[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 12 08:10:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d20ea520 by security tracker role at 2021-11-12T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-21220
+ RESERVED
+CVE-2022-21207
+ RESERVED
+CVE-2022-21205
+ RESERVED
+CVE-2022-21203
+ RESERVED
+CVE-2022-21181
+ RESERVED
+CVE-2022-21180
+ RESERVED
+CVE-2022-21166
+ RESERVED
+CVE-2022-21127
+ RESERVED
+CVE-2022-21125
+ RESERVED
+CVE-2022-21123
+ RESERVED
+CVE-2021-43578
+ RESERVED
+CVE-2021-43577
+ RESERVED
+CVE-2021-43576
+ RESERVED
+CVE-2021-42744
+ RESERVED
+CVE-2021-26262
+ RESERVED
+CVE-2021-26248
+ RESERVED
CVE-2021-3949
RESERVED
CVE-2021-3948
@@ -653,6 +685,7 @@ CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Rest
NOT-FOR-US: Grav CMS
CVE-2021-23222
RESERVED
+ {DSA-5007-1 DSA-5006-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
- postgresql-11 <removed>
@@ -660,6 +693,7 @@ CVE-2021-23222
NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
CVE-2021-23214
RESERVED
+ {DSA-5007-1 DSA-5006-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
- postgresql-11 <removed>
@@ -2262,18 +2296,18 @@ CVE-2021-43034
RESERVED
CVE-2021-43033
RESERVED
-CVE-2021-3912
- RESERVED
-CVE-2021-3911
- RESERVED
-CVE-2021-3910
- RESERVED
-CVE-2021-3909
- RESERVED
-CVE-2021-3908
- RESERVED
-CVE-2021-3907
- RESERVED
+CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory, ...)
+ TODO: check
+CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...)
+ TODO: check
+CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...)
+ TODO: check
+CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...)
+ TODO: check
+CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...)
+ TODO: check
+CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...)
+ TODO: check
CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
NOT-FOR-US: bookstack
CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
@@ -2833,14 +2867,14 @@ CVE-2021-42777
RESERVED
CVE-2021-42776
RESERVED
-CVE-2021-42775
- RESERVED
-CVE-2021-42774
- RESERVED
-CVE-2021-42773
- RESERVED
-CVE-2021-42772
- REJECTED
+CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ TODO: check
+CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ TODO: check
+CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ TODO: check
+CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ TODO: check
CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...)
{DLA-2790-1}
- python-babel 2.8.0+dfsg.1-7 (bug #987824)
@@ -15732,8 +15766,8 @@ CVE-2021-37912 (The HGiga OAKlouds mobile portal does not filter special charact
NOT-FOR-US: HGiga OAKlouds mobile portal
CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...)
NOT-FOR-US: BenQ smart wireless conference projector
-CVE-2021-37910
- RESERVED
+CVE-2021-37910 (ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has i ...)
+ TODO: check
CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not filter and v ...)
NOT-FOR-US: TSSServiSignAdapter Windows
CVE-2021-37908
@@ -16202,6 +16236,7 @@ CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0
- node-tar <not-affected> (Only affects node-tar on Windows)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...)
+ {DSA-5008-1}
- node-tar 6.1.11+~cs11.3.10-1 (bug #993981)
[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
@@ -16226,6 +16261,7 @@ CVE-2021-37703 (Discourse is an open-source platform for community discussion. I
CVE-2021-37702 (Pimcore is an open source data & experience management platform. P ...)
NOT-FOR-US: Pimcore
CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...)
+ {DSA-5008-1}
- node-tar 6.1.7+~cs11.3.10-1
[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
@@ -23925,18 +23961,18 @@ CVE-2021-34424
RESERVED
CVE-2021-34423
RESERVED
-CVE-2021-34422
- RESERVED
-CVE-2021-34421
- RESERVED
-CVE-2021-34420
- RESERVED
-CVE-2021-34419
- RESERVED
-CVE-2021-34418
- RESERVED
-CVE-2021-34417
- RESERVED
+CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...)
+ TODO: check
+CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...)
+ TODO: check
+CVE-2021-34420 (The Zoom Client for Meetings for Windows installer before version 5.5. ...)
+ TODO: check
+CVE-2021-34419 (In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, ...)
+ TODO: check
+CVE-2021-34418 (The login routine of the web console in the Zoom On-Premise Meeting Co ...)
+ TODO: check
+CVE-2021-34417 (The network proxy page on the web portal for the Zoom On-Premise Meeti ...)
