[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 15 20:10:29 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0cdc5ae5 by security tracker role at 2021-12-15T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-44771
+ RESERVED
+CVE-2021-4124
+ RESERVED
+CVE-2021-4123
+ RESERVED
+CVE-2021-4122
+ RESERVED
+CVE-2021-4121
+ RESERVED
+CVE-2021-23151
+ RESERVED
CVE-2021-45070
RESERVED
CVE-2021-45069
@@ -65,14 +77,14 @@ CVE-2021-44544
RESERVED
CVE-2021-44471
RESERVED
-CVE-2021-4119
- RESERVED
+CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
+ TODO: check
CVE-2021-4118
RESERVED
-CVE-2021-4117
- RESERVED
-CVE-2021-4116
- RESERVED
+CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ TODO: check
+CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ TODO: check
CVE-2021-4115
RESERVED
CVE-2021-4114
@@ -82,8 +94,8 @@ CVE-2021-4113
CVE-2021-4112
RESERVED
NOT-FOR-US: Ansible Tower
-CVE-2021-4111
- RESERVED
+CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ TODO: check
CVE-2021-31558
RESERVED
CVE-2021-23228
@@ -290,8 +302,8 @@ CVE-2022-21834
RESERVED
CVE-2022-21833
RESERVED
-CVE-2021-45043
- RESERVED
+CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
+ TODO: check
CVE-2021-45042
RESERVED
CVE-2021-45041
@@ -312,6 +324,7 @@ CVE-2021-45039
RESERVED
CVE-2021-45038 [Unauthorized users can access private wiki contents using rollback action]
RESERVED
+ {DSA-5021-1}
- mediawiki <unfixed>
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
@@ -677,12 +690,14 @@ CVE-2021-44859
RESERVED
CVE-2021-44858 [Unauthorized users can view contents of private wikis using various actions]
RESERVED
+ {DSA-5021-1 DLA-2847-1}
- mediawiki <unfixed>
[buster] - mediawiki 1:1.31.16-1+deb10u2
NOTE: https://phabricator.wikimedia.org/T297322
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
CVE-2021-44857 [Unauthorized users can use action=mcrundo to replace the content of arbitrary pages]
RESERVED
+ {DSA-5021-1}
- mediawiki <unfixed>
[buster] - mediawiki <not-affected> (Vulnerable code not present)
[stretch] - mediawiki <not-affected> (Vulnerable code not present)
@@ -1338,16 +1353,16 @@ CVE-2021-44659
RESERVED
CVE-2021-44658
RESERVED
-CVE-2021-44657
- RESERVED
+CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
+ TODO: check
CVE-2021-44656
RESERVED
-CVE-2021-44655
- RESERVED
+CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...)
+ TODO: check
CVE-2021-44654
RESERVED
-CVE-2021-44653
- RESERVED
+CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...)
+ TODO: check
CVE-2021-44652
RESERVED
CVE-2021-44651
@@ -2518,7 +2533,7 @@ CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Wind
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2021-44229
RESERVED
-CVE-2021-44228 (Apache Log4j2 <=2.14.1 JNDI features used in configuration, log mes ...)
+CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI ...)
{DSA-5020-1 DLA-2842-1}
- apache-log4j2 2.15.0-1 (bug #1001478)
- apache-log4j1.2 <not-affected> (Vulnerable code not present)
@@ -3540,8 +3555,8 @@ CVE-2021-43937
RESERVED
CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...)
NOT-FOR-US: Distributed Data Systems
-CVE-2021-43935
- RESERVED
+CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...)
+ TODO: check
CVE-2021-43934
RESERVED
CVE-2021-43933
@@ -3594,14 +3609,14 @@ CVE-2021-43910
RESERVED
CVE-2021-43909
RESERVED
-CVE-2021-43908
- RESERVED
-CVE-2021-43907
- RESERVED
+CVE-2021-43908 (Visual Studio Code Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-43907 (Visual Studio Code WSL Extension Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-43906
RESERVED
-CVE-2021-43905
- RESERVED
+CVE-2021-43905 (Microsoft Office app Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-43904
RESERVED
CVE-2021-43903
@@ -3612,30 +3627,30 @@ CVE-2021-43901
RESERVED
CVE-2021-43900
RESERVED
-CVE-2021-43899
- RESERVED
+CVE-2021-43899 (Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerabil ...)
