Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
faa959ba by security tracker role at 2022-01-15T08:10:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2022-23301
+ RESERVED
+CVE-2022-23300
+ RESERVED
+CVE-2022-23299
+ RESERVED
+CVE-2022-23298
+ RESERVED
+CVE-2022-23297
+ RESERVED
+CVE-2022-23296
+ RESERVED
+CVE-2022-23295
+ RESERVED
+CVE-2022-23294
+ RESERVED
+CVE-2022-23293
+ RESERVED
+CVE-2022-23292
+ RESERVED
+CVE-2022-23291
+ RESERVED
+CVE-2022-23290
+ RESERVED
+CVE-2022-23289
+ RESERVED
+CVE-2022-23288
+ RESERVED
+CVE-2022-23287
+ RESERVED
+CVE-2022-23286
+ RESERVED
+CVE-2022-23285
+ RESERVED
+CVE-2022-23284
+ RESERVED
+CVE-2022-23283
+ RESERVED
+CVE-2022-23282
+ RESERVED
+CVE-2022-23281
+ RESERVED
+CVE-2022-23280
+ RESERVED
+CVE-2022-23279
+ RESERVED
+CVE-2022-23278
+ RESERVED
+CVE-2022-23277
+ RESERVED
+CVE-2022-23276
+ RESERVED
+CVE-2022-23275
+ RESERVED
+CVE-2022-23274
+ RESERVED
+CVE-2022-23273
+ RESERVED
+CVE-2022-23272
+ RESERVED
+CVE-2022-23271
+ RESERVED
+CVE-2022-23270
+ RESERVED
+CVE-2022-23269
+ RESERVED
+CVE-2022-23268
+ RESERVED
+CVE-2022-23267
+ RESERVED
+CVE-2022-23266
+ RESERVED
+CVE-2022-23265
+ RESERVED
+CVE-2022-23264
+ RESERVED
+CVE-2022-23263
+ RESERVED
+CVE-2022-23262
+ RESERVED
+CVE-2022-23261
+ RESERVED
+CVE-2022-23260
+ RESERVED
+CVE-2022-23259
+ RESERVED
+CVE-2022-23258
+ RESERVED
+CVE-2022-23257
+ RESERVED
+CVE-2022-23256
+ RESERVED
+CVE-2022-23255
+ RESERVED
+CVE-2022-23254
+ RESERVED
+CVE-2022-23253
+ RESERVED
+CVE-2022-23252
+ RESERVED
+CVE-2022-23251
+ RESERVED
+CVE-2022-23250
+ RESERVED
+CVE-2022-23249
+ RESERVED
+CVE-2022-23248
+ RESERVED
+CVE-2022-23247
+ RESERVED
+CVE-2022-23246
+ RESERVED
+CVE-2022-23245
+ RESERVED
+CVE-2022-23244
+ RESERVED
+CVE-2022-23243
+ RESERVED
+CVE-2022-23242
+ RESERVED
+CVE-2022-23241
+ RESERVED
+CVE-2022-23240
+ RESERVED
+CVE-2022-23239
+ RESERVED
+CVE-2022-23238
+ RESERVED
+CVE-2022-23237
+ RESERVED
+CVE-2022-23236
+ RESERVED
+CVE-2022-23235
+ RESERVED
+CVE-2022-23234
+ RESERVED
+CVE-2022-23233
+ RESERVED
+CVE-2022-23232
+ RESERVED
CVE-2022-23231
RESERVED
CVE-2022-23230
@@ -476,8 +616,7 @@ CVE-2022-23096
RESERVED
CVE-2022-23095
RESERVED
-CVE-2022-23094 [Malicious IKEv1 packet can cause libreswan to restart]
- RESERVED
+CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a
denial of ...)
- libreswan 4.6-1
[buster] - libreswan <not-affected> (Vulnerable code introduced in 4.2)
NOTE: ttps://github.com/libreswan/libreswan/issues/585
@@ -1175,8 +1314,8 @@ CVE-2021-46197
RESERVED
CVE-2021-46196
RESERVED
-CVE-2021-46195
- RESERVED
+CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion
via the ...)
