Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d20ea520 by security tracker role at 2021-11-12T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-21220
+ RESERVED
+CVE-2022-21207
+ RESERVED
+CVE-2022-21205
+ RESERVED
+CVE-2022-21203
+ RESERVED
+CVE-2022-21181
+ RESERVED
+CVE-2022-21180
+ RESERVED
+CVE-2022-21166
+ RESERVED
+CVE-2022-21127
+ RESERVED
+CVE-2022-21125
+ RESERVED
+CVE-2022-21123
+ RESERVED
+CVE-2021-43578
+ RESERVED
+CVE-2021-43577
+ RESERVED
+CVE-2021-43576
+ RESERVED
+CVE-2021-42744
+ RESERVED
+CVE-2021-26262
+ RESERVED
+CVE-2021-26248
+ RESERVED
CVE-2021-3949
RESERVED
CVE-2021-3948
@@ -653,6 +685,7 @@ CVE-2021-3924 (grav is vulnerable to Improper Limitation of
a Pathname to a Rest
NOT-FOR-US: Grav CMS
CVE-2021-23222
RESERVED
+ {DSA-5007-1 DSA-5006-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
- postgresql-11 <removed>
@@ -660,6 +693,7 @@ CVE-2021-23222
NOTE:
https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
CVE-2021-23214
RESERVED
+ {DSA-5007-1 DSA-5006-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
- postgresql-11 <removed>
@@ -2262,18 +2296,18 @@ CVE-2021-43034
RESERVED
CVE-2021-43033
RESERVED
-CVE-2021-3912
- RESERVED
-CVE-2021-3911
- RESERVED
-CVE-2021-3910
- RESERVED
-CVE-2021-3909
- RESERVED
-CVE-2021-3908
- RESERVED
-CVE-2021-3907
- RESERVED
+CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in
memory, ...)
+ TODO: check
+CVE-2021-3911 (If the ROA that a repository returns contains too many bits for
the IP ...)
+ TODO: check
+CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an
invali ...)
+ TODO: check
+CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing
for a slo ...)
+ TODO: check
+CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain,
allowing for ...)
+ TODO: check
+CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..",
this a ...)
+ TODO: check
CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with
Dangerous ...)
NOT-FOR-US: bookstack
CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have
any auth ...)
@@ -2833,14 +2867,14 @@ CVE-2021-42777
RESERVED
CVE-2021-42776
RESERVED
-CVE-2021-42775
- RESERVED
-CVE-2021-42774
- RESERVED
-CVE-2021-42773
- RESERVED
-CVE-2021-42772
- REJECTED
+CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions
before 11.4.4 ...)
+ TODO: check
+CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions
before 11.4.4 ...)
+ TODO: check
+CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions
before 11.4.4 ...)
+ TODO: check
+CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions
before 11.4.4 ...)
+ TODO: check
CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load
arbitrary ...)
{DLA-2790-1}
- python-babel 2.8.0+dfsg.1-7 (bug #987824)
@@ -15732,8 +15766,8 @@ CVE-2021-37912 (The HGiga OAKlouds mobile portal does
not filter special charact
NOT-FOR-US: HGiga OAKlouds mobile portal
CVE-2021-37911 (The management interface of BenQ smart wireless conference
projector d ...)
NOT-FOR-US: BenQ smart wireless conference projector
-CVE-2021-37910
- RESERVED
+CVE-2021-37910 (ASUS routers Wi-Fi protected access protocol (WPA2 and
WPA3-SAE) has i ...)
+ TODO: check
CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not
filter and v ...)
NOT-FOR-US: TSSServiSignAdapter Windows
CVE-2021-37908
@@ -16202,6 +16236,7 @@ CVE-2021-37713 (The npm package "tar" (aka node-tar)
before versions 4.4.18, 5.0
- node-tar <not-affected> (Only affects node-tar on Windows)
NOTE:
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18,
5.0.10, a ...)
+ {DSA-5008-1}
- node-tar 6.1.11+~cs11.3.10-1 (bug #993981)
[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE:
https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
@@ -16226,6 +16261,7 @@ CVE-2021-37703 (Discourse is an open-source platform
for community discussion. I
CVE-2021-37702 (Pimcore is an open source data & experience management
platform. P ...)
NOT-FOR-US: Pimcore
CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16,
5.0.8, an ...)
+ {DSA-5008-1}
- node-tar 6.1.7+~cs11.3.10-1
[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE:
https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
@@ -23925,18 +23961,18 @@ CVE-2021-34424
RESERVED
CVE-2021-34423
RESERVED
-CVE-2021-34422
- RESERVED
-CVE-2021-34421
- RESERVED
-CVE-2021-34420
- RESERVED
-CVE-2021-34419
- RESERVED
-CVE-2021-34418
- RESERVED
-CVE-2021-34417
- RESERVED
+CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a
path tr ...)
+ TODO: check
+CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the
Keybase Cl ...)
+ TODO: check
+CVE-2021-34420 (The Zoom Client for Meetings for Windows installer before
version 5.5. ...)
+ TODO: check
+CVE-2021-34419 (In the Zoom Client for Meetings for Ubuntu Linux before
version 5.1.0, ...)
+ TODO: check
+CVE-2021-34418 (The login routine of the web console in the Zoom On-Premise
Meeting Co ...)
