Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1a5ad1b by security tracker role at 2021-10-19T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -408,10 +408,10 @@ CVE-2021-3891
RESERVED
CVE-2021-3890
RESERVED
-CVE-2021-3889
- RESERVED
-CVE-2021-3888
- RESERVED
+CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
+ TODO: check
+CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
+ TODO: check
CVE-2021-3887
RESERVED
CVE-2022-20611
@@ -2187,12 +2187,12 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds
Read ...)
- libmobi <itp> (bug #966677)
CVE-2021-3880
RESERVED
-CVE-2021-3879
- RESERVED
+CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input
During Web ...)
+ TODO: check
CVE-2021-42262
RESERVED
-CVE-2021-42261
- RESERVED
+CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a
directory tra ...)
+ TODO: check
CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in
TiXmlParsingData::Stamp ...)
- tinyxml <unfixed>
NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
@@ -2535,8 +2535,8 @@ CVE-2021-42102
RESERVED
CVE-2021-42101
RESERVED
-CVE-2021-3872
- RESERVED
+CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ TODO: check
CVE-2021-3871
RESERVED
CVE-2021-3870
@@ -2594,8 +2594,8 @@ CVE-2021-42085 (An issue was discovered in Zammad before
4.1.1. There is stored
- zammad <itp> (bug #841355)
CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker
with valid ...)
- zammad <itp> (bug #841355)
-CVE-2021-3869
- RESERVED
+CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External
Entity R ...)
+ TODO: check
CVE-2021-42083
RESERVED
CVE-2021-42082
@@ -2778,8 +2778,8 @@ CVE-2021-42012
RESERVED
CVE-2021-42011
RESERVED
-CVE-2021-3863
- RESERVED
+CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input
During Web ...)
+ TODO: check
CVE-2021-42010
RESERVED
CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with
Portal-l ...)
@@ -2871,8 +2871,8 @@ CVE-2021-41975 (TadTools special page is vulnerable to
authorization bypass, thu
NOT-FOR-US: TadTools
CVE-2021-41974 (Tad Book3 editing book page does not perform identity
verification. Re ...)
NOT-FOR-US: Tad Book3
-CVE-2021-3858
- RESERVED
+CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2021-3857
RESERVED
CVE-2021-41973
@@ -3145,8 +3145,8 @@ CVE-2021-41852
RESERVED
CVE-2021-41851
RESERVED
-CVE-2021-3851
- RESERVED
+CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site
...)
+ TODO: check
CVE-2021-3850
RESERVED
CVE-2021-3849
@@ -3188,8 +3188,8 @@ CVE-2021-3847 [low-privileged user privileges escalation]
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704
NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3
-CVE-2021-3846
- RESERVED
+CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with
Dangerou ...)
+ TODO: check
CVE-2021-23139
RESERVED
CVE-2021-3845
@@ -4724,8 +4724,8 @@ CVE-2021-41151 (Backstage is an open platform for
building developer portals. In
TODO: check
CVE-2021-41150
RESERVED
-CVE-2021-41149
- RESERVED
+CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and
generat ...)
+ TODO: check
CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
NOT-FOR-US: Tuleap
CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
@@ -4742,8 +4742,8 @@ CVE-2021-41142 (Tuleap Open ALM is a libre and open
source tool for end to end t
NOT-FOR-US: Tuleap
CVE-2021-41141
RESERVED
-CVE-2021-41140
- RESERVED
+CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform
that allows ...)
+ TODO: check
CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
NOT-FOR-US: Anuko Time Tracker
CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the
newly int ...)
@@ -4760,8 +4760,8 @@ CVE-2021-41134
RESERVED
CVE-2021-41132 (OMERO.web provides a web based client and plugin
infrastructure. In ve ...)
NOT-FOR-US: OMERO.web
-CVE-2021-41131
- RESERVED
+CVE-2021-41131 (python-tuf is a Python reference implementation of The Update
Framewor ...)
+ TODO: check
CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables
API mana ...)
