Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bff60510 by security tracker role at 2021-10-25T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-3904
+ RESERVED
+CVE-2021-3903
+ RESERVED
+CVE-2020-36503
+ RESERVED
CVE-2021-43010
RESERVED
CVE-2021-43009
@@ -4021,8 +4027,8 @@ CVE-2021-41773 (A flaw was found in a change made to path
normalization in Apach
NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
CVE-2021-3839
RESERVED
-CVE-2017-20007
- RESERVED
+CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web
application allo ...)
+ TODO: check
CVE-2021-41772
RESERVED
CVE-2021-41771
@@ -5343,8 +5349,8 @@ CVE-2021-41178
RESERVED
CVE-2021-41177
RESERVED
-CVE-2021-41176
- RESERVED
+CVE-2021-41176 (Pterodactyl is an open-source game server management panel
built with ...)
+ TODO: check
CVE-2021-41175
RESERVED
CVE-2021-41174
@@ -5689,8 +5695,8 @@ CVE-2021-41037
RESERVED
CVE-2021-41036
RESERVED
-CVE-2021-41035
- RESERVED
+CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not
throw Illega ...)
+ TODO: check
CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6
includes pu ...)
NOT-FOR-US: Eclipse Che
CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until
version 4. ...)
@@ -6061,8 +6067,7 @@ CVE-2021-3798 [Soft token does not check if an EC key is
valid]
NOTE:
https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780
NOTE: Introduced with:
https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3
(v3.15.0)
NOTE: Fixed by:
https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0
-CVE-2021-40865
- RESERVED
+CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker
services ...)
NOT-FOR-US: Apache Storm
CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String
Comparison ...)
NOT-FOR-US: Hestia Control Panel
@@ -6863,10 +6868,10 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt
before 1.9.4 allows plai
NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560
referring to the blinding
NOTE: hardening. We keep the original association as per 2021-09-19
(until MITRE clarifies on
NOTE: a query).
-CVE-2021-40527
- RESERVED
-CVE-2021-40526
- RESERVED
+CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in
the "com. ...)
+ TODO: check
+CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton
TTR01 up ...)
+ TODO: check
CVE-2021-40525
RESERVED
CVE-2021-3776
@@ -10001,10 +10006,10 @@ CVE-2021-39223
RESERVED
CVE-2021-39222
RESERVED
-CVE-2021-39221
- RESERVED
-CVE-2021-39220
- RESERVED
+CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity
platform. The Ne ...)
+ TODO: check
+CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform
The Nex ...)
+ TODO: check
CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI.
Wasmtim ...)
NOT-FOR-US: wasmtime
CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI.
In Wasm ...)
@@ -12182,8 +12187,7 @@ CVE-2021-3693 (LedgerSMB does not check the origin of
HTML fragments merged into
NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting
CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random
Number Ge ...)
- yii <itp> (bug #597899)
-CVE-2021-38294
- RESERVED
+CVE-2021-38294 (A Command Injection vulnerability exists in the
getTopologyHistory ser ...)
NOT-FOR-US: Apache Storm
CVE-2021-38293
RESERVED
@@ -13889,8 +13893,7 @@ CVE-2021-37626 (Contao is an open source CMS that
allows you to create websites
NOT-FOR-US: Contao CMS
CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior
to 0.6.4 ...)
NOT-FOR-US: Skytable
-CVE-2021-37624
- RESERVED
+CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
- freeswitch <itp> (bug #389591)
NOTE:
https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
@@ -19503,8 +19506,8 @@ CVE-2021-35233
RESERVED
CVE-2021-35232
RESERVED
-CVE-2021-35231
- RESERVED
+CVE-2021-35231 (As a result of an unquoted service path vulnerability present
in the K ...)
+ TODO: check
CVE-2021-35230 (As a result of an unquoted service path vulnerability present
in the K ...)