+ TODO: check
CVE-2021-43898
RESERVED
CVE-2021-43897
RESERVED
-CVE-2021-43896
- RESERVED
+CVE-2021-43896 (Microsoft PowerShell Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-43895
RESERVED
CVE-2021-43894
RESERVED
-CVE-2021-43893
- RESERVED
-CVE-2021-43892
- RESERVED
-CVE-2021-43891
- RESERVED
-CVE-2021-43890
- RESERVED
-CVE-2021-43889
- RESERVED
-CVE-2021-43888
- RESERVED
+CVE-2021-43893 (Windows Encrypting File System (EFS) Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-43890 (Windows AppX Installer Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
+CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-43887
RESERVED
CVE-2021-43886
@@ -3644,24 +3659,24 @@ CVE-2021-43885
RESERVED
CVE-2021-43884
RESERVED
-CVE-2021-43883
- RESERVED
-CVE-2021-43882
- RESERVED
+CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
CVE-2021-43881
RESERVED
-CVE-2021-43880
- RESERVED
+CVE-2021-43880 (Windows Mobile Device Management Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-43879
RESERVED
CVE-2021-43878
RESERVED
-CVE-2021-43877
- RESERVED
+CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-43876
RESERVED
-CVE-2021-43875
- RESERVED
+CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-43874
RESERVED
CVE-2021-43873
@@ -4918,8 +4933,8 @@ CVE-2021-43677
RESERVED
CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
NOT-FOR-US: matyhtf framework
-CVE-2021-43675
- RESERVED
+CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ TODO: check
CVE-2021-43674 (** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a p ...)
NOT-FOR-US: ThinkUp
CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...)
@@ -5452,8 +5467,8 @@ CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5
NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html
NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html
NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
-CVE-2021-43518
- RESERVED
+CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. ...)
+ TODO: check
CVE-2021-43517
RESERVED
CVE-2021-43516
@@ -7056,10 +7071,10 @@ CVE-2022-20623
RESERVED
CVE-2022-20622
RESERVED
-CVE-2021-43256
- RESERVED
-CVE-2021-43255
- RESERVED
+CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-43254
RESERVED
CVE-2021-43253
@@ -7072,76 +7087,76 @@ CVE-2021-43250
RESERVED
CVE-2021-43249
RESERVED
-CVE-2021-43248
- RESERVED
-CVE-2021-43247
- RESERVED
-CVE-2021-43246
- RESERVED
-CVE-2021-43245
- RESERVED
-CVE-2021-43244
- RESERVED
-CVE-2021-43243
- RESERVED
-CVE-2021-43242
- RESERVED
+CVE-2021-43248 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-43247 (Windows TCP/IP Driver Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-43246 (Windows Hyper-V Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-43245 (Windows Digital TV Tuner Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
CVE-2021-43241
RESERVED
-CVE-2021-43240
- RESERVED
-CVE-2021-43239
- RESERVED
-CVE-2021-43238
- RESERVED
-CVE-2021-43237
- RESERVED
-CVE-2021-43236
- RESERVED
-CVE-2021-43235
- RESERVED
-CVE-2021-43234
- RESERVED
-CVE-2021-43233
- RESERVED
-CVE-2021-43232
- RESERVED
-CVE-2021-43231
- RESERVED
-CVE-2021-43230
- RESERVED
-CVE-2021-43229
- RESERVED
-CVE-2021-43228
- RESERVED
-CVE-2021-43227
- RESERVED
-CVE-2021-43226
- RESERVED
-CVE-2021-43225
- RESERVED
-CVE-2021-43224
- RESERVED
-CVE-2021-43223
- RESERVED
-CVE-2021-43222
- RESERVED
+CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-43239 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
+ TODO: check
+CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ TODO: check
+CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ TODO: check
+CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ TODO: check
+CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ TODO: check
+CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ TODO: check
+CVE-2021-43228 (SymCrypt Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ TODO: check
+CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-43225 (Bot Framework SDK Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ TODO: check
+CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ TODO: check
+CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ TODO: check
CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-43219
- RESERVED
+CVE-2021-43219 (DirectX Graphics Kernel File Denial of Service Vulnerability ...)
+ TODO: check
CVE-2021-43218
RESERVED
-CVE-2021-43217
- RESERVED
-CVE-2021-43216
- RESERVED
-CVE-2021-43215
- RESERVED
-CVE-2021-43214
- RESERVED
+CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2021-43216 (Microsoft Local Security Authority Server (lsasrv) Information Disclos ...)
+ TODO: check
+CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...)