+ TODO: check
CVE-2021-46194
RESERVED
CVE-2021-46193
@@ -1223,14 +1362,14 @@ CVE-2021-46173
RESERVED
CVE-2021-46172
RESERVED
-CVE-2021-46171
- RESERVED
-CVE-2021-46170
- RESERVED
-CVE-2021-46169
- RESERVED
-CVE-2021-46168
- RESERVED
+CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer
dereference in se ...)
+ TODO: check
+CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There
is an Use ...)
+ TODO: check
+CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free
vulnerability ...)
+ TODO: check
+CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write
in lex() ...)
+ TODO: check
CVE-2021-46167
RESERVED
CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be
compromised by vis ...)
@@ -1843,8 +1982,8 @@ CVE-2022-22679
RESERVED
CVE-2022-22150
RESERVED
-CVE-2022-0130
- RESERVED
+CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain
a remo ...)
+ TODO: check
CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a
replay atta ...)
NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before
2.4.3, an int ...)
@@ -2184,12 +2323,12 @@ CVE-2022-22533
RESERVED
CVE-2022-22532
RESERVED
-CVE-2022-22531
- RESERVED
-CVE-2022-22530
- RESERVED
-CVE-2022-22529
- RESERVED
+CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA -
versions ...)
+ TODO: check
+CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA -
versions ...)
+ TODO: check
+CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not
sufficie ...)
+ TODO: check
CVE-2022-22528
RESERVED
CVE-2022-22527
@@ -3118,14 +3257,14 @@ CVE-2021-46024
RESERVED
CVE-2021-46023
RESERVED
-CVE-2021-46022
- RESERVED
-CVE-2021-46021
- RESERVED
-CVE-2021-46020
- RESERVED
-CVE-2021-46019
- RESERVED
+CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at
rec-mset ...)
+ TODO: check
+CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at
rec-record. ...)
+ TODO: check
+CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby
v3.0.0 can ...)
+ TODO: check
+CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at
rec-db.c of GN ...)
+ TODO: check
CVE-2021-46018
RESERVED
CVE-2021-46017
@@ -3325,7 +3464,7 @@ CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer
overflow in check_bad_addre
CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds
write in ...)
- libredwg <itp> (bug #595191)
CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based
buffer overf ...)
- {DSA-5038-1}
+ {DSA-5038-1 DLA-2879-1}
- ghostscript 9.55.0~dfsg-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
@@ -3345,7 +3484,7 @@ CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in
CompileBlock (called f
CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write
in std::_ ...)
NOT-FOR-US: uWebSockets
CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free
in sampl ...)
- {DSA-5038-1}
+ {DSA-5038-1 DLA-2879-1}
- ghostscript 9.54.0~dfsg-5
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
@@ -3435,8 +3574,8 @@ CVE-2022-22292
RESERVED
CVE-2022-22291
RESERVED
-CVE-2022-22290
- RESERVED
+CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet
prior to ...)
+ TODO: check
CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to
version ...)
NOT-FOR-US: Samsung
CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to
4.5.36.5 ...)
@@ -4013,44 +4152,44 @@ CVE-2021-45784
RESERVED
CVE-2021-45783
RESERVED
-CVE-2021-45782
- RESERVED
-CVE-2021-45781
- RESERVED
-CVE-2021-45780
- RESERVED
-CVE-2021-45779
- RESERVED
-CVE-2021-45778
- RESERVED
+CVE-2021-45782 (An untrusted pointer dereference in getcmd() at
inetutils/src/tftp.c o ...)
+ TODO: check
+CVE-2021-45781 (GNU Inetutils 2.2.16-cf091 was discovered to contain a
heap-based buff ...)
+ TODO: check
+CVE-2021-45780 (GNU Inetutils commit cf091 was discovered to contain a memory
leak via ...)
+ TODO: check
+CVE-2021-45779 (A NULL pointer dereference in unsetcmd() at
inetutils/telnet/commands. ...)
+ TODO: check
+CVE-2021-45778 (A NULL pointer dereference in setnmap() at cmds.c of GNU
Inetutils v2. ...)
+ TODO: check
CVE-2021-45777
RESERVED
CVE-2021-45776
RESERVED
-CVE-2021-45775
- RESERVED
-CVE-2021-45774
- RESERVED
-CVE-2021-45773
- RESERVED
+CVE-2021-45775 (GNU Inetutils 2.2.16-cf091 was discovered to contain an
infinite loop ...)
