[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 24 08:10:30 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd9a5725 by security tracker role at 2021-12-24T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...)
+ TODO: check
+CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...)
+ TODO: check
+CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...)
+ TODO: check
+CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
+ TODO: check
+CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
+ TODO: check
+CVE-2021-4161
+ RESERVED
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
@@ -15,7 +27,7 @@ CVE-2021-4159
RESERVED
CVE-2021-45464
RESERVED
-CVE-2021-45463 (GEGL before 0.4.34 allows shell expansion when a pathname in a constru ...)
+CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...)
- gegl <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
@@ -3342,32 +3354,28 @@ CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-4051
RESERVED
-CVE-2021-44543
- RESERVED
+CVE-2021-44543 (An XSS vulnerability was found in Privoxy which was fixed in cgi_error ...)
{DLA-2844-1}
- privoxy 3.0.33-1
[bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33)
-CVE-2021-44542
- RESERVED
+CVE-2021-44542 (A memory leak vulnerability was found in Privoxy when handling errors. ...)
- privoxy 3.0.33-1
[bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
[stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08996116cbcea55cd3fc6c2a558e499a (v_3_0_33)
-CVE-2021-44541
- RESERVED
+CVE-2021-44541 (A vulnerability was found in Privoxy which was fixed in process_encryp ...)
- privoxy 3.0.33-1
[bullseye] - privoxy 3.0.32-2+deb11u1
[buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
[stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044 (v_3_0_33)
-CVE-2021-44540
- RESERVED
+CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_spec_p ...)
{DLA-2844-1}
- privoxy 3.0.33-1
[bullseye] - privoxy 3.0.32-2+deb11u1
@@ -3455,8 +3463,8 @@ CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARR
CVE-2021-4047
RESERVED
NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242
-CVE-2021-23198
- RESERVED
+CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...)
+ TODO: check
CVE-2021-44521
RESERVED
CVE-2021-4046
@@ -3628,8 +3636,8 @@ CVE-2021-23179
RESERVED
CVE-2021-44464
RESERVED
-CVE-2021-44453
- RESERVED
+CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
+ TODO: check
CVE-2021-44451
RESERVED
CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < ...)
@@ -4248,8 +4256,7 @@ CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0
NOTE: https://github.com/apache/logging-log4j2/commit/c77b3cb39312b83b053d23a2158b99ac7de44dd3
NOTE: The lookup is performed *after* formatting the message, which includes the user input. Hence
NOTE: the vulnerability can still be triggered using a ParametrizedMessage.
-CVE-2021-4024 [podman: podman machine spawns gvproxy with port binded to all IPs]
- RESERVED
+CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used to cre ...)
- libpod <unfixed> (bug #1000844)
[bullseye] - libpod <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675
@@ -4931,24 +4938,24 @@ CVE-2021-43991 (The Kentico Xperience CMS version 13.0 – 13.0.43 is vulner
NOT-FOR-US: Kentico Xperience CMS
CVE-2021-43990
RESERVED
-CVE-2021-43989
- RESERVED
+CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...)
+ TODO: check
CVE-2021-43988
RESERVED
-CVE-2021-43987
- RESERVED
+CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...)
+ TODO: check
CVE-2021-43986
RESERVED
-CVE-2021-43985
- RESERVED
-CVE-2021-43984
- RESERVED
+CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...)
+ TODO: check
+CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...)
+ TODO: check
CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...)
NOT-FOR-US: WECON LeviStudioU
CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...)
NOT-FOR-US: Delta
-CVE-2021-43981
- RESERVED
+CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...)
+ TODO: check
CVE-2021-43980
RESERVED
CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 ...)
@@ -14348,7 +14355,7 @@ CVE-2021-41453
RESERVED
CVE-2021-41452
RESERVED
-CVE-2021-41451 (An HTTP/1.1 misconfiguration in web interface of TP-Link AX10v1 before ...)
+CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP ...)
NOT-FOR-US: TP-Link
CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
NOT-FOR-US: TP-Link
@@ -28766,8 +28773,7 @@ CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forward
NOT-FOR-US: Afian FileRun
CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...)
NOT-FOR-US: MISP
-CVE-2021-3622
- RESERVED
+CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attacker to ...)
- hivex 1.3.21-1 (bug #991860)
[bullseye] - hivex <no-dsa> (Minor issue)
[buster] - hivex <no-dsa> (Minor issue)
@@ -28776,8 +28782,7 @@ CVE-2021-3622
NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255
CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the nam ...)
