Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
937e9a01 by security tracker role at 2022-05-10T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-30529
+ RESERVED
+CVE-2022-30528
+ RESERVED
+CVE-2022-30527
+ RESERVED
+CVE-2022-1661
+ RESERVED
+CVE-2022-1660
+ RESERVED
+CVE-2022-1659
+ RESERVED
+CVE-2022-1658
+ RESERVED
+CVE-2022-1657
+ RESERVED
+CVE-2022-1656
+ RESERVED
+CVE-2022-1655
+ RESERVED
+CVE-2022-1654
+ RESERVED
+CVE-2022-1653
+ RESERVED
+CVE-2022-1652
+ RESERVED
+CVE-2022-1651
+ RESERVED
+CVE-2022-1650
+ RESERVED
+CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in
radareorg ...)
+ TODO: check
+CVE-2022-1648
+ RESERVED
+CVE-2022-1647
+ RESERVED
CVE-2022-30526
RESERVED
CVE-2022-30525
@@ -43,8 +79,8 @@ CVE-2022-1631 (Users Account Pre-Takeover or Users Account
Takeover. in GitHub r
NOT-FOR-US: microweber
CVE-2022-1630
RESERVED
-CVE-2022-1629
- RESERVED
+CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub
repository vim/ ...)
+ TODO: check
CVE-2022-1628
RESERVED
CVE-2022-1627
@@ -1589,8 +1625,8 @@ CVE-2022-1539
RESERVED
CVE-2022-1538
RESERVED
-CVE-2022-1537
- RESERVED
+CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race
condit ...)
+ TODO: check
CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and
classified ...)
NOT-FOR-US: automad
CVE-2022-1535
@@ -1649,30 +1685,30 @@ CVE-2022-29885
RESERVED
CVE-2022-29884
RESERVED
-CVE-2022-29883
- RESERVED
-CVE-2022-29882
- RESERVED
-CVE-2022-29881
- RESERVED
-CVE-2022-29880
- RESERVED
-CVE-2022-29879
- RESERVED
-CVE-2022-29878
- RESERVED
-CVE-2022-29877
- RESERVED
-CVE-2022-29876
- RESERVED
+CVE-2022-29883 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29882 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29881 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29880 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29879 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29878 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29877 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29876 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
CVE-2022-29875
RESERVED
-CVE-2022-29874
- RESERVED
-CVE-2022-29873
- RESERVED
-CVE-2022-29872
- RESERVED
+CVE-2022-29874 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
+CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All
versions < V ...)
+ TODO: check
CVE-2022-29518
RESERVED
CVE-2022-29513
@@ -1880,7 +1916,7 @@ CVE-2022-1505
RESERVED
CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository
microweber/micro ...)
NOT-FOR-US: microweber
-CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH
credenti ...)
+CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 does not redact
an SSH k ...)
- golang-github-hashicorp-go-getter <not-affected> (Vulnerable code
introduced later)
NOTE:
https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
(v1.5.11)
NOTE: introduced in
https://github.com/hashicorp/go-getter/commit/854150ffed2dc250662096b4309b3510a13e0574
(v1.5.8)
@@ -2089,8 +2125,8 @@ CVE-2022-1467
RESERVED
CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is
vulnerable to ...)
NOT-FOR-US: Red Hat Single Sign-On / Keycloak
-CVE-2022-29801
- RESERVED
+CVE-2022-29801 (A vulnerability has been identified in Teamcenter V12.4 (All
versions ...)
+ TODO: check
CVE-2022-29800
RESERVED
- networkd-dispatcher <unfixed> (bug #1010303)
@@ -2592,8 +2628,8 @@ CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which
is a widely-used third
NOTE:
https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb
CVE-2022-29592 (Tenda TX9 Pro 22.03.02.10 devices allow OS command injection
via set_r ...)
NOT-FOR-US: Tenda
-CVE-2022-29591
- RESERVED
+CVE-2022-29591 (Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList
buffer over ...)
+ TODO: check
CVE-2022-29590
RESERVED
CVE-2022-29589 (Crypt Server before 3.3.0 allows XSS in the index view. This
is relate ...)
@@ -2870,8 +2906,8 @@ CVE-2022-1399
RESERVED
CVE-2022-1398
RESERVED
-CVE-2022-1397
- RESERVED
+CVE-2022-1397 (API Privilege Escalation in GitHub repository
alextselegidis/easyappoi ...)