+ TODO: check
+CVE-2021-45774 (A NULL pointer dereference in help() at
inetutils/telnet/commands.c of ...)
+ TODO: check
+CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at
src/iec ...)
+ TODO: check
CVE-2021-45772
RESERVED
CVE-2021-45771
RESERVED
CVE-2021-45770
RESERVED
-CVE-2021-45769
- RESERVED
+CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at
src/mms/i ...)
+ TODO: check
CVE-2021-45768
RESERVED
-CVE-2021-45767
- RESERVED
+CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address
derefer ...)
+ TODO: check
CVE-2021-45766
RESERVED
CVE-2021-45765
RESERVED
-CVE-2021-45764
- RESERVED
+CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory
address derefe ...)
+ TODO: check
CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the
function ...)
TODO: check
CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory
address derefe ...)
@@ -4749,7 +4888,7 @@ CVE-2021-4161 (The affected products contain vulnerable
firmware, which could al
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel
through 5.15 ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
-CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-31
allows remote ...)
+CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23
allows remote ...)
NOT-FOR-US: Imperva Web Application Firewall
CVE-2021-45467
RESERVED
@@ -5062,8 +5201,8 @@ CVE-2022-21196
RESERVED
CVE-2022-21155
RESERVED
-CVE-2022-21137
- RESERVED
+CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a
stack-based b ...)
+ TODO: check
CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for
Node.js ...)
NOT-FOR-US: Node windows
CVE-2021-4154 [cgroup: verify that source is a string]
@@ -5407,8 +5546,8 @@ CVE-2021-45408
RESERVED
CVE-2021-45407
RESERVED
-CVE-2021-45406
- RESERVED
+CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an
attacker to ...)
+ TODO: check
CVE-2021-45405
RESERVED
CVE-2021-45404
@@ -6309,10 +6448,10 @@ CVE-2021-26264
RESERVED
CVE-2021-23173 (The affected product is vulnerable to an improper access
control, whic ...)
NOT-FOR-US: Philips
-CVE-2021-23157
- RESERVED
-CVE-2021-23138
- RESERVED
+CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable
to a he ...)
+ TODO: check
+CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable
to a st ...)
+ TODO: check
CVE-2021-XXXX [several SQL injection, remote code execution, XSS issues]
- spip 3.2.12-1
[bullseye] - spip 3.2.11-3+deb11u1
@@ -7363,8 +7502,8 @@ CVE-2021-44830
RESERVED
CVE-2021-44829
RESERVED
-CVE-2021-44828
- RESERVED
+CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0,
Bifrost r0p0 ...)
+ TODO: check
CVE-2021-44827
RESERVED
CVE-2021-44826
@@ -8293,8 +8432,8 @@ CVE-2021-44531 [Improper handling of URI Subject
Alternative Names]
NOTE:
https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531
NOTE:
https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85
(v12.x)
NOTE:
https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2
(v12.x)
-CVE-2021-44530
- RESERVED
+CVE-2021-44530 (An injection vulnerability exists in a third-party library
used in Uni ...)
+ TODO: check
CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud
Services Applia ...)
NOT-FOR-US: Ivanti
CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >=
6.0.0 that c ...)
@@ -9013,8 +9152,8 @@ CVE-2021-4025
RESERVED
CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP -
versions 700 ...)
NOT-FOR-US: SAP
-CVE-2021-44234
- RESERVED
+CVE-2021-44234 (SAP Business One - version 10.0, extended log stores
information that ...)
+ TODO: check
CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731,
V1200_750, doe ...)
NOT-FOR-US: SAP
CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to
exploit insu ...)
@@ -10579,8 +10718,8 @@ CVE-2021-3967
RESERVED
CVE-2021-3966
RESERVED
-CVE-2021-3965
- RESERVED
+CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to
unauthenticated HTT ...)
+ TODO: check
CVE-2021-43774
RESERVED
CVE-2021-43773
@@ -17831,8 +17970,8 @@ CVE-2021-42069 (When a user opens manipulated Tagged
Image File Format (.tif) fi
NOT-FOR-US: SAP
CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from
untruste ...)
NOT-FOR-US: SAP
-CVE-2021-42067
- RESERVED
+CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701,
702, 71 ...)
