[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 23 20:10:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb57ad6b by security tracker role at 2021-11-23T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2021-44195
+ RESERVED
+CVE-2021-44194
+ RESERVED
+CVE-2021-44193
+ RESERVED
+CVE-2021-44192
+ RESERVED
+CVE-2021-44191
+ RESERVED
+CVE-2021-44190
+ RESERVED
+CVE-2021-44189
+ RESERVED
+CVE-2021-44188
+ RESERVED
+CVE-2021-44187
+ RESERVED
+CVE-2021-44186
+ RESERVED
+CVE-2021-44185
+ RESERVED
+CVE-2021-44184
+ RESERVED
+CVE-2021-44183
+ RESERVED
+CVE-2021-44182
+ RESERVED
+CVE-2021-44181
+ RESERVED
+CVE-2021-44180
+ RESERVED
+CVE-2021-44179
+ RESERVED
+CVE-2021-44178
+ RESERVED
+CVE-2021-44177
+ RESERVED
+CVE-2021-44176
+ RESERVED
+CVE-2021-44175
+ RESERVED
+CVE-2021-44174
+ RESERVED
+CVE-2021-44173
+ RESERVED
+CVE-2021-44172
+ RESERVED
+CVE-2021-44171
+ RESERVED
+CVE-2021-44170
+ RESERVED
+CVE-2021-44169
+ RESERVED
+CVE-2021-44168
+ RESERVED
+CVE-2021-44167
+ RESERVED
+CVE-2021-44166
+ RESERVED
+CVE-2021-44165
+ RESERVED
+CVE-2021-44164
+ RESERVED
+CVE-2021-44163
+ RESERVED
+CVE-2021-44162
+ RESERVED
+CVE-2021-44161
+ RESERVED
+CVE-2021-44160
+ RESERVED
+CVE-2021-44159
+ RESERVED
+CVE-2021-44158
+ RESERVED
+CVE-2021-4011
+ RESERVED
+CVE-2021-4010
+ RESERVED
+CVE-2021-4009
+ RESERVED
+CVE-2021-4008
+ RESERVED
+CVE-2021-4007
+ RESERVED
+CVE-2021-4006
+ RESERVED
+CVE-2021-4005
+ RESERVED
CVE-2022-0009
RESERVED
CVE-2022-0008
@@ -1095,7 +1185,7 @@ CVE-2021-3964
RESERVED
CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
-CVE-2021-3962 (A flaw was found in ImageMagick 7.1.0-14 where it did not properly san ...)
+CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...)
- imagemagick <undetermined>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4446
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e
@@ -4737,8 +4827,8 @@ CVE-2021-43021
RESERVED
CVE-2021-43020
RESERVED
-CVE-2021-43019
- RESERVED
+CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...)
+ TODO: check
CVE-2021-43018
RESERVED
CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...)
@@ -13140,8 +13230,8 @@ CVE-2021-39978
RESERVED
CVE-2021-39977
RESERVED
-CVE-2021-39976
- RESERVED
+CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 5800 V200 ...)
+ TODO: check
CVE-2021-39975
RESERVED
CVE-2021-39974
@@ -14497,6 +14587,7 @@ CVE-2021-39364
CVE-2021-39363
RESERVED
CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...)
+ {DLA-2826-1}
- mbedtls 2.16.9-0.1
NOTE: https://github.com/ARMmbed/mbedtls/issues/3629
NOTE: https://github.com/ARMmbed/mbedtls/commit/ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (development)
@@ -14506,10 +14597,12 @@ CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verificat
NOTE: https://github.com/ARMmbed/mbedtls/issues/3498
NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development)
CVE-2020-36476 (An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ...)
+ {DLA-2826-1}
- mbedtls 2.16.9-0.1
NOTE: https://github.com/ARMmbed/mbedtls/commit/a321413807927d6e295cec8677733bbde6aeec34 (development)
NOTE: https://github.com/ARMmbed/mbedtls/commit/ef73875913c66767e7a954aa0b68f42f0756d9b2 (mbedtls-2.7)
CVE-2020-36475 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...)
+ {DLA-2826-1}
- mbedtls 2.16.9-0.1
NOTE: https://github.com/ARMmbed/mbedtls/commit/9246d041500b96fb0694cbda1d833e420696827e
CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...)
@@ -18620,8 +18713,7 @@ CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3
[buster] - sylpheed <no-dsa> (Minor issue)
[stretch] - sylpheed <no-dsa> (Minor issue)
NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
-CVE-2021-3672 [Missing input validation on hostnames returned by DNS servers]
- RESERVED
+CVE-2021-3672 (A flaw was found in c-ares library, where a missing input validation c ...)
{DSA-4954-1 DLA-2738-1}
- c-ares 1.17.1-1.1 (bug #992053)
[bullseye] - c-ares 1.17.1-1+deb11u1
@@ -20132,8 +20224,8 @@ CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P
NOT-FOR-US: Huawei
CVE-2021-37103
RESERVED
-CVE-2021-37102
- RESERVED
+CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...)
