Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c197af92 by security tracker role at 2021-12-31T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,29 @@
-CVE-2021-45732
+CVE-2022-22292
RESERVED
-CVE-2021-45077
+CVE-2022-22291
RESERVED
-CVE-2021-44466
+CVE-2022-22290
RESERVED
+CVE-2022-22289
+ RESERVED
+CVE-2022-22288
+ RESERVED
+CVE-2022-22287
+ RESERVED
+CVE-2022-22286
+ RESERVED
+CVE-2022-22285
+ RESERVED
+CVE-2022-22284
+ RESERVED
+CVE-2022-22283
+ RESERVED
+CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a
hardcoded cre ...)
+ TODO: check
+CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive
information ...)
+ TODO: check
+CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege
escalation flaw d ...)
+ TODO: check
CVE-2021-4194
RESERVED
CVE-2021-4193
@@ -12,8 +32,8 @@ CVE-2021-4192
RESERVED
CVE-2021-4191
RESERVED
-CVE-2021-23147
- RESERVED
+CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have
sufficient pro ...)
+ TODO: check
CVE-2022-22282
RESERVED
CVE-2022-22281
@@ -56,8 +76,8 @@ CVE-2022-22263
RESERVED
CVE-2021-45919
RESERVED
-CVE-2021-4190
- RESERVED
+CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows
denial of ...)
+ TODO: check
CVE-2021-4189
RESERVED
CVE-2022-22262
@@ -282,18 +302,18 @@ CVE-2021-45886
RESERVED
CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS)
4.2.2 th ...)
NOT-FOR-US: Stormshield Network Security (SNS)
-CVE-2021-4186
- RESERVED
-CVE-2021-4185
- RESERVED
-CVE-2021-4184
- RESERVED
-CVE-2021-4183
- RESERVED
-CVE-2021-4182
- RESERVED
-CVE-2021-4181
- RESERVED
+CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10
allows den ...)
+ TODO: check
+CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and
3.4.0 to 3 ...)
+ TODO: check
+CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark
3.6.0 and 3 ...)
+ TODO: check
+CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows
denial of se ...)
+ TODO: check
+CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to
3.4.10 ...)
+ TODO: check
+CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and
3.4.0 to 3. ...)
+ TODO: check
CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when
CNAME-based a ...)
- brave-browser <itp> (bug #864795)
CVE-2021-45883
@@ -60548,7 +60568,8 @@ CVE-2021-3097
RESERVED
CVE-2021-3096
RESERVED
-CVE-2021-3095 (A remote attacker with write access to PI Vision could inject
code int ...)
+CVE-2021-3095
+ REJECTED
NOT-FOR-US: OSIsoft
CVE-2021-3094
RESERVED
@@ -60558,7 +60579,8 @@ CVE-2021-3092
RESERVED
CVE-2021-3091
RESERVED
-CVE-2021-3090 (PI Vision could disclose information to a user with
insufficient privi ...)
+CVE-2021-3090
+ REJECTED
NOT-FOR-US: OSIsoft
CVE-2021-3089
RESERVED
@@ -69682,60 +69704,60 @@ CVE-2021-20176 (A divide-by-zero flaw was found in
ImageMagick 6.9.11-57 and 7.0
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f
-CVE-2021-20175
- RESERVED
-CVE-2021-20174
- RESERVED
-CVE-2021-20173
- RESERVED
-CVE-2021-20172
- RESERVED
-CVE-2021-20171
- RESERVED
-CVE-2021-20170
- RESERVED
-CVE-2021-20169
- RESERVED
-CVE-2021-20168
- RESERVED
-CVE-2021-20167
- RESERVED
-CVE-2021-20166
- RESERVED
-CVE-2021-20165
- RESERVED
-CVE-2021-20164
- RESERVED
-CVE-2021-20163
- RESERVED
-CVE-2021-20162
- RESERVED
-CVE-2021-20161
- RESERVED
-CVE-2021-20160
- RESERVED
-CVE-2021-20159
- RESERVED
-CVE-2021-20158
- RESERVED
-CVE-2021-20157
- RESERVED
-CVE-2021-20156
- RESERVED
-CVE-2021-20155
- RESERVED
-CVE-2021-20154
- RESERVED
-CVE-2021-20153
- RESERVED
-CVE-2021-20152
- RESERVED
-CVE-2021-20151
- RESERVED
-CVE-2021-20150
- RESERVED
-CVE-2021-20149
- RESERVED
+CVE-2021-20175 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize
secure comm ...)
