[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 16 20:10:38 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
19484c84 by security tracker role at 2021-11-16T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2021-43774
+ RESERVED
+CVE-2021-43773
+ RESERVED
+CVE-2021-43772
+ RESERVED
+CVE-2021-43771
+ RESERVED
+CVE-2021-3964
+ RESERVED
+CVE-2021-3963
+ RESERVED
+CVE-2021-3962
+ RESERVED
CVE-2022-21641
RESERVED
CVE-2022-21640
@@ -874,8 +888,8 @@ CVE-2021-3960
RESERVED
CVE-2021-3959
RESERVED
-CVE-2021-3958
- RESERVED
+CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
+ TODO: check
CVE-2021-43745
RESERVED
CVE-2021-43744
@@ -3512,12 +3526,12 @@ CVE-2021-43050
RESERVED
CVE-2021-43049
RESERVED
-CVE-2021-43048
- RESERVED
-CVE-2021-43047
- RESERVED
-CVE-2021-43046
- RESERVED
+CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ TODO: check
+CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ TODO: check
+CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ TODO: check
CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...)
- linux 5.14.16-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -6878,8 +6892,8 @@ CVE-2021-42116
RESERVED
CVE-2021-42115
RESERVED
-CVE-2021-42114
- RESERVED
+CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...)
+ TODO: check
CVE-2021-42113
RESERVED
CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
@@ -8924,8 +8938,8 @@ CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency
[buster] - nim <no-dsa> (Minor issue)
[stretch] - nim <no-dsa> (Minor issue)
NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc
-CVE-2021-41258
- RESERVED
+CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...)
+ TODO: check
CVE-2021-41257
RESERVED
CVE-2021-41256
@@ -8939,8 +8953,8 @@ CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis vers
NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master)
NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1)
-CVE-2021-41252
- RESERVED
+CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer ...)
+ TODO: check
CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...)
NOT-FOR-US: SAP
CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...)
@@ -14442,8 +14456,8 @@ CVE-2021-38951
RESERVED
CVE-2021-38950
RESERVED
-CVE-2021-38949
- RESERVED
+CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...)
+ TODO: check
CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...)
NOT-FOR-US: IBM
CVE-2021-38947
@@ -14576,8 +14590,8 @@ CVE-2021-38884
RESERVED
CVE-2021-38883
RESERVED
-CVE-2021-38882
- RESERVED
+CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...)
+ TODO: check
CVE-2021-38881
RESERVED
CVE-2021-38880
@@ -17883,8 +17897,8 @@ CVE-2021-37582
RESERVED
CVE-2021-37581
RESERVED
-CVE-2021-37580
- RESERVED
+CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...)
+ TODO: check
CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...)
NOT-FOR-US: Apache Dubbo
CVE-2021-3667
@@ -35968,8 +35982,8 @@ CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in uti
NOT-FOR-US: samurai
CVE-2021-30217
RESERVED
-CVE-2021-30216
- RESERVED
+CVE-2021-30216 (Zoho Web mail version NA is affected by an incorrect access control vu ...)
+ TODO: check
CVE-2021-30215
RESERVED
CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...)
@@ -45575,44 +45589,44 @@ CVE-2021-26340
RESERVED
CVE-2021-26339
RESERVED
-CVE-2021-26338
- RESERVED
-CVE-2021-26337
- RESERVED
-CVE-2021-26336
- RESERVED
-CVE-2021-26335
- RESERVED
+CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...)
+ TODO: check
+CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
+ TODO: check
+CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...)
+ TODO: check
+CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
+ TODO: check
CVE-2021-26334
RESERVED
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
NOT-FOR-US: AMD
CVE-2021-26332
RESERVED
-CVE-2021-26331
- RESERVED
-CVE-2021-26330
- RESERVED
-CVE-2021-26329
- RESERVED
+CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...)
+ TODO: check
+CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...)
+ TODO: check
+CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...)
+ TODO: check
CVE-2021-26328
RESERVED
-CVE-2021-26327
- RESERVED
-CVE-2021-26326
- RESERVED
-CVE-2021-26325
- RESERVED
+CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...)
+ TODO: check
+CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...)
+ TODO: check
+CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...)