+ TODO: check
+CVE-2021-43214 (Web Media Extensions Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-43213
RESERVED
CVE-2021-43212
@@ -7154,8 +7169,8 @@ CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is uni
NOT-FOR-US: Microsoft
CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
NOT-FOR-US: Microsoft
-CVE-2021-43207
- RESERVED
+CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
CVE-2021-43206
RESERVED
CVE-2021-43205
@@ -10479,8 +10494,8 @@ CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-42320
- RESERVED
+CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42318
@@ -10489,20 +10504,20 @@ CVE-2021-42317
RESERVED
CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2021-42315
- RESERVED
-CVE-2021-42314
- RESERVED
-CVE-2021-42313
- RESERVED
-CVE-2021-42312
- RESERVED
-CVE-2021-42311
- RESERVED
-CVE-2021-42310
- RESERVED
-CVE-2021-42309
- RESERVED
+CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
+CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
+CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
+CVE-2021-42312 (Microsoft Defender for IOT Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
+CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
+CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ TODO: check
CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42307
@@ -10529,12 +10544,12 @@ CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability
NOT-FOR-US: Microsoft
CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-42295
- RESERVED
-CVE-2021-42294
- RESERVED
-CVE-2021-42293
- RESERVED
+CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ TODO: check
+CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...)
+ TODO: check
CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
@@ -10711,8 +10726,8 @@ CVE-2021-42218
RESERVED
CVE-2021-42217
RESERVED
-CVE-2021-42216
- RESERVED
+CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...)
+ TODO: check
CVE-2021-42215
RESERVED
CVE-2021-42214
@@ -12746,8 +12761,8 @@ CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique
NOT-FOR-US: Microsoft
CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...)
NOT-FOR-US: Microsoft
-CVE-2021-41365
- RESERVED
+CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ TODO: check
CVE-2021-41364
RESERVED
CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...)
@@ -12756,8 +12771,8 @@ CVE-2021-41362
RESERVED
CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-41360
- RESERVED
+CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-41359
RESERVED
CVE-2021-41358
@@ -12810,8 +12825,8 @@ CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-41333
- RESERVED
+CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...)
@@ -14952,10 +14967,10 @@ CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-40453
- RESERVED
-CVE-2021-40452
- RESERVED
+CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
CVE-2021-40451
RESERVED
CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
@@ -14976,8 +14991,8 @@ CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-40441
- RESERVED
+CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
@@ -16796,82 +16811,61 @@ CVE-2021-39659
RESERVED
CVE-2021-39658
RESERVED
-CVE-2021-39657
- RESERVED
+CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...)
- linux 5.10.12-1
[buster] - linux 4.19.171-1
[stretch] - linux 4.9.258-1
NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
NOTE: https://git.kernel.org/linus/35fc4cd34426c242ab015ef280853b7bff101f48 (5.11-rc4)
-CVE-2021-39656
- RESERVED
+CVE-2021-39656 (In __configfs_open_file of file.c, there is a possible use-after-free ...)
- linux 5.10.24-1
[buster] - linux 4.19.181-1
[stretch] - linux 4.9.272-1
NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
NOTE: https://git.kernel.org/linus/14fbbc8297728e880070f7b077b3301a8c698ef9 (5.12-rc3)
-CVE-2021-39655
- RESERVED
+CVE-2021-39655 (Product: AndroidVersions: Android kernelAndroid ID: A-192641593Referen ...)
NOT-FOR-US: Google Pixel components
CVE-2021-39654
RESERVED
-CVE-2021-39653
- RESERVED
+CVE-2021-39653 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39652
- RESERVED
+CVE-2021-39652 (In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds wri ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39651
- RESERVED
+CVE-2021-39651 (In TBD of TBD, there is a possible way to access PIN protected setting ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39650
- RESERVED
+CVE-2021-39650 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39649
- RESERVED
+CVE-2021-39649 (In regmap_exit of regmap.c, there is a possible use-after-free due to ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39648
- RESERVED
+CVE-2021-39648 (In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...)
