Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8abc22eb by security tracker role at 2022-03-24T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2022-27843
+ RESERVED
+CVE-2022-27842
+ RESERVED
+CVE-2022-27841
+ RESERVED
+CVE-2022-27840
+ RESERVED
+CVE-2022-27839
+ RESERVED
+CVE-2022-27838
+ RESERVED
+CVE-2022-27837
+ RESERVED
+CVE-2022-27836
+ RESERVED
+CVE-2022-27835
+ RESERVED
+CVE-2022-27834
+ RESERVED
+CVE-2022-27833
+ RESERVED
+CVE-2022-27832
+ RESERVED
+CVE-2022-27831
+ RESERVED
+CVE-2022-27830
+ RESERVED
+CVE-2022-27829
+ RESERVED
+CVE-2022-27828
+ RESERVED
+CVE-2022-27827
+ RESERVED
+CVE-2022-27826
+ RESERVED
+CVE-2022-27825
+ RESERVED
+CVE-2022-27824
+ RESERVED
+CVE-2022-27823
+ RESERVED
+CVE-2022-27822
+ RESERVED
+CVE-2022-27821
+ RESERVED
+CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not
verify the T ...)
+ TODO: check
+CVE-2022-27819
+ RESERVED
+CVE-2022-27818
+ RESERVED
+CVE-2022-27817
+ RESERVED
+CVE-2022-27816
+ RESERVED
+CVE-2022-27815
+ RESERVED
+CVE-2022-27814
+ RESERVED
+CVE-2022-27813
+ RESERVED
+CVE-2022-27812
+ RESERVED
+CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via
shell met ...)
+ TODO: check
+CVE-2022-27810
+ RESERVED
+CVE-2022-27809
+ RESERVED
+CVE-2022-27802
+ RESERVED
+CVE-2022-27801
+ RESERVED
+CVE-2022-27800
+ RESERVED
+CVE-2022-27799
+ RESERVED
+CVE-2022-27798
+ RESERVED
+CVE-2022-27797
+ RESERVED
+CVE-2022-27796
+ RESERVED
+CVE-2022-27795
+ RESERVED
+CVE-2022-27794
+ RESERVED
+CVE-2022-27793
+ RESERVED
+CVE-2022-27792
+ RESERVED
+CVE-2022-27791
+ RESERVED
+CVE-2022-27790
+ RESERVED
+CVE-2022-27789
+ RESERVED
+CVE-2022-27788
+ RESERVED
+CVE-2022-27787
+ RESERVED
+CVE-2022-27786
+ RESERVED
+CVE-2022-27785
+ RESERVED
+CVE-2022-27784
+ RESERVED
+CVE-2022-27783
+ RESERVED
+CVE-2022-27660
+ RESERVED
+CVE-2022-27633
+ RESERVED
+CVE-2022-27630
+ RESERVED
+CVE-2022-27185
+ RESERVED
+CVE-2022-27178
+ RESERVED
+CVE-2022-26346
+ RESERVED
+CVE-2022-1060
+ RESERVED
CVE-2022-27782
RESERVED
CVE-2022-27781
@@ -1131,8 +1255,8 @@ CVE-2022-27256
RESERVED
CVE-2022-27255
RESERVED
-CVE-2022-27254
- RESERVED
+CVE-2022-27254 (The remote keyless system on Honda Civic 2018 vehicles sends
the same ...)
+ TODO: check
CVE-2022-27253
RESERVED
CVE-2022-27252
@@ -1141,8 +1265,8 @@ CVE-2022-27251
RESERVED
CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to
obtain remot ...)
NOT-FOR-US: UNISOC
-CVE-2022-1030
- RESERVED
+CVE-2022-1030 (Okta Advanced Server Access Client for Linux and macOS prior to
versio ...)
