Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
45bad22c by security tracker role at 2022-01-04T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,195 @@
+CVE-2022-22567
+ RESERVED
+CVE-2022-22566
+ RESERVED
+CVE-2022-22565
+ RESERVED
+CVE-2022-22564
+ RESERVED
+CVE-2022-22563
+ RESERVED
+CVE-2022-22562
+ RESERVED
+CVE-2022-22561
+ RESERVED
+CVE-2022-22560
+ RESERVED
+CVE-2022-22559
+ RESERVED
+CVE-2022-22558
+ RESERVED
+CVE-2022-22557
+ RESERVED
+CVE-2022-22556
+ RESERVED
+CVE-2022-22555
+ RESERVED
+CVE-2022-22554
+ RESERVED
+CVE-2022-22553
+ RESERVED
+CVE-2022-22552
+ RESERVED
+CVE-2022-22551
+ RESERVED
+CVE-2022-22550
+ RESERVED
+CVE-2022-22549
+ RESERVED
+CVE-2022-22548
+ RESERVED
+CVE-2022-22547
+ RESERVED
+CVE-2022-22546
+ RESERVED
+CVE-2022-22545
+ RESERVED
+CVE-2022-22544
+ RESERVED
+CVE-2022-22543
+ RESERVED
+CVE-2022-22542
+ RESERVED
+CVE-2022-22541
+ RESERVED
+CVE-2022-22540
+ RESERVED
+CVE-2022-22539
+ RESERVED
+CVE-2022-22538
+ RESERVED
+CVE-2022-22537
+ RESERVED
+CVE-2022-22536
+ RESERVED
+CVE-2022-22535
+ RESERVED
+CVE-2022-22534
+ RESERVED
+CVE-2022-22533
+ RESERVED
+CVE-2022-22532
+ RESERVED
+CVE-2022-22531
+ RESERVED
+CVE-2022-22530
+ RESERVED
+CVE-2022-22529
+ RESERVED
+CVE-2022-22528
+ RESERVED
+CVE-2022-22527
+ RESERVED
+CVE-2022-0120
+ RESERVED
+CVE-2022-0119
+ RESERVED
+CVE-2022-0118
+ RESERVED
+CVE-2022-0117
+ RESERVED
+CVE-2022-0116
+ RESERVED
+CVE-2022-0115
+ RESERVED
+CVE-2022-0114
+ RESERVED
+CVE-2022-0113
+ RESERVED
+CVE-2022-0112
+ RESERVED
+CVE-2022-0111
+ RESERVED
+CVE-2022-0110
+ RESERVED
+CVE-2022-0109
+ RESERVED
+CVE-2022-0108
+ RESERVED
+CVE-2022-0107
+ RESERVED
+CVE-2022-0106
+ RESERVED
+CVE-2022-0105
+ RESERVED
+CVE-2022-0104
+ RESERVED
+CVE-2022-0103
+ RESERVED
+CVE-2022-0102
+ RESERVED
+CVE-2022-0101
+ RESERVED
+CVE-2022-0100
+ RESERVED
+CVE-2022-0099
+ RESERVED
+CVE-2022-0098
+ RESERVED
+CVE-2022-0097
+ RESERVED
+CVE-2022-0096
+ RESERVED
+CVE-2022-0095
+ RESERVED
+CVE-2022-0094
+ RESERVED
+CVE-2022-0093
+ RESERVED
+CVE-2022-0092
+ RESERVED
+CVE-2022-0091
+ RESERVED
+CVE-2022-0090
+ RESERVED
+CVE-2022-0089
+ RESERVED
+CVE-2022-0088
+ RESERVED
+CVE-2021-46140
+ RESERVED
+CVE-2021-46139
+ RESERVED
+CVE-2021-46138
+ RESERVED
+CVE-2021-46137
+ RESERVED
+CVE-2021-46136
+ RESERVED
+CVE-2021-46135
+ RESERVED
+CVE-2021-46134
+ RESERVED
+CVE-2021-46133
+ RESERVED
+CVE-2021-46132
+ RESERVED
+CVE-2021-46131
+ RESERVED
+CVE-2021-45722
+ RESERVED
+CVE-2021-45110
+ RESERVED
+CVE-2021-45073
+ RESERVED
+CVE-2021-44778
+ RESERVED
+CVE-2021-44468
+ RESERVED
+CVE-2021-44456
+ RESERVED
+CVE-2021-44452
+ RESERVED
+CVE-2021-43352
+ RESERVED
+CVE-2021-4199
+ RESERVED
+CVE-2021-4198
+ RESERVED
+CVE-2021-31564
+ RESERVED
+CVE-2021-23229
+ RESERVED
CVE-2022-22526
RESERVED
CVE-2022-22525
@@ -468,8 +660,8 @@ CVE-2022-22295
RESERVED
CVE-2022-22294
RESERVED
-CVE-2022-0086
- RESERVED
+CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ TODO: check
CVE-2022-0085
RESERVED
CVE-2022-0084
@@ -791,12 +983,12 @@ CVE-2021-45982
RESERVED
CVE-2021-45981
RESERVED
-CVE-2021-45980
- RESERVED
-CVE-2021-45979
- RESERVED
-CVE-2021-45978
- RESERVED
+CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
+ TODO: check
+CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
+ TODO: check
+CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
+ TODO: check
CVE-2021-45977
RESERVED
CVE-2021-45976
@@ -1252,10 +1444,10 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer
Dereference ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
NOTE: Fixed by:
https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
-CVE-2021-45913
- RESERVED
-CVE-2021-45912
- RESERVED
+CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe)
before 8.2. ...)
+ TODO: check
+CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time
Agent (cu ...)
+ TODO: check
CVE-2021-44775
RESERVED
CVE-2021-44465
@@ -2963,8 +3155,8 @@ CVE-2021-45391
RESERVED
CVE-2021-45390
RESERVED
-CVE-2021-45389
- RESERVED
+CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center
Build 68 ...)
+ TODO: check
CVE-2021-45388
RESERVED
CVE-2021-45387
@@ -3813,7 +4005,7 @@ CVE-2021-4127
RESERVED
CVE-2021-4126
RESERVED
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.4.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
CVE-2021-26264
@@ -4982,6 +5174,7 @@ CVE-2021-44792
CVE-2021-44791
RESERVED
CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow
in the mo ...)
+ {DSA-5035-1}
- apache2 2.4.52-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
NOTE: Fixed by: https://svn.apache.org/r1896039
@@ -5717,7 +5910,7 @@ CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site
Request Forgery (CSRF)
CVE-2021-44539
RESERVED
CVE-2021-44538 (The olm_session_describe function in Matrix libolm before
3.2.7 is vul ...)
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- element-web <itp> (bug #866502)
- olm 3.2.8~dfsg-1 (bug #1001664)
[buster] - olm <not-affected> (Vulnerable code introduced later)
@@ -6614,6 +6807,7 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus
policy does not sufficien
NOTE: https://github.com/acassen/keepalived/pull/2063
NOTE:
https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy
(ProxyReques ...)
+ {DSA-5035-1}
- apache2 2.4.52-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224
NOTE: Fixed by: https://svn.apache.org/r1895955
@@ -6764,8 +6958,8 @@ CVE-2021-44170
RESERVED
CVE-2021-44169
RESERVED
-CVE-2021-44168
- RESERVED
+CVE-2021-44168 (A download of code without integrity check vulnerability in
the "execu ...)
+ TODO: check
CVE-2021-44167
RESERVED
CVE-2021-44166
@@ -8930,8 +9124,8 @@ CVE-2021-43713
RESERVED
CVE-2021-43712
RESERVED
-CVE-2021-43711
- RESERVED
+CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200
V4.0.3c.7646_B2020 ...)