+ TODO: check
CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view
DB passw ...)
NOT-FOR-US: SAP
CVE-2021-42065
@@ -23569,26 +23708,19 @@ CVE-2021-39685
RESERVED
- linux 5.15.5-2
NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
-CVE-2021-39684
- RESERVED
+CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a
possibl ...)
NOT-FOR-US: Pixel
-CVE-2021-39683
- RESERVED
+CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out
of bounds ...)
NOT-FOR-US: Pixel
-CVE-2021-39682
- RESERVED
+CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a
possible out o ...)
NOT-FOR-US: Pixel
-CVE-2021-39681
- RESERVED
+CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary
code execu ...)
NOT-FOR-US: Pixel
-CVE-2021-39680
- RESERVED
+CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible
way to r ...)
NOT-FOR-US: Pixel
-CVE-2021-39679
- RESERVED
+CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible
use afte ...)
NOT-FOR-US: Pixel
-CVE-2021-39678
- RESERVED
+CVE-2021-39678 (In <TBD> of <TBD>, there is a possible bypass of
Factory R ...)
NOT-FOR-US: Pixel
CVE-2021-39677
RESERVED
@@ -23626,8 +23758,8 @@ CVE-2021-39661
RESERVED
CVE-2021-39660
RESERVED
-CVE-2021-39659
- RESERVED
+CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of
CreateConnectionProcessor.java, ...)
+ TODO: check
CVE-2021-39658
RESERVED
CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a
possible out ...)
@@ -23689,61 +23821,48 @@ CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl
of ip_tables.c, there is a
NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
CVE-2021-39635
RESERVED
-CVE-2021-39634 [epoll: do not insert into poll queues until all sanity checks
are done]
- RESERVED
+CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This
could lead ...)
- linux 5.8.14-1
[buster] - linux 4.19.152-1
[stretch] - linux 4.9.240-1
NOTE: https://source.android.com/security/bulletin/2022-01-01
NOTE:
https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8)
-CVE-2021-39633 [ip_gre: add validation for csum_start]
- RESERVED
+CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page
fault due ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
[stretch] - linux 4.9.290-1
NOTE: https://source.android.com/security/bulletin/2022-01-01
NOTE:
https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14)
-CVE-2021-39632
- RESERVED
+CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds
write d ...)
NOT-FOR-US: Android
CVE-2021-39631
RESERVED
-CVE-2021-39630
- RESERVED
+CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a
possible w ...)
NOT-FOR-US: Android
-CVE-2021-39629
- RESERVED
+CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is
a possi ...)
NOT-FOR-US: Android
-CVE-2021-39628
- RESERVED
+CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of
notification cont ...)
NOT-FOR-US: Android
-CVE-2021-39627
- RESERVED
+CVE-2021-39627 (In sendLegacyVoicemailNotification of
LegacyModeSmsHandler.java, there ...)
NOT-FOR-US: Android
-CVE-2021-39626
- RESERVED
+CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is
a possi ...)
NOT-FOR-US: Android
-CVE-2021-39625
- RESERVED
+CVE-2021-39625 (In showCarrierAppInstallationNotification of
EuiccNotificationManager. ...)
NOT-FOR-US: Android
CVE-2021-39624
RESERVED
-CVE-2021-39623
- RESERVED
-CVE-2021-39622
- RESERVED
+CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out
of boun ...)
+ TODO: check
+CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset
Protection ...)
NOT-FOR-US: Android
-CVE-2021-39621
- RESERVED
+CVE-2021-39621 (In sendLegacyVoicemailNotification of
LegacyModeSmsHandler.java, there ...)
NOT-FOR-US: Android
-CVE-2021-39620
- RESERVED
+CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way
to corru ...)
NOT-FOR-US: Android
CVE-2021-39619
RESERVED
-CVE-2021-39618
- RESERVED
+CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is
a possi ...)
NOT-FOR-US: Android
CVE-2021-39617
RESERVED
@@ -27572,10 +27691,10 @@ CVE-2021-38129
RESERVED
CVE-2021-38128
RESERVED
-CVE-2021-38127
- RESERVED
-CVE-2021-38126
- RESERVED
+CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus
ArcSight ...)
+ TODO: check
+CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus
ArcSight ...)
