Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82d2ff1d by security tracker role at 2022-02-25T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2022-26129
+ RESERVED
+CVE-2022-26128
+ RESERVED
+CVE-2022-26127
+ RESERVED
+CVE-2022-26126
+ RESERVED
+CVE-2022-26125
+ RESERVED
+CVE-2022-26122
+ RESERVED
+CVE-2022-26121
+ RESERVED
+CVE-2022-26120
+ RESERVED
+CVE-2022-26119
+ RESERVED
+CVE-2022-26118
+ RESERVED
+CVE-2022-26117
+ RESERVED
+CVE-2022-26116
+ RESERVED
+CVE-2022-26115
+ RESERVED
+CVE-2022-26114
+ RESERVED
+CVE-2022-26113
+ RESERVED
+CVE-2022-26112
+ RESERVED
+CVE-2022-26042
+ RESERVED
+CVE-2022-26007
+ RESERVED
+CVE-2022-26002
+ RESERVED
+CVE-2022-25995
+ RESERVED
+CVE-2022-0765
+ RESERVED
+CVE-2022-0764
+ RESERVED
+CVE-2022-0763
+ RESERVED
+CVE-2022-0762
+ RESERVED
+CVE-2021-4224
+ RESERVED
CVE-2022-26111
RESERVED
CVE-2022-26110
@@ -576,8 +626,8 @@ CVE-2022-0748
RESERVED
CVE-2022-0747
RESERVED
-CVE-2022-0746
- RESERVED
+CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr
prior to ...)
+ TODO: check
CVE-2022-0745
RESERVED
CVE-2022-0744
@@ -985,18 +1035,18 @@ CVE-2022-25650
RESERVED
CVE-2022-25172
RESERVED
-CVE-2022-25170
- RESERVED
+CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer
overflow wh ...)
+ TODO: check
CVE-2022-24910
RESERVED
-CVE-2022-23985
- RESERVED
+CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write
while pro ...)
+ TODO: check
CVE-2022-21809
RESERVED
CVE-2022-21238
RESERVED
-CVE-2022-21209
- RESERVED
+CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read
while proc ...)
+ TODO: check
CVE-2022-0730
RESERVED
CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
@@ -1642,8 +1692,8 @@ CVE-2022-25375 (An issue was discovered in
drivers/usb/gadget/function/rndis.c i
NOTE: https://github.com/szymonh/rndis-co
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
NOTE:
https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
-CVE-2022-25374
- RESERVED
+CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts
Sensitive Infor ...)
+ TODO: check
CVE-2022-25373
RESERVED
CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local
privilege e ...)
@@ -1792,15 +1842,13 @@ CVE-2022-25330 (Integer overflow conditions that exist
in Trend Micro ServerProt
NOT-FOR-US: Trend Micro
CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a
static cre ...)
NOT-FOR-US: Trend Micro
-CVE-2022-25328
- RESERVED
+CVE-2022-25328 (The bash_completion script for fscrypt allows injection of
commands vi ...)
- fscrypt <unfixed>
[bullseye] - fscrypt <no-dsa> (Minor issue)
[buster] - fscrypt <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1
NOTE:
https://github.com/google/fscrypt/commit/fa1a1fdbdea65829ce24a6b6f86ce2961e465b02
-CVE-2022-25327
- RESERVED
+CVE-2022-25327 (The PAM module for fscrypt doesn't adequately validate fscrypt
metadat ...)
- fscrypt <unfixed>
[bullseye] - fscrypt <no-dsa> (Minor issue)
[buster] - fscrypt <no-dsa> (Minor issue)
@@ -1808,8 +1856,7 @@ CVE-2022-25327
NOTE:
https://github.com/google/fscrypt/commit/1a47718420317f893831b0223153d56005d5b02b
NOTE:
https://github.com/google/fscrypt/commit/74e870b7bd1585b4b509da47e0e75db66336e576
NOTE:
https://github.com/google/fscrypt/commit/b44fbe71e1e93c47050322af51725bac997641e0
-CVE-2022-25326
- RESERVED
+CVE-2022-25326 (fscrypt through v0.3.2 creates a world-writable directory by
default w ...)