NOT-FOR-US: Extensible Service Proxy
CVE-2021-41129 (Pterodactyl is an open-source game server management panel
built with ...)
@@ -7057,8 +7057,7 @@ CVE-2021-40152
RESERVED
CVE-2021-40151
RESERVED
-CVE-2021-3746 [out-of-bounds access via specially crafted TPM 2 command
packets]
- RESERVED
+CVE-2021-3746 (A flaw was found in the libtpms code that may cause access
beyond the ...)
- libtpms <unfixed>
NOTE:
https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df
(v0.6.6)
NOTE:
https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72
(v0.6.6)
@@ -8880,8 +8879,8 @@ CVE-2021-39357
RESERVED
CVE-2021-39356
RESERVED
-CVE-2021-39355
- RESERVED
+CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to
Stored Cross ...)
+ TODO: check
CVE-2021-39354
RESERVED
CVE-2021-39353
@@ -8904,8 +8903,8 @@ CVE-2021-39345 (The HAL WordPress plugin is vulnerable to
Stored Cross-Site Scri
NOT-FOR-US: WordPress plugin
CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39343
- RESERVED
+CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored
Cross-Site ...)
+ TODO: check
CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's
associated C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39341
@@ -8932,8 +8931,8 @@ CVE-2021-39331
RESERVED
CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to
Stored C ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-39329
- RESERVED
+CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
CVE-2021-39328
RESERVED
CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to
sensitive i ...)
@@ -10014,8 +10013,8 @@ CVE-2021-38913
RESERVED
CVE-2021-38912
RESERVED
-CVE-2021-38911
- RESERVED
+CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user
credentials in p ...)
+ TODO: check
CVE-2021-38910
RESERVED
CVE-2021-38909
@@ -11040,56 +11039,56 @@ CVE-2021-38488
RESERVED
CVE-2021-38487
RESERVED
-CVE-2021-38486
- RESERVED
+CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 cl ...)
+ TODO: check
CVE-2021-38485
RESERVED
-CVE-2021-38484
- RESERVED
+CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 do ...)
+ TODO: check
CVE-2021-38483
RESERVED
-CVE-2021-38482
- RESERVED
+CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 we ...)
+ TODO: check
CVE-2021-38481
RESERVED
-CVE-2021-38480
- RESERVED
+CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
+ TODO: check
CVE-2021-38479
RESERVED
-CVE-2021-38478
- RESERVED
+CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
+ TODO: check
CVE-2021-38477
RESERVED
-CVE-2021-38476
- RESERVED
+CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 au ...)
+ TODO: check
CVE-2021-38475
RESERVED
-CVE-2021-38474
- RESERVED
+CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ha ...)
+ TODO: check
CVE-2021-38473
RESERVED
-CVE-2021-38472
- RESERVED
+CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ma ...)
+ TODO: check
CVE-2021-38471
RESERVED
-CVE-2021-38470
- RESERVED
+CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
+ TODO: check
CVE-2021-38469
RESERVED
-CVE-2021-38468
- RESERVED
+CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ar ...)
+ TODO: check
CVE-2021-38467
RESERVED
-CVE-2021-38466
- RESERVED
+CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 do ...)
+ TODO: check
CVE-2021-38465
RESERVED
-CVE-2021-38464
- RESERVED
+CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 ha ...)
+ TODO: check
CVE-2021-38463
RESERVED
-CVE-2021-38462
- RESERVED
+CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and
2.3.0.r4870 do ...)
+ TODO: check
CVE-2021-38461
RESERVED
CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network
Management s ...)
@@ -11494,6 +11493,7 @@ CVE-2021-38293
CVE-2021-38292
RESERVED
CVE-2021-38291 (FFmpeg version (git commit
de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
+ {DSA-4990-1}
- ffmpeg <unfixed> (unimportant)
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1
NOTE: https://trac.ffmpeg.org/ticket/9312
@@ -11877,6 +11877,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command
execution because of the mish
CVE-2021-38172
RESERVED
CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4
does not ...)