+ TODO: check
CVE-2022-1029
RESERVED
CVE-2022-1028
@@ -1267,8 +1391,7 @@ CVE-2022-0998
NOTE: CONFIG_VHOST_VDPA not set in Debian
CVE-2022-0997
RESERVED
-CVE-2022-0996
- RESERVED
+CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that
allows expi ...)
- 389-ds-base <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
TODO: check details
@@ -1331,8 +1454,7 @@ CVE-2022-0983
- moodle <removed>
CVE-2022-0982 (The telnet_input_char function in
opt/src/accel-pppd/cli/telnet.c suff ...)
NOT-FOR-US: ACCEL-PPP
-CVE-2022-0981
- RESERVED
+CVE-2022-0981 (A flaw was found in Quarkus. The state and potentially
associated perm ...)
NOT-FOR-US: Quarkus
CVE-2022-27218 (Jenkins incapptic connect uploader Plugin 1.15 and earlier
stores toke ...)
NOT-FOR-US: Jenkins plugin
@@ -1384,8 +1506,8 @@ CVE-2022-27195 (Jenkins Parameterized Trigger Plugin 2.43
and earlier captures e
NOT-FOR-US: Jenkins plugin
CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External
Entities (X ...)
TODO: check
-CVE-2022-27192
- RESERVED
+CVE-2022-27192 (The Reporting module in Aseco Lietuva document management
system DVS A ...)
+ TODO: check
CVE-2022-27191 (golang.org/x/crypto/ssh before
0.0.0-20220314234659-1baeb1ce4c0b in Go ...)
- golang-go.crypto 1:0.0~git20220315.3147a52-1
NOTE:
https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
@@ -1580,7 +1702,7 @@ CVE-2022-0961 (The microweber application allows large
characters to insert in t
NOT-FOR-US: microweber
CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository
star7th/s ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0959 (When run in server mode, pgAdmin 4 allows users to store files
on the ...)
+CVE-2022-0959 (A malicious, but authorised and authenticated user can
construct an HT ...)
- pgadmin4 <itp> (bug #834129)
CVE-2022-0958
RESERVED
@@ -1772,22 +1894,22 @@ CVE-2022-27085
RESERVED
CVE-2022-27084
RESERVED
-CVE-2022-27083
- RESERVED
-CVE-2022-27082
- RESERVED
-CVE-2022-27081
- RESERVED
-CVE-2022-27080
- RESERVED
-CVE-2022-27079
- RESERVED
-CVE-2022-27078
- RESERVED
-CVE-2022-27077
- RESERVED
-CVE-2022-27076
- RESERVED
+CVE-2022-27083 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-27082 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-27081 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-27080 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-27079 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-27078 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-27077 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-27076 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
CVE-2022-27075
RESERVED
CVE-2022-27074
@@ -2755,10 +2877,10 @@ CVE-2022-26678
RESERVED
CVE-2022-26677
RESERVED
-CVE-2022-0889
- RESERVED
-CVE-2022-0888
- RESERVED
+CVE-2022-0889 (The Ninja Forms - File Uploads Extension WordPress plugin is
vulnerabl ...)
+ TODO: check
+CVE-2022-0888 (The Ninja Forms - File Uploads Extension WordPress plugin is
vulnerabl ...)
+ TODO: check
CVE-2022-0887
RESERVED
CVE-2022-0886
@@ -3071,8 +3193,8 @@ CVE-2022-26538
RESERVED
CVE-2022-26537
RESERVED
-CVE-2022-26536
- RESERVED
+CVE-2022-26536 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
CVE-2022-26535
RESERVED
CVE-2022-26534 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an
issue where ...)
@@ -3402,8 +3524,7 @@ CVE-2022-0856 (libcaca is affected by a Divide By Zero
issue via img2txt, which
NOTE: Crash in CLI tool, no security impact
CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository
microwebe ...)
