[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 31 08:10:20 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c197af92 by security tracker role at 2021-12-31T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,29 @@
-CVE-2021-45732
+CVE-2022-22292
 	RESERVED
-CVE-2021-45077
+CVE-2022-22291
 	RESERVED
-CVE-2021-44466
+CVE-2022-22290
 	RESERVED
+CVE-2022-22289
+	RESERVED
+CVE-2022-22288
+	RESERVED
+CVE-2022-22287
+	RESERVED
+CVE-2022-22286
+	RESERVED
+CVE-2022-22285
+	RESERVED
+CVE-2022-22284
+	RESERVED
+CVE-2022-22283
+	RESERVED
+CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...)
+	TODO: check
+CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...)
+	TODO: check
+CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
+	TODO: check
 CVE-2021-4194
 	RESERVED
 CVE-2021-4193
@@ -12,8 +32,8 @@ CVE-2021-4192
 	RESERVED
 CVE-2021-4191
 	RESERVED
-CVE-2021-23147
-	RESERVED
+CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...)
+	TODO: check
 CVE-2022-22282
 	RESERVED
 CVE-2022-22281
@@ -56,8 +76,8 @@ CVE-2022-22263
 	RESERVED
 CVE-2021-45919
 	RESERVED
-CVE-2021-4190
-	RESERVED
+CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of  ...)
+	TODO: check
 CVE-2021-4189
 	RESERVED
 CVE-2022-22262
@@ -282,18 +302,18 @@ CVE-2021-45886
 	RESERVED
 CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...)
 	NOT-FOR-US: Stormshield Network Security (SNS)
-CVE-2021-4186
-	RESERVED
-CVE-2021-4185
-	RESERVED
-CVE-2021-4184
-	RESERVED
-CVE-2021-4183
-	RESERVED
-CVE-2021-4182
-	RESERVED
-CVE-2021-4181
-	RESERVED
+CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
+	TODO: check
+CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
+	TODO: check
+CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
+	TODO: check
+CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
+	TODO: check
+CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
+	TODO: check
+CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
+	TODO: check
 CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
 	- brave-browser <itp> (bug #864795)
 CVE-2021-45883
@@ -60548,7 +60568,8 @@ CVE-2021-3097
 	RESERVED
 CVE-2021-3096
 	RESERVED
-CVE-2021-3095 (A remote attacker with write access to PI Vision could inject code int ...)
+CVE-2021-3095
+	REJECTED
 	NOT-FOR-US: OSIsoft
 CVE-2021-3094
 	RESERVED
@@ -60558,7 +60579,8 @@ CVE-2021-3092
 	RESERVED
 CVE-2021-3091
 	RESERVED
-CVE-2021-3090 (PI Vision could disclose information to a user with insufficient privi ...)
+CVE-2021-3090
+	REJECTED
 	NOT-FOR-US: OSIsoft
 CVE-2021-3089
 	RESERVED
@@ -69682,60 +69704,60 @@ CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f
-CVE-2021-20175
-	RESERVED
-CVE-2021-20174
-	RESERVED
-CVE-2021-20173
-	RESERVED
-CVE-2021-20172
-	RESERVED
-CVE-2021-20171
-	RESERVED
-CVE-2021-20170
-	RESERVED
-CVE-2021-20169
-	RESERVED
-CVE-2021-20168
-	RESERVED
-CVE-2021-20167
-	RESERVED
-CVE-2021-20166
-	RESERVED
-CVE-2021-20165
-	RESERVED
-CVE-2021-20164
-	RESERVED
-CVE-2021-20163
-	RESERVED
-CVE-2021-20162
-	RESERVED
-CVE-2021-20161
-	RESERVED
-CVE-2021-20160
-	RESERVED
-CVE-2021-20159
-	RESERVED
-CVE-2021-20158
-	RESERVED
-CVE-2021-20157
-	RESERVED
-CVE-2021-20156
-	RESERVED
-CVE-2021-20155
-	RESERVED
-CVE-2021-20154
-	RESERVED
-CVE-2021-20153
-	RESERVED
-CVE-2021-20152
-	RESERVED
-CVE-2021-20151
-	RESERVED
-CVE-2021-20150
-	RESERVED
-CVE-2021-20149
-	RESERVED
+CVE-2021-20175 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+	TODO: check
+CVE-2021-20174 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+	TODO: check
+CVE-2021-20173 (Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection ...)
+	TODO: check
+CVE-2021-20172 (All known versions of the Netgear Genie Installer for macOS contain a  ...)
+	TODO: check
+CVE-2021-20171 (Netgear RAX43 version 1.0.3.96 stores sensitive information in plainte ...)
+	TODO: check
+CVE-2021-20170 (Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It  ...)