+ TODO: check
CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
NOT-FOR-US: Huawei
CVE-2021-37100
@@ -20264,74 +20356,74 @@ CVE-2021-37038
RESERVED
CVE-2021-37037
RESERVED
-CVE-2021-37036
- RESERVED
-CVE-2021-37035
- RESERVED
-CVE-2021-37034
- RESERVED
-CVE-2021-37033
- RESERVED
-CVE-2021-37032
- RESERVED
-CVE-2021-37031
- RESERVED
-CVE-2021-37030
- RESERVED
-CVE-2021-37029
- RESERVED
+CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1, ...)
+ TODO: check
+CVE-2021-37035 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ TODO: check
+CVE-2021-37034 (There is an Unstandardized field names in Huawei Smartphone.Successful ...)
+ TODO: check
+CVE-2021-37033 (There is an Injection attack vulnerability in Huawei Smartphone.Succes ...)
+ TODO: check
+CVE-2021-37032 (There is a Bypass vulnerability in Huawei Smartphone.Successful exploi ...)
+ TODO: check
+CVE-2021-37031 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ TODO: check
+CVE-2021-37030 (There is an Improper permission vulnerability in Huawei Smartphone.Suc ...)
+ TODO: check
+CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartphone.S ...)
+ TODO: check
CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...)
NOT-FOR-US: Huawei
CVE-2021-37027
RESERVED
-CVE-2021-37026
- RESERVED
-CVE-2021-37025
- RESERVED
-CVE-2021-37024
- RESERVED
-CVE-2021-37023
- RESERVED
-CVE-2021-37022
- RESERVED
+CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37024 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...)
+ TODO: check
+CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...)
+ TODO: check
CVE-2021-37021
RESERVED
CVE-2021-37020
RESERVED
-CVE-2021-37019
- RESERVED
-CVE-2021-37018
- RESERVED
-CVE-2021-37017
- RESERVED
-CVE-2021-37016
- RESERVED
-CVE-2021-37015
- RESERVED
+CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
+ TODO: check
+CVE-2021-37017 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ TODO: check
+CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ TODO: check
CVE-2021-37014
RESERVED
-CVE-2021-37013
- RESERVED
-CVE-2021-37012
- RESERVED
+CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
+ TODO: check
CVE-2021-37011
RESERVED
-CVE-2021-37010
- RESERVED
-CVE-2021-37009
- RESERVED
-CVE-2021-37008
- RESERVED
-CVE-2021-37007
- RESERVED
-CVE-2021-37006
- RESERVED
-CVE-2021-37005
- RESERVED
-CVE-2021-37004
- RESERVED
-CVE-2021-37003
- RESERVED
+CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...)
+ TODO: check
+CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...)
+ TODO: check
+CVE-2021-37008 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37007 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ TODO: check
+CVE-2021-37006 (There is a Improper Preservation of Permissions vulnerability in Huawe ...)
+ TODO: check
+CVE-2021-37005 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37004 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-37003 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ TODO: check
CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...)
NOT-FOR-US: Huawei
CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...)
@@ -24973,8 +25065,8 @@ CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...)
NOT-FOR-US: Kaspersky
-CVE-2021-35052
- RESERVED
+CVE-2021-35052 (A component in Kaspersky Password Manager could allow an attacker to e ...)
+ TODO: check
CVE-2021-35051
RESERVED
CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...)
@@ -52147,6 +52239,7 @@ CVE-2021-24121
CVE-2021-24120
RESERVED
CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in b ...)
+ {DLA-2826-1}
- mbedtls <unfixed>
[bullseye] - mbedtls <no-dsa> (Minor issue)
[buster] - mbedtls <no-dsa> (Minor issue)
@@ -56188,8 +56281,8 @@ CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei Smartphone.
NOT-FOR-US: Huawei
CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...)
NOT-FOR-US: Huawei
-CVE-2021-22410
- RESERVED
+CVE-2021-22410 (There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C ...)
+ TODO: check
CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...)
NOT-FOR-US: Huawei
CVE-2021-22408
@@ -56296,8 +56389,8 @@ CVE-2021-22358 (There is an insufficient input validation vulnerability in Fusio
NOT-FOR-US: Huawei
CVE-2021-22357 (There is a denial of service vulnerability in Huawei products. A modul ...)
NOT-FOR-US: Huawei
-CVE-2021-22356
- RESERVED
+CVE-2021-22356 (There is a weak secure algorithm vulnerability in Huawei products. A w ...)
+ TODO: check
CVE-2021-22355
RESERVED
CVE-2021-22354 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
@@ -62076,8 +62169,8 @@ CVE-2021-20603 (Improper Input Validation vulnerability in GOT2000 series GT21 m
NOT-FOR-US: Mitsubishi
CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT2000 s ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20601
- RESERVED
+CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 model a ...)
+ TODO: check
CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
@@ -227245,7 +227338,7 @@ CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabi
CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in v ...)
- dolibarr <removed>
CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
- {DLA-1518-1}
+ {DLA-2826-1 DLA-1518-1}
- mbedtls 2.8.0-1
- polarssl <removed>
[wheezy] - polarssl <no-dsa> (Minor issue)
@@ -227253,7 +227346,7 @@ CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a
NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
- {DLA-1518-1}
+ {DLA-2826-1 DLA-1518-1}
- mbedtls 2.8.0-1
- polarssl <removed>
[wheezy] - polarssl <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb57ad6bb89626929a2e34785e1c252fa968e245
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb57ad6bb89626929a2e34785e1c252fa968e245
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211123/54693522/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list