NOT-FOR-US: microweber (whmcs_plugin)
-CVE-2022-0854 [swiotlb: fix info leak with DMA_FROM_DEVICE]
- RESERVED
+CVE-2022-0854 (A memory leak flaw was found in the Linux kernel’s DMA
subsystem ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058395
NOTE:
https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e (5.17-rc6)
@@ -3608,8 +3729,8 @@ CVE-2022-26353 (A flaw was found in the virtio-net device
of QEMU. This flaw was
NOTE: Introduced by the original fix for CVE-2021-3748.
CVE-2022-0835
RESERVED
-CVE-2022-0834
- RESERVED
+CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site
Scripting due ...)
+ TODO: check
CVE-2022-0833
RESERVED
CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -3796,10 +3917,10 @@ CVE-2022-26292
RESERVED
CVE-2022-26291
RESERVED
-CVE-2022-26290
- RESERVED
-CVE-2022-26289
- RESERVED
+CVE-2022-26290 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
+CVE-2022-26289 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a
command inje ...)
+ TODO: check
CVE-2022-26288
RESERVED
CVE-2022-26287
@@ -4969,8 +5090,8 @@ CVE-2022-0751
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
-CVE-2022-0750
- RESERVED
+CVE-2022-0750 (The Photoswipe Masonry Gallery WordPress plugin is vulnerable
to Cross ...)
+ TODO: check
CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The
socket cli ...)
NOT-FOR-US: SinGooCMS
CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary
Code Ex ...)
@@ -5570,10 +5691,10 @@ CVE-2022-25611
RESERVED
CVE-2022-25610
RESERVED
-CVE-2022-25609
- RESERVED
-CVE-2022-25608
- RESERVED
+CVE-2022-25609 (Stored Cross-Site Scripting (XSS) in Yoo Slider – Image
Slider & ...)
+ TODO: check
+CVE-2022-25608 (Cross-Site Request Forgery (CSRF) in Yoo Slider – Image
Slider & ...)
+ TODO: check
CVE-2022-25607 (Authenticated (author or higher user role) SQL Injection
(SQLi) vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25606
@@ -6461,14 +6582,14 @@ CVE-2022-25272
RESERVED
CVE-2022-25270 (The Quick Edit module does not properly check entity access in
some ci ...)
NOT-FOR-US: Drupal 9.x
-CVE-2022-25269
- RESERVED
-CVE-2022-25268
- RESERVED
-CVE-2022-25267
- RESERVED
-CVE-2022-25266
- RESERVED
+CVE-2022-25269 (Passwork On-Premise Edition before 4.6.13 has multiple XSS
issues. ...)
+ TODO: check
+CVE-2022-25268 (Passwork On-Premise Edition before 4.6.13 allows CSRF via the
groups, ...)
+ TODO: check
+CVE-2022-25267 (Passwork On-Premise Edition before 4.6.13 allows
migration/uploadExpor ...)
+ TODO: check
+CVE-2022-25266 (Passwork On-Premise Edition before 4.6.13 allows
migration/downloadExp ...)
+ TODO: check
CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may
have the ...)
- linux <unfixed> (unimportant)
NOTE: https://github.com/x0reaxeax/exec-prot-bypass
@@ -6679,12 +6800,12 @@ CVE-2022-25225 (Network Olympus version 1.8.0 allows an
authenticated admin user
NOT-FOR-US: Network Olympus
CVE-2022-25224
RESERVED
-CVE-2022-25223
- RESERVED
-CVE-2022-25222
- RESERVED
-CVE-2022-25221
- RESERVED
+CVE-2022-25223 (Money Transfer Management System Version 1.0 allows an
authenticated u ...)
+ TODO: check
+CVE-2022-25222 (Money Transfer Management System Version 1.0 allows an
unauthenticated ...)
+ TODO: check
+CVE-2022-25221 (Money Transfer Management System Version 1.0 allows an
attacker to inj ...)
+ TODO: check
CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to
inject pe ...)
NOT-FOR-US: PeteReport
CVE-2022-25219 (A null byte interaction error has been discovered in the code
that the ...)