- fscrypt <unfixed>
[bullseye] - fscrypt <no-dsa> (Minor issue)
[buster] - fscrypt <no-dsa> (Minor issue)
@@ -2026,7 +2073,7 @@ CVE-2022-25258 (An issue was discovered in
drivers/usb/gadget/composite.c in the
NOTE: https://github.com/szymonh/d-os-descriptor
NOTE:
https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4)
CVE-2022-0655
- RESERVED
+ REJECTED
CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: Node request-retry
CVE-2022-0653 (The Profile Builder – User Profile & User
Registration Forms ...)
@@ -2266,8 +2313,8 @@ CVE-2022-0617 (A flaw null pointer dereference in the
Linux kernel UDF file syst
NOTE:
https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
CVE-2022-0616
RESERVED
-CVE-2022-0615
- RESERVED
+CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products
for Lin ...)
+ TODO: check
CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to
3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
@@ -2757,7 +2804,7 @@ CVE-2022-25021
CVE-2022-25020
RESERVED
CVE-2022-25019
- RESERVED
+ REJECTED
CVE-2022-25018
RESERVED
CVE-2022-25017
@@ -3006,11 +3053,9 @@ CVE-2022-24950
RESERVED
CVE-2022-24949
RESERVED
-CVE-2022-24948
- RESERVED
+CVE-2022-24948 (A carefully crafted user preferences for submission could
trigger an X ...)
- jspwiki <removed>
-CVE-2022-24947
- RESERVED
+CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF
attacks, wh ...)
- jspwiki <removed>
CVE-2022-24946
RESERVED
@@ -3855,8 +3900,8 @@ CVE-2022-24614 (When reading a specially crafted JPEG
file, metadata-extractor u
CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught
exceptions ...)
- libmetadata-extractor-java <unfixed>
NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
-CVE-2022-24612
- RESERVED
+CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS
via the ...)
+ TODO: check
CVE-2022-24611
RESERVED
CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto
DVC-215IP ca ...)
@@ -3894,8 +3939,8 @@ CVE-2022-24596
RESERVED
CVE-2022-24595
RESERVED
-CVE-2022-24594
- RESERVED
+CVE-2022-24594 (In waline 1.6.1, an attacker can submit messages using
X-Forwarded-For ...)
+ TODO: check
CVE-2022-24593
RESERVED
CVE-2022-24592
@@ -4493,48 +4538,48 @@ CVE-2022-24349
RESERVED
CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory
traversal ...)
NOT-FOR-US: Argo CD
-CVE-2022-24347
- RESERVED
-CVE-2022-24346
- RESERVED
-CVE-2022-24345
- RESERVED
-CVE-2022-24344
- RESERVED
-CVE-2022-24343
- RESERVED
-CVE-2022-24342
- RESERVED
-CVE-2022-24341
- RESERVED
-CVE-2022-24340
- RESERVED
-CVE-2022-24339
- RESERVED
-CVE-2022-24338
- RESERVED
-CVE-2022-24337
- RESERVED
-CVE-2022-24336
- RESERVED
-CVE-2022-24335
- RESERVED
-CVE-2022-24334
- RESERVED
-CVE-2022-24333
- RESERVED
-CVE-2022-24332
- RESERVED
-CVE-2022-24331
- RESERVED
-CVE-2022-24330
- RESERVED
-CVE-2022-24329
- RESERVED
-CVE-2022-24328
- RESERVED
-CVE-2022-24327
- RESERVED
+CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to
stored XSS vi ...)
+ TODO: check
+CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code
execution via R ...)
+ TODO: check
+CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code
execution (with ...)
+ TODO: check
+CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to
stored XSS on ...)
+ TODO: check
+CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could
be set ...)
+ TODO: check
+CVE-2022-24342 (In JetBrains TeamCity before 2021.2.1, URL injection leading
to CSRF w ...)
+ TODO: check
+CVE-2022-24341 (In JetBrains TeamCity before 2021.2.1, editing a user account
to chang ...)
+ TODO: check
+CVE-2022-24340 (In JetBrains TeamCity before 2021.2.1, XXE during the parsing
of the c ...)
+ TODO: check
+CVE-2022-24339 (JetBrains TeamCity before 2021.2.1 was vulnerable to stored
XSS. ...)
+ TODO: check
+CVE-2022-24338 (JetBrains TeamCity before 2021.2.1 was vulnerable to reflected
XSS. ...)