- linux 5.10.9-1
[buster] - linux 4.19.171-1
[stretch] - linux 4.9.258-1
NOTE: https://git.kernel.org/linus/64e6bbfff52db4bf6785fab9cffab850b2de6870
NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
-CVE-2021-39647
- RESERVED
+CVE-2021-39647 (In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_ ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39646
- RESERVED
+CVE-2021-39646 (Product: AndroidVersions: Android kernelAndroid ID: A-201537251Referen ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39645
- RESERVED
+CVE-2021-39645 (Product: AndroidVersions: Android kernelAndroid ID: A-199805112Referen ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39644
- RESERVED
+CVE-2021-39644 (Product: AndroidVersions: Android kernelAndroid ID: A-199809304Referen ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39643
- RESERVED
+CVE-2021-39643 (In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39642
- RESERVED
+CVE-2021-39642 (In synchronous_process_io_entries of lwis_ioctl.c, there is a possible ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39641
- RESERVED
+CVE-2021-39641 (Product: AndroidVersions: Android kernelAndroid ID: A-126949257Referen ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39640
- RESERVED
+CVE-2021-39640 (In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39639
- RESERVED
+CVE-2021-39639 (In TBD of fvp.c, there is a possible way to glitch CPU behavior due to ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39638
- RESERVED
+CVE-2021-39638 (In periodic_io_work_func of lwis_periodic_io.c, there is a possible ou ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39637
- RESERVED
+CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there i ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-39636
- RESERVED
+CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...)
- linux 4.16.5-1
NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
CVE-2021-39635
@@ -23633,8 +23627,8 @@ CVE-2021-36890
RESERVED
CVE-2021-36889
RESERVED
-CVE-2021-36888
- RESERVED
+CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
+ TODO: check
CVE-2021-36887
RESERVED
CVE-2021-36886
@@ -41303,8 +41297,8 @@ CVE-2021-29849 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scriptin
NOT-FOR-US: IBM
CVE-2021-29848
RESERVED
-CVE-2021-29847
- RESERVED
+CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...)
+ TODO: check
CVE-2021-29846
RESERVED
CVE-2021-29845
@@ -46298,16 +46292,16 @@ CVE-2021-27861
RESERVED
CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...)
NOT-FOR-US: FatPipe
-CVE-2021-27859
- RESERVED
-CVE-2021-27858
- RESERVED
-CVE-2021-27857
- RESERVED
-CVE-2021-27856
- RESERVED
-CVE-2021-27855
- RESERVED
+CVE-2021-27859 (A missing authorization vulnerability in the web management interface ...)
+ TODO: check
+CVE-2021-27858 (A missing authorization vulnerability in the web management interface ...)
+ TODO: check
+CVE-2021-27857 (A missing authorization vulnerability in the web management interface ...)
+ TODO: check
+CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ TODO: check
+CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ TODO: check
CVE-2021-27854
RESERVED
CVE-2021-27853
@@ -65752,8 +65746,8 @@ CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials us
NOT-FOR-US: MongoDB rust driver
CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
NOT-FOR-US: MongoDB C# Driver
-CVE-2021-20330
- RESERVED
+CVE-2021-20330 (An attacker with basic CRUD permissions on a replicated collection can ...)
+ TODO: check
CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...)
NOT-FOR-US: mongo-driver
NOTE: https://jira.mongodb.org/browse/GODRIVER-1923
@@ -74244,274 +74238,203 @@ CVE-2021-1050
RESERVED
CVE-2021-1049
RESERVED
-CVE-2021-1048 [Use After Free in epoll_loop_check_proc() which could result in a local privilege escalation]
- RESERVED
+CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...)
- linux 5.8.10-1
[buster] - linux 4.19.146-1
[stretch] - linux 4.9.240-1
NOTE: https://git.kernel.org/linus/77f4689de17c0887775bb77896f4cc11a39bf848 (5.9-rc4)
-CVE-2021-1047
- RESERVED
+CVE-2021-1047 (In valid_ipc_dram_addr of cm_access_control.c, there is a possible out ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1046
- RESERVED
+CVE-2021-1046 (In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1045
- RESERVED
+CVE-2021-1045 (Product: AndroidVersions: Android kernelAndroid ID: A-195580473Referen ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1044
- RESERVED
+CVE-2021-1044 (In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1043
- RESERVED
+CVE-2021-1043 (In TBD of TBD, there is a possible downgrade attack due to under utili ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1042
- RESERVED
+CVE-2021-1042 (In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible d ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1041
- RESERVED
+CVE-2021-1041 (In (TBD) of (TBD), there is a possible out of bounds read due to memor ...)
NOT-FOR-US: Google Pixel components
-CVE-2021-1040
- RESERVED
-CVE-2021-1039
- RESERVED
-CVE-2021-1038
- RESERVED
+CVE-2021-1040 (In onCreate of BluetoothPairingSelectionFragment.java, there is a poss ...)
+ TODO: check
+CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a possi ...)