+ {DSA-4990-1}
- ffmpeg <unfixed>
[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
[stretch] - ffmpeg <postponed> (Wait to be fixed in buster first)
@@ -12018,7 +12019,7 @@ CVE-2021-38115 (read_header_tga in gd_tga.c in the GD
Graphics Library (aka LibG
NOTE: https://github.com/libgd/libgd/issues/697
NOTE:
https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return
value of ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg <unfixed>
[bullseye] - ffmpeg <postponed> (Wait for 4.3.3)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
@@ -14263,16 +14264,14 @@ CVE-2021-37139
RESERVED
CVE-2021-37138
RESERVED
-CVE-2021-37137
- RESERVED
+CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk
length wh ...)
- netty <unfixed>
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
[stretch] - netty <no-dsa> (Minor issue)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
NOTE: Fixed by:
https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f
(netty-4.1.68.Final)
-CVE-2021-37136
- RESERVED
+CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting
size re ...)
- netty <unfixed>
[bullseye] - netty <no-dsa> (Minor issue)
[buster] - netty <no-dsa> (Minor issue)
@@ -14927,8 +14926,8 @@ CVE-2021-36834
RESERVED
CVE-2021-36833
RESERVED
-CVE-2021-36832
- RESERVED
+CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation
Plugin ̵ ...)
+ TODO: check
CVE-2021-36831
RESERVED
CVE-2021-36830
@@ -15722,8 +15721,8 @@ CVE-2021-36514
RESERVED
CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify
in sofia ...)
TODO: check
-CVE-2021-36512
- RESERVED
+CVE-2021-36512 (An issue was discovered in function scanallsubs in
src/sbbs3/scansubs. ...)
+ TODO: check
CVE-2021-36511
RESERVED
CVE-2021-36510
@@ -18545,8 +18544,8 @@ CVE-2021-35325 (A stack overflow in the checkLoginUser
function of TOTOLINK A720
NOT-FOR-US: TOTOLINK A720R A720R_Firmware
CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R
A720R_Fir ...)
NOT-FOR-US: TOTOLINK A720R A720R_Firmware
-CVE-2021-35323
- RESERVED
+CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit
3-13-1 via t ...)
+ TODO: check
CVE-2021-35322
RESERVED
CVE-2021-35321
@@ -21539,8 +21538,8 @@ CVE-2021-33990
RESERVED
CVE-2021-33989
RESERVED
-CVE-2021-33988
- RESERVED
+CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber
CMS 1.2 ...)
+ TODO: check
CVE-2021-33987
RESERVED
CVE-2021-33986
@@ -24886,10 +24885,10 @@ CVE-2021-32666 (wire-ios is the iOS version of Wire,
an open-source secure messa
NOT-FOR-US: wire-ios (iOS version of Wire)
CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure
messaging a ...)
NOT-FOR-US: wire-ios (iOS version of Wire)
-CVE-2021-32664
- RESERVED
-CVE-2021-32663
- RESERVED
+CVE-2021-32664 (Combodo iTop is an open source web based IT Service Management
tool. I ...)
+ TODO: check
+CVE-2021-32663 (iTop is an open source web based IT Service Management tool.
In affect ...)
+ TODO: check
CVE-2021-32662 (Backstage is an open platform for building developer portals,
and tech ...)
NOT-FOR-US: Backstage
CVE-2021-32661 (Backstage is an open platform for building developer portals.
In versi ...)
@@ -28318,115 +28317,81 @@ CVE-2021-31388
RESERVED
CVE-2021-31387
RESERVED
-CVE-2021-31386
- RESERVED
+CVE-2021-31386 (A Protection Mechanism Failure vulnerability in the J-Web HTTP
service ...)
NOT-FOR-US: Juniper
-CVE-2021-31385
- RESERVED
+CVE-2021-31385 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
NOT-FOR-US: Juniper
-CVE-2021-31384
- RESERVED
+CVE-2021-31384 (Due to a Missing Authorization weakness and Insufficient
Granularity o ...)
