[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 23 08:10:30 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
864282de by security tracker role at 2021-12-23T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-45464
+ RESERVED
+CVE-2021-45463 (GEGL before 0.4.34 allows shell expansion when a pathname in a constru ...)
+ TODO: check
+CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
+ TODO: check
+CVE-2021-4158
+ RESERVED
CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
NOT-FOR-US: FreePBX
CVE-2021-45460
@@ -478,8 +486,8 @@ CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/m
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0)
-CVE-2021-4144
- RESERVED
+CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...)
+ TODO: check
CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...)
- mbedtls <undetermined>
TODO: check, seems to only affect 3.x branch
@@ -2917,10 +2925,10 @@ CVE-2021-44694
RESERVED
CVE-2021-44693
RESERVED
-CVE-2021-4079
- RESERVED
-CVE-2021-4078
- RESERVED
+CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...)
+ TODO: check
+CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
+ TODO: check
CVE-2021-4077
RESERVED
CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
@@ -3242,70 +3250,54 @@ CVE-2021-4069 (vim is vulnerable to Use After Free ...)
NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741)
CVE-2021-44548
RESERVED
-CVE-2021-4068
- RESERVED
+CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4067
- RESERVED
+CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4066
- RESERVED
+CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4065
- RESERVED
+CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4064
- RESERVED
+CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4063
- RESERVED
+CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4062
- RESERVED
+CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4061
- RESERVED
+CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-4060
RESERVED
-CVE-2021-4059
- RESERVED
+CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4058
- RESERVED
+CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4057
- RESERVED
+CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4056
- RESERVED
+CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4055
- RESERVED
+CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4054
- RESERVED
+CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4053
- RESERVED
+CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4052
- RESERVED
+CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-4051
@@ -5403,8 +5395,8 @@ CVE-2021-43855
RESERVED
CVE-2021-43854
RESERVED
-CVE-2021-43853
- RESERVED
+CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...)
+ TODO: check
CVE-2021-43852
RESERVED
CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -22733,42 +22725,42 @@ CVE-2021-38024
RESERVED
CVE-2021-38023
RESERVED
-CVE-2021-38022
- RESERVED
-CVE-2021-38021
- RESERVED
-CVE-2021-38020
- RESERVED
-CVE-2021-38019
- RESERVED
-CVE-2021-38018
- RESERVED
-CVE-2021-38017
- RESERVED
-CVE-2021-38016
- RESERVED
-CVE-2021-38015
- RESERVED
-CVE-2021-38014
- RESERVED
-CVE-2021-38013
- RESERVED
-CVE-2021-38012
- RESERVED
-CVE-2021-38011
- RESERVED
-CVE-2021-38010
- RESERVED
-CVE-2021-38009
- RESERVED
-CVE-2021-38008
- RESERVED
-CVE-2021-38007
- RESERVED
-CVE-2021-38006
- RESERVED
-CVE-2021-38005
- RESERVED
+CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...)
+ TODO: check
+CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...)
+ TODO: check
+CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...)
+ TODO: check
+CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...)
+ TODO: check
+CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...)
+ TODO: check
+CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...)
+ TODO: check
+CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...)
+ TODO: check
+CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...)
+ TODO: check
+CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...)
+ TODO: check
+CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...)
+ TODO: check
+CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ TODO: check
+CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ TODO: check
+CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...)
+ TODO: check
+CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...)
+ TODO: check
+CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...)
+ TODO: check
+CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ TODO: check
+CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ TODO: check
+CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...)
+ TODO: check
CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -68859,10 +68851,10 @@ CVE-2021-20052
RESERVED
CVE-2021-20051
RESERVED
-CVE-2021-20050
- RESERVED
-CVE-2021-20049
- RESERVED
+CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series leads to ...)
+ TODO: check
+CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...)
+ TODO: check
CVE-2021-20048
RESERVED
CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and ear ...)
@@ -96129,32 +96121,32 @@ CVE-2020-20607
RESERVED
CVE-2020-20606
RESERVED
-CVE-2020-20605
- RESERVED
+CVE-2020-20605 (Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in t ...)
+ TODO: check
CVE-2020-20604
RESERVED
CVE-2020-20603
RESERVED
CVE-2020-20602
RESERVED
-CVE-2020-20601
- RESERVED
-CVE-2020-20600
- RESERVED
+CVE-2020-20601 (An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbi ...)
+ TODO: check
+CVE-2020-20600 (MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerab ...)
+ TODO: check
CVE-2020-20599
RESERVED
-CVE-2020-20598
- RESERVED
-CVE-2020-20597
- RESERVED
+CVE-2020-20598 (A cross-site scripting (XSS) vulnerability in the Editing component of ...)
+ TODO: check
+CVE-2020-20597 (A cross-site scripting (XSS) vulnerability in the potrtalItemName para ...)
+ TODO: check
CVE-2020-20596
RESERVED
-CVE-2020-20595
- RESERVED
+CVE-2020-20595 (A cross-site request forgery (CSRF) in OPMS v1.3 and below allows atta ...)
+ TODO: check
CVE-2020-20594
RESERVED
-CVE-2020-20593
- RESERVED
+CVE-2020-20593 (A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authent ...)
+ TODO: check
CVE-2020-20592
RESERVED
CVE-2020-20591
@@ -96520,10 +96512,10 @@ CVE-2020-20428
RESERVED
CVE-2020-20427
RESERVED
-CVE-2020-20426
- RESERVED
-CVE-2020-20425
- RESERVED
+CVE-2020-20426 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...)
+ TODO: check
+CVE-2020-20425 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...)
+ TODO: check
CVE-2020-20424
RESERVED
CVE-2020-20423
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/864282de3a922e655fc28495736ab421be9a35e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/864282de3a922e655fc28495736ab421be9a35e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211223/45e11886/attachment.htm>
More information about the debian-security-tracker-commits
mailing list