+ TODO: check
CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1395
@@ -3309,24 +3345,24 @@ CVE-2022-29331
RESERVED
CVE-2022-29330
RESERVED
-CVE-2022-29329
- RESERVED
-CVE-2022-29328
- RESERVED
-CVE-2022-29327
- RESERVED
-CVE-2022-29326
- RESERVED
-CVE-2022-29325
- RESERVED
-CVE-2022-29324
- RESERVED
-CVE-2022-29323
- RESERVED
-CVE-2022-29322
- RESERVED
-CVE-2022-29321
- RESERVED
+CVE-2022-29329 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain
a heap ...)
+ TODO: check
+CVE-2022-29328 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain
a stack ...)
+ TODO: check
+CVE-2022-29327 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack
overflo ...)
+ TODO: check
+CVE-2022-29326 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack
overflo ...)
+ TODO: check
+CVE-2022-29325 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack
overflo ...)
+ TODO: check
+CVE-2022-29324 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack
overflo ...)
+ TODO: check
+CVE-2022-29323 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack
overflo ...)
+ TODO: check
+CVE-2022-29322 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack
overflo ...)
+ TODO: check
+CVE-2022-29321 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack
overflo ...)
+ TODO: check
CVE-2022-29320
RESERVED
CVE-2022-29319
@@ -4098,18 +4134,18 @@ CVE-2022-29035 (In JetBrains Ktor Native before version
2.0.0 random values used
NOT-FOR-US: JetBrains Ktor
CVE-2022-29034
RESERVED
-CVE-2022-29033
- RESERVED
-CVE-2022-29032
- RESERVED
-CVE-2022-29031
- RESERVED
-CVE-2022-29030
- RESERVED
-CVE-2022-29029
- RESERVED
-CVE-2022-29028
- RESERVED
+CVE-2022-29033 (A vulnerability has been identified in JT2Go (All versions
< V13.3. ...)
+ TODO: check
+CVE-2022-29032 (A vulnerability has been identified in JT2Go (All versions
< V13.3. ...)
+ TODO: check
+CVE-2022-29031 (A vulnerability has been identified in JT2Go (All versions
< V13.3. ...)
+ TODO: check
+CVE-2022-29030 (A vulnerability has been identified in JT2Go (All versions
< V13.3. ...)
+ TODO: check
+CVE-2022-29029 (A vulnerability has been identified in JT2Go (All versions
< V13.3. ...)
+ TODO: check
+CVE-2022-29028 (A vulnerability has been identified in JT2Go (All versions
< V13.3. ...)
+ TODO: check
CVE-2022-1315
RESERVED
CVE-2022-1314
@@ -4294,8 +4330,8 @@ CVE-2022-28988
RESERVED
CVE-2022-28987
RESERVED
-CVE-2022-28986
- RESERVED
+CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
Affected: ...)
+ TODO: check
CVE-2022-28985
RESERVED
CVE-2022-28984
@@ -4436,36 +4472,36 @@ CVE-2022-28917
RESERVED
CVE-2022-28916
RESERVED
-CVE-2022-28915
- RESERVED
+CVE-2022-28915 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a
command injec ...)
+ TODO: check
CVE-2022-28914
RESERVED
-CVE-2022-28913
- RESERVED
-CVE-2022-28912
- RESERVED
-CVE-2022-28911
- RESERVED
-CVE-2022-28910
- RESERVED
-CVE-2022-28909
- RESERVED
-CVE-2022-28908
- RESERVED
-CVE-2022-28907
- RESERVED
-CVE-2022-28906
- RESERVED
-CVE-2022-28905
- RESERVED
+CVE-2022-28913 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28912 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28911 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28910 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28909 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28908 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28907 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28906 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
+CVE-2022-28905 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain
a comman ...)
+ TODO: check
CVE-2022-28904
RESERVED
CVE-2022-28903
RESERVED
CVE-2022-28902
RESERVED
-CVE-2022-28901
- RESERVED
+CVE-2022-28901 (A command injection vulnerability in the component
/SetTriggerLEDBlink ...)
+ TODO: check
CVE-2022-28900
RESERVED
CVE-2022-28899
@@ -4474,10 +4510,10 @@ CVE-2022-28898
RESERVED
CVE-2022-28897
RESERVED
-CVE-2022-28896
- RESERVED
-CVE-2022-28895
- RESERVED
+CVE-2022-28896 (A command injection vulnerability in the component
/setnetworksettings ...)
+ TODO: check
+CVE-2022-28895 (A command injection vulnerability in the component
/setnetworksettings ...)
+ TODO: check
CVE-2022-28894
RESERVED
CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can
call xs_xp ...)
