[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 13 09:10:24 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
612ec920 by security tracker role at 2021-10-13T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2021-42339
+ RESERVED
+CVE-2021-42338
+ RESERVED
+CVE-2021-42337
+ RESERVED
+CVE-2021-42336
+ RESERVED
+CVE-2021-42335
+ RESERVED
+CVE-2021-42334
+ RESERVED
+CVE-2021-42333
+ RESERVED
+CVE-2021-42332
+ RESERVED
+CVE-2021-42331
+ RESERVED
+CVE-2021-42330
+ RESERVED
+CVE-2021-42329
+ RESERVED
CVE-2022-20111
RESERVED
CVE-2022-20110
@@ -365,6 +387,7 @@ CVE-2021-42254
CVE-2021-42253
RESERVED
CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...)
+ {DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -689,6 +712,7 @@ CVE-2021-3871
CVE-2021-3870
RESERVED
CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4984-1}
- flatpak 1.12.1-1 (bug #995935)
[buster] - flatpak <ignored> (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
@@ -938,6 +962,7 @@ CVE-2021-3860
CVE-2021-3859
RESERVED
CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...)
+ {DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -2390,74 +2415,74 @@ CVE-2021-41365
RESERVED
CVE-2021-41364
RESERVED
-CVE-2021-41363
- RESERVED
+CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...)
+ TODO: check
CVE-2021-41362
RESERVED
-CVE-2021-41361
- RESERVED
+CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-41360
RESERVED
CVE-2021-41359
RESERVED
CVE-2021-41358
RESERVED
-CVE-2021-41357
- RESERVED
+CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ TODO: check
CVE-2021-41356
RESERVED
-CVE-2021-41355
- RESERVED
-CVE-2021-41354
- RESERVED
-CVE-2021-41353
- RESERVED
-CVE-2021-41352
- RESERVED
+CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-41352 (SCOM Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-41351
RESERVED
-CVE-2021-41350
- RESERVED
+CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-41349
RESERVED
-CVE-2021-41348
- RESERVED
-CVE-2021-41347
- RESERVED
-CVE-2021-41346
- RESERVED
-CVE-2021-41345
- RESERVED
-CVE-2021-41344
- RESERVED
-CVE-2021-41343
- RESERVED
-CVE-2021-41342
- RESERVED
+CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ TODO: check
+CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ TODO: check
+CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+ TODO: check
+CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-41341
RESERVED
-CVE-2021-41340
- RESERVED
-CVE-2021-41339
- RESERVED
-CVE-2021-41338
- RESERVED
-CVE-2021-41337
- RESERVED
-CVE-2021-41336
- RESERVED
-CVE-2021-41335
- RESERVED
-CVE-2021-41334
- RESERVED
+CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...)
+ TODO: check
+CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+ TODO: check
CVE-2021-41333
RESERVED
-CVE-2021-41332
- RESERVED
-CVE-2021-41331
- RESERVED
-CVE-2021-41330
- RESERVED
+CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...)
NOT-FOR-US: Datalust Seq
CVE-2021-41328
@@ -4412,88 +4437,88 @@ CVE-2021-40493
RESERVED
CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...)
NOT-FOR-US: Gibbon application
-CVE-2021-40489
- RESERVED
-CVE-2021-40488
- RESERVED
-CVE-2021-40487
- RESERVED
-CVE-2021-40486
- RESERVED
-CVE-2021-40485
- RESERVED
-CVE-2021-40484
- RESERVED
-CVE-2021-40483
- RESERVED
-CVE-2021-40482
- RESERVED
-CVE-2021-40481
- RESERVED
-CVE-2021-40480
- RESERVED
-CVE-2021-40479
- RESERVED
-CVE-2021-40478
- RESERVED
-CVE-2021-40477
- RESERVED
-CVE-2021-40476
- RESERVED
-CVE-2021-40475
- RESERVED
-CVE-2021-40474
- RESERVED
-CVE-2021-40473
- RESERVED
-CVE-2021-40472
- RESERVED
-CVE-2021-40471
- RESERVED
-CVE-2021-40470
- RESERVED
-CVE-2021-40469
- RESERVED
-CVE-2021-40468
- RESERVED
-CVE-2021-40467
- RESERVED
-CVE-2021-40466
- RESERVED
-CVE-2021-40465
- RESERVED
-CVE-2021-40464
- RESERVED
-CVE-2021-40463
- RESERVED
-CVE-2021-40462
- RESERVED
-CVE-2021-40461
- RESERVED
-CVE-2021-40460
- RESERVED
+CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ TODO: check
+CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ TODO: check
+CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ TODO: check
+CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ TODO: check
+CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ TODO: check
+CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ TODO: check
+CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...)