NOT-FOR-US: PandoraFMS
-CVE-2021-3621 [shell command injection in sssctl]
- RESERVED
+CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...)
{DLA-2758-1}
- sssd 2.5.2-1 (bug #992710)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
@@ -29384,8 +29389,8 @@ CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can mov
NOT-FOR-US: SolarWinds
CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
NOT-FOR-US: SolarWinds
-CVE-2021-35243
- RESERVED
+CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...)
+ TODO: check
CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...)
NOT-FOR-US: SolarWinds
CVE-2021-35241
@@ -31594,8 +31599,7 @@ CVE-2021-3585
RESERVED
- tripleo-heat-templates <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247
-CVE-2021-3584
- RESERVED
+CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...)
- foreman <itp> (bug #663101)
CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...)
- ansible <unfixed>
@@ -39924,154 +39928,154 @@ CVE-2021-30998
REJECTED
CVE-2021-30997
REJECTED
-CVE-2021-30996
- REJECTED
-CVE-2021-30995
- REJECTED
+CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
CVE-2021-30994
REJECTED
-CVE-2021-30993
- REJECTED
-CVE-2021-30992
- REJECTED
-CVE-2021-30991
- REJECTED
-CVE-2021-30990
- REJECTED
+CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...)
+ TODO: check
+CVE-2021-30991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30990 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
CVE-2021-30989
REJECTED
-CVE-2021-30988
- REJECTED
-CVE-2021-30987
- REJECTED
-CVE-2021-30986
- REJECTED
-CVE-2021-30985
- REJECTED
-CVE-2021-30984
- REJECTED
-CVE-2021-30983
- REJECTED
-CVE-2021-30982
- REJECTED
-CVE-2021-30981
- REJECTED
-CVE-2021-30980
- REJECTED
-CVE-2021-30979
- REJECTED
+CVE-2021-30988 (Description: A permissions issue was addressed with improved validatio ...)
+ TODO: check
+CVE-2021-30987 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
+CVE-2021-30986 (A device configuration issue was addressed with an updated configurati ...)
+ TODO: check
+CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
+CVE-2021-30981 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2021-30980 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2021-30979 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
CVE-2021-30978
REJECTED
-CVE-2021-30977
- REJECTED
-CVE-2021-30976
- REJECTED
-CVE-2021-30975
- REJECTED
+CVE-2021-30977 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2021-30976 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30975 (This issue was addressed by disabling execution of JavaScript when vie ...)
+ TODO: check
CVE-2021-30974
REJECTED
-CVE-2021-30973
- REJECTED
+CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2021-30972
REJECTED
-CVE-2021-30971
- REJECTED
-CVE-2021-30970
- REJECTED
-CVE-2021-30969
- REJECTED
-CVE-2021-30968
- REJECTED
-CVE-2021-30967
- REJECTED
-CVE-2021-30966
- REJECTED
-CVE-2021-30965
- REJECTED
-CVE-2021-30964
- REJECTED
-CVE-2021-30963
- REJECTED
+CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30969 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2021-30968 (A validation issue related to hard link behavior was addressed with im ...)
+ TODO: check
+CVE-2021-30967 (Description: A permissions issue was addressed with improved validatio ...)
+ TODO: check
+CVE-2021-30966 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30965 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30964 (An inherited permissions issue was addressed with additional restricti ...)
+ TODO: check
+CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
CVE-2021-30962
REJECTED
-CVE-2021-30961
- REJECTED
-CVE-2021-30960
- REJECTED
-CVE-2021-30959
- REJECTED
-CVE-2021-30958
- REJECTED
-CVE-2021-30957
- REJECTED
+CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30959 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30958 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
CVE-2021-30956
REJECTED
-CVE-2021-30955
- REJECTED
-CVE-2021-30954
- REJECTED
-CVE-2021-30953
- REJECTED
-CVE-2021-30952
- REJECTED
-CVE-2021-30951
- REJECTED
-CVE-2021-30950
- REJECTED
-CVE-2021-30949
- REJECTED
-CVE-2021-30948
- REJECTED
-CVE-2021-30947
- REJECTED
-CVE-2021-30946
- REJECTED
-CVE-2021-30945
- REJECTED
+CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
+ TODO: check
+CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...)