@@ -6757,8 +6878,7 @@ CVE-2022-0613 (Authorization Bypass Through
User-Controlled Key in NPM urijs pri
NOTE:
https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f
(v1.19.8)
CVE-2021-4220
REJECTED
-CVE-2021-4219
- RESERVED
+CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due
to impro ...)
- imagemagick <unfixed>
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -7206,8 +7326,8 @@ CVE-2022-25043
RESERVED
CVE-2022-25042
RESERVED
-CVE-2022-25041
- RESERVED
+CVE-2022-25041 (OpenEMR v6.0.0 was discovered to contain an incorrect access
control i ...)
+ TODO: check
CVE-2022-25040
RESERVED
CVE-2022-25039
@@ -7537,8 +7657,8 @@ CVE-2022-24936
RESERVED
CVE-2022-24935
RESERVED
-CVE-2022-24934
- RESERVED
+CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382
allows remo ...)
+ TODO: check
CVE-2022-24933
RESERVED
CVE-2022-24932 (Improper Protection of Alternate Path vulnerability in Setup
wizard pr ...)
@@ -7889,8 +8009,8 @@ CVE-2022-24770 (`gradio` is an open source framework for
building interactive ma
TODO: check
CVE-2022-24769
RESERVED
-CVE-2022-24768
- RESERVED
+CVE-2022-24768 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
CVE-2022-24767
RESERVED
CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting
proxy. In mi ...)
@@ -7920,8 +8040,8 @@ CVE-2022-24759 (`@chainsafe/libp2p-noise` contains
TypeScript implementation of
TODO: check
CVE-2022-24758
RESERVED
-CVE-2022-24757
- RESERVED
+CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core
services, APIs, ...)
+ TODO: check
CVE-2022-24756 (Bareos is open source software for backup, archiving, and
recovery of ...)
- bareos <removed>
[buster] - bareos <not-affected> (PAM support not yet present)
@@ -7994,11 +8114,9 @@ CVE-2022-24733 (Sylius is an open source eCommerce
platform. Prior to versions 1
NOT-FOR-US: Sylius
CVE-2022-24732 (Maddy Mail Server is an open source SMTP compatible email
server. Vers ...)
NOT-FOR-US: Maddy Mail Server
-CVE-2022-24731
- RESERVED
+CVE-2022-24731 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
-CVE-2022-24730
- RESERVED
+CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
TODO: check
@@ -9294,12 +9412,12 @@ CVE-2022-0471
RESERVED
CVE-2022-24294
RESERVED
-CVE-2022-24293
- RESERVED
-CVE-2022-24292
- RESERVED
-CVE-2022-24291
- RESERVED
+CVE-2022-24293 (Certain HP Print devices may be vulnerable to potential
information di ...)
+ TODO: check
+CVE-2022-24292 (Certain HP Print devices may be vulnerable to potential
information di ...)
+ TODO: check
+CVE-2022-24291 (Certain HP Print devices may be vulnerable to potential
information di ...)
+ TODO: check
CVE-2022-24290
RESERVED
CVE-2022-24289 (Hessian serialization is a network protocol that supports
object-based ...)
@@ -10948,10 +11066,10 @@ CVE-2022-23883
RESERVED
CVE-2022-23882
RESERVED
-CVE-2022-23881
- RESERVED
-CVE-2022-23880
- RESERVED
+CVE-2022-23881 (ZZZCMS zzzphp v2.1.0 was discovered to contain a remote
command execut ...)
+ TODO: check
+CVE-2022-23880 (An arbitrary file upload vulnerability in the File Management
function ...)
+ TODO: check
CVE-2022-23879
RESERVED
CVE-2022-23878 (seacms V11.5 is affected by an arbitrary code execution
vulnerability ...)
@@ -12043,6 +12161,7 @@ CVE-2022-23616 (XWiki Platform is a generic wiki
platform offering runtime servi
CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2022-23614 (Twig is an open source template language for PHP. When in a
sandbox mo ...)