+ TODO: check
+CVE-2021-20174 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize
secure comm ...)
+ TODO: check
+CVE-2021-20173 (Netgear Nighthawk R6700 version 1.0.4.120 contains a command
injection ...)
+ TODO: check
+CVE-2021-20172 (All known versions of the Netgear Genie Installer for macOS
contain a ...)
+ TODO: check
+CVE-2021-20171 (Netgear RAX43 version 1.0.3.96 stores sensitive information in
plainte ...)
+ TODO: check
+CVE-2021-20170 (Netgear RAX43 version 1.0.3.96 makes use of hardcoded
credentials. It ...)
+ TODO: check
+CVE-2021-20169 (Netgear RAX43 version 1.0.3.96 does not utilize secure
communications ...)
+ TODO: check
+CVE-2021-20168 (Netgear RAX43 version 1.0.3.96 does not have sufficient
protections to ...)
+ TODO: check
+CVE-2021-20167 (Netgear RAX43 version 1.0.3.96 contains a command injection
vulnerabil ...)
+ TODO: check
+CVE-2021-20166 (Netgear RAX43 version 1.0.3.96 contains a buffer overrun
vulnerability ...)
+ TODO: check
+CVE-2021-20165 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly
implement ...)
+ TODO: check
+CVE-2021-20164 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly
discloses creden ...)
+ TODO: check
+CVE-2021-20163 (Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information
via the f ...)
+ TODO: check
+CVE-2021-20162 (Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials
in plain ...)
+ TODO: check
+CVE-2021-20161 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have
sufficient pr ...)
+ TODO: check
+CVE-2021-20160 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command
injectio ...)
+ TODO: check
+CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to
command in ...)
+ TODO: check
+CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an
authentication ...)
+ TODO: check
+CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force
the dev ...)
+ TODO: check
+CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an
improper access ...)
+ TODO: check
+CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of
hardcoded cred ...)
+ TODO: check
+CVE-2021-20154 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an
security flaw i ...)
+ TODO: check
+CVE-2021-20153 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink
vulnerab ...)
+ TODO: check
+CVE-2021-20152 (Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper
authentication ...)
+ TODO: check
+CVE-2021-20151 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in
the sess ...)
+ TODO: check
+CVE-2021-20150 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly
discloses inform ...)
+ TODO: check
+CVE-2021-20149 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have
sufficient ac ...)
+ TODO: check
CVE-2021-20148
RESERVED
CVE-2021-20147
@@ -69764,12 +69786,12 @@ CVE-2021-20136 (ManageEngine Log360 Builds < 5235
are affected by an improper
NOT-FOR-US: ManageEngine
CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a
local privi ...)
NOT-FOR-US: Nessus
-CVE-2021-20134
- RESERVED
-CVE-2021-20133
- RESERVED
-CVE-2021-20132
- RESERVED
+CVE-2021-20134 (Quagga Services on D-Link DIR-2640 less than or equal to
version 1.11B ...)
+ TODO: check
+CVE-2021-20133 (Quagga Services on D-Link DIR-2640 less than or equal to
version 1.11B ...)
+ TODO: check
+CVE-2021-20132 (Quagga Services on D-Link DIR-2640 less than or equal to
version 1.11B ...)
+ TODO: check
CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a
post-authentication ...)
NOT-FOR-US: ManageEngine ADManager Plus
CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a
post-authentication ...)
@@ -190340,7 +190362,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka
svgpp) 1.2.3. After calling
- svgpp 1.2.3+dfsg1-5 (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as
used in SV ...)
- {DLA-1656-1}
+ {DLA-2872-1 DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
- svgpp <unfixed> (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
@@ -196958,7 +196980,7 @@ CVE-2018-20656
CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size
check when ...)
NOT-FOR-US: WhatsApp
CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP
Basic Au ...)
- {DLA-1636-1}
+ {DLA-2873-1 DLA-1636-1}
- aria2 1.34.0-4 (low; bug #918058)
NOTE: https://github.com/aria2/aria2/issues/1329
NOTE: Masking of all authorization and cookie header fields (but not
userinfo in URL):
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c197af922a22e26d9213b68d72857c00e5055808
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c197af922a22e26d9213b68d72857c00e5055808
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