+ TODO: check
+CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2021-30948 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2021-30947 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
+CVE-2021-30946 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2021-30944
REJECTED
CVE-2021-30943
REJECTED
-CVE-2021-30942
- REJECTED
-CVE-2021-30941
- REJECTED
-CVE-2021-30940
- REJECTED
-CVE-2021-30939
- REJECTED
-CVE-2021-30938
- REJECTED
-CVE-2021-30937
- REJECTED
-CVE-2021-30936
- REJECTED
-CVE-2021-30935
- REJECTED
-CVE-2021-30934
- REJECTED
+CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...)
+ TODO: check
+CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
+ TODO: check
+CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
CVE-2021-30933
REJECTED
-CVE-2021-30932
- REJECTED
-CVE-2021-30931
- REJECTED
-CVE-2021-30930
- REJECTED
-CVE-2021-30929
- REJECTED
+CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
CVE-2021-30928
REJECTED
-CVE-2021-30927
- REJECTED
-CVE-2021-30926
- REJECTED
+CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...)
+ TODO: check
CVE-2021-30925
REJECTED
-CVE-2021-30924
- REJECTED
-CVE-2021-30923
- REJECTED
+CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...)
+ TODO: check
+CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
CVE-2021-30922
REJECTED
CVE-2021-30921
@@ -40108,8 +40112,8 @@ CVE-2021-30906 (This issue was addressed with improved checks. This issue is fix
NOT-FOR-US: Apple
CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2021-30904
- REJECTED
+CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...)
+ TODO: check
CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...)
@@ -40122,8 +40126,8 @@ CVE-2021-30899 (A race condition was addressed with improved state handling. Thi
NOT-FOR-US: Apple
CVE-2021-30898
REJECTED
-CVE-2021-30897
- REJECTED
+CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...)
+ TODO: check
CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -40137,6 +40141,7 @@ CVE-2021-30892 (An inherited permissions issue was addressed with additional res
CVE-2021-30891
REJECTED
CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-5031-1 DSA-5030-1}
- webkit2gtk 2.34.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.3-1
@@ -40154,6 +40159,7 @@ CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed
- wpewebkit 2.34.1-1
NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-5031-1 DSA-5030-1}
- webkit2gtk 2.34.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.3-1
@@ -40450,8 +40456,8 @@ CVE-2021-30769 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
-CVE-2021-30767
- RESERVED
+CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...)
NOT-FOR-US: Apple
CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -50084,10 +50090,10 @@ CVE-2021-27009
RESERVED
CVE-2021-27008
RESERVED
-CVE-2021-27007
- RESERVED
-CVE-2021-27006
- RESERVED
+CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway i ...)
+ TODO: check
+CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11. ...)
+ TODO: check
CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...)
@@ -60659,8 +60665,8 @@ CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may a
NOT-FOR-US: Rockwell Automation
CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
NOT-FOR-US: Advantech iView
-CVE-2021-22657
- RESERVED
+CVE-2021-22657 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API p ...)
+ TODO: check
CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...)
NOT-FOR-US: Advantech iView
CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
@@ -66538,12 +66544,12 @@ CVE-2021-20878
RESERVED
CVE-2021-20877
RESERVED
-CVE-2021-20876
- RESERVED
-CVE-2021-20875
- RESERVED
-CVE-2021-20874
- RESERVED
+CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ TODO: check
+CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ TODO: check
+CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...)
+ TODO: check
CVE-2021-20873
RESERVED
CVE-2021-20872
@@ -66636,10 +66642,10 @@ CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag san
NOT-FOR-US: GROWI
CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
NOT-FOR-US: EC-CUBE plugin
-CVE-2021-20827
- RESERVED
-CVE-2021-20826
- RESERVED
+CVE-2021-20827 (Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Serie ...)
+ TODO: check
+CVE-2021-20826 (Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A ...)
+ TODO: check
CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...)
NOT-FOR-US: EC-CUBE plugin
CVE-2021-20824
@@ -67683,8 +67689,7 @@ CVE-2021-20320
CVE-2021-20319
RESERVED
NOT-FOR-US: coreos-installer
-CVE-2021-20318
- RESERVED
+CVE-2021-20318 (The HornetQ component of Artemis in EAP 7 was not updated with the fix ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...)
{DLA-2843-1}
@@ -69236,8 +69241,8 @@ CVE-2020-35400
RESERVED
CVE-2020-35399
RESERVED
-CVE-2020-35398
- RESERVED
+CVE-2020-35398 (An issue was discovered in UTI Mutual fund Android application 5.4.18 ...)
