From bff60510087638c1556df7e25ed52b7c12020147 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 25 Oct 2021 20:10:16 +0000 Subject: automatic update --- data/CVE/list | 293 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 145 insertions(+), 148 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index f9c8e97509..e7f8b22b52 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2021-3904 + RESERVED +CVE-2021-3903 + RESERVED +CVE-2020-36503 + RESERVED CVE-2021-43010 RESERVED CVE-2021-43009 @@ -4021,8 +4027,8 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 CVE-2021-3839 RESERVED -CVE-2017-20007 - RESERVED +CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) + TODO: check CVE-2021-41772 RESERVED CVE-2021-41771 @@ -5343,8 +5349,8 @@ CVE-2021-41178 RESERVED CVE-2021-41177 RESERVED -CVE-2021-41176 - RESERVED +CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) + TODO: check CVE-2021-41175 RESERVED CVE-2021-41174 @@ -5689,8 +5695,8 @@ CVE-2021-41037 RESERVED CVE-2021-41036 RESERVED -CVE-2021-41035 - RESERVED +CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...) + TODO: check CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) NOT-FOR-US: Eclipse Che CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) @@ -6061,8 +6067,7 @@ CVE-2021-3798 [Soft token does not check if an EC key is valid] NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0) NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0 -CVE-2021-40865 - RESERVED +CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...) NOT-FOR-US: Apache Storm CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...) NOT-FOR-US: Hestia Control Panel @@ -6863,10 +6868,10 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on NOTE: a query). -CVE-2021-40527 - RESERVED -CVE-2021-40526 - RESERVED +CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...) + TODO: check +CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) + TODO: check CVE-2021-40525 RESERVED CVE-2021-3776 @@ -10001,10 +10006,10 @@ CVE-2021-39223 RESERVED CVE-2021-39222 RESERVED -CVE-2021-39221 - RESERVED -CVE-2021-39220 - RESERVED +CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + TODO: check +CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) + TODO: check CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...) NOT-FOR-US: wasmtime CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) @@ -12182,8 +12187,7 @@ CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) - yii (bug #597899) -CVE-2021-38294 - RESERVED +CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...) NOT-FOR-US: Apache Storm CVE-2021-38293 RESERVED @@ -13889,8 +13893,7 @@ CVE-2021-37626 (Contao is an open source CMS that allows you to create websites NOT-FOR-US: Contao CMS CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...) NOT-FOR-US: Skytable -CVE-2021-37624 - RESERVED +CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) - freeswitch (bug #389591) NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) @@ -19503,8 +19506,8 @@ CVE-2021-35233 RESERVED CVE-2021-35232 RESERVED -CVE-2021-35231 - RESERVED +CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) + TODO: check CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...) NOT-FOR-US: Kiwi CatTools Installation Wizard CVE-2021-35229 @@ -20302,28 +20305,28 @@ CVE-2021-34866 NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14) CVE-2021-34865 RESERVED -CVE-2021-34864 - RESERVED -CVE-2021-34863 - RESERVED -CVE-2021-34862 - RESERVED -CVE-2021-34861 - RESERVED -CVE-2021-34860 - RESERVED -CVE-2021-34859 - RESERVED +CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check +CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + TODO: check +CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check CVE-2021-34858 RESERVED -CVE-2021-34857 - RESERVED -CVE-2021-34856 - RESERVED -CVE-2021-34855 - RESERVED -CVE-2021-34854 - RESERVED +CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check +CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...) + TODO: check +CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...) + TODO: check CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -26116,7 +26119,7 @@ CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x befor NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575 -CVE-2021-3546 (A flaw was found in vhost-user-gpu of QEMU in versions up to and