@@ -6166,8 +6202,8 @@ CVE-2021-46773
RESERVED
CVE-2021-46772
RESERVED
-CVE-2021-46771
- RESERVED
+CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor
(ASP) fir ...)
+ TODO: check
CVE-2021-46770
RESERVED
CVE-2021-46769
@@ -6873,8 +6909,8 @@ CVE-2022-28112
RESERVED
CVE-2022-28111 (MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a
time-blin ...)
NOT-FOR-US: MyBatis PageHelper
-CVE-2022-28110
- RESERVED
+CVE-2022-28110 (Hotel Management System v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server)
Fixed in ...)
NOT-FOR-US: Selenium
CVE-2022-28108 (Selenium Server (Grid) before 4 allows CSRF because it permits
non-JSO ...)
@@ -8007,8 +8043,8 @@ CVE-2022-28352 (WeeChat (aka Wee Enhanced Environment for
Chat) 3.2 to 3.4 befor
NOTE: https://github.com/weechat/weechat/issues/1763
NOTE: Fixed by:
https://github.com/weechat/weechat/commit/710247891cdfd4e66ee6d1715e93626def6871f1
(v3.4.1)
NOTE: weechat.network.gnutls_ca_system/gnutls_ca_user introduced by:
https://github.com/weechat/weechat/commit/c588ee21bc8fd33678893d5c67616033281032e3
(v3.2-rc1)
-CVE-2022-27653
- RESERVED
+CVE-2022-27653 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
+ TODO: check
CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly
started w ...)
NOT-FOR-US: cri-o
CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly
started ...)
@@ -8038,8 +8074,8 @@ CVE-2022-27642
RESERVED
CVE-2022-27641
RESERVED
-CVE-2022-27640
- RESERVED
+CVE-2022-27640 (A vulnerability has been identified in SIMATIC CP 442-1 RNA
(All versi ...)
+ TODO: check
CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter
that cou ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
@@ -9058,8 +9094,8 @@ CVE-2022-27244 (An issue was discovered in MISP before
2.4.156. A malicious site
NOT-FOR-US: MISP
CVE-2022-27243 (An issue was discovered in MISP before 2.4.156.
app/View/Users/terms.c ...)
NOT-FOR-US: MISP
-CVE-2022-27242
- RESERVED
+CVE-2022-27242 (A vulnerability has been identified in OpenV2G (V0.9.4). The
OpenV2G E ...)
+ TODO: check
CVE-2022-27241 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Siemens
CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before
1.2.7 allo ...)
@@ -9909,10 +9945,10 @@ CVE-2022-26990 (Arris routers SBR-AC1900P 1.0.7-B05,
SBR-AC3200P 1.0.7-B05 and S
NOT-FOR-US: Arris
CVE-2022-26989
RESERVED
-CVE-2022-26988
- RESERVED
-CVE-2022-26987
- RESERVED
+CVE-2022-26988 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and
Fast FAC1 ...)
+ TODO: check
+CVE-2022-26987 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and
Fast FAC1 ...)
+ TODO: check
CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote
attackers ...)
NOT-FOR-US: ImpressCMS
CVE-2022-26985
@@ -9923,8 +9959,8 @@ CVE-2022-26983
RESERVED
CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote
authenticated admi ...)
NOT-FOR-US: Simple Machines Forum (SMF)
-CVE-2022-0947
- RESERVED
+CVE-2022-0947 (A vulnerability in ABB ARG600 Wireless Gateway series that
could allow ...)
+ TODO: check
CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository
star7th/showdoc ...)
NOT-FOR-US: ShowDoc
CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc
in GitHu ...)
@@ -14229,11 +14265,11 @@ CVE-2022-25357
RESERVED
CVE-2022-25356 (Alt-N MDaemon Security Gateway through 8.5.0 allows
SecurityGateway.dl ...)
NOT-FOR-US: Alt-N Technologies Mdaemon
-CVE-2022-25344 (An XSS issue was discovered on Kyocera d-COLOR MF3555
2XD_S000.002.271 ...)
+CVE-2022-25344 (An XSS issue was discovered on Olivetti d-COLOR MF3555
2XD_S000.002.27 ...)
NOT-FOR-US: Kyocera
-CVE-2022-25343 (An issue was discovered on Kyocera d-COLOR MF3555
2XD_S000.002.271 dev ...)
+CVE-2022-25343 (An issue was discovered on Olivetti d-COLOR MF3555
2XD_S000.002.271 de ...)