NOT-FOR-US: Kiwi CatTools Installation Wizard
CVE-2021-35229
@@ -20302,28 +20305,28 @@ CVE-2021-34866
NOTE: Fixed by:
https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
CVE-2021-34865
RESERVED
-CVE-2021-34864
- RESERVED
-CVE-2021-34863
- RESERVED
-CVE-2021-34862
- RESERVED
-CVE-2021-34861
- RESERVED
-CVE-2021-34860
- RESERVED
-CVE-2021-34859
- RESERVED
+CVE-2021-34864 (This vulnerability allows local attackers to escalate
privileges on af ...)
+ TODO: check
+CVE-2021-34863 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2021-34862 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2021-34861 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2021-34860 (This vulnerability allows network-adjacent attackers to
disclose sensi ...)
+ TODO: check
+CVE-2021-34859 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2021-34858
RESERVED
-CVE-2021-34857
- RESERVED
-CVE-2021-34856
- RESERVED
-CVE-2021-34855
- RESERVED
-CVE-2021-34854
- RESERVED
+CVE-2021-34857 (This vulnerability allows local attackers to escalate
privileges on af ...)
+ TODO: check
+CVE-2021-34856 (This vulnerability allows local attackers to escalate
privileges on af ...)
+ TODO: check
+CVE-2021-34855 (This vulnerability allows local attackers to disclose
sensitive inform ...)
+ TODO: check
+CVE-2021-34854 (This vulnerability allows local attackers to escalate
privileges on af ...)
+ TODO: check
CVE-2021-34853 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2021-34852 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -26116,7 +26119,7 @@ CVE-2021-32563 (An issue was discovered in Thunar
before 4.16.7 and 4.17.x befor
NOTE: Fixed by:
https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
NOTE: Regression fix:
https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575
-CVE-2021-3546 (A flaw was found in vhost-user-gpu of QEMU in versions up to
and inclu ...)
+CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio
vhost-use ...)
{DSA-4980-1}
- qemu 1:6.1+dfsg-1 (bug #989042)
[buster] - qemu <no-dsa> (Minor issue)
@@ -33294,7 +33297,7 @@ CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM
i2 Analyze 4.3.0, 4.3.1,
NOT-FOR-US: IBM
CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker
to obta ...)
NOT-FOR-US: IBM
-CVE-2021-29764 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through
6.1.1.0 i ...)
+CVE-2021-29764 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is
vulnerable to s ...)
NOT-FOR-US: IBM
CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
NOT-FOR-US: IBM
@@ -42634,8 +42637,8 @@ CVE-2021-25979
RESERVED
CVE-2021-25978
RESERVED
-CVE-2021-25977
- RESERVED
+CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to
stored XSS du ...)
+ TODO: check
CVE-2021-25976
RESERVED
CVE-2021-25975
@@ -44456,7 +44459,7 @@ CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly
attacker to create a SuperUser
NOT-FOR-US: SmartAgent
CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code
execution. ...)
NOT-FOR-US: ChurchRota
-CVE-2021-3163 (A vulnerability in the HTML editor of Slab Quill 4.8.0 allows
an attac ...)
+CVE-2021-3163 (** DISPUTED ** A vulnerability in the HTML editor of Slab Quill
4.8.0 ...)
NOT-FOR-US: Slab Quill
CVE-2021-25301
RESERVED
@@ -45419,10 +45422,10 @@ CVE-2021-24887
RESERVED
CVE-2021-24886
RESERVED
-CVE-2021-24885
- RESERVED
-CVE-2021-24884
- RESERVED
+CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the
perpage ...)
+ TODO: check
+CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05
allows to ...)
+ TODO: check
CVE-2021-24883
RESERVED
CVE-2021-24882
@@ -45619,8 +45622,8 @@ CVE-2021-24787
RESERVED
CVE-2021-24786
RESERVED
-CVE-2021-24785
- RESERVED
+CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not
sanitise and ...)
+ TODO: check
CVE-2021-24784
RESERVED
CVE-2021-24783
@@ -45631,8 +45634,8 @@ CVE-2021-24781
RESERVED
CVE-2021-24780
RESERVED
-CVE-2021-24779
- RESERVED
+CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its
update_setting ...)