+ TODO: check
+CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-40463 (Windows NAT Denial of Service Vulnerability ...)
+ TODO: check
+CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...)
+ TODO: check
+CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
+CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...)
+ TODO: check
CVE-2021-40459
RESERVED
CVE-2021-40458
RESERVED
-CVE-2021-40457
- RESERVED
-CVE-2021-40456
- RESERVED
-CVE-2021-40455
- RESERVED
-CVE-2021-40454
- RESERVED
+CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
+ TODO: check
+CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability ...)
+ TODO: check
+CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...)
+ TODO: check
+CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...)
+ TODO: check
CVE-2021-40453
RESERVED
CVE-2021-40452
RESERVED
CVE-2021-40451
RESERVED
-CVE-2021-40450
- RESERVED
-CVE-2021-40449
- RESERVED
+CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ TODO: check
+CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ TODO: check
CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...)
NOT-FOR-US: Microsoft
CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
@@ -4504,8 +4529,8 @@ CVE-2021-40445
RESERVED
CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-40443
- RESERVED
+CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
CVE-2021-40442
RESERVED
CVE-2021-40441
@@ -4541,7 +4566,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate add
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
@@ -4790,7 +4815,7 @@ CVE-2021-3754
RESERVED
CVE-2021-3753
RESERVED
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
@@ -5210,7 +5235,7 @@ CVE-2021-40148
RESERVED
CVE-2021-3743
RESERVED
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -6360,7 +6385,7 @@ CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files]
RESERVED
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
@@ -8660,8 +8685,8 @@ CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Fla
NOT-FOR-US: adminlte
CVE-2021-38673
RESERVED
-CVE-2021-38672
- RESERVED
+CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+ TODO: check
CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2021-38670
@@ -8678,10 +8703,10 @@ CVE-2021-38665
RESERVED
CVE-2021-38664
RESERVED
-CVE-2021-38663
- RESERVED
-CVE-2021-38662
- RESERVED
+CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability ...)
+ TODO: check
+CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+ TODO: check
CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
@@ -9809,11 +9834,13 @@ CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48
CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...)
+ {DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37
CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...)
+ {DLA-2785-1}
- linux 5.14.6-1 (unimportant)
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -9834,11 +9861,12 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...)
+ {DLA-2785-1}
- linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7
@@ -10044,7 +10072,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI
NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
@@ -10576,7 +10604,7 @@ CVE-2021-3681
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
NOT-FOR-US: showdoc
CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
@@ -11488,7 +11516,7 @@ CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to un
CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
NOT-FOR-US: Node body-parser-xml
CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
[stretch] - linux <ignored> (powerpc architectures not included in LTS)
@@ -12329,6 +12357,7 @@ CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authenticat
CVE-2021-3657
RESERVED
CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...)
+ {DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -12367,7 +12396,7 @@ CVE-2021-37140
RESERVED
CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
RESERVED
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -12697,6 +12726,7 @@ CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl
CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...)
NOT-FOR-US: SerNet verinice
CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
+ {DLA-2785-1}
- linux 5.10.46-3
[buster] - linux 4.19.208-1
CVE-2021-3654 [novnc allows open redirection]
@@ -12757,8 +12787,8 @@ CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is
NOT-FOR-US: Microsoft
CVE-2021-36971
RESERVED
-CVE-2021-36970
- RESERVED
+CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability ...)