+ TODO: check
CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...)
NOT-FOR-US: Zoom on-premise Meeting Connector
CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...)
@@ -34401,8 +34437,8 @@ CVE-2021-30323
RESERVED
CVE-2021-30322
RESERVED
-CVE-2021-30321
- RESERVED
+CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...)
+ TODO: check
CVE-2021-30320
RESERVED
CVE-2021-30319
@@ -34475,8 +34511,7 @@ CVE-2021-30286
RESERVED
CVE-2021-30285
RESERVED
-CVE-2021-30284
- RESERVED
+CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30283
RESERVED
@@ -34512,16 +34547,13 @@ CVE-2021-30268
RESERVED
CVE-2021-30267
RESERVED
-CVE-2021-30266
- RESERVED
-CVE-2021-30265
- RESERVED
+CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...)
+ TODO: check
+CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30264
- RESERVED
+CVE-2021-30264 (Possible use after free due improper validation of reference from call ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30263
- RESERVED
+CVE-2021-30263 (Possible race condition can occur due to lack of synchronization mecha ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30262
RESERVED
@@ -34529,8 +34561,7 @@ CVE-2021-30261 (Possible integer and heap overflow due to lack of input command
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30259
- RESERVED
+CVE-2021-30259 (Possible out of bound access due to improper validation of function ta ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30258 (Possible buffer overflow due to improper size calculation of payload r ...)
NOT-FOR-US: Qualcomm components for Android
@@ -34538,11 +34569,9 @@ CVE-2021-30257 (Possible out of bound read or write in VR service due to lack of
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30256 (Possible stack overflow due to improper validation of camera name leng ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30255
- RESERVED
+CVE-2021-30255 (Possible buffer overflow due to improper input validation in PDM DIAG ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30254
- RESERVED
+CVE-2021-30254 (Possible buffer overflow due to improper input validation in factory c ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30253
RESERVED
@@ -63435,16 +63464,13 @@ CVE-2021-1984 (Possible buffer overflow due to improper validation of index valu
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1983 (Possible buffer overflow due to improper handling of negative data len ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1982
- RESERVED
+CVE-2021-1982 (Possible denial of service scenario due to improper input validation o ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1981
- RESERVED
+CVE-2021-1981 (Possible buffer over read due to improper IE size check of Bearer capa ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1980 (Possible buffer over read due to lack of length check while parsing be ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1979
- RESERVED
+CVE-2021-1979 (Possible buffer overflow due to improper validation of FTM command pay ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1978
RESERVED
@@ -63453,13 +63479,11 @@ CVE-2021-1977 (Possible buffer over read due to improper validation of frame len
NOT-FOR-US: Snapdragon
CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1975
- RESERVED
+CVE-2021-1975 (Possible heap overflow due to improper length check of domain while pa ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1974 (Possible buffer over read due to lack of alignment between map or unma ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1973
- RESERVED
+CVE-2021-1973 (A FTM Diag command can allow an arbitrary write into modem OS space in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1972 (Possible buffer overflow due to improper validation of device types du ...)
NOT-FOR-US: Qualcomm components for Android
@@ -63557,15 +63581,13 @@ CVE-2021-1926
RESERVED
CVE-2021-1925 (Possible denial of service scenario due to improper handling of group ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1924
- RESERVED
+CVE-2021-1924 (Information disclosure through timing and power side-channels during m ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1923 (Incorrect pointer argument passed to trusted application TA could resu ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1922
RESERVED
-CVE-2021-1921
- RESERVED
+CVE-2021-1921 (Possible memory corruption due to Improper handling of hypervisor unma ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1920 (Integer underflow can occur due to improper handling of incoming RTCP ...)
NOT-FOR-US: Qualcomm components for Android
@@ -63583,8 +63605,8 @@ CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper ha
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1913 (Possible integer overflow due to improper length check while updating ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1912
- RESERVED
+CVE-2021-1912 (Possible integer overflow can occur due to improper length check while ...)
+ TODO: check
CVE-2021-1911
RESERVED
CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...)
@@ -63601,8 +63623,7 @@ CVE-2021-1905 (Possible use after free due to improper handling of memory mappin
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1904 (Child process can leak information from parent process due to numeric ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1903
- RESERVED
+CVE-2021-1903 (Possible denial of service scenario can occur due to lack of length ch ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1902
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d20ea520da7cc8804edc7101db101de718b500cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d20ea520da7cc8804edc7101db101de718b500cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211112/72c604de/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list