+ TODO: check
CVE-2021-24778
RESERVED
CVE-2021-24777
@@ -45641,8 +45644,8 @@ CVE-2021-24776
RESERVED
CVE-2021-24775
RESERVED
-CVE-2021-24774
- RESERVED
+CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does
not valid ...)
+ TODO: check
CVE-2021-24773
RESERVED
CVE-2021-24772
@@ -45651,8 +45654,8 @@ CVE-2021-24771
RESERVED
CVE-2021-24770
RESERVED
-CVE-2021-24769
- RESERVED
+CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1
does not v ...)
+ TODO: check
CVE-2021-24768
RESERVED
CVE-2021-24767
@@ -45701,8 +45704,8 @@ CVE-2021-24746
RESERVED
CVE-2021-24745
RESERVED
-CVE-2021-24744
- RESERVED
+CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before
1.4.12 ...)
+ TODO: check
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2
allows use ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24742
@@ -45791,8 +45794,8 @@ CVE-2021-24701
RESERVED
CVE-2021-24700
RESERVED
-CVE-2021-24699
- RESERVED
+CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not
escape ...)
+ TODO: check
CVE-2021-24698
RESERVED
CVE-2021-24697
@@ -45865,8 +45868,8 @@ CVE-2021-24664
RESERVED
CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through
1.1 does n ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24662
- RESERVED
+CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not
validate ...)
+ TODO: check
CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress
plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress
plugin befo ...)
@@ -45883,8 +45886,8 @@ CVE-2021-24655
RESERVED
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not
properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24653
- RESERVED
+CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly
sanitis ...)
+ TODO: check
CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress
plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows
unauthenticated us ...)
@@ -45973,8 +45976,8 @@ CVE-2021-24610 (The TranslatePress WordPress plugin
before 2.0.9 does not implem
NOT-FOR-US: WordPress plugin
CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does
not san ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24608
- RESERVED
+CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey &
Quiz Fo ...)
+ TODO: check
CVE-2021-24607
RESERVED
CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does
not escap ...)
@@ -46101,10 +46104,10 @@ CVE-2021-24546 (The Gutenberg Block Editor Toolkit
– EditorsKit WordPress
NOT-FOR-US: WordPress plugin
CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not
sanitis ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24544
- RESERVED
-CVE-2021-24543
- RESERVED
+CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0
does no ...)
+ TODO: check
+CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does
not hav ...)
+ TODO: check
CVE-2021-24542
RESERVED
CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not
escape param ...)
@@ -46159,10 +46162,10 @@ CVE-2021-24517 (The Stop Spammers Security | Block
Spam Users, Comments, Forms W
NOT-FOR-US: WordPress plugin
CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not
escape the ti ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24515
- RESERVED
-CVE-2021-24514
- RESERVED
+CVE-2021-24515 (The Video Gallery – Vimeo and YouTube Gallery WordPress
plugin t ...)
+ TODO: check
+CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not
sanitis ...)
+ TODO: check
CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4
has an a ...)
@@ -46211,16 +46214,16 @@ CVE-2021-24491 (The Fileviewer WordPress plugin
through 2.2 does not have CSRF c
NOT-FOR-US: WordPress plugin
CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24489
- RESERVED
+CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not
sanitise, v ...)
+ TODO: check
CVE-2021-24488 (The slider import search feature and tab parameter of the Post
Grid Wo ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24487
- RESERVED
+CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have
any CSRF c ...)
+ TODO: check
CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing
for Every ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24485
- RESERVED
+CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does
not sanit ...)
+ TODO: check
CVE-2021-24484 (The get_reports() function in the Secure Copy Content
Protection and C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports()
functions in ...)
@@ -46361,8 +46364,8 @@ CVE-2021-24416 (The StreamCast – Radio Player for
WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery
plugin Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24414
- RESERVED
+CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does
not sani ...)
+ TODO: check
CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not
sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress
plugin befor ...)