+ TODO: check
CVE-2021-38125
RESERVED
CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight
Enterprise ...)
@@ -30506,8 +30625,8 @@ CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB
Utility Driver for Camera/Hub/A
NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web
Applicatio ...)
NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall
(AIWAF) devices
-CVE-2021-36920
- RESERVED
+CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS)
vulnerability disco ...)
+ TODO: check
CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS)
vulnerabil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36918
@@ -32177,8 +32296,8 @@ CVE-2021-36201
RESERVED
CVE-2021-36200
RESERVED
-CVE-2021-36199
- RESERVED
+CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can
cause some ...)
+ TODO: check
CVE-2021-36198 (Successful exploitation of this vulnerability could allow an
unauthori ...)
NOT-FOR-US: Sensormatic Electronics, LLC
CVE-2021-36197
@@ -51642,8 +51761,8 @@ CVE-2021-28502
RESERVED
CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the
incorrec ...)
TODO: check
-CVE-2021-28500
- RESERVED
+CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the
incorrec ...)
+ TODO: check
CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is
supporte ...)
NOT-FOR-US: Arista
CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is
supporte ...)
@@ -62393,8 +62512,8 @@ CVE-2021-24046 (A logic flaw in Ray-Ban® Stories
device software allowed so
TODO: check
CVE-2021-24045 (A type confusion vulnerability could be triggered when
resolving the " ...)
TODO: check
-CVE-2021-24044
- RESERVED
+CVE-2021-24044 (By passing invalid javascript code where await and yield were
called u ...)
+ TODO: check
CVE-2021-24043
RESERVED
CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23,
WhatsApp ...)
@@ -63602,10 +63721,10 @@ CVE-2021-23569
RESERVED
CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype
Pollution ...)
TODO: check
-CVE-2021-23567
- RESERVED
-CVE-2021-23566
- RESERVED
+CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of
Service (Do ...)
+ TODO: check
+CVE-2021-23566 (The package nanoid before 3.1.31 are vulnerable to Information
Exposur ...)
+ TODO: check
CVE-2021-23565
RESERVED
CVE-2021-23564
@@ -81263,8 +81382,7 @@ CVE-2020-28336
RESERVED
CVE-2021-1050
RESERVED
-CVE-2021-1049
- RESERVED
+CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android
SoCAndroid ...)
NOT-FOR-US: Unisoc
CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way
to corru ...)
- linux 5.8.10-1
@@ -81291,12 +81409,12 @@ CVE-2021-1039 (In NotificationAccessActivity of
AndroidManifest.xml, there is a
NOT-FOR-US: Android
CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a
possible DoS ...)
NOT-FOR-US: Android
-CVE-2021-1037
- RESERVED
-CVE-2021-1036
- RESERVED
-CVE-2021-1035
- RESERVED
+CVE-2021-1037 (The broadcast that DevicePickerFragment sends when a new device
is pai ...)
+ TODO: check
+CVE-2021-1036 (In LocationSettingsActivity of AndroidManifest.xml, there is a
possibl ...)
+ TODO: check
+CVE-2021-1035 (In setLaunchIntent of
BluetoothDevicePickerPreferenceController.java, ...)
+ TODO: check
CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java,
there is ap ...)
NOT-FOR-US: Android
CVE-2021-1033
@@ -81448,8 +81566,7 @@ CVE-2021-0961 (In quota_proc_write of xt_quota2.c,
there is a possible way to re
NOTE: https://source.android.com/security/bulletin/2021-12-01
CVE-2021-0960
RESERVED
-CVE-2021-0959
- RESERVED
+CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory
restrict ...)
NOT-FOR-US: Android
CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of
potentially se ...)
NOT-FOR-US: Android
@@ -157364,7 +157481,7 @@ CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a
possible information disclos
NOT-FOR-US: Android Media Framework
CVE-2020-0339 (There is a possible out of bounds read due to a missing bounds
check.P ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions
check d ...)
+CVE-2020-0338 (In checkKeyIntent of AccountManagerService.java, there is a
possible p ...)
NOT-FOR-US: Android
CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions
check du ...)
NOT-FOR-US: Android
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faa959baf3749843592499684c338ec42a5e7692
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faa959baf3749843592499684c338ec42a5e7692
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