inclu ...) +CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...) {DSA-4980-1} - qemu 1:6.1+dfsg-1 (bug #989042) [buster] - qemu (Minor issue) @@ -33294,7 +33297,7 @@ CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, NOT-FOR-US: IBM CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...) NOT-FOR-US: IBM -CVE-2021-29764 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) +CVE-2021-29764 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...) NOT-FOR-US: IBM CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) NOT-FOR-US: IBM @@ -42634,8 +42637,8 @@ CVE-2021-25979 RESERVED CVE-2021-25978 RESERVED -CVE-2021-25977 - RESERVED +CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...) + TODO: check CVE-2021-25976 RESERVED CVE-2021-25975 @@ -44456,7 +44459,7 @@ CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser NOT-FOR-US: SmartAgent CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...) NOT-FOR-US: ChurchRota -CVE-2021-3163 (A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attac ...) +CVE-2021-3163 (** DISPUTED ** A vulnerability in the HTML editor of Slab Quill 4.8.0 ...) NOT-FOR-US: Slab Quill CVE-2021-25301 RESERVED @@ -45419,10 +45422,10 @@ CVE-2021-24887 RESERVED CVE-2021-24886 RESERVED -CVE-2021-24885 - RESERVED -CVE-2021-24884 - RESERVED +CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...) + TODO: check +CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...) + TODO: check CVE-2021-24883 RESERVED CVE-2021-24882 @@ -45619,8 +45622,8 @@ CVE-2021-24787 RESERVED CVE-2021-24786 RESERVED -CVE-2021-24785 - RESERVED +CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...) + TODO: check CVE-2021-24784 RESERVED CVE-2021-24783 @@ -45631,8 +45634,8 @@ CVE-2021-24781 RESERVED CVE-2021-24780 RESERVED -CVE-2021-24779 - RESERVED +CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...) + TODO: check CVE-2021-24778 RESERVED CVE-2021-24777 @@ -45641,8 +45644,8 @@ CVE-2021-24776 RESERVED CVE-2021-24775 RESERVED -CVE-2021-24774 - RESERVED +CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...) + TODO: check CVE-2021-24773 RESERVED CVE-2021-24772 @@ -45651,8 +45654,8 @@ CVE-2021-24771 RESERVED CVE-2021-24770 RESERVED -CVE-2021-24769 - RESERVED +CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...) + TODO: check CVE-2021-24768 RESERVED CVE-2021-24767 @@ -45701,8 +45704,8 @@ CVE-2021-24746 RESERVED CVE-2021-24745 RESERVED -CVE-2021-24744 - RESERVED +CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...) + TODO: check CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...) NOT-FOR-US: WordPress plugin CVE-2021-24742 @@ -45791,8 +45794,8 @@ CVE-2021-24701 RESERVED CVE-2021-24700 RESERVED -CVE-2021-24699 - RESERVED +CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...) + TODO: check CVE-2021-24698 RESERVED CVE-2021-24697 @@ -45865,8 +45868,8 @@ CVE-2021-24664 RESERVED CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...) NOT-FOR-US: WordPress plugin -CVE-2021-24662 - RESERVED +CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...) + TODO: check CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) @@ -45883,8 +45886,8 @@ CVE-2021-24655 RESERVED CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...) NOT-FOR-US: WordPress plugin -CVE-2021-24653 - RESERVED +CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...) + TODO: check CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...) @@ -45973,8 +45976,8 @@ CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implem NOT-FOR-US: WordPress plugin CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...) NOT-FOR-US: WordPress plugin -CVE-2021-24608 - RESERVED +CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey & Quiz Fo ...) + TODO: check CVE-2021-24607 RESERVED CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...) @@ -46101,10 +46104,10 @@ CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress NOT-FOR-US: WordPress plugin CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...) NOT-FOR-US: WordPress plugin -CVE-2021-24544 - RESERVED -CVE-2021-24543 - RESERVED +CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...) + TODO: check +CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...) + TODO: check CVE-2021-24542 RESERVED CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...) @@ -46159,10 +46162,10 @@ CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms W NOT-FOR-US: WordPress plugin CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...) NOT-FOR-US: WordPress plugin -CVE-2021-24515 - RESERVED -CVE-2021-24514 - RESERVED +CVE-2021-24515 (The Video Gallery – Vimeo and YouTube Gallery WordPress plugin t ...) + TODO: check +CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...) + TODO: check CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...) @@ -46211,16 +46214,16 @@ CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF c NOT-FOR-US: WordPress plugin CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...) NOT-FOR-US: WordPress plugin -CVE-2021-24489 - RESERVED +CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...) + TODO: check CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...) NOT-FOR-US: WordPress plugin -CVE-2021-24487 - RESERVED +CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...) + TODO: check CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...) NOT-FOR-US: WordPress plugin -CVE-2021-24485 - RESERVED +CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...) + TODO: check CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...) NOT-FOR-US: WordPress plugin CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...) @@ -46361,8 +46364,8 @@ CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before NOT-FOR-US: WordPress plugin CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery plugin Wor ...) NOT-FOR-US: WordPress plugin -CVE-2021-24414 - RESERVED +CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...) + TODO: check CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress plugin befor ...) @@ -46427,8 +46430,8 @@ CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not saniti NOT-FOR-US: WordPress plugin CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...) NOT-FOR-US: WordPress plugin -CVE-2021-24381 - RESERVED +CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not ...) + TODO: check CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...) NOT-FOR-US: WordPress plugin CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...) @@ -54945,8 +54948,8 @@ CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin t NOT-FOR-US: Node fastify-reply-from CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...) NOT-FOR-US: Node matrix-react-sdk -CVE-2021-21319 - RESERVED +CVE-2021-21319 (Galette is a membership management web application geared towards non ...) + TODO: check CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...) NOT-FOR-US: Opencast CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...) @@ -66120,20 +66123,16 @@ CVE-2021-0943 RESERVED CVE-2021-0942 RESERVED -CVE-2021-0941 [bpf: Remove MTU check in __bpf_skb_max_len] - RESERVED +CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds ...) - linux 5.10.28-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae -CVE-2021-0940 - RESERVED +CVE-2021-0940 (In TBD of TBD, there is a possible out of bounds write due to improper ...) NOT-FOR-US: Pixel components -CVE-2021-0939 - RESERVED +CVE-2021-0939 (In set_default_passthru_cfg of passthru.c, there is a possible out of ...) NOT-FOR-US: Pixel components -CVE-2021-0938 - RESERVED +CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypass of ...) - linux 5.9.15-1 (unimportant) [buster] - linux 4.19.171-1 [stretch] - linux (Vulnerable code introduced later) @@ -66147,12 +66146,10 @@ CVE-2021-0937 NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 NOTE: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d NOTE: Duplicate of CVE-2021-22555 -CVE-2021-0936 - RESERVED +CVE-2021-0936 (In acc_read of f_accessory.c, there is a possible memory corruption du ...) - linux (Pixel or Android-specific driver) NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 -CVE-2021-0935 - RESERVED +CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds write d ...) - linux 4.15.17-1 [stretch] - linux 4.9.258-1 NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4 @@ -66701,12 +66698,12 @@ CVE-2021-0665 RESERVED CVE-2021-0664 RESERVED -CVE-2021-0663 - RESERVED -CVE-2021-0662 - RESERVED -CVE-2021-0661 - RESERVED +CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an incorr ...) + TODO: check +CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an incorr ...) + TODO: check +CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an incorr ...) + TODO: check CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...) NOT-FOR-US: Mediatek CVE-2021-0659 @@ -66759,16 +66756,16 @@ CVE-2021-0636 (When extracting the incorrectly formatted avi file, the memory is NOT-FOR-US: UniSoc components for Android CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory is dama ...) NOT-FOR-US: UniSoc components for Android -CVE-2021-0634 - RESERVED -CVE-2021-0633 - RESERVED -CVE-2021-0632 - RESERVED -CVE-2021-0631 - RESERVED -CVE-2021-0630 - RESERVED +CVE-2021-0634 (In display driver, there is a possible memory corruption due to uninit ...) + TODO: check +CVE-2021-0633 (In display driver, there is a possible out of bounds write due to an i ...) + TODO: check +CVE-2021-0632 (In wifi driver, there is a possible out of bounds read due to a missin ...) + TODO: check +CVE-2021-0631 (In wifi driver, there is a possible system crash due to a missing boun ...) + TODO: check +CVE-2021-0630 (In wifi driver, there is a possible system crash due to a missing boun ...) + TODO: check CVE-2021-0629 RESERVED CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...) @@ -66777,8 +66774,8 @@ CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integ NOT-FOR-US: Mediatek CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Mediatek -CVE-2021-0625 - RESERVED +CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper locking. ...) + TODO: check CVE-2021-0624 RESERVED CVE-2021-0623 @@ -66791,18 +66788,18 @@ CVE-2021-0620 RESERVED CVE-2021-0619 RESERVED -CVE-2021-0618 - RESERVED -CVE-2021-0617 - RESERVED -CVE-2021-0616 - RESERVED -CVE-2021-0615 - RESERVED -CVE-2021-0614 - RESERVED -CVE-2021-0613 - RESERVED +CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to a heap ...) + TODO: check +CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to a heap ...) + TODO: check +CVE-2021-0616 (In ape extractor, there is a possible out of bounds read due to a heap ...) + TODO: check +CVE-2021-0615 (In flv extractor, there is a possible out of bounds read due to an int ...) + TODO: check +CVE-2021-0614 (In asf extractor, there is a possible out of bounds read due to an inc ...) + TODO: check +CVE-2021-0613 (In asf extractor, there is a possible out of bounds read due to an inc ...) + TODO: check CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...) NOT-FOR-US: Mediatek CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...) @@ -67208,18 +67205,18 @@ CVE-2021-0416 (In memory management driver, there is a possible system crash due NOT-FOR-US: Mediatek CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...) NOT-FOR-US: Mediatek -CVE-2021-0414 - RESERVED -CVE-2021-0413 - RESERVED -CVE-2021-0412 - RESERVED -CVE-2021-0411 - RESERVED -CVE-2021-0410 - RESERVED -CVE-2021-0409 - RESERVED +CVE-2021-0414 (In flv extractor, there is a possible out of bounds read due to a heap ...) + TODO: check +CVE-2021-0413 (In flv extractor, there is a possible out of bounds read due to a miss ...) + TODO: check +CVE-2021-0412 (In flv extractor, there is a possible out of bounds read due to a miss ...) + TODO: check +CVE-2021-0411 (In flv extractor, there is a possible out of bounds read due to an int ...) + TODO: check +CVE-2021-0410 (In flv extractor, there is a possible out of bounds read due to an inc ...) + TODO: check +CVE-2021-0409 (In flv extractor, there is a possible out of bounds read due to an inc ...) + TODO: check CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...) NOT-FOR-US: Mediatek CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...) @@ -85227,8 +85224,8 @@ CVE-2020-20910 RESERVED CVE-2020-20909 RESERVED -CVE-2020-20908 - RESERVED +CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...) + TODO: check CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...) NOT-FOR-US: MetInfo CVE-2020-20906 @@ -100588,8 +100585,8 @@ CVE-2020-14266 RESERVED CVE-2020-14265 RESERVED -CVE-2020-14264 - RESERVED +CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) + TODO: check CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) NOT-FOR-US: HCL CVE-2020-14262 @@ -118804,7 +118801,7 @@ CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows di CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...) NOT-FOR-US: UnEgg CVE-2020-7859 - RESERVED + REJECTED CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...) NOT-FOR-US: AquaNPlayer CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...) -- cgit v1.2.3