+ TODO: check
+CVE-2022-24337 (In JetBrains TeamCity before 2021.2, health items of pull
requests wer ...)
+ TODO: check
+CVE-2022-24336 (In JetBrains TeamCity before 2021.2.1, an unauthenticated
attacker can ...)
+ TODO: check
+CVE-2022-24335 (JetBrains TeamCity before 2021.2 was vulnerable to a
Time-of-check/Tim ...)
+ TODO: check
+CVE-2022-24334 (In JetBrains TeamCity before 2021.2.1, the Agent Push feature
allowed ...)
+ TODO: check
+CVE-2022-24333 (In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC
call wa ...)
+ TODO: check
+CVE-2022-24332 (In JetBrains TeamCity before 2021.2, a logout action didn't
remove a R ...)
+ TODO: check
+CVE-2022-24331 (In JetBrains TeamCity before 2021.1.4, GitLab authentication
impersona ...)
+ TODO: check
+CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a redirection to an
external si ...)
+ TODO: check
+CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock
dependen ...)
+ TODO: check
+CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user
could perfo ...)
+ TODO: check
+CVE-2022-24327 (In JetBrains Hub before 2021.1.13890, integration with
JetBrains Accou ...)
+ TODO: check
CVE-2022-24326
RESERVED
CVE-2022-24325
@@ -4667,8 +4712,7 @@ CVE-2022-24290
RESERVED
CVE-2022-24289 (Hessian serialization is a network protocol that supports
object-based ...)
NOT-FOR-US: Apache Cayenne
-CVE-2022-24288
- RESERVED
+CVE-2022-24288 (In Apache Airflow, prior to version 2.2.4, some example DAGs
did not p ...)
- airflow <itp> (bug #819700)
CVE-2022-24287
RESERVED
@@ -5583,12 +5627,12 @@ CVE-2022-24037
RESERVED
CVE-2022-24036
RESERVED
-CVE-2022-23921
- RESERVED
+CVE-2022-23921 (Exploitation of this vulnerability may result in local
privilege escal ...)
+ TODO: check
CVE-2022-22987 (The affected product has a hardcoded private key available
inside the ...)
NOT-FOR-US: Advantech
-CVE-2022-21798
- RESERVED
+CVE-2022-21798 (The affected product is vulnerable due to cleartext
transmission of cr ...)
+ TODO: check
CVE-2022-21154
RESERVED
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to
8.2. ...)
@@ -8459,8 +8503,8 @@ CVE-2022-0249
RESERVED
CVE-2022-0248
RESERVED
-CVE-2022-0247
- RESERVED
+CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified
through acce ...)
+ TODO: check
CVE-2022-0246
RESERVED
CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and
wpa_supplica ...)
@@ -12173,8 +12217,8 @@ CVE-2021-45979 (Foxit PDF Reader and PDF Editor before
11.1 on macOS allow remot
NOT-FOR-US: Foxit
CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow
remote atta ...)
NOT-FOR-US: Foxit
-CVE-2021-45977
- RESERVED
+CVE-2021-45977 (JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA
2021.3.1 RC, P ...)
+ TODO: check
CVE-2021-45976
RESERVED
CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a
vulnerabi ...)
@@ -15063,8 +15107,7 @@ CVE-2021-45231 (A link following privilege escalation
vulnerability in Trend Mic
NOT-FOR-US: Trend Micro
CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a
specific case ...)
- airflow <itp> (bug #819700)
-CVE-2021-45229
- RESERVED
+CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen
was suscep ...)
- airflow <itp> (bug #819700)
CVE-2021-45228
RESERVED
@@ -26855,8 +26898,8 @@ CVE-2021-42246
RESERVED
CVE-2021-42245
RESERVED
-CVE-2021-42244
- RESERVED
+CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware
Notimoo ...)
+ TODO: check
CVE-2021-42243
RESERVED
CVE-2021-42242
@@ -32347,14 +32390,14 @@ CVE-2021-40048
RESERVED
CVE-2021-40047
RESERVED
-CVE-2021-40046
- RESERVED
+CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation
vulnerability. ...)
+ TODO: check
CVE-2021-40045 (There is a vulnerability of signature verification mechanism
failure i ...)
NOT-FOR-US: Huawei
CVE-2021-40044 (There is a permission verification vulnerability in the
Bluetooth modu ...)
