[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 16 20:10:38 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19484c84 by security tracker role at 2021-11-16T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-43774
+	RESERVED
+CVE-2021-43773
+	RESERVED
+CVE-2021-43772
+	RESERVED
+CVE-2021-43771
+	RESERVED
+CVE-2021-3964
+	RESERVED
+CVE-2021-3963
+	RESERVED
+CVE-2021-3962
+	RESERVED
 CVE-2022-21641
 	RESERVED
 CVE-2022-21640
@@ -874,8 +888,8 @@ CVE-2021-3960
 	RESERVED
 CVE-2021-3959
 	RESERVED
-CVE-2021-3958
-	RESERVED
+CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
+	TODO: check
 CVE-2021-43745
 	RESERVED
 CVE-2021-43744
@@ -3512,12 +3526,12 @@ CVE-2021-43050
 	RESERVED
 CVE-2021-43049
 	RESERVED
-CVE-2021-43048
-	RESERVED
-CVE-2021-43047
-	RESERVED
-CVE-2021-43046
-	RESERVED
+CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+	TODO: check
+CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+	TODO: check
+CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+	TODO: check
 CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...)
 	- linux 5.14.16-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -6878,8 +6892,8 @@ CVE-2021-42116
 	RESERVED
 CVE-2021-42115
 	RESERVED
-CVE-2021-42114
-	RESERVED
+CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...)
+	TODO: check
 CVE-2021-42113
 	RESERVED
 CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
@@ -8924,8 +8938,8 @@ CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency
 	[buster] - nim <no-dsa> (Minor issue)
 	[stretch] - nim <no-dsa> (Minor issue)
 	NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc
-CVE-2021-41258
-	RESERVED
+CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...)
+	TODO: check
 CVE-2021-41257
 	RESERVED
 CVE-2021-41256
@@ -8939,8 +8953,8 @@ CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis vers
 	NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
 	NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master)
 	NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1)
-CVE-2021-41252
-	RESERVED
+CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer  ...)
+	TODO: check
 CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...)
 	NOT-FOR-US: SAP
 CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...)
@@ -14442,8 +14456,8 @@ CVE-2021-38951
 	RESERVED
 CVE-2021-38950
 	RESERVED
-CVE-2021-38949
-	RESERVED
+CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials  ...)
+	TODO: check
 CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...)
 	NOT-FOR-US: IBM
 CVE-2021-38947
@@ -14576,8 +14590,8 @@ CVE-2021-38884
 	RESERVED
 CVE-2021-38883
 	RESERVED
-CVE-2021-38882
-	RESERVED
+CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...)
+	TODO: check
 CVE-2021-38881
 	RESERVED
 CVE-2021-38880
@@ -17883,8 +17897,8 @@ CVE-2021-37582
 	RESERVED
 CVE-2021-37581
 	RESERVED
-CVE-2021-37580
-	RESERVED
+CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...)
+	TODO: check
 CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...)
 	NOT-FOR-US: Apache Dubbo
 CVE-2021-3667
@@ -35968,8 +35982,8 @@ CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in uti
 	NOT-FOR-US: samurai
 CVE-2021-30217
 	RESERVED
-CVE-2021-30216
-	RESERVED
+CVE-2021-30216 (Zoho Web mail version NA is affected by an incorrect access control vu ...)
+	TODO: check
 CVE-2021-30215
 	RESERVED
 CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...)
@@ -45575,44 +45589,44 @@ CVE-2021-26340
 	RESERVED
 CVE-2021-26339
 	RESERVED
-CVE-2021-26338
-	RESERVED
-CVE-2021-26337
-	RESERVED
-CVE-2021-26336
-	RESERVED
-CVE-2021-26335
-	RESERVED
+CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...)
+	TODO: check
+CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
+	TODO: check
+CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...)
+	TODO: check
+CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
+	TODO: check
 CVE-2021-26334
 	RESERVED
 CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
 	NOT-FOR-US: AMD
 CVE-2021-26332
 	RESERVED
-CVE-2021-26331
-	RESERVED
-CVE-2021-26330
-	RESERVED
-CVE-2021-26329
-	RESERVED
+CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...)
+	TODO: check
+CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow  ...)
+	TODO: check
+CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...)
+	TODO: check
 CVE-2021-26328
 	RESERVED
-CVE-2021-26327
-	RESERVED
-CVE-2021-26326
-	RESERVED
-CVE-2021-26325
-	RESERVED
+CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...)
+	TODO: check
+CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...)
+	TODO: check
+CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...)
+	TODO: check
 CVE-2021-26324
 	RESERVED
-CVE-2021-26323
-	RESERVED
-CVE-2021-26322
-	RESERVED
-CVE-2021-26321
-	RESERVED
-CVE-2021-26320
-	RESERVED
+CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...)
+	TODO: check
+CVE-2021-26322 (Persistent platform private key may not be protected with a random IV  ...)
+	TODO: check
+CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...)
+	TODO: check
+CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...)
+	TODO: check
 CVE-2021-26319
 	RESERVED
 CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
@@ -45622,8 +45636,8 @@ CVE-2021-26317
 	RESERVED
 CVE-2021-26316
 	RESERVED
-CVE-2021-26315
-	RESERVED
+CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
+	TODO: check
 CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
 	NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
@@ -45635,8 +45649,8 @@ CVE-2021-26313 (Potential speculative code store bypass in all supported CPU pro
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-375.html
 	NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
-CVE-2021-26312
-	RESERVED
+CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...)
+	TODO: check
 CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
 	NOT-FOR-US: AMD
 CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
@@ -46568,14 +46582,14 @@ CVE-2021-25987
 	RESERVED
 CVE-2021-25986
 	RESERVED
-CVE-2021-25985
-	RESERVED
-CVE-2021-25984
-	RESERVED
-CVE-2021-25983
-	RESERVED
-CVE-2021-25982
-	RESERVED
+CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...)
+	TODO: check
+CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...)
+	TODO: check
+CVE-2021-25983 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...)
+	TODO: check
+CVE-2021-25982 (In Factor (App Framework & Headless CMS) forum plugin, versions 1. ...)
+	TODO: check
 CVE-2021-25981
 	RESERVED
 CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...)
@@ -46586,8 +46600,8 @@ CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable t
 	NOT-FOR-US: Apostrophe CMS
 CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
 	NOT-FOR-US: PiranhaCMS
-CVE-2021-25976
-	RESERVED
+CVE-2021-25976 (In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross- ...)
+	TODO: check
 CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a  ...)
 	NOT-FOR-US: Publify
 CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...)
@@ -46608,8 +46622,8 @@ CVE-2021-25967
 	RESERVED
 CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...)
 	NOT-FOR-US: Orchard CMS
-CVE-2021-25965
-	RESERVED
+CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site  ...)
+	TODO: check
 CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...)
 	NOT-FOR-US: Calibre web
 CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...)
@@ -46661,8 +46675,8 @@ CVE-2021-25942
 	RESERVED
 CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...)
 	NOT-FOR-US: Node deep-override
-CVE-2021-25940
-	RESERVED
+CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
+	TODO: check
 CVE-2021-25939
 	RESERVED
 CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
@@ -87744,8 +87758,8 @@ CVE-2020-21641
 	RESERVED
 CVE-2020-21640
 	RESERVED
-CVE-2020-21639
-	RESERVED
+CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...)
+	TODO: check
 CVE-2020-21638
 	RESERVED
 CVE-2020-21637
@@ -87768,8 +87782,8 @@ CVE-2020-21629
 	RESERVED
 CVE-2020-21628
 	RESERVED
-CVE-2020-21627
-	RESERVED
+CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...)
+	TODO: check
 CVE-2020-21626
 	RESERVED
 CVE-2020-21625
@@ -108114,8 +108128,8 @@ CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Grap
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...)
 	NOT-FOR-US: AMD
-CVE-2020-12961
-	RESERVED
+CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...)
+	TODO: check
 CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...)
 	NOT-FOR-US: AMD
 CVE-2020-12959
@@ -108128,14 +108142,14 @@ CVE-2020-12956
 	RESERVED
 CVE-2020-12955
 	RESERVED
-CVE-2020-12954
-	RESERVED
+CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...)
+	TODO: check
 CVE-2020-12953
 	RESERVED
 CVE-2020-12952
 	RESERVED
-CVE-2020-12951
-	RESERVED
+CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...)
+	TODO: check
 CVE-2020-12950
 	RESERVED
 CVE-2020-12949
@@ -108144,12 +108158,12 @@ CVE-2020-12948
 	RESERVED
 CVE-2020-12947
 	RESERVED
-CVE-2020-12946
-	RESERVED
+CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...)
+	TODO: check
 CVE-2020-12945
 	RESERVED
-CVE-2020-12944
-	RESERVED
+CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...)
+	TODO: check
 CVE-2020-12943
 	RESERVED
 CVE-2020-12942



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19484c8402e64025093b839882c58627ce15f103

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19484c8402e64025093b839882c58627ce15f103
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211116/e7356c77/attachment.htm>


More information about the debian-security-tracker-commits mailing list