+ TODO: check
+CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...)
+ TODO: check
CVE-2021-1037
RESERVED
CVE-2021-1036
RESERVED
CVE-2021-1035
RESERVED
-CVE-2021-1034
- RESERVED
+CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...)
NOT-FOR-US: Android
CVE-2021-1033
RESERVED
-CVE-2021-1032
- RESERVED
+CVE-2021-1032 (In getMimeGroup of PackageManagerService.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2021-1031
- RESERVED
+CVE-2021-1031 (In cancelNotificationsFromListener of NotificationManagerService.java, ...)
NOT-FOR-US: Android
-CVE-2021-1030
- RESERVED
+CVE-2021-1030 (In setNotificationsShownFromListener of NotificationManagerService.jav ...)
NOT-FOR-US: Android
-CVE-2021-1029
- RESERVED
-CVE-2021-1028
- RESERVED
-CVE-2021-1027
- RESERVED
-CVE-2021-1026
- RESERVED
+CVE-2021-1029 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ TODO: check
+CVE-2021-1028 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ TODO: check
+CVE-2021-1027 (In setTransactionState of SurfaceFlinger, there is possible arbitrary ...)
+ TODO: check
+CVE-2021-1026 (In startRanging of RttServiceImpl.java, there is a possible way to det ...)
NOT-FOR-US: Android
-CVE-2021-1025
- RESERVED
+CVE-2021-1025 (In hasNamedWallpaper of WallpaperManagerService.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-1024
- RESERVED
-CVE-2021-1023
- RESERVED
+CVE-2021-1024 (In onEventReceived of EventResultPersister.java, there is a possible i ...)
+ TODO: check
+CVE-2021-1023 (In onCreate of RequestIgnoreBatteryOptimizations.java, there is a poss ...)
NOT-FOR-US: Android
-CVE-2021-1022
- RESERVED
+CVE-2021-1022 (In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a poss ...)
NOT-FOR-US: Android
-CVE-2021-1021
- RESERVED
+CVE-2021-1021 (In snoozeNotificationInt of NotificationManagerService.java, there is ...)
NOT-FOR-US: Android
-CVE-2021-1020
- RESERVED
+CVE-2021-1020 (In snoozeNotification of NotificationListenerService.java, there is a ...)
NOT-FOR-US: Android
-CVE-2021-1019
- RESERVED
+CVE-2021-1019 (In snoozeNotification of NotificationListenerService.java, there is a ...)
NOT-FOR-US: Android
-CVE-2021-1018
- RESERVED
-CVE-2021-1017
- RESERVED
+CVE-2021-1018 (In adjustStreamVolume of AudioService.java, there is a possible way to ...)
+ TODO: check
+CVE-2021-1017 (In AdapterService and GattService definition of AndroidManifest.xml, t ...)
NOT-FOR-US: Android
-CVE-2021-1016
- RESERVED
+CVE-2021-1016 (In onCreate of UsbPermissionActivity.java, there is a possible way to ...)
NOT-FOR-US: Android
-CVE-2021-1015
- RESERVED
+CVE-2021-1015 (In getMeidForSlot of PhoneInterfaceManager.java, there is a possible w ...)
NOT-FOR-US: Android
-CVE-2021-1014
- RESERVED
+CVE-2021-1014 (In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is ...)
NOT-FOR-US: Android
-CVE-2021-1013
- RESERVED
+CVE-2021-1013 (In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of P ...)
NOT-FOR-US: Android
-CVE-2021-1012
- RESERVED
+CVE-2021-1012 (In onResume of NotificationAccessDetails.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2021-1011
- RESERVED
+CVE-2021-1011 (In setPackageStoppedState of PackageManagerService.java, there is a mi ...)
NOT-FOR-US: Android
-CVE-2021-1010
- RESERVED
+CVE-2021-1010 (In getSigningKeySet of PackageManagerService.java, there is a missing ...)
NOT-FOR-US: Android
-CVE-2021-1009
- RESERVED
+CVE-2021-1009 (In setApplicationCategoryHint of PackageManagerService.java, there is ...)
NOT-FOR-US: Android
-CVE-2021-1008
- RESERVED
+CVE-2021-1008 (In addSubInfo of SubscriptionController.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2021-1007
- RESERVED
+CVE-2021-1007 (In btu_hcif_process_event of btu_hcif.cc, there is a possible out of b ...)
NOT-FOR-US: Android
-CVE-2021-1006
- RESERVED
+CVE-2021-1006 (In several functions of DatabaseManager.java, there is a possible leak ...)