+ {DSA-5107-1}
- php-twig 3.3.8-1
- twig <removed>
NOTE:
https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
@@ -14254,10 +14373,10 @@ CVE-2022-22954
RESERVED
CVE-2022-22953
RESERVED
-CVE-2022-22952
- RESERVED
-CVE-2022-22951
- RESERVED
+CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x
prior to ...)
+ TODO: check
+CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x
prior to ...)
+ TODO: check
CVE-2022-22950
RESERVED
CVE-2022-22949
@@ -14530,7 +14649,7 @@ CVE-2022-0169 (The Photo Gallery by 10Web WordPress
plugin before 1.6.0 does not
NOT-FOR-US: WordPress plugin
CVE-2022-0168
RESERVED
- - linux <unfixed>
+ - linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386
CVE-2022-0167
RESERVED
@@ -14922,8 +15041,8 @@ CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a
vulnerability in ASR WebApp,
NOT-FOR-US: NVIDIA NeMo
CVE-2022-22820 (Due to the lack of media file checks before rendering, it was
possible ...)
NOT-FOR-US: LINE
-CVE-2022-22819
- RESERVED
+CVE-2022-22819 (NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98,
LPC55S69JBD64, LPC55 ...)
+ TODO: check
CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2
before 3 ...)
{DLA-2906-1}
- python-django 2:3.2.12-1 (bug #1004752)
@@ -16890,8 +17009,7 @@ CVE-2021-45986 (Tenda routers G1 and G3
v15.11.0.17(9502)_CN were discovered to
NOT-FOR-US: Tenda routers
CVE-2021-45985
RESERVED
-CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm
checks]
- RESERVED
+CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux
kernel's c ...)
- linux 5.15.15-1
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
@@ -17863,8 +17981,7 @@ CVE-2021-45734 (TOTOLINK X5000R v9.1.0u.6118_B20201102
was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2021-45733 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to
contain a com ...)
NOT-FOR-US: TOTOLINK
-CVE-2021-4180
- RESERVED
+CVE-2021-4180 (An information exposure flaw in
openstack-tripleo-heat-templates allow ...)
- tripleo-heat-templates <removed>
NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397
CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of
Input Durin ...)
@@ -18567,8 +18684,7 @@ CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check
in decode_nfs_fh()]
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
NOTE:
https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
-CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
- RESERVED
+CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec
functi ...)
- libsndfile <unfixed>
[bullseye] - libsndfile <no-dsa> (Minor issue)
[buster] - libsndfile <no-dsa> (Minor issue)
@@ -19014,16 +19130,13 @@ CVE-2021-45452 (Storage.save in Django 2.2 before
2.2.26, 3.2 before 3.2.11, and
NOTE:
https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE:
https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
(3.2.11)
NOTE:
https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1
(2.2.26)
-CVE-2021-4150 [Block subsystem mishandles reference counts]
- RESERVED
+CVE-2021-4150 (A use-after-free flaw was found in the add_partition in
block/partitio ...)
- linux <not-affected> (Vulnerability introduced and fixed in
experimental)
NOTE:
https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
-CVE-2021-4149 [Improper lock operation in btrfs]
- RESERVED
+CVE-2021-4149 (A vulnerability was found in btrfs_alloc_tree_b in
fs/btrfs/extent-tre ...)
- linux 5.14.16-1
NOTE:
https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
-CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users
to crash the kernel]
- RESERVED
+CVE-2021-4148 (A vulnerability was found in the Linux kernel's
block_invalidatepage i ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -23130,8 +23243,8 @@ CVE-2021-44227 (In GNU Mailman before 2.1.38, a list
member or moderator can get
NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt
NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
NOTE: Regression fixed by:
https://launchpadlibrarian.net/573872803/patch.txt
-CVE-2021-44226
- RESERVED
+CVE-2021-44226 (Razer Synapse before 3.7.0228.022817 allows privilege
escalation becau ...)
