Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30659fbe by security tracker role at 2021-12-09T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2021-44758
+ RESERVED
+CVE-2021-44757
+ RESERVED
+CVE-2021-44756
+ RESERVED
+CVE-2021-44755
+ RESERVED
+CVE-2021-44754
+ RESERVED
+CVE-2021-44753
+ RESERVED
+CVE-2021-44752
+ RESERVED
+CVE-2021-44751
+ RESERVED
+CVE-2021-44750
+ RESERVED
+CVE-2021-44749
+ RESERVED
+CVE-2021-44748
+ RESERVED
+CVE-2021-44747
+ RESERVED
+CVE-2021-44746
+ RESERVED
+CVE-2021-44745
+ RESERVED
+CVE-2021-44744
+ RESERVED
+CVE-2021-44743
+ RESERVED
+CVE-2021-44742
+ RESERVED
+CVE-2021-44741
+ RESERVED
+CVE-2021-44740
+ RESERVED
+CVE-2021-44739
+ RESERVED
+CVE-2021-44545
+ RESERVED
+CVE-2021-44457
+ RESERVED
+CVE-2021-44454
+ RESERVED
+CVE-2021-43351
+ RESERVED
+CVE-2021-4080
+ RESERVED
+CVE-2021-26946
+ RESERVED
+CVE-2021-26254
+ RESERVED
+CVE-2021-23188
+ RESERVED
+CVE-2021-23168
+ RESERVED
+CVE-2021-23152
+ RESERVED
+CVE-2021-23145
+ RESERVED
CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
- rainloop 1.14.0-1 (bug #962629)
NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
@@ -516,8 +578,8 @@ CVE-2021-44531
RESERVED
CVE-2021-44530
RESERVED
-CVE-2021-44529
- RESERVED
+CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud
Services Applia ...)
+ TODO: check
CVE-2021-44528
RESERVED
CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35
and ear ...)
@@ -534,8 +596,7 @@ CVE-2021-44522
RESERVED
CVE-2021-44477
RESERVED
-CVE-2021-4048 [Out-of-bounds read in *larrv]
- RESERVED
+CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV,
SLARRV, an ...)
- lapack <unfixed>
- openblas 0.3.18+ds-1
NOTE: https://github.com/Reference-LAPACK/lapack/pull/625
@@ -1996,8 +2057,8 @@ CVE-2021-43980
RESERVED
CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper
through 3.7.0 ...)
NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper
-CVE-2021-43978
- RESERVED
+CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator
database cre ...)
+ TODO: check
CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803
allows X ...)
NOT-FOR-US: SmarterTools
CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in
drivers/net/wi ...)
@@ -2559,12 +2620,12 @@ CVE-2021-43813
RESERVED
CVE-2021-43812
RESERVED
-CVE-2021-43811
- RESERVED
+CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for
Neural Ma ...)
+ TODO: check
CVE-2021-43810 (Admidio is a free open source user management system for
websites of o ...)
TODO: check
-CVE-2021-43809
- RESERVED
+CVE-2021-43809 (`Bundler` is a package for managing application dependencies
in Ruby. ...)
+ TODO: check
CVE-2021-43808 (Laravel is a web application framework. Laravel prior to
versions 8.75 ...)
TODO: check
CVE-2021-43807
@@ -4040,109 +4101,96 @@ CVE-2021-43548
RESERVED
CVE-2021-43547
RESERVED
-CVE-2021-43546
- RESERVED
+CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks
against u ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43546
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
-CVE-2021-43545
- RESERVED
+CVE-2021-43545 (Using the Location API in a loop could have caused severe
application ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43545
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43545
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43545
-CVE-2021-43544
- RESERVED
+CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have
searche ...)
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
-CVE-2021-43543
- RESERVED
+CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have
escaped the ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43543
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
-CVE-2021-43542
- RESERVED
+CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified
installed appl ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43542
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
-CVE-2021-43541
- RESERVED
+CVE-2021-43541 (When invoking protocol handlers for external protocols, a
supplied par ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541
-CVE-2021-43540
- RESERVED
+CVE-2021-43540 (WebExtensions with the correct permissions were able to create
and ins ...)