NOT-FOR-US: Juniper
-CVE-2021-31383
- RESERVED
-CVE-2021-31382
- RESERVED
+CVE-2021-31383 (In Point to MultiPoint (P2MP) scenarios within established
sessions be ...)
+ TODO: check
+CVE-2021-31382 (On PTX1000 System, PTX10002-60C System, after upgrading to an
affected ...)
NOT-FOR-US: Juniper
-CVE-2021-31381
- RESERVED
+CVE-2021-31381 (A configuration weakness in the JBoss Application Server
(AppSvr) comp ...)
NOT-FOR-US: Juniper
-CVE-2021-31380
- RESERVED
+CVE-2021-31380 (A configuration weakness in the JBoss Application Server
(AppSvr) comp ...)
NOT-FOR-US: Juniper
-CVE-2021-31379
- RESERVED
+CVE-2021-31379 (An Incorrect Behavior Order vulnerability in the MAP-E
automatic tunne ...)
NOT-FOR-US: Juniper
-CVE-2021-31378
- RESERVED
+CVE-2021-31378 (In broadband environments, including but not limited to
Enhanced Subsc ...)
NOT-FOR-US: Juniper
-CVE-2021-31377
- RESERVED
+CVE-2021-31377 (An Incorrect Permission Assignment for Critical Resource
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2021-31376
- RESERVED
+CVE-2021-31376 (An Improper Input Validation vulnerability in Packet
Forwarding Engine ...)
NOT-FOR-US: Juniper
-CVE-2021-31375
- RESERVED
+CVE-2021-31375 (An Improper Input Validation vulnerability in routing process
daemon ( ...)
NOT-FOR-US: Juniper
-CVE-2021-31374
- RESERVED
+CVE-2021-31374 (On Juniper Networks Junos OS and Junos OS Evolved devices
processing a ...)
NOT-FOR-US: Juniper
-CVE-2021-31373
- RESERVED
+CVE-2021-31373 (A persistent Cross-Site Scripting (XSS) vulnerability in
Juniper Netwo ...)
NOT-FOR-US: Juniper
-CVE-2021-31372
- RESERVED
+CVE-2021-31372 (An Improper Input Validation vulnerability in J-Web of Juniper
Network ...)
NOT-FOR-US: Juniper
-CVE-2021-31371
- RESERVED
+CVE-2021-31371 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for
internal com ...)
NOT-FOR-US: Juniper
-CVE-2021-31370
- RESERVED
+CVE-2021-31370 (An Incomplete List of Disallowed Inputs vulnerability in
Packet Forwar ...)
NOT-FOR-US: Juniper
-CVE-2021-31369
- RESERVED
+CVE-2021-31369 (On MX Series platforms with MS-MPC/MS-MIC, an Allocation of
Resources ...)
NOT-FOR-US: Juniper
-CVE-2021-31368
- RESERVED
+CVE-2021-31368 (An Uncontrolled Resource Consumption vulnerability in the
kernel of Ju ...)
NOT-FOR-US: Juniper
-CVE-2021-31367
- RESERVED
+CVE-2021-31367 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2021-31366
- RESERVED
+CVE-2021-31366 (An Unchecked Return Value vulnerability in the authd
(authentication d ...)
NOT-FOR-US: Juniper
-CVE-2021-31365
- RESERVED
+CVE-2021-31365 (An Uncontrolled Resource Consumption vulnerability in Juniper
Networks ...)
NOT-FOR-US: Juniper
-CVE-2021-31364
- RESERVED
+CVE-2021-31364 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2021-31363
- RESERVED
+CVE-2021-31363 (In an MPLS P2MP environment a Loop with Unreachable Exit
Condition vul ...)
NOT-FOR-US: Juniper
-CVE-2021-31362
- RESERVED
+CVE-2021-31362 (A Protection Mechanism Failure vulnerability in RPD (routing
protocol ...)