+ TODO: check
CVE-2021-43710
RESERVED
CVE-2021-43709
@@ -9365,7 +9559,7 @@ CVE-2021-43548 (Patient Information Center iX (PIC iX)
Versions C.02 and C.03 re
CVE-2021-43547
RESERVED
CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks
against u ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9373,7 +9567,7 @@ CVE-2021-43546 (It was possible to recreate previous
cursor spoofing attacks aga
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
CVE-2021-43545 (Using the Location API in a loop could have caused severe
application ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9384,7 +9578,7 @@ CVE-2021-43544 (When receiving a URL through a SEND
intent, Firefox would have s
- firefox <not-affected> (Only affects Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have
escaped the ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9392,7 +9586,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox
directive could have escap
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified
installed appl ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9400,7 +9594,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could
have identified installe
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
CVE-2021-43541 (When invoking protocol handlers for external protocols, a
supplied par ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9411,7 +9605,7 @@ CVE-2021-43540 (WebExtensions with the correct
permissions were able to create a
- firefox 95.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
CVE-2021-43539 (Failure to correctly record the location of live pointers
across wasm ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9419,7 +9613,7 @@ CVE-2021-43539 (Failure to correctly record the location
of live pointers across
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
CVE-2021-43538 (By misusing a race in our notification code, an attacker could
have fo ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9427,7 +9621,7 @@ CVE-2021-43538 (By misusing a race in our notification
code, an attacker could h
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit
integers all ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9435,7 +9629,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes
from 64bit to 32bit intege
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
CVE-2021-43536 (Under certain circumstances, asynchronous functions could have
caused ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9443,7 +9637,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous
functions could have c
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session
object was r ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 93.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -9451,7 +9645,7 @@ CVE-2021-43535 (A use-after-free could have occured when
an HTTP2 session object
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
CVE-2021-43534 (Mozilla developers and community members reported memory
safety bugs p ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -9472,12 +9666,12 @@ CVE-2021-43530 (A Universal XSS vulnerability was
present in Firefox for Android
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
CVE-2021-43529
RESERVED
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.3.0-1
NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition
area. T ...)
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.4.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or
3.68.1 ESR a ...)
@@ -9915,7 +10109,7 @@ CVE-2021-43359 (Sunnet eHRD has broken access control
vulnerability, which allow
NOT-FOR-US: Sunnet eHRD
CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in
URLs, w ...)
NOT-FOR-US: Sunnet eHRD
-CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
+CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
- vim 2:8.2.3995-1
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
@@ -14559,30 +14753,30 @@ CVE-2022-20025
RESERVED
CVE-2022-20024
RESERVED
-CVE-2022-20023
- RESERVED
-CVE-2022-20022
- RESERVED
-CVE-2022-20021
- RESERVED
-CVE-2022-20020
- RESERVED
-CVE-2022-20019
- RESERVED
-CVE-2022-20018
- RESERVED
+CVE-2022-20023 (In Bluetooth, there is a possible application crash due to
bluetooth f ...)
+ TODO: check
+CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to
bluetooth ...)
+ TODO: check
+CVE-2022-20021 (In Bluetooth, there is a possible application crash due to
bluetooth d ...)
+ TODO: check
+CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure
due to a m ...)
+ TODO: check
+CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure
due to ...)
+ TODO: check
+CVE-2022-20018 (In seninf driver, there is a possible information disclosure
due to un ...)
+ TODO: check
CVE-2022-20017
RESERVED
-CVE-2022-20016
- RESERVED
-CVE-2022-20015
- RESERVED
-CVE-2022-20014
- RESERVED
-CVE-2022-20013
- RESERVED
-CVE-2022-20012
- RESERVED
+CVE-2022-20016 (In vow driver, there is a possible memory corruption due to
improper l ...)
+ TODO: check
+CVE-2022-20015 (In kd_camera_hw driver, there is a possible information
disclosure due ...)
+ TODO: check
+CVE-2022-20014 (In vow driver, there is a possible memory corruption due to
improper i ...)
+ TODO: check
+CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a
race con ...)
+ TODO: check
+CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an
integer ...)
+ TODO: check
CVE-2021-42328
RESERVED
CVE-2021-42327 (dp_link_settings_write in
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
@@ -15767,8 +15961,8 @@ CVE-2021-3846 (firefly-iii is vulnerable to
Unrestricted Upload of File with Dan
NOT-FOR-US: firefly-iii
CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and
Worry-Free Bu ...)