NOT-FOR-US: Kyocera
-CVE-2022-25342 (An issue was discovered on Kyocera d-COLOR MF3555
2XD_S000.002.271 dev ...)
+CVE-2022-25342 (An issue was discovered on Olivetti d-COLOR MF3555
2XD_S000.002.271 de ...)
NOT-FOR-US: Kyocera
CVE-2022-25341
RESERVED
@@ -17511,14 +17547,14 @@ CVE-2022-24292 (Certain HP Print devices may be
vulnerable to potential informat
NOT-FOR-US: HP
CVE-2022-24291 (Certain HP Print devices may be vulnerable to potential
information di ...)
NOT-FOR-US: HP
-CVE-2022-24290
- RESERVED
+CVE-2022-24290 (A vulnerability has been identified in Teamcenter V12.4 (All
versions ...)
+ TODO: check
CVE-2022-24289 (Hessian serialization is a network protocol that supports
object-based ...)
NOT-FOR-US: Apache Cayenne
CVE-2022-24288 (In Apache Airflow, prior to version 2.2.4, some example DAGs
did not p ...)
- airflow <itp> (bug #819700)
-CVE-2022-24287
- RESERVED
+CVE-2022-24287 (A vulnerability has been identified in SIMATIC PCS 7 V9.0 and
earlier ...)
+ TODO: check
CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router
WRC-300FEBK-R ...)
NOT-FOR-US: ELECOM
CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers
(WRH-300BK3 f ...)
@@ -18447,20 +18483,20 @@ CVE-2022-24047 (This vulnerability allows remote
attackers to bypass authenticat
NOT-FOR-US: BMC Track-It!
CVE-2022-24046 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
NOT-FOR-US: Sonos One Speaker
-CVE-2022-24045
- RESERVED
-CVE-2022-24044
- RESERVED
-CVE-2022-24043
- RESERVED
-CVE-2022-24042
- RESERVED
-CVE-2022-24041
- RESERVED
-CVE-2022-24040
- RESERVED
-CVE-2022-24039
- RESERVED
+CVE-2022-24045 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
+ TODO: check
+CVE-2022-24044 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
+ TODO: check
+CVE-2022-24043 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
+ TODO: check
+CVE-2022-24042 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
+ TODO: check
+CVE-2022-24041 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
+ TODO: check
+CVE-2022-24040 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
+ TODO: check
+CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All
versions < ...)
+ TODO: check
CVE-2022-24038
RESERVED
CVE-2022-24037
@@ -20124,10 +20160,10 @@ CVE-2022-23679
RESERVED
CVE-2022-23678
RESERVED
-CVE-2022-23677
- RESERVED
-CVE-2022-23676
- RESERVED
+CVE-2022-23677 (A remote execution of arbitrary code vulnerability was
discovered in A ...)
+ TODO: check
+CVE-2022-23676 (A remote execution of arbitrary code vulnerability was
discovered in A ...)
+ TODO: check
CVE-2022-23675
RESERVED
CVE-2022-23674
@@ -23336,8 +23372,8 @@ CVE-2022-22776
RESERVED
CVE-2022-22775
RESERVED
-CVE-2022-22774
- RESERVED
+CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO
Software Inc ...)
+ TODO: check
CVE-2022-22773
RESERVED
CVE-2022-22772 (The cfsend, cfrecv, and CyberResp components of TIBCO Software
Inc.'s ...)
@@ -24516,8 +24552,8 @@ CVE-2022-22456
RESERVED
CVE-2022-22455
RESERVED
-CVE-2022-22454
- RESERVED
+CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally
authentic ...)
+ TODO: check
CVE-2022-22453
RESERVED
CVE-2022-22452
@@ -36892,8 +36928,8 @@ CVE-2021-43096
RESERVED
CVE-2021-43095
RESERVED
-CVE-2021-43094
- RESERVED
+CVE-2021-43094 (An SQL Injection vulnerability exists in OpenMRS Reference
Application ...)
+ TODO: check
CVE-2021-43093
RESERVED
CVE-2021-43092
@@ -37169,8 +37205,8 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer
Overflow ...)
NOTE: PoC crashes starting with
https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8
(v8.2.0149)
CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-43010
- RESERVED
+CVE-2021-43010 (In Safedog Apache v4.0.30255, attackers can bypass this
product for SQ ...)
+ TODO: check
CVE-2021-43009 (A Cross Site Scripting (XSS) vulnerability exists in
OpServices OpMon ...)
NOT-FOR-US: OpServices OpMon
CVE-2021-43008 (Improper Access Control in Adminer versions 1.12.0 to 4.6.2
(fixed in ...)