NOT-FOR-US: Juniper
-CVE-2021-31361
- RESERVED
+CVE-2021-31361 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2021-31360
- RESERVED
+CVE-2021-31360 (An improper privilege management vulnerability in the Juniper
Networks ...)
NOT-FOR-US: Juniper
-CVE-2021-31359
- RESERVED
+CVE-2021-31359 (A local privilege escalation vulnerability in Juniper Networks
Junos O ...)
NOT-FOR-US: Juniper
-CVE-2021-31358
- RESERVED
-CVE-2021-31357
- RESERVED
-CVE-2021-31356
- RESERVED
-CVE-2021-31355
- RESERVED
+CVE-2021-31358 (A command injection vulnerability in sftp command processing
on Junipe ...)
+ TODO: check
+CVE-2021-31357 (A command injection vulnerability in tcpdump command
processing on Jun ...)
+ TODO: check
+CVE-2021-31356 (A command injection vulnerability in command processing on
Juniper Net ...)
+ TODO: check
+CVE-2021-31355 (A persistent cross-site scripting (XSS) vulnerability in the
captive p ...)
NOT-FOR-US: Juniper
-CVE-2021-31354
- RESERVED
+CVE-2021-31354 (An Out Of Bounds (OOB) access vulnerability in the handling of
respons ...)
NOT-FOR-US: Juniper
-CVE-2021-31353
- RESERVED
+CVE-2021-31353 (An Improper Handling of Exceptional Conditions vulnerability
in Junipe ...)
NOT-FOR-US: Juniper
-CVE-2021-31352
- RESERVED
+CVE-2021-31352 (An Information Exposure vulnerability in Juniper Networks SRC
Series d ...)
NOT-FOR-US: Juniper
-CVE-2021-31351
- RESERVED
+CVE-2021-31351 (An Improper Check for Unusual or Exceptional Conditions in
packet proc ...)
NOT-FOR-US: Juniper
-CVE-2021-31350
- RESERVED
+CVE-2021-31350 (An Improper Privilege Management vulnerability in the gRPC
framework, ...)
NOT-FOR-US: Juniper
-CVE-2021-31349
- RESERVED
+CVE-2021-31349 (The usage of an internal HTTP header created an authentication
bypass ...)
NOT-FOR-US: Juniper
CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
{DLA-2705-1}
@@ -29500,8 +29465,8 @@ CVE-2021-30871
REJECTED
CVE-2021-30870
REJECTED
-CVE-2021-30869
- REJECTED
+CVE-2021-30869 (A type confusion issue was addressed with improved state
handling. Thi ...)
+ TODO: check
CVE-2021-30868
REJECTED
CVE-2021-30867
@@ -29542,58 +29507,58 @@ CVE-2021-30852
REJECTED
CVE-2021-30851
REJECTED
-CVE-2021-30850
- RESERVED
-CVE-2021-30849
- RESERVED
-CVE-2021-30848
- RESERVED
-CVE-2021-30847
- RESERVED
-CVE-2021-30846
- RESERVED
-CVE-2021-30845
- RESERVED
-CVE-2021-30844
- RESERVED
-CVE-2021-30843
- RESERVED
-CVE-2021-30842
- RESERVED
-CVE-2021-30841
- RESERVED
+CVE-2021-30850 (An access issue was addressed with improved access
restrictions. This ...)
+ TODO: check
+CVE-2021-30849 (Multiple memory corruption issues were addressed with improved
memory ...)
+ TODO: check
+CVE-2021-30848 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2021-30847 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2021-30846 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2021-30844 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2021-30843 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2021-30842 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2021-30841 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2021-30840
RESERVED
CVE-2021-30839
RESERVED
-CVE-2021-30838
- RESERVED
-CVE-2021-30837
- RESERVED
+CVE-2021-30838 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2021-30837 (A memory consumption issue was addressed with improved memory
handling ...)