+ TODO: check
CVE-2021-26324
RESERVED
-CVE-2021-26323
- RESERVED
-CVE-2021-26322
- RESERVED
-CVE-2021-26321
- RESERVED
-CVE-2021-26320
- RESERVED
+CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...)
+ TODO: check
+CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...)
+ TODO: check
+CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...)
+ TODO: check
+CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...)
+ TODO: check
CVE-2021-26319
RESERVED
CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
@@ -45622,8 +45636,8 @@ CVE-2021-26317
RESERVED
CVE-2021-26316
RESERVED
-CVE-2021-26315
- RESERVED
+CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
+ TODO: check
CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
@@ -45635,8 +45649,8 @@ CVE-2021-26313 (Potential speculative code store bypass in all supported CPU pro
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-375.html
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
-CVE-2021-26312
- RESERVED
+CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...)
+ TODO: check
CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
NOT-FOR-US: AMD
CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
@@ -46568,14 +46582,14 @@ CVE-2021-25987
RESERVED
CVE-2021-25986
RESERVED
-CVE-2021-25985
- RESERVED
-CVE-2021-25984
- RESERVED
-CVE-2021-25983
- RESERVED
-CVE-2021-25982
- RESERVED
+CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...)
+ TODO: check
+CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...)
+ TODO: check
+CVE-2021-25983 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...)
+ TODO: check
+CVE-2021-25982 (In Factor (App Framework & Headless CMS) forum plugin, versions 1. ...)
+ TODO: check
CVE-2021-25981
RESERVED
CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...)
@@ -46586,8 +46600,8 @@ CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable t
NOT-FOR-US: Apostrophe CMS
CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
NOT-FOR-US: PiranhaCMS
-CVE-2021-25976
- RESERVED
+CVE-2021-25976 (In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross- ...)
+ TODO: check
CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a ...)
NOT-FOR-US: Publify
CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...)
@@ -46608,8 +46622,8 @@ CVE-2021-25967
RESERVED
CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...)
NOT-FOR-US: Orchard CMS
-CVE-2021-25965
- RESERVED
+CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...)
+ TODO: check
CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...)
NOT-FOR-US: Calibre web
CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...)
@@ -46661,8 +46675,8 @@ CVE-2021-25942
RESERVED
CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...)
NOT-FOR-US: Node deep-override
-CVE-2021-25940
- RESERVED
+CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
+ TODO: check
CVE-2021-25939
RESERVED
CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
@@ -87744,8 +87758,8 @@ CVE-2020-21641
RESERVED
CVE-2020-21640
RESERVED
-CVE-2020-21639
- RESERVED
+CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...)
+ TODO: check
CVE-2020-21638
RESERVED
CVE-2020-21637
@@ -87768,8 +87782,8 @@ CVE-2020-21629
RESERVED
CVE-2020-21628
RESERVED
-CVE-2020-21627
- RESERVED
+CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...)
+ TODO: check
CVE-2020-21626
RESERVED
CVE-2020-21625
@@ -108114,8 +108128,8 @@ CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Grap
NOT-FOR-US: Intel / AMD
CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...)
NOT-FOR-US: AMD
-CVE-2020-12961
- RESERVED
+CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...)
+ TODO: check
CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...)
NOT-FOR-US: AMD
CVE-2020-12959
@@ -108128,14 +108142,14 @@ CVE-2020-12956
RESERVED
CVE-2020-12955
RESERVED
-CVE-2020-12954
- RESERVED
+CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...)
+ TODO: check
CVE-2020-12953
RESERVED
CVE-2020-12952
RESERVED
-CVE-2020-12951
- RESERVED
+CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...)
+ TODO: check
CVE-2020-12950
RESERVED
CVE-2020-12949
@@ -108144,12 +108158,12 @@ CVE-2020-12948
RESERVED
CVE-2020-12947
RESERVED
-CVE-2020-12946
- RESERVED
+CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...)
+ TODO: check
CVE-2020-12945
RESERVED
-CVE-2020-12944
- RESERVED
+CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...)
+ TODO: check
CVE-2020-12943
RESERVED
CVE-2020-12942
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19484c8402e64025093b839882c58627ce15f103
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19484c8402e64025093b839882c58627ce15f103
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211116/e7356c77/attachment.htm>
More information about the debian-security-tracker-commits
mailing list