGroup in
com.vaadin:vaadin-checkbox-fl
CVE-2021-33604 (URL encoding error in development mode handler in
com.vaadin:flow-serv ...)
NOT-FOR-US: com.vaadin:flow-server
CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in
F-Secure Atl ...)
- TODO: check
+ NOT-FOR-US: F-Secure
CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was
discovered ...)
NOT-FOR-US: F-Secure
CVE-2021-33601 (A vulnerability was discovered in the web user interface of
F-Secure I ...)
@@ -34047,7 +34048,7 @@ CVE-2021-28131 (Impala sessions use a 16 byte secret to
verify that the session
CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts
applicati ...)
NOT-FOR-US: Dr.Web Firewall
CVE-2021-28129 (While working on Apache OpenOffice 4.1.8 a developer
discovered that t ...)
- TODO: check
+ NOT-FOR-US: Apache OpenOffice
CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing
of one's ...)
NOT-FOR-US: Strapi
CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A
brute-forc ...)
@@ -39342,7 +39343,7 @@ CVE-2021-25968
CVE-2021-25967
RESERVED
CVE-2021-25966 (In “Orchard core CMS” application, versions
1.0.0-beta1-33 ...)
- TODO: check
+ NOT-FOR-US: Orchard CMS
CVE-2021-25965
RESERVED
CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12,
are vulne ...)
@@ -40649,55 +40650,55 @@ CVE-2021-25493 (Lack of boundary checking of a buffer
in libSPenBase library of
CVE-2021-25492 (Lack of boundary checking of a buffer in libSPenBase library
of Samsun ...)
NOT-FOR-US: Samsung
CVE-2021-25491 (A vulnerability in mfc driver prior to SMR Oct-2021 Release 1
allows m ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25490 (A keyblob downgrade attack in keymaster prior to SMR Oct-2021
Release ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25489 (Assuming radio permission is gained, missing input validation
in modem ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25488 (Lack of boundary checking of a buffer in recv_data() of modem
interfac ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25487 (Lack of boundary checking of a buffer in set_skb_priv() of
modem inter ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25486 (Exposure of information vulnerability in ipcdump prior to SMR
Oct-2021 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25485 (Path traversal vulnerability in FactoryAirCommnadManger prior
to SMR O ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25484 (Improper authentication in InputManagerService prior to SMR
Oct-2021 R ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25483 (Lack of boundary checking of a buffer in livfivextractor
library prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25482 (SQL injection vulnerabilities in CMFA framework prior to SMR
Oct-2021 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25481 (An improper error handling in Exynos CP booting driver prior
to SMR Oc ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25480 (A lack of replay attack protection in GUTI REALLOCATION
COMMAND messag ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25479 (A possible heap-based buffer overflow vulnerability in Exynos
CP Chips ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25478 (A possible stack-based buffer overflow vulnerability in Exynos
CP Chip ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25477 (An improper error handling in Mediatek RRC Protocol stack
prior to SMR ...)
NOT-FOR-US: Mediatek
CVE-2021-25476 (An information disclosure vulnerability in Widevine TA log
prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25475 (A possible heap-based buffer overflow vulnerability in DSP
kernel driv ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25474 (Assuming a shell privilege is gained, an improper exception
handling f ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25473 (Assuming a shell privilege is gained, an improper exception
handling f ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25472 (An improper access control vulnerability in
BluetoothSettingsProvider ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25471 (A lack of replay attack protection in Security Mode Command
process pr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25470 (An improper caller check logic of SMC call in TEEGRIS secure
OS prior ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25469 (A possible stack-based buffer overflow vulnerability in
Widevine trust ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25468 (A possible guessing and confirming a byte memory vulnerability
in Wide ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25467 (Assuming system privilege is gained, possible buffer overflow
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25466 (Improper scheme check vulnerability in Samsung Internet prior
to versi ...)
NOT-FOR-US: Samsung
CVE-2021-25465 (An improper scheme check vulnerability in Samsung Themes prior
to vers ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d20541e7c9cc8b1733a7f7879738f73086a7ebe5...b877ba972258bdb58933c706e4d384196dc6a960
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d20541e7c9cc8b1733a7f7879738f73086a7ebe5...b877ba972258bdb58933c706e4d384196dc6a960
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