+ TODO: check
CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the
Linux kerne ...)
- linux 5.15.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -36504,8 +36617,7 @@ CVE-2021-3749 (axios is vulnerable to Inefficient
Regular Expression Complexity
NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
NOTE:
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
NOTE: https://github.com/axios/axios/pull/3980
-CVE-2021-3748 [virtio-net: heap use-after-free in virtio_net_receive_rcu]
- RESERVED
+CVE-2021-3748 (A use-after-free vulnerability was found in the virtio-net
device of Q ...)
{DSA-4980-1}
- qemu 1:6.1+dfsg-6 (bug #993401)
[stretch] - qemu <postponed> (Fix along with a future DLA)
@@ -48438,8 +48550,7 @@ CVE-2021-35476
RESERVED
CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field
when cre ...)
NOT-FOR-US: SAS Environment Manager
-CVE-2021-3618
- RESERVED
+CVE-2021-3618 (ALPACA is an application layer protocol content confusion
attack, expl ...)
- nginx <unfixed> (bug #991328)
[bullseye] - nginx <no-dsa> (Minor issue)
[buster] - nginx <no-dsa> (Minor issue)
@@ -50833,8 +50944,7 @@ CVE-2021-3591
CVE-2021-3590
RESERVED
- foreman <itp> (bug #663101)
-CVE-2021-3589
- RESERVED
+CVE-2021-3589 (An authorization flaw was found in Foreman Ansible. An
authenticated a ...)
NOT-FOR-US: Foreman Ansible
CVE-2021-34437
RESERVED
@@ -58841,8 +58951,8 @@ CVE-2021-31328
RESERVED
CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine
Name Fi ...)
NOT-FOR-US: Remote Clinic
-CVE-2021-31326
- RESERVED
+CVE-2021-31326 (D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to
arbitra ...)
+ TODO: check
CVE-2021-31325
RESERVED
CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is
affected by a ...)
@@ -59637,8 +59747,8 @@ CVE-2021-30974
REJECTED
CVE-2021-30973 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2021-30972
- REJECTED
+CVE-2021-30972 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2021-30971 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30970 (A logic issue was addressed with improved state management.
This issue ...)
@@ -59749,22 +59859,22 @@ CVE-2021-30930 (A logic issue was addressed with
improved state management. This
NOT-FOR-US: Apple
CVE-2021-30929 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
-CVE-2021-30928
- REJECTED
+CVE-2021-30928 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
CVE-2021-30927 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2021-30926 (Description: A memory corruption issue in the processing of
ICC profil ...)
NOT-FOR-US: Apple
-CVE-2021-30925
- REJECTED
+CVE-2021-30925 (The issue was addressed with improved permissions logic. This
issue is ...)
+ TODO: check
CVE-2021-30924 (A denial of service issue was addressed with improved state
handling. ...)
NOT-FOR-US: Apple
CVE-2021-30923 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
-CVE-2021-30922
- REJECTED
-CVE-2021-30921
- REJECTED
+CVE-2021-30922 (Multiple out-of-bounds write issues were addressed with
improved bound ...)
+ TODO: check
+CVE-2021-30921 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2021-30920 (A permissions issue was addressed with improved validation.
This issue ...)
NOT-FOR-US: Apple
CVE-2021-30919 (An out-of-bounds write was addressed with improved input
validation. T ...)
@@ -59809,8 +59919,8 @@ CVE-2021-30900 (An out-of-bounds write issue was
addressed with improved bounds
NOT-FOR-US: Apple
CVE-2021-30899 (A race condition was addressed with improved state handling.
This issu ...)
NOT-FOR-US: Apple
-CVE-2021-30898
- REJECTED
+CVE-2021-30898 (An access issue was addressed with additional sandbox
restrictions on ...)
+ TODO: check
CVE-2021-30897 (An issue existed in the specification for the resource timing
API. The ...)
NOT-FOR-US: Apple
CVE-2021-30896 (A logic issue was addressed with improved restrictions. This
issue is ...)