+ TODO: check
CVE-2021-30836
RESERVED
-CVE-2021-30835
- RESERVED
+CVE-2021-30835 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2021-30834
RESERVED
CVE-2021-30833
RESERVED
-CVE-2021-30832
- RESERVED
+CVE-2021-30832 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2021-30831
RESERVED
-CVE-2021-30830
- RESERVED
-CVE-2021-30829
- RESERVED
-CVE-2021-30828
- RESERVED
-CVE-2021-30827
- RESERVED
-CVE-2021-30826
- RESERVED
-CVE-2021-30825
- RESERVED
+CVE-2021-30830 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
+CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This
issue is ...)
+ TODO: check
+CVE-2021-30828 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2021-30827 (A permissions issue existed. This issue was addressed with
improved pe ...)
+ TODO: check
+CVE-2021-30826 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2021-30825 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2021-30824
RESERVED
CVE-2021-30823
@@ -29602,34 +29567,34 @@ CVE-2021-30822
RESERVED
CVE-2021-30821
RESERVED
-CVE-2021-30820
- RESERVED
-CVE-2021-30819
- RESERVED
+CVE-2021-30820 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2021-30819 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2021-30818
RESERVED
CVE-2021-30817
RESERVED
CVE-2021-30816
RESERVED
-CVE-2021-30815
- RESERVED
+CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked
device. Thi ...)
+ TODO: check
CVE-2021-30814
RESERVED
CVE-2021-30813
RESERVED
CVE-2021-30812
RESERVED
-CVE-2021-30811
- RESERVED
-CVE-2021-30810
- RESERVED
+CVE-2021-30811 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2021-30810 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
CVE-2021-30809
RESERVED
CVE-2021-30808
RESERVED
-CVE-2021-30807
- RESERVED
+CVE-2021-30807 (A memory corruption issue was addressed with improved memory
handling. ...)
+ TODO: check
CVE-2021-30806
RESERVED
CVE-2021-30805 (A memory corruption issue was addressed with improved input
validation ...)
@@ -31002,8 +30967,8 @@ CVE-2021-30360
RESERVED
CVE-2021-30359
RESERVED
-CVE-2021-30358
- RESERVED
+CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined
by the ...)
+ TODO: check
CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302
reveals p ...)
NOT-FOR-US: SSL Network Extender Client
CVE-2021-30356 (A denial of service vulnerability was reported in Check Point
Identity ...)
@@ -32281,8 +32246,8 @@ CVE-2021-29914
RESERVED
CVE-2021-29913
RESERVED
-CVE-2021-29912
- RESERVED
+CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to
cross-site ...)
+ TODO: check
CVE-2021-29911
RESERVED
CVE-2021-29910
@@ -39288,8 +39253,8 @@ CVE-2021-27003 (Clustered Data ONTAP versions prior to
9.5P18, 9.6P15, 9.7P14, 9
NOT-FOR-US: Clustered Data ONTAP (NetApp)
CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible
to a vul ...)
NOT-FOR-US: NetApp Cloud Manager
-CVE-2021-27001
- RESERVED
+CVE-2021-27001 (Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16,
9.7P16, 9.8 ...)
+ TODO: check
CVE-2021-27000
RESERVED
CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive
information ...)
@@ -40304,8 +40269,8 @@ CVE-2021-26591
RESERVED
CVE-2021-26590
RESERVED
-CVE-2021-26589
- RESERVED
+CVE-2021-26589 (A potential security vulnerability has been identified in HPE
Superdom ...)
+ TODO: check
CVE-2021-26588 (A potential security vulnerability has been identified in HPE
3PAR Sto ...)
NOT-FOR-US: HPE
CVE-2021-26587 (A potential DOM-based Cross Site Scripting security
vulnerability has ...)
@@ -41932,8 +41897,8 @@ CVE-2021-25970
RESERVED
CVE-2021-25969
RESERVED
-CVE-2021-25968
- RESERVED
+CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are
affected by a ...)
+ TODO: check
CVE-2021-25967
RESERVED
CVE-2021-25966 (In “Orchard core CMS” application, versions
1.0.0-beta1-33 ...)