NOT-FOR-US: Android
-CVE-2021-1005
- RESERVED
+CVE-2021-1005 (In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a po ...)
NOT-FOR-US: Android
-CVE-2021-1004
- RESERVED
+CVE-2021-1004 (In getConfiguredNetworks of WifiServiceImpl.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-1003
- RESERVED
-CVE-2021-1002
- RESERVED
-CVE-2021-1001
- RESERVED
+CVE-2021-1003 (In adjustStreamVolume of AudioService.java, there is a possible way fo ...)
+ TODO: check
+CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds ...)
+ TODO: check
+CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bo ...)
+ TODO: check
CVE-2021-1000
RESERVED
-CVE-2021-0999
- RESERVED
+CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2021-0998
- RESERVED
-CVE-2021-0997
- RESERVED
+CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible ou ...)
+ TODO: check
+CVE-2021-0997 (In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , t ...)
NOT-FOR-US: Android
-CVE-2021-0996
- RESERVED
+CVE-2021-0996 (In nfaHciCallback of HciEventManager.cpp, there is a possible out of b ...)
NOT-FOR-US: Android
-CVE-2021-0995
- RESERVED
+CVE-2021-0995 (In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, ...)
NOT-FOR-US: Android
-CVE-2021-0994
- RESERVED
+CVE-2021-0994 (In requestRouteToHostAddress of ConnectivityService.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2021-0993
- RESERVED
+CVE-2021-0993 (In getOffsetBeforeAfter of TextLine.java, there is a possible denial o ...)
NOT-FOR-US: Android
-CVE-2021-0992
- RESERVED
+CVE-2021-0992 (In onCreate of PaymentDefaultDialog.java, there is a possible way to c ...)
NOT-FOR-US: Android
-CVE-2021-0991
- RESERVED
+CVE-2021-0991 (In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderControll ...)
NOT-FOR-US: Android
-CVE-2021-0990
- RESERVED
+CVE-2021-0990 (In getDeviceId of PhoneSubInfoController.java, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2021-0989
- RESERVED
+CVE-2021-0989 (In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there i ...)
NOT-FOR-US: Android
-CVE-2021-0988
- RESERVED
+CVE-2021-0988 (In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientCont ...)
NOT-FOR-US: Android
-CVE-2021-0987
- RESERVED
+CVE-2021-0987 (In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a po ...)
NOT-FOR-US: Android
-CVE-2021-0986
- RESERVED
+CVE-2021-0986 (In hasGrantedPolicy of DevicePolicyManagerService.java, there is a pos ...)
NOT-FOR-US: Android
-CVE-2021-0985
- RESERVED
+CVE-2021-0985 (In onReceive of AlertReceiver.java, there is a possible way to dismiss ...)
NOT-FOR-US: Android
-CVE-2021-0984
- RESERVED
+CVE-2021-0984 (In onNullBinding of ManagedServices.java, there is a possible permissi ...)
NOT-FOR-US: Android
-CVE-2021-0983
- RESERVED
+CVE-2021-0983 (In createAdminSupportIntent of DevicePolicyManagerService.java, there ...)
NOT-FOR-US: Android
-CVE-2021-0982
- RESERVED
+CVE-2021-0982 (In getOrganizationNameForUser of DevicePolicyManagerService.java, ther ...)
NOT-FOR-US: Android
-CVE-2021-0981
- RESERVED
+CVE-2021-0981 (In enqueueNotificationInternal of NotificationManagerService.java, the ...)
NOT-FOR-US: Android
CVE-2021-0980
RESERVED
-CVE-2021-0979
- RESERVED
+CVE-2021-0979 (In isRequestPinItemSupported of ShortcutService.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-0978
- RESERVED
+CVE-2021-0978 (In getSerialForPackage of DeviceIdentifiersPolicyService.java, there i ...)
NOT-FOR-US: Android
-CVE-2021-0977
- RESERVED
+CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2021-0976
- RESERVED
+CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read due to a ...)
+ TODO: check
CVE-2021-0975
RESERVED
CVE-2021-0974
RESERVED
-CVE-2021-0973
- RESERVED
+CVE-2021-0973 (In isFileUri of UriUtil.java, there is a possible way to bypass ignori ...)
NOT-FOR-US: Android
CVE-2021-0972
RESERVED
-CVE-2021-0971
- RESERVED
+CVE-2021-0971 (In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of ...)