- firefox 95.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
-CVE-2021-43539
- RESERVED
+CVE-2021-43539 (Failure to correctly record the location of live pointers
across wasm ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43539
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
-CVE-2021-43538
- RESERVED
+CVE-2021-43538 (By misusing a race in our notification code, an attacker could
have fo ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43538
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
-CVE-2021-43537
- RESERVED
+CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit
integers all ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43537
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
-CVE-2021-43536
- RESERVED
+CVE-2021-43536 (Under certain circumstances, asynchronous functions could have
caused ...)
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43536
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
-CVE-2021-43535
- RESERVED
-CVE-2021-43534
- RESERVED
-CVE-2021-43533
- RESERVED
-CVE-2021-43532
- RESERVED
-CVE-2021-43531
- RESERVED
-CVE-2021-43530
- RESERVED
+CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session
object was r ...)
+ TODO: check
+CVE-2021-43534 (Mozilla developers and community members reported memory
safety bugs p ...)
+ TODO: check
+CVE-2021-43533 (When parsing internationalized domain names, high bits of the
characte ...)
+ TODO: check
+CVE-2021-43532 (The 'Copy Image Link' context menu action would copy the final
image U ...)
+ TODO: check
+CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web
Extension co ...)
+ TODO: check
+CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for
Android resul ...)
+ TODO: check
CVE-2021-43529
RESERVED
- thunderbird 1:91.3.0-1
NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
-CVE-2021-43528
- RESERVED
+CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition
area. T ...)
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
-CVE-2021-43527 [Heap overflow in NSS when verifying DSA/RSA-PSS DER-encoded
signatures]
- RESERVED
+CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or
3.68.1 ESR a ...)
{DSA-5016-1 DLA-2836-1}
- nss 2:3.73-1
NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4
@@ -4472,8 +4520,8 @@ CVE-2021-43400 (An issue was discovered in
gatt-database.c in BlueZ 5.61. A use-
[stretch] - bluez <ignored> (invasive patch, requires post-stretch
revamps)
NOTE: Introduced by:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f
(5.40)
NOTE: Fixed by:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8
(5.62)
-CVE-2021-43399
- RESERVED
+CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the
yubihsm-s ...)
+ TODO: check
CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing
leakage in ...)
- libcrypto++ <unfixed> (bug #1000227)
[bullseye] - libcrypto++ <no-dsa> (Minor issue)
@@ -12357,8 +12405,8 @@ CVE-2021-41027 (A stack-based buffer overflow in
Fortinet FortiWeb version 6.4.1
NOT-FOR-US: FortiGuard
CVE-2021-41026
RESERVED
-CVE-2021-41025
- RESERVED
+CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of
confd in F ...)
+ TODO: check
CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS
versions 7 ...)
NOT-FOR-US: FortiGuard
CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM
Windows Age ...)
@@ -12373,8 +12421,8 @@ CVE-2021-41019 (An improper validation of certificate
with host mismatch [CWE-29
NOT-FOR-US: Fortiguard
CVE-2021-41018
RESERVED
-CVE-2021-41017
- RESERVED
+CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some
web API co ...)
+ TODO: check
CVE-2021-41016
RESERVED
CVE-2021-41015 (A improper neutralization of input during web page generation
('cross- ...)
@@ -18386,64 +18434,56 @@ CVE-2021-38513 (Certain NETGEAR devices are affected
by authentication bypass. T
NOT-FOR-US: Netgear
CVE-2021-38512 (An issue was discovered in the actix-http crate before
3.0.0-beta.9 fo ...)
NOT-FOR-US: Rust crate actix-http
-CVE-2021-38510
- RESERVED
+CVE-2021-38510 (The executable file warning was not presented when downloading
.inetlo ...)
- firefox <not-affected> (Only affects Mac OSX)
- firefox-esr <not-affected> (Only affects Mac OSX)
- thunderbird <not-affected> (Only affects Mac OSX)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38510
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
-CVE-2021-38509
- RESERVED
+CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a
Javascript ...)
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38509
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
-CVE-2021-38508
- RESERVED
+CVE-2021-38508 (By displaying a form validity message in the correct location
at the s ...)
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38508
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
-CVE-2021-38507
- RESERVED
+CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164)
allows a conn ...)
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38507
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
-CVE-2021-38506
- RESERVED
+CVE-2021-38506 (Through a series of navigations, Firefox could have entered
fullscreen ...)
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38506
-CVE-2021-38505
- RESERVED
+CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as
Cloud Clipbo ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
-CVE-2021-38504
- RESERVED
+CVE-2021-38504 (When interacting with an HTML input element's file picker
dialog with ...)