@@ -52909,7 +52874,7 @@ CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF
for password changes via
CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the
admin/logs_ajax.php tipo ...)
NOT-FOR-US: MK-AUTH
CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an
out-of-bounds ...)
- {DLA-2537-1}
+ {DSA-4990-1 DLA-2537-1}
- ffmpeg 7:4.3.1-6 (bug #979999)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
@@ -60693,8 +60658,8 @@ CVE-2020-29623 ("Clear History and Website Data" did
not clear the history. The
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.30.6-1
NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
-CVE-2020-29622
- RESERVED
+CVE-2020-29622 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
CVE-2020-29621 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2020-29620 (This issue was addressed with improved entitlements. This
issue is fix ...)
@@ -67794,16 +67759,13 @@ CVE-2020-27888 (An issue was discovered on Ubiquiti
UniFi Meshing Access Point U
NOT-FOR-US: Ubiquiti
CVE-2021-0300
RESERVED
-CVE-2021-0299
- RESERVED
+CVE-2021-0299 (An Improper Handling of Exceptional Conditions vulnerability in
the pr ...)
NOT-FOR-US: Juniper
-CVE-2021-0298
- RESERVED
-CVE-2021-0297
- RESERVED
+CVE-2021-0298 (A Race Condition in the 'show chassis pic' command in Juniper
Networks ...)
+ TODO: check
+CVE-2021-0297 (A vulnerability in the processing of TCP MD5 authentication in
Juniper ...)
NOT-FOR-US: Juniper
-CVE-2021-0296
- RESERVED
+CVE-2021-0296 (The Juniper Networks CTPView server is not enforcing HTTP
Strict Trans ...)
NOT-FOR-US: Juniper
CVE-2021-0295 (A vulnerability in the Distance Vector Multicast Routing
Protocol (DVM ...)
NOT-FOR-US: Juniper
@@ -81946,6 +81908,7 @@ CVE-2020-22056 (A Denial of Service vulnerability
exists in FFmpeg 4.2 due to a
CVE-2020-22055
RESERVED
CVE-2020-22054 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to
a memory ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8315
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f2a3958cfac135c60b509a61a4fd39432d8f9a9
@@ -81962,6 +81925,7 @@ CVE-2020-22051 (A Denial of Service vulnerability
exists in FFmpeg 4.2 due to a
CVE-2020-22050
RESERVED
CVE-2020-22049 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to
a memory ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8314
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=373c1c9b691fd4c6831b3a114a006b639304c2af
@@ -82011,69 +81975,76 @@ CVE-2020-22038 (A Denial of Service vulnerability
exists in FFmpeg 4.2 due to a
NOTE: https://trac.ffmpeg.org/ticket/8285
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013
CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to
a memory ...)
+ {DSA-4990-1}
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8281
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7bba0dd6382e30d646cb406034a66199e071d713
NOTE: Pending for 4.4.1
CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE: https://trac.ffmpeg.org/ticket/8261
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to
MITRE
CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in get ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8262
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054
CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
at libavf ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8236
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2
at libavf ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8246
NOTE: https://trac.ffmpeg.org/ticket/8241
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2
at libavf ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE: https://trac.ffmpeg.org/ticket/8275
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE: https://trac.ffmpeg.org/ticket/8243
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8276
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at lib ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
NOTE: https://trac.ffmpeg.org/ticket/8250
CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in
filter_verticall ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
NOTE: https://trac.ffmpeg.org/ticket/8274
CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2
in defl ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <ignored> (Required change too invasive, original
patch need to be completely rewritten)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
NOTE: https://trac.ffmpeg.org/ticket/8242
CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the
config_input ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
NOTE: https://trac.ffmpeg.org/ticket/8317
CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in
gaussian_blur at ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
NOTE: https://trac.ffmpeg.org/ticket/8260
@@ -82084,26 +82055,27 @@ CVE-2020-22024 (Buffer Overflow vulnerability in
FFmpeg 4.2 at the lagfun_frame1
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3
NOTE: https://trac.ffmpeg.org/ticket/8310
CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg
4.2 in fi ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
NOTE: https://trac.ffmpeg.org/ticket/8244
CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 in fil ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
NOTE: https://trac.ffmpeg.org/ticket/8264
CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges
function i ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
NOTE: https://trac.ffmpeg.org/ticket/8240
CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the
build_diff_map func ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE: https://trac.ffmpeg.org/ticket/8239
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at
convolution_y_10bit in ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8246
@@ -82112,17 +82084,18 @@ CVE-2020-22019 (Buffer Overflow vulnerability in
FFmpeg 4.2 at convolution_y_10b
CVE-2020-22018
RESERVED
CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg
4.2 at ff_ ...)