@@ -46427,8 +46430,8 @@ CVE-2021-24383 (The WP Google Maps WordPress plugin
before 8.1.12 did not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before
3.5.0.9 did n ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24381
- RESERVED
+CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2
does not ...)
+ TODO: check
CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is
lacking an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows
users t ...)
@@ -54945,8 +54948,8 @@ CVE-2021-21321 (fastify-reply-from is an npm package
which is a fastify plugin t
NOT-FOR-US: Node fastify-reply-from
CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for
React Jav ...)
NOT-FOR-US: Node matrix-react-sdk
-CVE-2021-21319
- RESERVED
+CVE-2021-21319 (Galette is a membership management web application geared
towards non ...)
+ TODO: check
CVE-2021-21318 (Opencast is a free, open-source platform to support the
management of ...)
NOT-FOR-US: Opencast
CVE-2021-21317 (uap-core in an open-source npm package which contains the core
of Brow ...)
@@ -66120,20 +66123,16 @@ CVE-2021-0943
RESERVED
CVE-2021-0942
RESERVED
-CVE-2021-0941 [bpf: Remove MTU check in __bpf_skb_max_len]
- RESERVED
+CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of
bounds ...)
- linux 5.10.28-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae
-CVE-2021-0940
- RESERVED
+CVE-2021-0940 (In TBD of TBD, there is a possible out of bounds write due to
improper ...)
NOT-FOR-US: Pixel components
-CVE-2021-0939
- RESERVED
+CVE-2021-0939 (In set_default_passthru_cfg of passthru.c, there is a possible
out of ...)
NOT-FOR-US: Pixel components
-CVE-2021-0938
- RESERVED
+CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible
bypass of ...)
- linux 5.9.15-1 (unimportant)
[buster] - linux 4.19.171-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -66147,12 +66146,10 @@ CVE-2021-0937
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
NOTE:
https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d
NOTE: Duplicate of CVE-2021-22555
-CVE-2021-0936
- RESERVED
+CVE-2021-0936 (In acc_read of f_accessory.c, there is a possible memory
corruption du ...)
- linux <not-affected> (Pixel or Android-specific driver)
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
-CVE-2021-0935
- RESERVED
+CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds
write d ...)
- linux 4.15.17-1
[stretch] - linux 4.9.258-1
NOTE:
https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4
@@ -66701,12 +66698,12 @@ CVE-2021-0665
RESERVED
CVE-2021-0664
RESERVED
-CVE-2021-0663
- RESERVED
-CVE-2021-0662
- RESERVED
-CVE-2021-0661
- RESERVED
+CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an
incorr ...)
+ TODO: check
+CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an
incorr ...)
+ TODO: check
+CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an
incorr ...)
+ TODO: check
CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect
error ...)
NOT-FOR-US: Mediatek
CVE-2021-0659
@@ -66759,16 +66756,16 @@ CVE-2021-0636 (When extracting the incorrectly
formatted avi file, the memory is
NOT-FOR-US: UniSoc components for Android
CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory
is dama ...)
NOT-FOR-US: UniSoc components for Android
-CVE-2021-0634
- RESERVED
-CVE-2021-0633
- RESERVED
-CVE-2021-0632
- RESERVED
-CVE-2021-0631
- RESERVED
-CVE-2021-0630
- RESERVED
+CVE-2021-0634 (In display driver, there is a possible memory corruption due to
uninit ...)
+ TODO: check
+CVE-2021-0633 (In display driver, there is a possible out of bounds write due
to an i ...)
+ TODO: check
+CVE-2021-0632 (In wifi driver, there is a possible out of bounds read due to a
missin ...)
+ TODO: check
+CVE-2021-0631 (In wifi driver, there is a possible system crash due to a
missing boun ...)
+ TODO: check
+CVE-2021-0630 (In wifi driver, there is a possible system crash due to a
missing boun ...)
+ TODO: check
CVE-2021-0629
RESERVED
CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to
improper inpu ...)
@@ -66777,8 +66774,8 @@ CVE-2021-0627 (In OMA DRM, there is a possible memory
corruption due to an integ
NOT-FOR-US: Mediatek
CVE-2021-0626 (In ged, there is a possible out of bounds write due to a
missing bound ...)