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
-CVE-2021-38503
- RESERVED
+CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT
stylesheet ...)
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -19955,8 +19995,8 @@ CVE-2021-37943
RESERVED
CVE-2021-37942
RESERVED
-CVE-2021-37941
- RESERVED
+CVE-2021-37941 (A local privilege escalation issue was found with the APM Java
agent, ...)
+ TODO: check
CVE-2021-37940 (An information disclosure via GET request server-side request
forgery ...)
TODO: check
CVE-2021-37939 (It was discovered that Kibana’s JIRA connector & IBM
Resilie ...)
@@ -22864,12 +22904,12 @@ CVE-2021-36722
RESERVED
CVE-2021-36721
RESERVED
-CVE-2021-36720
- RESERVED
-CVE-2021-36719
- RESERVED
-CVE-2021-36718
- RESERVED
+CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to
:/blocking.php?u ...)
+ TODO: check
+CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a
user to th ...)
+ TODO: check
+CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in
to the s ...)
+ TODO: check
CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal
vulnerabi ...)
NOT-FOR-US: Synerion TimeNet
CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found
in the S ...)
@@ -23997,8 +24037,8 @@ CVE-2021-36197
RESERVED
CVE-2021-36196
RESERVED
-CVE-2021-36195
- RESERVED
+CVE-2021-36195 (Multiple command injection vulnerabilities in the command line
interpr ...)
+ TODO: check
CVE-2021-36194
RESERVED
CVE-2021-36193
@@ -24041,8 +24081,8 @@ CVE-2021-36175 (An improper neutralization of input
vulnerability [CWE-79] in Fo
NOT-FOR-US: Fortiguard
CVE-2021-36174 (A memory allocation with excessive size value vulnerability in
the lic ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36173
- RESERVED
+CVE-2021-36173 (A heap-based buffer overflow in the firmware signature
verification fu ...)
+ TODO: check
CVE-2021-36172 (An improper restriction of XML external entity reference
vulnerability ...)
NOT-FOR-US: Fortiguard
CVE-2021-36171
@@ -54698,14 +54738,14 @@ CVE-2021-23864
RESERVED
CVE-2021-23863
RESERVED
-CVE-2021-23862
- RESERVED
-CVE-2021-23861
- RESERVED
-CVE-2021-23860
- RESERVED
-CVE-2021-23859
- RESERVED
+CVE-2021-23862 (A crafted configuration packet sent by an authenticated
administrative ...)
+ TODO: check
+CVE-2021-23861 (By executing a special command, an user with administrative
rights can ...)
+ TODO: check
+CVE-2021-23860 (An error in a page handler of the VRM may lead to a reflected
cross si ...)
+ TODO: check
+CVE-2021-23859 (An unauthenticated attacker is able to send a special HTTP
request, th ...)
+ TODO: check
CVE-2021-23858 (Information disclosure: The main configuration, including
users and th ...)
NOT-FOR-US: Bosch
CVE-2021-23857 (Login with hash: The login routine allows the client to log in
to the ...)
@@ -59041,8 +59081,8 @@ CVE-2021-21959
RESERVED
CVE-2021-21958
RESERVED
-CVE-2021-21957
- RESERVED
+CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote
Server funct ...)
+ TODO: check
CVE-2021-21956
RESERVED
CVE-2021-21955
@@ -59053,10 +59093,10 @@ CVE-2021-21953
RESERVED
CVE-2021-21952
RESERVED
-CVE-2021-21951
- RESERVED
-CVE-2021-21950
- RESERVED
+CVE-2021-21951 (An out-of-bounds write vulnerability exists in the
CMD_DEVICE_GET_SERV ...)
+ TODO: check
+CVE-2021-21950 (An out-of-bounds write vulnerability exists in the
CMD_DEVICE_GET_SERV ...)
+ TODO: check
CVE-2021-21949
RESERVED
CVE-2021-21948
@@ -77616,8 +77656,8 @@ CVE-2020-27418
RESERVED
CVE-2020-27417
RESERVED
-CVE-2020-27416
- RESERVED
+CVE-2020-27416 (Mahavitaran android application 7.50 and prior are affected by
account ...)
+ TODO: check
CVE-2020-27415
RESERVED
CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit
sensitive info ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30659fbe7847e5cd5185dae0afd81e7dfc59cafd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30659fbe7847e5cd5185dae0afd81e7dfc59cafd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