+	TODO: check
+CVE-2021-20169 (Netgear RAX43 version 1.0.3.96 does not utilize secure communications  ...)
+	TODO: check
+CVE-2021-20168 (Netgear RAX43 version 1.0.3.96 does not have sufficient protections to ...)
+	TODO: check
+CVE-2021-20167 (Netgear RAX43 version 1.0.3.96 contains a command injection vulnerabil ...)
+	TODO: check
+CVE-2021-20166 (Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability ...)
+	TODO: check
+CVE-2021-20165 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement ...)
+	TODO: check
+CVE-2021-20164 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses creden ...)
+	TODO: check
+CVE-2021-20163 (Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the f ...)
+	TODO: check
+CVE-2021-20162 (Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plain ...)
+	TODO: check
+CVE-2021-20161 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient pr ...)
+	TODO: check
+CVE-2021-20160 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injectio ...)
+	TODO: check
+CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command in ...)
+	TODO: check
+CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication  ...)
+	TODO: check
+CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force the dev ...)
+	TODO: check
+CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access ...)
+	TODO: check
+CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded cred ...)
+	TODO: check
+CVE-2021-20154 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw i ...)
+	TODO: check
+CVE-2021-20153 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerab ...)
+	TODO: check
+CVE-2021-20152 (Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication ...)
+	TODO: check
+CVE-2021-20151 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the sess ...)
+	TODO: check
+CVE-2021-20150 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses inform ...)
+	TODO: check
+CVE-2021-20149 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient ac ...)
+	TODO: check
 CVE-2021-20148
 	RESERVED
 CVE-2021-20147
@@ -69764,12 +69786,12 @@ CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper
 	NOT-FOR-US: ManageEngine
 CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)
 	NOT-FOR-US: Nessus
-CVE-2021-20134
-	RESERVED
-CVE-2021-20133
-	RESERVED
-CVE-2021-20132
-	RESERVED
+CVE-2021-20134 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+	TODO: check
+CVE-2021-20133 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+	TODO: check
+CVE-2021-20132 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+	TODO: check
 CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication  ...)
 	NOT-FOR-US: ManageEngine ADManager Plus
 CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication  ...)
@@ -190340,7 +190362,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling
 	- svgpp 1.2.3+dfsg1-5 (bug #919321)
 	NOTE: https://github.com/svgpp/svgpp/issues/70
 CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
-	{DLA-1656-1}
+	{DLA-2872-1 DLA-1656-1}
 	- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
 	- svgpp <unfixed> (unimportant; bug #919321)
 	NOTE: https://github.com/svgpp/svgpp/issues/70
@@ -196958,7 +196980,7 @@ CVE-2018-20656
 CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size check when ...)
 	NOT-FOR-US: WhatsApp
 CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...)
-	{DLA-1636-1}
+	{DLA-2873-1 DLA-1636-1}
 	- aria2 1.34.0-4 (low; bug #918058)
 	NOTE: https://github.com/aria2/aria2/issues/1329
 	NOTE: Masking of all authorization and cookie header fields (but not userinfo in URL):



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c197af922a22e26d9213b68d72857c00e5055808

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c197af922a22e26d9213b68d72857c00e5055808
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211231/0885db6f/attachment.htm>

More information about the debian-security-tracker-commits mailing list