+ TODO: check
+CVE-2021-34417 (The network proxy page on the web portal for the Zoom
On-Premise Meeti ...)
+ TODO: check
CVE-2021-34416 (The network address administrative settings web portal for the
Zoom on ...)
NOT-FOR-US: Zoom on-premise Meeting Connector
CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting
Connector C ...)
@@ -34401,8 +34437,8 @@ CVE-2021-30323
RESERVED
CVE-2021-30322
RESERVED
-CVE-2021-30321
- RESERVED
+CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check
during ...)
+ TODO: check
CVE-2021-30320
RESERVED
CVE-2021-30319
@@ -34475,8 +34511,7 @@ CVE-2021-30286
RESERVED
CVE-2021-30285
RESERVED
-CVE-2021-30284
- RESERVED
+CVE-2021-30284 (Possible information exposure and denial of service due to NAS
not dro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30283
RESERVED
@@ -34512,16 +34547,13 @@ CVE-2021-30268
RESERVED
CVE-2021-30267
RESERVED
-CVE-2021-30266
- RESERVED
-CVE-2021-30265
- RESERVED
+CVE-2021-30266 (Possible use after free due to improper memory validation when
initial ...)
+ TODO: check
+CVE-2021-30265 (Possible memory corruption due to improper validation of
memory addres ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30264
- RESERVED
+CVE-2021-30264 (Possible use after free due improper validation of reference
from call ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30263
- RESERVED
+CVE-2021-30263 (Possible race condition can occur due to lack of
synchronization mecha ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30262
RESERVED
@@ -34529,8 +34561,7 @@ CVE-2021-30261 (Possible integer and heap overflow due
to lack of input command
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur
due to im ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30259
- RESERVED
+CVE-2021-30259 (Possible out of bound access due to improper validation of
function ta ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30258 (Possible buffer overflow due to improper size calculation of
payload r ...)
NOT-FOR-US: Qualcomm components for Android
@@ -34538,11 +34569,9 @@ CVE-2021-30257 (Possible out of bound read or write in
VR service due to lack of
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30256 (Possible stack overflow due to improper validation of camera
name leng ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30255
- RESERVED
+CVE-2021-30255 (Possible buffer overflow due to improper input validation in
PDM DIAG ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30254
- RESERVED
+CVE-2021-30254 (Possible buffer overflow due to improper input validation in
factory c ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30253
RESERVED
@@ -63435,16 +63464,13 @@ CVE-2021-1984 (Possible buffer overflow due to
improper validation of index valu
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1983 (Possible buffer overflow due to improper handling of negative
data len ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1982
- RESERVED
+CVE-2021-1982 (Possible denial of service scenario due to improper input
validation o ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1981
- RESERVED
+CVE-2021-1981 (Possible buffer over read due to improper IE size check of
Bearer capa ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1980 (Possible buffer over read due to lack of length check while
parsing be ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1979
- RESERVED
+CVE-2021-1979 (Possible buffer overflow due to improper validation of FTM
command pay ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1978
RESERVED
@@ -63453,13 +63479,11 @@ CVE-2021-1977 (Possible buffer over read due to
improper validation of frame len
NOT-FOR-US: Snapdragon
CVE-2021-1976 (A use after free can occur due to improper validation of P2P
device ad ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1975
- RESERVED
+CVE-2021-1975 (Possible heap overflow due to improper length check of domain
while pa ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1974 (Possible buffer over read due to lack of alignment between map
or unma ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1973
- RESERVED
+CVE-2021-1973 (A FTM Diag command can allow an arbitrary write into modem OS
space in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1972 (Possible buffer overflow due to improper validation of device
types du ...)
NOT-FOR-US: Qualcomm components for Android
@@ -63557,15 +63581,13 @@ CVE-2021-1926
RESERVED
CVE-2021-1925 (Possible denial of service scenario due to improper handling of
group ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1924
- RESERVED
+CVE-2021-1924 (Information disclosure through timing and power side-channels
during m ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1923 (Incorrect pointer argument passed to trusted application TA
could resu ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1922
RESERVED
-CVE-2021-1921
- RESERVED
+CVE-2021-1921 (Possible memory corruption due to Improper handling of
hypervisor unma ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1920 (Integer underflow can occur due to improper handling of
incoming RTCP ...)
NOT-FOR-US: Qualcomm components for Android
@@ -63583,8 +63605,8 @@ CVE-2021-1914 (Loop with unreachable exit condition may
occur due to improper ha
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1913 (Possible integer overflow due to improper length check while
updating ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1912
- RESERVED
+CVE-2021-1912 (Possible integer overflow can occur due to improper length
check while ...)
+ TODO: check
CVE-2021-1911
RESERVED
CVE-2021-1910 (Double free in video due to lack of input buffer length check
in Snapd ...)
@@ -63601,8 +63623,7 @@ CVE-2021-1905 (Possible use after free due to improper
handling of memory mappin
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1904 (Child process can leak information from parent process due to
numeric ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1903
- RESERVED
+CVE-2021-1903 (Possible denial of service scenario can occur due to lack of
length ch ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1902
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d20ea520da7cc8804edc7101db101de718b500cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d20ea520da7cc8804edc7101db101de718b500cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