NOT-FOR-US: Trend Micro
-CVE-2021-3845
- RESERVED
+CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or
Path ...)
+ TODO: check
CVE-2021-41832 (It is possible for an attacker to manipulate documents to
appear to be ...)
NOT-FOR-US: Apache OpenOffice
CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of
signed d ...)
@@ -15779,8 +15973,8 @@ CVE-2021-3844
RESERVED
CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM
in some ...)
NOT-FOR-US: Lenovo
-CVE-2021-3842
- RESERVED
+CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity
...)
+ TODO: check
CVE-2021-3841
RESERVED
CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies
on the ...)
@@ -15904,8 +16098,8 @@ CVE-2021-41791 (An issue was discovered in Hyland
org.alfresco:share through 7.0
NOT-FOR-US: Hyland org.alfresco:share and Hyland
org.alfresco:community-share
CVE-2021-41790 (An issue was discovered in Hyland
org.alfresco:alfresco-content-servic ...)
NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
-CVE-2021-41789
- RESERVED
+CVE-2021-41789 (In wifi driver, there is a possible system crash due to a
missing vali ...)
+ TODO: check
CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through
2021-12-13 and ...)
NOT-FOR-US: Netgear
CVE-2021-3840 (A dependency confusion vulnerability was reported in the
Antilles open ...)
@@ -17215,8 +17409,8 @@ CVE-2021-41238 (Hangfire is an open source system to
perform background job proc
NOT-FOR-US: Hangfire
CVE-2021-41237
RESERVED
-CVE-2021-41236
- RESERVED
+CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In
affected versio ...)
+ TODO: check
CVE-2021-41235
RESERVED
CVE-2021-41234
@@ -17454,8 +17648,8 @@ CVE-2021-41143
RESERVED
CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end
traceab ...)
NOT-FOR-US: Tuleap
-CVE-2021-41141
- RESERVED
+CVE-2021-41141 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform
that allows ...)
NOT-FOR-US: Discourse plugin
CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
@@ -18924,8 +19118,7 @@ CVE-2021-40527 (Exposure of senstive information to an
unauthorised actor in the
NOT-FOR-US: "com.onepeloton.erlich" mobile application
CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton
TTR01 up ...)
NOT-FOR-US: Peleton
-CVE-2021-40525
- RESERVED
+CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the
file stora ...)
NOT-FOR-US: Apache James
CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: showdoc
@@ -19873,8 +20066,8 @@ CVE-2021-40150
RESERVED
CVE-2021-40149
RESERVED
-CVE-2021-40148
- RESERVED
+CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due
to a miss ...)
+ TODO: check
CVE-2021-3743
RESERVED
{DSA-4978-1 DLA-2785-1}
@@ -20005,11 +20198,9 @@ CVE-2021-40113 (Multiple vulnerabilities in the
web-based management interface o
NOT-FOR-US: Cisco
CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface
of the ...)
NOT-FOR-US: Cisco
-CVE-2021-40111
- RESERVED
+CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing
stack, we ...)
NOT-FOR-US: Apache James
-CVE-2021-40110
- RESERVED
+CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an
IMAP user ...)
NOT-FOR-US: Apache James
CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5.
Users can a ...)
NOT-FOR-US: Concrete CMS
@@ -22401,8 +22592,8 @@ CVE-2021-39144 (XStream is a simple library to
serialize objects to XML and back
- libxstream-java 1.4.18-1 (bug #998054)
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
NOTE: https://x-stream.github.io/CVE-2021-39144.html
-CVE-2021-39143
- RESERVED
+CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery
platform. ...)
+ TODO: check
CVE-2021-39142
RESERVED
CVE-2021-39141 (XStream is a simple library to serialize objects to XML and
back again ...)
@@ -23724,8 +23915,7 @@ CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices
through 2021-08-09 allow remo
NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices
CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in
certain spec ...)
NOT-FOR-US: TP-Link
-CVE-2021-38542
- RESERVED
+CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a
buffering attac ...)
NOT-FOR-US: Apache James
CVE-2021-38541
RESERVED
@@ -23805,7 +23995,7 @@ CVE-2021-38510 (The executable file warning was not
presented when downloading .