@@ -59917,8 +60027,8 @@ CVE-2021-30858 (A use after free issue was addressed
with improved memory manage
NOTE: https://webkitgtk.org/security/WSA-2021-0005.html
CVE-2021-30857 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
-CVE-2021-30856
- REJECTED
+CVE-2021-30856 (This issue was addressed by adding a new Remote Login option
for optin ...)
+ TODO: check
CVE-2021-30855 (A validation issue existed in the handling of symlinks. This
issue was ...)
NOT-FOR-US: Apple
CVE-2021-30854 (A logic issue was addressed with improved state management.
This issue ...)
@@ -66781,14 +66891,14 @@ CVE-2021-28280 (CSRF + Cross-site scripting (XSS)
vulnerability in search.php in
NOT-FOR-US: PHP-Fusion
CVE-2021-28279
RESERVED
-CVE-2021-28278
- RESERVED
-CVE-2021-28277
- RESERVED
-CVE-2021-28276
- RESERVED
-CVE-2021-28275
- RESERVED
+CVE-2021-28278 (A Heap-based Buffer Overflow vulnerability exists in jhead
3.04 and 3. ...)
+ TODO: check
+CVE-2021-28277 (A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04
and 3.0 ...)
+ TODO: check
+CVE-2021-28276 (A Denial of Service vulnerability exists in jhead 3.04 and
3.05 via a ...)
+ TODO: check
+CVE-2021-28275 (A Denial of Service vulnerability exists in jhead 3.04 and
3.05 due to ...)
+ TODO: check
CVE-2021-28274
RESERVED
CVE-2021-28273
@@ -68769,48 +68879,48 @@ CVE-2021-27478
RESERVED
CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU,
2PORT-EFR, Plus ...)
NOT-FOR-US: JTEKT
-CVE-2021-27476
- RESERVED
-CVE-2021-27475
- RESERVED
-CVE-2021-27474
- RESERVED
-CVE-2021-27473
- RESERVED
-CVE-2021-27472
- RESERVED
-CVE-2021-27471
- RESERVED
-CVE-2021-27470
- RESERVED
+CVE-2021-27476 (A vulnerability exists in the SaveConfigFile function of the
RACompare ...)
+ TODO: check
+CVE-2021-27475 (Rockwell Automation Connected Components Workbench v12.00.00
and prior ...)
+ TODO: check
+CVE-2021-27474 (Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier
does no ...)
+ TODO: check
+CVE-2021-27473 (Rockwell Automation Connected Components Workbench v12.00.00
and prior ...)
+ TODO: check
+CVE-2021-27472 (A vulnerability exists in the RunSearch function of
SearchService serv ...)
+ TODO: check
+CVE-2021-27471 (The parsing mechanism that processes certain file types does
not provi ...)
+ TODO: check
+CVE-2021-27470 (A deserialization vulnerability exists in how the
LogService.rem servi ...)
+ TODO: check
CVE-2021-27469
RESERVED
-CVE-2021-27468
- RESERVED
+CVE-2021-27468 (The AosService.rem service in Rockwell Automation FactoryTalk
AssetCen ...)
+ TODO: check
CVE-2021-27467 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
NOT-FOR-US: Emerson
-CVE-2021-27466
- RESERVED
+CVE-2021-27466 (A deserialization vulnerability exists in how the
ArchiveService.rem s ...)
+ TODO: check
CVE-2021-27465 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
NOT-FOR-US: Emerson
-CVE-2021-27464
- RESERVED
+CVE-2021-27464 (The ArchiveService.rem service in Rockwell Automation
FactoryTalk Asse ...)
+ TODO: check
CVE-2021-27463 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
NOT-FOR-US: Emerson
-CVE-2021-27462
- RESERVED
+CVE-2021-27462 (A deserialization vulnerability exists in how the
AosService.rem servi ...)