+ TODO: check
CVE-2020-35397
RESERVED
CVE-2020-35396 (EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting ( ...)
@@ -139838,8 +139843,8 @@ CVE-2020-3897 (A type confusion issue was addressed with improved memory handlin
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
-CVE-2020-3896
- RESERVED
+CVE-2020-3896 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ TODO: check
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -139868,8 +139873,8 @@ CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issu
NOT-FOR-US: Apple
CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
-CVE-2020-3886
- RESERVED
+CVE-2020-3886 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -182797,10 +182802,10 @@ CVE-2019-8705 (A memory corruption issue was addressed with improved validation.
NOT-FOR-US: Apple
CVE-2019-8704 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
-CVE-2019-8703
- RESERVED
-CVE-2019-8702
- RESERVED
+CVE-2019-8703 (This issue was addressed with improved entitlements. This issue is fix ...)
+ TODO: check
+CVE-2019-8702 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ TODO: check
CVE-2019-8701 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8700
@@ -183013,8 +183018,8 @@ CVE-2019-8644 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
-CVE-2019-8643
- RESERVED
+CVE-2019-8643 (CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Moja ...)
+ TODO: check
CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This issue wa ...)
NOT-FOR-US: Apple
CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...)
@@ -247994,8 +247999,8 @@ CVE-2018-4480
RESERVED
CVE-2018-4479
RESERVED
-CVE-2018-4478
- RESERVED
+CVE-2018-4478 (A validation issue was addressed with improved logic. This issue is fi ...)
+ TODO: check
CVE-2018-4477
RESERVED
CVE-2018-4476
@@ -248408,8 +248413,8 @@ CVE-2018-4304 (A denial of service issue was addressed with improved validation.
NOT-FOR-US: Apple
CVE-2018-4303 (An input validation issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
-CVE-2018-4302
- RESERVED
+CVE-2018-4302 (A null pointer dereference was addressed with improved validation. Thi ...)
+ TODO: check
CVE-2018-4301
RESERVED
NOT-FOR-US: Apple
@@ -271051,18 +271056,18 @@ CVE-2017-13912
RESERVED
CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...)
NOT-FOR-US: Apple
-CVE-2017-13910
- RESERVED
-CVE-2017-13909
- RESERVED
-CVE-2017-13908
- RESERVED
-CVE-2017-13907
- RESERVED
-CVE-2017-13906
- RESERVED
-CVE-2017-13905
- RESERVED
+CVE-2017-13910 (An access issue was addressed with additional sandbox restrictions on ...)
+ TODO: check
+CVE-2017-13909 (An issue existed in the storage of sensitive tokens. This issue was ad ...)
+ TODO: check
+CVE-2017-13908 (An issue in handling file permissions was addressed with improved vali ...)
+ TODO: check
+CVE-2017-13907 (A state management issue was addressed with improved state validation. ...)
+ TODO: check
+CVE-2017-13906 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2017-13905 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...)
@@ -271087,8 +271092,8 @@ CVE-2017-13894
RESERVED
CVE-2017-13893
RESERVED
-CVE-2017-13892
- RESERVED
+CVE-2017-13892 (An issue existed in the handling of Contact sharing. This issue was ad ...)
+ TODO: check
CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...)
NOT-FOR-US: Apple
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -271117,8 +271122,8 @@ CVE-2017-13882
RESERVED
CVE-2017-13881
RESERVED
-CVE-2017-13880
- RESERVED
+CVE-2017-13880 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -271213,8 +271218,8 @@ CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before
NOT-FOR-US: Apple
CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
-CVE-2017-13835
- RESERVED
+CVE-2017-13835 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -306356,8 +306361,8 @@ CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.
NOT-FOR-US: Apple involving Kernel component
CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
NOT-FOR-US: Apple involving Intel Graphics Driver
-CVE-2017-2488
- RESERVED
+CVE-2017-2488 (A cryptographic weakness existed in the authentication protocol of Rem ...)
+ TODO: check
CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
NOT-FOR-US: Apple involving FontParser component
CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
@@ -306614,8 +306619,8 @@ CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.
CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: Not covered by security support
-CVE-2017-2375
- RESERVED
+CVE-2017-2375 (An issue existed in preventing the uploading of CallKit call history t ...)
+ TODO: check
CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...)
NOT-FOR-US: Apple
CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd9a572586844ed22767848d394238f2c7dc0a4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd9a572586844ed22767848d394238f2c7dc0a4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211224/caf577a9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list