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a
Javascript ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23813,7 +24003,7 @@ CVE-2021-38509 (Due to an unusual sequence of
attacker-controlled events, a Java
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
CVE-2021-38508 (By displaying a form validity message in the correct location
at the s ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23821,7 +24011,7 @@ CVE-2021-38508 (By displaying a form validity message
in the correct location at
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164)
allows a conn ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23829,7 +24019,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of
HTTP2 (RFC 8164) allows
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
CVE-2021-38506 (Through a series of navigations, Firefox could have entered
fullscreen ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23844,7 +24034,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in
Windows 10 known as Cloud
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
CVE-2021-38504 (When interacting with an HTML input element's file picker
dialog with ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23852,7 +24042,7 @@ CVE-2021-38504 (When interacting with an HTML input
element's file picker dialog
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT
stylesheet ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23860,7 +24050,7 @@ CVE-2021-38503 (The iframe sandbox rules were not
correctly applied to XSLT styl
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503
CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS
security for ...)
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
[experimental] - thunderbird 1:91.2.0-1
- thunderbird 1:91.2.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
@@ -23872,7 +24062,7 @@ CVE-2021-38501 (Mozilla developers reported memory
safety bugs present in Firefo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
CVE-2021-38500 (Mozilla developers reported memory safety bugs present in
Firefox 92 a ...)
- {DSA-5034-1 DSA-4981-1 DLA-2782-1}
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
[experimental] - thunderbird 1:91.2.0-1
@@ -23900,7 +24090,7 @@ CVE-2021-38497 (Through use of reportValidity() and
window.open(), a plain-text
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
CVE-2021-38496 (During operations on MessageTasks, a task may have been
removed while ...)
- {DSA-5034-1 DSA-4981-1 DLA-2782-1}
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
[experimental] - thunderbird 1:91.2.0-1
@@ -31203,7 +31393,7 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5
could allow an authentic
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza
Streaming E ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...)
+CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...)
NOT-FOR-US: Thruk
CVE-2021-35489 (Thruk 2.40-2 allows
/thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...)
NOT-FOR-US: Thruk
@@ -32776,8 +32966,7 @@ CVE-2021-34798 (Malformed requests may cause the server
to dereference a NULL po
NOTE:
https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e
(candidate-2.4.49-rc1)
CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly,
allowin ...)
NOT-FOR-US: Secure 8 (Evalos)
-CVE-2021-34797
- RESERVED
+CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable
to a log ...)
NOT-FOR-US: Apache Geode
CVE-2021-34796
RESERVED
@@ -40188,8 +40377,8 @@ CVE-2021-31835 (Cross-Site Scripting vulnerability in
McAfee ePolicy Orchestrato
NOT-FOR-US: McAfee
CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy
Orchestrat ...)
NOT-FOR-US: McAfee
-CVE-2021-31833
- RESERVED
+CVE-2021-31833 (Potential product security bypass vulnerability in McAfee
Application ...)
+ TODO: check
CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator
extension fo ...)
NOT-FOR-US: McAfee
CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee
Database S ...)
@@ -59655,8 +59844,8 @@ CVE-2021-24044
RESERVED
CVE-2021-24043
RESERVED
-CVE-2021-24042
- RESERVED
+CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23,
WhatsApp ...)
+ TODO: check
CVE-2021-24041 (A missing bounds check in image blurring code prior to
WhatsApp for An ...)
TODO: check
CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker
with the ...)
@@ -119437,7 +119626,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using
Apache Shiro with Spring d
NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an
encoding issue
NOTE: which can (security wise) be exploited, resulting in a 1.5.3
release. This
NOTE: CVE is closely related to CVE-2020-1957.
-CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side
request fo ...)
+CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to
server-sid ...)
- xmlgraphics-commons 2.4-2 (bug #984949)
[bullseye] - xmlgraphics-commons 2.4-2~deb11u1
[buster] - xmlgraphics-commons 2.3-1+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45bad22cecf3d41950b78712b657612be43a1904
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45bad22cecf3d41950b78712b657612be43a1904
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