NOT-FOR-US: Mediatek
-CVE-2021-0625
- RESERVED
+CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper
locking. ...)
+ TODO: check
CVE-2021-0624
RESERVED
CVE-2021-0623
@@ -66791,18 +66788,18 @@ CVE-2021-0620
RESERVED
CVE-2021-0619
RESERVED
-CVE-2021-0618
- RESERVED
-CVE-2021-0617
- RESERVED
-CVE-2021-0616
- RESERVED
-CVE-2021-0615
- RESERVED
-CVE-2021-0614
- RESERVED
-CVE-2021-0613
- RESERVED
+CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to
a heap ...)
+ TODO: check
+CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to
a heap ...)
+ TODO: check
+CVE-2021-0616 (In ape extractor, there is a possible out of bounds read due to
a heap ...)
+ TODO: check
+CVE-2021-0615 (In flv extractor, there is a possible out of bounds read due to
an int ...)
+ TODO: check
+CVE-2021-0614 (In asf extractor, there is a possible out of bounds read due to
an inc ...)
+ TODO: check
+CVE-2021-0613 (In asf extractor, there is a possible out of bounds read due to
an inc ...)
+ TODO: check
CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use
after free. ...)
NOT-FOR-US: Mediatek
CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use
after free. ...)
@@ -67208,18 +67205,18 @@ CVE-2021-0416 (In memory management driver, there is
a possible system crash due
NOT-FOR-US: Mediatek
CVE-2021-0415 (In memory management driver, there is a possible information
disclosur ...)
NOT-FOR-US: Mediatek
-CVE-2021-0414
- RESERVED
-CVE-2021-0413
- RESERVED
-CVE-2021-0412
- RESERVED
-CVE-2021-0411
- RESERVED
-CVE-2021-0410
- RESERVED
-CVE-2021-0409
- RESERVED
+CVE-2021-0414 (In flv extractor, there is a possible out of bounds read due to
a heap ...)
+ TODO: check
+CVE-2021-0413 (In flv extractor, there is a possible out of bounds read due to
a miss ...)
+ TODO: check
+CVE-2021-0412 (In flv extractor, there is a possible out of bounds read due to
a miss ...)
+ TODO: check
+CVE-2021-0411 (In flv extractor, there is a possible out of bounds read due to
an int ...)
+ TODO: check
+CVE-2021-0410 (In flv extractor, there is a possible out of bounds read due to
an inc ...)
+ TODO: check
+CVE-2021-0409 (In flv extractor, there is a possible out of bounds read due to
an inc ...)
+ TODO: check
CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to
an inc ...)
NOT-FOR-US: Mediatek
CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to
an incor ...)
@@ -85227,8 +85224,8 @@ CVE-2020-20910
RESERVED
CVE-2020-20909
RESERVED
-CVE-2020-20908
- RESERVED
+CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored
cross-site script ...)
+ TODO: check
CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification
vulnerability. Att ...)
NOT-FOR-US: MetInfo
CVE-2020-20906
@@ -100588,8 +100585,8 @@ CVE-2020-14266
RESERVED
CVE-2020-14265
RESERVED
-CVE-2020-14264
- RESERVED
+CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak
cryptographic pro ...)
+ TODO: check
CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak
cryptographic pro ...)
NOT-FOR-US: HCL
CVE-2020-14262
@@ -118804,7 +118801,7 @@ CVE-2020-7861 (AnySupport (Remote support solution)
before 2019.3.21.0 allows di
CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow
vulnerability, ...)
NOT-FOR-US: UnEgg
CVE-2020-7859
- RESERVED
+ REJECTED
CVE-2020-7858 (There is a directory traversing vulnerability in the download
page url ...)
NOT-FOR-US: AquaNPlayer
CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated
attacker t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff60510087638c1556df7e25ed52b7c12020147
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bff60510087638c1556df7e25ed52b7c12020147
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