@@ -38043,8 +38079,8 @@ CVE-2021-42647
RESERVED
CVE-2021-42646
RESERVED
-CVE-2021-42645
- RESERVED
+CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE)
vulnera ...)
+ TODO: check
CVE-2021-42644
RESERVED
CVE-2021-42643
@@ -38171,8 +38207,8 @@ CVE-2021-42583 (A Broken or Risky Cryptographic
Algorithm exists in Max Mazurov
NOT-FOR-US: Max Mazurov Maddy
CVE-2021-42582
RESERVED
-CVE-2021-42581
- RESERVED
+CVE-2021-42581 (Prototype poisoning in function mapObjIndexed in Ramda 0.27.0
and earl ...)
+ TODO: check
CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql
injecti ...)
NOT-FOR-US: Sourcecodester
CVE-2021-42579
@@ -42026,8 +42062,8 @@ CVE-2021-41547 (A vulnerability has been identified in
Teamcenter Active Workspa
NOT-FOR-US: Siemens
CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
NOT-FOR-US: Siemens
-CVE-2021-41545
- RESERVED
+CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All
versions < ...)
+ TODO: check
CVE-2021-41544
RESERVED
CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB
module) (A ...)
@@ -48357,8 +48393,8 @@ CVE-2021-39026 (IBM Guardium Data Encryption (GDE)
5.0.0.2 and 5.0.0.3 could all
NOT-FOR-US: IBM
CVE-2021-39025 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could
disclose ...)
NOT-FOR-US: IBM
-CVE-2021-39024
- RESERVED
+CVE-2021-39024 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is
vulnerable t ...)
+ TODO: check
CVE-2021-39023 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow
a remot ...)
NOT-FOR-US: IBM
CVE-2021-39022 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves
user-prov ...)
@@ -80182,8 +80218,8 @@ CVE-2021-26410
RESERVED
CVE-2021-26409
RESERVED
-CVE-2021-26408
- RESERVED
+CVE-2021-26408 (Insufficient validation of elliptic curve points in SEV-legacy
firmwar ...)
+ TODO: check
CVE-2021-26407
RESERVED
CVE-2021-26406
@@ -80220,8 +80256,8 @@ CVE-2021-26392
RESERVED
CVE-2021-26391
RESERVED
-CVE-2021-26390
- RESERVED
+CVE-2021-26390 (A malicious or compromised UApp or ABL may coerce the
bootloader into ...)
+ TODO: check
CVE-2021-26389
RESERVED
CVE-2021-26388
@@ -80260,8 +80296,8 @@ CVE-2021-26372
RESERVED
CVE-2021-26371
RESERVED
-CVE-2021-26370
- RESERVED
+CVE-2021-26370 (Improper validation of destination address in
SVC_LOAD_FW_IMAGE_BY_INS ...)
+ TODO: check
CVE-2021-26369
RESERVED
CVE-2021-26368
@@ -80294,10 +80330,10 @@ CVE-2021-26355
RESERVED
CVE-2021-26354
RESERVED
-CVE-2021-26353
- RESERVED
-CVE-2021-26352
- RESERVED
+CVE-2021-26353 (Due to a mishandled error, it is possible to leave the DRTM
UApp in a ...)
+ TODO: check
+CVE-2021-26352 (Insufficient bound checks in System Management Unit (SMU) PCIe
Hot Plu ...)
+ TODO: check
CVE-2021-26351
RESERVED
CVE-2021-26350
@@ -80339,8 +80375,8 @@ CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD
μProf tool may allow
NOT-FOR-US: AMD
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform
Securit ...)
NOT-FOR-US: AMD
-CVE-2021-26332
- RESERVED
+CVE-2021-26332 (Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW
could res ...)
+ TODO: check
CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue
where a ma ...)
NOT-FOR-US: AMD
CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based
overflow ...)
@@ -80355,8 +80391,8 @@ CVE-2021-26326 (Failure to validate VM_HSAVE_PA during
SNP_INIT may result in a
NOT-FOR-US: AMD
CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command
may lea ...)
NOT-FOR-US: AMD
-CVE-2021-26324
- RESERVED
+CVE-2021-26324 (A bug with the SEV-ES TMR may lead to a potential loss of
memory integ ...)
+ TODO: check
CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may
result in a p ...)
NOT-FOR-US: AMD
CVE-2021-26322 (Persistent platform private key may not be protected with a
random IV ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/937e9a01dd23b800496e07de42fd061922baa191
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/937e9a01dd23b800496e07de42fd061922baa191
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