NOT-FOR-US: Huawei
-CVE-2021-40043
- RESERVED
+CVE-2021-40043 (The laser command injection vulnerability exists on
AIS-BW80H-00 versi ...)
+ TODO: check
CVE-2021-40042 (There is a release of invalid pointer vulnerability in some
Huawei pro ...)
NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI
WS318n pr ...)
@@ -34923,8 +34966,8 @@ CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1
could allow a non-privileged
NOT-FOR-US: IBM
CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
NOT-FOR-US: IBM
-CVE-2021-38993
- RESERVED
+CVE-2021-38993 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2021-38992
RESERVED
CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a
non-privileged local ...)
@@ -38800,8 +38843,8 @@ CVE-2021-37506
RESERVED
CVE-2021-37505
RESERVED
-CVE-2021-37504
- RESERVED
+CVE-2021-37504 (A cross-site scripting (XSS) vulnerability in the fileNameStr
paramete ...)
+ TODO: check
CVE-2021-37503
RESERVED
CVE-2021-37502
@@ -39722,8 +39765,8 @@ CVE-2021-37105 (There is an improper file upload
control vulnerability in Fusion
NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI
P40 ver ...)
NOT-FOR-US: Huawei
-CVE-2021-37103
- RESERVED
+CVE-2021-37103 (There is an improper permission management vulnerability in
the Wallet ...)
+ TODO: check
CVE-2021-37102 (There is a command injection vulnerability in CMA service
module of Fu ...)
NOT-FOR-US: Huawei
CVE-2021-37101 (There is an improper authorization vulnerability in
AIS-BW50-00 9.0.6. ...)
@@ -39874,8 +39917,8 @@ CVE-2021-37029 (There is an Identity verification
vulnerability in Huawei Smartp
NOT-FOR-US: Huawei
CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q
product. Whe ...)
NOT-FOR-US: Huawei
-CVE-2021-37027
- RESERVED
+CVE-2021-37027 (There is a DoS vulnerability in smartphones. Successful
exploitation o ...)
+ TODO: check
CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei
Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei
Smartphon ...)
@@ -66004,8 +66047,8 @@ CVE-2021-26619 (An path traversal vulnerability leading
to delete arbitrary file
NOT-FOR-US: BigFileAgent
CVE-2021-26618 (An improper input validation leading to arbitrary file
creation was di ...)
NOT-FOR-US: ToWord of ToOffice
-CVE-2021-26617
- RESERVED
+CVE-2021-26617 (This issues due to insufficient verification of the various
input valu ...)
+ TODO: check
CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special
characte ...)
NOT-FOR-US: SecuwaySSL client for MacOS
CVE-2021-26615 (ARK library allows attackers to execute remote code via the
parameter( ...)
@@ -76044,8 +76087,8 @@ CVE-2021-22491 (There is an Input verification
vulnerability in Huawei Smartphon
NOT-FOR-US: Huawei
CVE-2021-22490 (There is a Permission verification vulnerability in Huawei
Smartphone. ...)
NOT-FOR-US: Huawei
-CVE-2021-22489
- RESERVED
+CVE-2021-22489 (There is a DoS vulnerability in smartphones. Successful
exploitation o ...)
+ TODO: check
CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei
Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei
Smartphone. Suc ...)
@@ -76062,12 +76105,12 @@ CVE-2021-22482 (There is an Uninitialized variable
vulnerability in Huawei Smart
NOT-FOR-US: Huawei
CVE-2021-22481 (There is a Verification errors vulnerability in Huawei
Smartphone.Succ ...)
NOT-FOR-US: Huawei
-CVE-2021-22480
- RESERVED
-CVE-2021-22479
- RESERVED
-CVE-2021-22478
- RESERVED
+CVE-2021-22480 (The interface of a certain HarmonyOS module has an integer
overflow vu ...)
+ TODO: check
+CVE-2021-22479 (The interface of a certain HarmonyOS module has an invalid
address acc ...)
+ TODO: check
+CVE-2021-22478 (The interface of a certain HarmonyOS module has a UAF
vulnerability. S ...)
+ TODO: check
CVE-2021-22477
RESERVED
CVE-2021-22476
@@ -76126,8 +76169,8 @@ CVE-2021-22450 (A component of the HarmonyOS has a
Incomplete Cleanup vulnerabil
NOT-FOR-US: HarmonyOS
CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An
unauthentica ...)
