[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 29 20:10:26 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68c9198a by security tracker role at 2021-12-29T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-4189
+ RESERVED
CVE-2022-22262
RESERVED
CVE-2022-0077
@@ -154,8 +156,8 @@ CVE-2021-44775
RESERVED
CVE-2021-44465
RESERVED
-CVE-2021-4187
- RESERVED
+CVE-2021-4187 (vim is vulnerable to Use After Free ...)
+ TODO: check
CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
- gif2apng <unfixed> (bug #1002687)
CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
@@ -210,8 +212,8 @@ CVE-2021-45887
RESERVED
CVE-2021-45886
RESERVED
-CVE-2021-45885
- RESERVED
+CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...)
+ TODO: check
CVE-2021-4186
RESERVED
CVE-2021-4185
@@ -632,10 +634,10 @@ CVE-2021-4178
RESERVED
CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
NOT-FOR-US: livehelperchat
-CVE-2021-4176
- RESERVED
-CVE-2021-4175
- RESERVED
+CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ TODO: check
+CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ TODO: check
CVE-2021-26947
RESERVED
CVE-2021-23186
@@ -5605,10 +5607,10 @@ CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special c
NOT-FOR-US: Chain Sea
CVE-2021-44162 (Chain Sea ai chatbot system’s specific file download function ha ...)
NOT-FOR-US: Chain Sea
-CVE-2021-44161
- RESERVED
-CVE-2021-44160
- RESERVED
+CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system’s specific funct ...)
+ TODO: check
+CVE-2021-44160 (Carinal Tien Hospital Health Report System’s login page has impr ...)
+ TODO: check
CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user privi ...)
NOT-FOR-US: 4MOSAn GCB Doctor
CVE-2021-44158
@@ -8185,7 +8187,7 @@ CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 re
CVE-2021-43547
RESERVED
CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8193,7 +8195,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8204,7 +8206,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s
- firefox <not-affected> (Only affects Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8212,7 +8214,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8220,7 +8222,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8231,7 +8233,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a
- firefox 95.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8239,7 +8241,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8247,7 +8249,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8255,7 +8257,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -8263,7 +8265,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 93.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -8271,7 +8273,7 @@ CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -22181,10 +22183,10 @@ CVE-2021-38690
RESERVED
CVE-2021-38689
RESERVED
-CVE-2021-38688
- RESERVED
-CVE-2021-38687
- RESERVED
+CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...)
+ TODO: check
+CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ TODO: check
CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...)
NOT-FOR-US: QNAP
CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...)
@@ -22197,8 +22199,8 @@ CVE-2021-38682
RESERVED
CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...)
NOT-FOR-US: QNAP
-CVE-2021-38680
- RESERVED
+CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
CVE-2021-38679
RESERVED
CVE-2021-38678
@@ -22613,7 +22615,7 @@ CVE-2021-38510 (The executable file warning was not presented when downloading .
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -22621,7 +22623,7 @@ CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Java
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -22629,7 +22631,7 @@ CVE-2021-38508 (By displaying a form validity message in the correct location at
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -22637,7 +22639,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -22652,7 +22654,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -22660,7 +22662,7 @@ CVE-2021-38504 (When interacting with an HTML input element's file picker dialog
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
- {DSA-5026-1}
+ {DSA-5026-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -27098,12 +27100,12 @@ CVE-2021-36726
RESERVED
CVE-2021-36725
RESERVED
-CVE-2021-36724
- RESERVED
-CVE-2021-36723
- RESERVED
-CVE-2021-36722
- RESERVED
+CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...)
+ TODO: check
+CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...)
+ TODO: check
+CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...)
+ TODO: check
CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...)
TODO: check
CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...)
@@ -31049,10 +31051,10 @@ CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect v
NOT-FOR-US: Jamf Pro
CVE-2021-35036
RESERVED
-CVE-2021-35035
- RESERVED
-CVE-2021-35034
- RESERVED
+CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...)
+ TODO: check
+CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...)
+ TODO: check
CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...)
NOT-FOR-US: Zyxel
CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...)
@@ -53880,18 +53882,18 @@ CVE-2021-25995
RESERVED
CVE-2021-25994
RESERVED
-CVE-2021-25993
- RESERVED
+CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...)
+ TODO: check
CVE-2021-25992
RESERVED
-CVE-2021-25991
- RESERVED
-CVE-2021-25990
- RESERVED
-CVE-2021-25989
- RESERVED
-CVE-2021-25988
- RESERVED
+CVE-2021-25991 (In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper a ...)
+ TODO: check
+CVE-2021-25990 (In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable agai ...)
+ TODO: check
+CVE-2021-25989 (In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ TODO: check
+CVE-2021-25988 (In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ TODO: check
CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The po ...)
NOT-FOR-US: hexo blog framework
CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...)
@@ -59351,8 +59353,8 @@ CVE-2021-23729
RESERVED
CVE-2021-23728
RESERVED
-CVE-2021-23727
- RESERVED
+CVE-2021-23727 (This affects the package celery before 5.2.2. It by default trusts the ...)
+ TODO: check
CVE-2021-23726
RESERVED
CVE-2021-23725
@@ -155406,7 +155408,7 @@ CVE-2019-17598 (An issue was discovered in Lightbend Play Framework 2.5.x throug
CVE-2019-17597
RESERVED
CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using user input ...)
- {DLA-1986-1}
+ {DLA-2864-1 DLA-1986-1}
- ruby-haml 5.0.4-1
NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
@@ -207580,7 +207582,7 @@ CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153
CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...)
- {DSA-4353-1 DLA-1700-1 DLA-1608-1}
+ {DSA-4353-1 DLA-2866-1 DLA-1700-1 DLA-1608-1}
- php7.3 7.3.0-1 (bug #913775)
- php7.2 <removed> (bug #913835)
- php7.0 <removed> (bug #913836)
@@ -225982,7 +225984,7 @@ CVE-2018-12586
CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allo ...)
NOT-FOR-US: OPC UA Java and .NET Legacy Stack
CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in resip/stack/Connectio ...)
- {DLA-1439-1}
+ {DLA-2865-1 DLA-1439-1}
- resiprocate <removed> (bug #905495)
NOTE: http://joachimdezutter.webredirect.org/advisory.html
NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
@@ -279458,7 +279460,7 @@ CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...)
- {DLA-1439-1 DLA-1040-1}
+ {DLA-2865-1 DLA-1439-1 DLA-1040-1}
- resiprocate <removed> (low; bug #869404)
NOTE: https://github.com/resiprocate/resiprocate/pull/88
NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68c9198aa522f60ad983d60bd7d2ea20c06828d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68c9198aa522f60ad983d60bd7d2ea20c06828d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211229/916b4a98/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list