[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 17 Sep 2021 01:10:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2912e523 by security tracker role at 2021-09-17T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,41 @@
+CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection 
in the w ...)
+       TODO: check
+CVE-2021-41313
+       RESERVED
+CVE-2021-41312
+       RESERVED
+CVE-2021-41311
+       RESERVED
+CVE-2021-41310
+       RESERVED
+CVE-2021-41309
+       RESERVED
+CVE-2021-41308
+       RESERVED
+CVE-2021-41307
+       RESERVED
+CVE-2021-41306
+       RESERVED
+CVE-2021-41305
+       RESERVED
+CVE-2021-41304
+       RESERVED
+CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input 
During Web  ...)
+       TODO: check
+CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input 
During Web  ...)
+       TODO: check
+CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression 
Complexity ...)
+       TODO: check
 CVE-2021-3809
        RESERVED
 CVE-2021-3808
        RESERVED
-CVE-2021-3807
-       RESERVED
+CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression 
Complexity ...)
+       TODO: check
 CVE-2021-3806
        RESERVED
-CVE-2021-3805
-       RESERVED
+CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification 
of Obj ...)
+       TODO: check
 CVE-2021-41303 [before 1.8.0 with Spring Boot a specially crafted HTTP request 
may cause an authentication bypass]
        RESERVED
        - shiro <unfixed>
@@ -47,8 +75,8 @@ CVE-2021-41287
        RESERVED
 CVE-2021-41286
        RESERVED
-CVE-2021-3804
-       RESERVED
+CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity 
...)
+       TODO: check
 CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a 
suspicion that ...)
        - openssh <unfixed> (unimportant)
        NOTE: https://github.com/openssh/openssh-portable/pull/270
@@ -471,8 +499,8 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 
9.0.43 and 10.0.0-M1
        NOTE: 
https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
        NOTE: 
https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8
 (9.0.44)
        NOTE: 
https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822
 (8.5.64)
-CVE-2021-3803
-       RESERVED
+CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression 
Complexity ...)
+       TODO: check
 CVE-2021-3802
        RESERVED
 CVE-2021-41078
@@ -26190,11 +26218,9 @@ CVE-2021-30263
        RESERVED
 CVE-2021-30262
        RESERVED
-CVE-2021-30261
-       RESERVED
+CVE-2021-30261 (Possible integer and heap overflow due to lack of input 
command size v ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30260
-       RESERVED
+CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur 
due to im ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30259
        RESERVED
@@ -50595,14 +50621,14 @@ CVE-2021-20830
        RESERVED
 CVE-2021-20829
        RESERVED
-CVE-2021-20828
-       RESERVED
+CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch 
Change Plug-i ...)
+       TODO: check
 CVE-2021-20827
        RESERVED
 CVE-2021-20826
        RESERVED
-CVE-2021-20825
-       RESERVED
+CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) 
item cha ...)
+       TODO: check
 CVE-2021-20824
        RESERVED
 CVE-2021-20823
@@ -50669,10 +50695,10 @@ CVE-2021-20793 (Untrusted search path vulnerability 
in the installer of Sony Aud
        NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP 
Music Transfer
 CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master 
versions  ...)
        NOT-FOR-US: Quiz And Survey Master
-CVE-2021-20791
-       RESERVED
-CVE-2021-20790
-       RESERVED
+CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 
2.1.230 and ...)
+       TODO: check
+CVE-2021-20790 (Improper control of program execution vulnerability in 
RevoWorks Brows ...)
+       TODO: check
 CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free 
edition ...)
        NOT-FOR-US: GroupSession
 CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in 
GroupSession (Grou ...)
@@ -54961,8 +54987,7 @@ CVE-2021-1978
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1977
        RESERVED
-CVE-2021-1976
-       RESERVED
+CVE-2021-1976 (A use after free can occur due to improper validation of P2P 
device ad ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1975
        RESERVED
@@ -55020,8 +55045,7 @@ CVE-2021-1949
        RESERVED
 CVE-2021-1948 (Possible out of bound read due to lack of length check of data 
while p ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1947
-       RESERVED
+CVE-2021-1947 (Use-after-free vulnerability in kernel graphics driver because 
of stor ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation 
while pr ...)
        NOT-FOR-US: Qualcomm components for Android
@@ -55037,8 +55061,7 @@ CVE-2021-1941 (Possible buffer over read issue due to 
improper length check on W
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1940 (Use after free can occur due to improper handling of response 
from fir ...)
        NOT-FOR-US: Snapdragon
-CVE-2021-1939
-       RESERVED
+CVE-2021-1939 (Null pointer dereference occurs due to improper validation when 
the pr ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1938 (Possible assertion due to improper verification while creating 
and del ...)
        NOT-FOR-US: Snapdragon
@@ -77809,32 +77832,32 @@ CVE-2020-21608
        RESERVED
 CVE-2020-21607
        RESERVED
-CVE-2020-21606
-       RESERVED
-CVE-2020-21605
-       RESERVED
-CVE-2020-21604
-       RESERVED
-CVE-2020-21603
-       RESERVED
-CVE-2020-21602
-       RESERVED
-CVE-2020-21601
-       RESERVED
-CVE-2020-21600
-       RESERVED
-CVE-2020-21599
-       RESERVED
-CVE-2020-21598
-       RESERVED
-CVE-2020-21597
-       RESERVED
-CVE-2020-21596
-       RESERVED
-CVE-2020-21595
-       RESERVED
-CVE-2020-21594
-       RESERVED
+CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the 
put_epel_ ...)
+       TODO: check
+CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the 
apply_sao_interna ...)
+       TODO: check
+CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the 
_mm_loadl ...)
+       TODO: check
+CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the 
put_qpel_0_0_fa ...)
+       TODO: check
+CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the 
put_weighted_bi ...)
+       TODO: check
+CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the 
put_qpel_fallb ...)
+       TODO: check
+CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the 
put_weighted_pr ...)
+       TODO: check
+CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the 
de265_image::av ...)
+       TODO: check
+CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the 
ff_hevc_put_unw ...)
+       TODO: check
+CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the 
mc_chroma funct ...)
+       TODO: check
+CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the 
decode_CABAC_ ...)
+       TODO: check
+CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma 
functio ...)
+       TODO: check
+CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the 
put_epel_hv_fal ...)
+       TODO: check
 CVE-2020-21593
        RESERVED
 CVE-2020-21592
@@ -77951,20 +77974,20 @@ CVE-2020-21537
        RESERVED
 CVE-2020-21536
        RESERVED
-CVE-2020-21535
-       RESERVED
-CVE-2020-21534
-       RESERVED
-CVE-2020-21533
-       RESERVED
-CVE-2020-21532
-       RESERVED
-CVE-2020-21531
-       RESERVED
-CVE-2020-21530
-       RESERVED
-CVE-2020-21529
-       RESERVED
+CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the 
gencgm_start funct ...)
+       TODO: check
+CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the 
get_line funct ...)
+       TODO: check
+CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the 
read_textobject ...)
+       TODO: check
+CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the 
setfigfont fun ...)
+       TODO: check
+CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the 
conv_pattern_i ...)
+       TODO: check
+CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the 
read_objects funct ...)
+       TODO: check
+CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the 
bezier_spline f ...)
+       TODO: check
 CVE-2020-21528
        RESERVED
 CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo 
v1.1.3. A ba ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2912e523987e868283d0596e37a3321ed434b0dd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2912e523987e868283d0596e37a3321ed434b0dd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to