NOT-FOR-US: Elf-G10HN (Huawei)
-CVE-2021-22448
- RESERVED
+CVE-2021-22448 (There is an improper verification vulnerability in
smartphones. Succes ...)
+ TODO: check
CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional
Conditions Vulne ...)
NOT-FOR-US: Huawei
CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei
Smartphone. ...)
@@ -76140,38 +76183,38 @@ CVE-2021-22443 (There is an Input Verification
Vulnerability in Huawei Smartphon
NOT-FOR-US: Huawei
CVE-2021-22442 (There is an Improper Validation of Integrity Check Value
Vulnerability ...)
NOT-FOR-US: Huawei
-CVE-2021-22441
- RESERVED
+CVE-2021-22441 (Some Huawei products have an integer overflow vulnerability.
Successfu ...)
+ TODO: check
CVE-2021-22440 (There is a path traversal vulnerability in some Huawei
products. The v ...)
NOT-FOR-US: Huawei
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice
V200R006C ...)
NOT-FOR-US: Huawei
CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit
Vulnerability in Hua ...)
NOT-FOR-US: Huawei
-CVE-2021-22437
- RESERVED
+CVE-2021-22437 (There is a software integer overflow leading to a TOCTOU
condition in ...)
+ TODO: check
CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei
Smartphone.Successful ...)
NOT-FOR-US: Huawei
CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei
Smartphone.Suc ...)
NOT-FOR-US: Huawei
-CVE-2021-22434
- RESERVED
-CVE-2021-22433
- RESERVED
-CVE-2021-22432
- RESERVED
-CVE-2021-22431
- RESERVED
-CVE-2021-22430
- RESERVED
-CVE-2021-22429
- RESERVED
+CVE-2021-22434 (There is a memory address out of bounds vulnerability in
smartphones. ...)
+ TODO: check
+CVE-2021-22433 (There is a memory address out of bounds in smartphones.
Successful exp ...)
+ TODO: check
+CVE-2021-22432 (There is a vulnerability when configuring permission isolation
in smar ...)
+ TODO: check
+CVE-2021-22431 (There is a vulnerability when configuring permission isolation
in smar ...)
+ TODO: check
+CVE-2021-22430 (There is a logic bypass vulnerability in smartphones.
Successful explo ...)
+ TODO: check
+CVE-2021-22429 (There is a memory address out of bounds in smartphones.
Successful exp ...)
+ TODO: check
CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei
Smartphone.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei
Smartpho ...)
NOT-FOR-US: Huawei
-CVE-2021-22426
- RESERVED
+CVE-2021-22426 (There is a memory address out of bounds in smartphones.
Successful exp ...)
+ TODO: check
CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability.
Local at ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage
Vulnerability ...)
@@ -76232,10 +76275,10 @@ CVE-2021-22397 (There is a privilege escalation
vulnerability in Huawei ManageOn
NOT-FOR-US: Huawei
CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei
products. ...)
NOT-FOR-US: Huawei
-CVE-2021-22395
- RESERVED
-CVE-2021-22394
- RESERVED
+CVE-2021-22395 (There is a code injection vulnerability in smartphones.
Successful exp ...)
+ TODO: check
+CVE-2021-22394 (There is a buffer overflow vulnerability in smartphones.
Successful ex ...)
+ TODO: check
CVE-2021-22393 (There is a denial of service vulnerability in some versions of
CloudEn ...)
NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei
Smartphone. ...)
@@ -76384,8 +76427,8 @@ CVE-2021-22321 (There is a use-after-free vulnerability
in a Huawei product. A m
NOT-FOR-US: Huawei
CVE-2021-22320 (There is a denial of service vulnerability in Huawei products.
A modul ...)
NOT-FOR-US: Huawei
-CVE-2021-22319
- RESERVED
+CVE-2021-22319 (There is an improper verification vulnerability in
smartphones. Succes ...)
+ TODO: check
CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer
Dereference Vulner ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei
Smartphone. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d2ff1de0968f21ef631b90dfae3c1d0c5b17eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d2ff1de0968f21ef631b90dfae3c1d0c5b17eb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