NOT-FOR-US: Google Play
-CVE-2021-0970
- RESERVED
+CVE-2021-0970 (In createFromParcel of GpsNavigationMessage.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0969
- RESERVED
+CVE-2021-0969 (In getTitle of AccessPoint.java, there is a possible unhandled excepti ...)
NOT-FOR-US: Android
-CVE-2021-0968
- RESERVED
+CVE-2021-0968 (In osi_malloc and osi_calloc of allocator.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2021-0967
- RESERVED
+CVE-2021-0967 (In vorbis_book_decodev_set of codebook.c, there is a possible out of b ...)
NOT-FOR-US: Google Play
-CVE-2021-0966
- RESERVED
+CVE-2021-0966 (In code generated by BuildParcelFields of generate_cpp.cpp, there is a ...)
NOT-FOR-US: Android
-CVE-2021-0965
- RESERVED
+CVE-2021-0965 (In AndroidManifest.xml of Settings, there is a possible pairing of a B ...)
NOT-FOR-US: Android
-CVE-2021-0964
- RESERVED
+CVE-2021-0964 (In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out o ...)
NOT-FOR-US: Google Play
-CVE-2021-0963
- RESERVED
+CVE-2021-0963 (In onCreate of KeyChainActivity.java, there is a possible way to use a ...)
NOT-FOR-US: Android
CVE-2021-0962
RESERVED
-CVE-2021-0961
- RESERVED
+CVE-2021-0961 (In quota_proc_write of xt_quota2.c, there is a possible way to read ke ...)
- linux <not-affected> (Android-specific xt_quota2 code)
NOTE: https://source.android.com/security/bulletin/2021-12-01
CVE-2021-0960
RESERVED
CVE-2021-0959
RESERVED
-CVE-2021-0958
- RESERVED
+CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...)
NOT-FOR-US: Android
CVE-2021-0957
RESERVED
-CVE-2021-0956
- RESERVED
+CVE-2021-0956 (In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a ...)
NOT-FOR-US: Android
-CVE-2021-0955
- RESERVED
+CVE-2021-0955 (In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption ...)
NOT-FOR-US: Android
-CVE-2021-0954
- RESERVED
+CVE-2021-0954 (In ResolverActivity, there is a possible user interaction bypass due t ...)
NOT-FOR-US: Android
-CVE-2021-0953
- RESERVED
+CVE-2021-0953 (In setOnClickActivityIntent of SearchWidgetProvider.java, there is a p ...)
NOT-FOR-US: Android
-CVE-2021-0952
- RESERVED
+CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a possible perm ...)
NOT-FOR-US: Android
CVE-2021-0951
RESERVED
@@ -74567,62 +74490,46 @@ CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds wr
NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
CVE-2021-0934
RESERVED
-CVE-2021-0933
- RESERVED
+CVE-2021-0933 (In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.j ...)
NOT-FOR-US: Android
-CVE-2021-0932
- RESERVED
+CVE-2021-0932 (In showNotification of NavigationModeController.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-0931
- RESERVED
+CVE-2021-0931 (In getAlias of BluetoothDevice.java, there is a possible way to create ...)
NOT-FOR-US: Android
-CVE-2021-0930
- RESERVED
+CVE-2021-0930 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...)
NOT-FOR-US: Android
-CVE-2021-0929
- RESERVED
+CVE-2021-0929 (In ion_dma_buf_end_cpu_access and related functions of ion.c, there is ...)
- linux 5.6.4-1 (unimportant)
NOTE: https://source.android.com/security/bulletin/2021-11-01
NOTE: CONFIG_ION not enabled in Debian
-CVE-2021-0928
- RESERVED
+CVE-2021-0928 (In createFromParcel of OutputConfiguration.java, there is a possible p ...)
NOT-FOR-US: Android media framework
-CVE-2021-0927
- RESERVED
+CVE-2021-0927 (In requestChannelBrowsable of TvInputManagerService.java, there is a p ...)
NOT-FOR-US: Android TV
-CVE-2021-0926
- RESERVED
+CVE-2021-0926 (In onCreate of NfcImportVCardActivity.java, there is a possible way to ...)
NOT-FOR-US: Android
-CVE-2021-0925
- RESERVED
+CVE-2021-0925 (In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of boun ...)
NOT-FOR-US: Android
-CVE-2021-0924
- RESERVED
+CVE-2021-0924 (In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds re ...)