+ {DSA-4990-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/8309
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at
libavcodec ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.2.2-1
NOTE: https://trac.ffmpeg.org/ticket/8183
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in
mov_write_video_tag due ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
NOTE: https://trac.ffmpeg.org/ticket/8190
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46
@@ -84242,7 +84215,7 @@ CVE-2020-21043
CVE-2020-21042
RESERVED
CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via
apng_do_inverse ...)
- {DLA-2742-1}
+ {DSA-4990-1 DLA-2742-1}
[experimental] - ffmpeg 7:4.4-1
- ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
[stretch] - ffmpeg <postponed> (Wait for 4.1.8)
@@ -85453,6 +85426,7 @@ CVE-2020-20455
CVE-2020-20454
RESERVED
CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via
libavcodec/aaccod ...)
+ {DSA-4990-1}
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/8003
NOTE: Negligible security impact
@@ -85475,6 +85449,7 @@ CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer
dereference passed as arg
CVE-2020-20449
RESERVED
CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via
libavcodec/rate ...)
+ {DSA-4722-1}
- ffmpeg 7:4.3-2 (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7990
NOTE: Negligible security impact
@@ -85483,12 +85458,14 @@ CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide
By Zero issue via libavcode
CVE-2020-20447
RESERVED
CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via
libavcodec/aacpsy ...)
+ {DSA-4990-1}
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7995
NOTE: Negligible security impact
NOTE:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002
NOTE: Pending for 4.4.1
CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via
libavcodec/lpc.h, ...)
+ {DSA-4990-1}
- ffmpeg <unfixed> (unimportant)
NOTE: https://trac.ffmpeg.org/ticket/7996
NOTE: Negligible security impact
@@ -105571,8 +105548,8 @@ CVE-2020-12143 (The certificate used to identify
Orchestrator to EdgeConnect dev
NOT-FOR-US: EdgeConnect
CVE-2020-12142 (1. IPSec UDP key material can be retrieved from
machine-to-machine int ...)
NOT-FOR-US: EdgeConnect
-CVE-2020-12141
- RESERVED
+CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and
earlier ...)
+ TODO: check
CVE-2020-12140
RESERVED
CVE-2020-12139
@@ -429343,8 +429320,8 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in
Apache HttpComponents, when
[squeeze] - httpcomponents-client 4.0.1-1squeeze1
NOTE: http://seclists.org/oss-sec/2011/q2/188
NOTE:
http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
-CVE-2011-1497
- RESERVED
+CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the
auto_link f ...)
+ TODO: check
CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which
allows ...)
{DSA-2212-1}
- tmux 1.4-6 (bug #620304)
@@ -430671,8 +430648,8 @@ CVE-2011-1076 (net/dns_resolver/dns_key.c in the
Linux kernel before 2.6.38 allo
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2011-1075
- RESERVED
+CVE-2011-1075 (FreeBSD's crontab calculates the MD5 sum of the previous and
new cronj ...)
+ TODO: check
CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine
the ex ...)
- cron <not-affected> (Debian's cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local
users ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a5ad1b9c487903633f7ee4e00c50d1050bff51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1a5ad1b9c487903633f7ee4e00c50d1050bff51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