+ TODO: check
CVE-2021-27461 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
NOT-FOR-US: Emerson
-CVE-2021-27460
- RESERVED
+CVE-2021-27460 (Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier
compone ...)
+ TODO: check
CVE-2021-27459 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
NOT-FOR-US: Emerson
CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC
product ser ...)
NOT-FOR-US: JTEKT Corporation TOYOPUC
CVE-2021-27457 (A vulnerability has been found in multiple revisions of
Emerson Rosemo ...)
NOT-FOR-US: Emerson
-CVE-2021-27456
- RESERVED
+CVE-2021-27456 (Philips Gemini PET/CT family software stores sensitive
information in ...)
+ TODO: check
CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are
vulnerable ...)
NOT-FOR-US: Delta Electronics
CVE-2021-27454 (The software performs an operation at a privilege level higher
than th ...)
@@ -68861,32 +68971,32 @@ CVE-2021-27432 (OPC Foundation UA .NET Standard
versions prior to 1.4.365.48 and
NOT-FOR-US: OPC Foundation UA .NET
CVE-2021-27431
RESERVED
-CVE-2021-27430
- RESERVED
+CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included
unused ha ...)
+ TODO: check
CVE-2021-27429
RESERVED
-CVE-2021-27428
- RESERVED
+CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports
upgrading f ...)
+ TODO: check
CVE-2021-27427
RESERVED
-CVE-2021-27426
- RESERVED
+CVE-2021-27426 (GE UR IED firmware versions prior to version 8.1x with
“Basic ...)
+ TODO: check
CVE-2021-27425
RESERVED
-CVE-2021-27424
- RESERVED
+CVE-2021-27424 (GE UR firmware versions prior to version 8.1x shares MODBUS
memory map ...)
+ TODO: check
CVE-2021-27423
RESERVED
-CVE-2021-27422
- RESERVED
+CVE-2021-27422 (GE UR firmware versions prior to version 8.1x web server
interface is ...)
+ TODO: check
CVE-2021-27421
RESERVED
-CVE-2021-27420
- RESERVED
+CVE-2021-27420 (GE UR firmware versions prior to version 8.1x web server task
does not ...)
+ TODO: check
CVE-2021-27419
RESERVED
-CVE-2021-27418
- RESERVED
+CVE-2021-27418 (GE UR firmware versions prior to version 8.1x supports web
interface w ...)
+ TODO: check
CVE-2021-27417
RESERVED
CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB
Power Grid ...)
@@ -107141,7 +107251,7 @@ CVE-2020-24774
RESERVED
CVE-2020-24773
RESERVED
-CVE-2020-24772 (In Dreamacro 1.1.0, an attacker could embed a malicious iframe
in a we ...)
+CVE-2020-24772 (In Dreamacro Clash for Windows v0.11.4, an attacker could
embed a mali ...)
TODO: check
CVE-2020-24771
RESERVED
@@ -117268,14 +117378,14 @@ CVE-2020-20098
RESERVED
CVE-2020-20097
RESERVED
-CVE-2020-20096
- RESERVED
-CVE-2020-20095
- RESERVED
-CVE-2020-20094
- RESERVED
-CVE-2020-20093
- RESERVED
+CVE-2020-20096 (Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior
user int ...)
+ TODO: check
+CVE-2020-20095 (iMessage (Messages app) iOS 12.4 and prior user interface does
not pro ...)
+ TODO: check
+CVE-2020-20094 (Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior
user in ...)
+ TODO: check
+CVE-2020-20093 (The Facebook Messenger app for iOS 227.0 and prior and Android
228.1.0 ...)
+ TODO: check
CVE-2020-20092 (File Upload vulnerability exists in ArticleCMS 1.0 via the
image uploa ...)
NOT-FOR-US: ArticleCMS
CVE-2020-20091
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8abc22eb618d68aec7af072271cd3aa4ceccfbe2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8abc22eb618d68aec7af072271cd3aa4ceccfbe2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