- linux <not-affected> (Android-specific XHCI patch)
NOTE: https://source.android.com/security/bulletin/2021-11-01
NOTE: https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497
-CVE-2021-0923
- RESERVED
+CVE-2021-0923 (In createOrUpdate of Permission.java, there is a possible way to gain ...)
NOT-FOR-US: Android
-CVE-2021-0922
- RESERVED
+CVE-2021-0922 (In enforceCrossUserOrProfilePermission of PackageManagerService.java, ...)
NOT-FOR-US: Android
-CVE-2021-0921
- RESERVED
+CVE-2021-0921 (In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0920
- RESERVED
+CVE-2021-0920 (In unix_scm_to_skb of af_unix.c, there is a possible use after free bu ...)
{DLA-2843-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca
NOTE: https://source.android.com/security/bulletin/2021-11-01
-CVE-2021-0919
- RESERVED
+CVE-2021-0919 (In getService of IServiceManager.cpp, there is a possible unhandled ex ...)
NOT-FOR-US: Android
-CVE-2021-0918
- RESERVED
+CVE-2021-0918 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...)
NOT-FOR-US: Android
CVE-2021-0917
RESERVED
@@ -74650,8 +74557,7 @@ CVE-2021-0906
RESERVED
CVE-2021-0905
RESERVED
-CVE-2021-0904
- RESERVED
+CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0903
RESERVED
@@ -74681,8 +74587,7 @@ CVE-2021-0891
RESERVED
CVE-2021-0890
RESERVED
-CVE-2021-0889
- RESERVED
+CVE-2021-0889 (In Android TV , there is a possible silent pairing due to lack of rate ...)
NOT-FOR-US: Android TV
CVE-2021-0888
RESERVED
@@ -74862,8 +74767,7 @@ CVE-2021-0801
RESERVED
CVE-2021-0800
RESERVED
-CVE-2021-0799
- RESERVED
+CVE-2021-0799 (In ActivityThread.java, there is a possible way to collide the content ...)
NOT-FOR-US: Android
CVE-2021-0798
RESERVED
@@ -74923,8 +74827,7 @@ CVE-2021-0771
RESERVED
CVE-2021-0770
RESERVED
-CVE-2021-0769
- RESERVED
+CVE-2021-0769 (In onCreate of AllowBindAppWidgetActivity.java, there is a possible by ...)
NOT-FOR-US: Android
CVE-2021-0768
RESERVED
@@ -75054,8 +74957,7 @@ CVE-2021-0706 (In startListening of PluginManagerImpl.java, there is a possible
NOT-FOR-US: Android
CVE-2021-0705 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-0704
- RESERVED
+CVE-2021-0704 (In createNoCredentialsPermissionNotification and related functions of ...)
NOT-FOR-US: Android
CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after free due ...)
NOT-FOR-US: Android
@@ -75114,8 +75016,7 @@ CVE-2021-0677
RESERVED
CVE-2021-0676
RESERVED
-CVE-2021-0675
- RESERVED
+CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...)
NOT-FOR-US: MediaTek components for Android
CVE-2021-0674
RESERVED
@@ -75159,18 +75060,15 @@ CVE-2021-0655 (In mdlactl driver, there is a possible memory corruption due to a
NOT-FOR-US: Mediatek
CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...)
NOT-FOR-US: Android
-CVE-2021-0653
- RESERVED
+CVE-2021-0653 (In enqueueNotification of NetworkPolicyManagerService.java, there is a ...)
NOT-FOR-US: Android
CVE-2021-0652 (In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a p ...)
NOT-FOR-US: Android
CVE-2021-0651 (In loadLabel of PackageItemInfo.java, there is a possible way to DoS a ...)
NOT-FOR-US: Android
-CVE-2021-0650
- RESERVED
+CVE-2021-0650 (In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of ...)
NOT-FOR-US: Android media framework
-CVE-2021-0649
- RESERVED
+CVE-2021-0649 (In stopVpnProfile of Vpn.java, there is a possible VPN profile reset d ...)
NOT-FOR-US: Android
CVE-2021-0648
RESERVED
@@ -75609,8 +75507,7 @@ CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible
NOT-FOR-US: Android media framework
CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...)
NOT-FOR-US: Android
-CVE-2021-0434
- RESERVED
+CVE-2021-0434 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...)
NOT-FOR-US: Android
CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cdc5ae56904482ea43f68359cacee7133c29e4c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0cdc5ae56904482ea43f68359cacee7133c29e4c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211215/1c54b860/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list