+ TODO: check
CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
NOT-FOR-US: Microsoft
CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...)
@@ -12791,8 +12821,8 @@ CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vul
NOT-FOR-US: Microsoft
CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-36953
- RESERVED
+CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability ...)
+ TODO: check
CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-36951
@@ -13183,7 +13213,7 @@ CVE-2021-36776
CVE-2021-36775
RESERVED
CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
@@ -16277,6 +16307,7 @@ CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom
CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...)
NOT-FOR-US: Nagios Log Server
CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+ {DLA-2785-1}
- linux 5.10.46-4
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
@@ -17190,6 +17221,7 @@ CVE-2021-35068
CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...)
NOT-FOR-US: Meross MSG100 devices
CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
+ {DLA-2785-1}
- linux 5.10.46-3
[buster] - linux 4.19.208-1
NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
@@ -17284,6 +17316,7 @@ CVE-2021-3609
CVE-2021-35040
RESERVED
CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...)
+ {DLA-2785-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -18079,6 +18112,7 @@ CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack
NOT-FOR-US: Receita Federal IRPF 2021 1.7
CVE-2021-3600
RESERVED
+ {DLA-2785-1}
- linux 5.10.19-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90
@@ -18398,6 +18432,7 @@ CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly as
NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x)
NOTE: key_agreement.go also bundled in various other packages
CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+ {DLA-2785-1}
- linux 5.10.46-4
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
@@ -18626,8 +18661,8 @@ CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerabilit
NOT-FOR-US: Microsoft
CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2021-34453
- RESERVED
+CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability ...)
+ TODO: check
CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability ...)
@@ -20558,6 +20593,7 @@ CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did n
CVE-2021-33625
RESERVED
CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
+ {DLA-2785-1}
- linux 5.10.46-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
@@ -33811,6 +33847,7 @@ CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is su
CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
NOT-FOR-US: Arista
CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...)
+ {DLA-2785-1}
- linux 5.10.19-1
[buster] - linux 4.19.208-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -38751,10 +38788,10 @@ CVE-2021-26444
RESERVED
CVE-2021-26443
RESERVED
-CVE-2021-26442
- RESERVED
-CVE-2021-26441
- RESERVED
+CVE-2021-26442 (Windows HTTP.sys Elevation of Privilege Vulnerability ...)
+ TODO: check
+CVE-2021-26441 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ TODO: check
CVE-2021-26440
RESERVED
CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
@@ -38781,8 +38818,8 @@ CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2021-26427
- RESERVED
+CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ TODO: check
CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
@@ -39116,8 +39153,8 @@ CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protecti
NOT-FOR-US: WPS Hide Logi
CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
NOT-FOR-US: WinSCP
-CVE-2021-3330
- RESERVED
+CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...)
+ TODO: check
CVE-2021-3329
RESERVED
CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
@@ -39195,12 +39232,12 @@ CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenti
NOT-FOR-US: Monitorix
CVE-2021-3324
RESERVED
-CVE-2021-3323
- RESERVED
-CVE-2021-3322
- RESERVED
-CVE-2021-3321
- RESERVED
+CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...)
+ TODO: check
+CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...)
+ TODO: check
+CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header ...)
+ TODO: check
CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...)
@@ -48083,6 +48120,7 @@ CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cau
CVE-2021-22544
RESERVED
CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...)
+ {DLA-2785-1}
- linux 5.10.46-2
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3
@@ -56054,8 +56092,8 @@ CVE-2021-20033
RESERVED
CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...)
NOT-FOR-US: SonicWall
-CVE-2021-20031
- RESERVED
+CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...)
+ TODO: check
CVE-2021-20030
RESERVED
CVE-2021-20029
@@ -78688,20 +78726,20 @@ CVE-2020-22681
RESERVED
CVE-2020-22680
RESERVED
-CVE-2020-22679
- RESERVED
-CVE-2020-22678
- RESERVED
-CVE-2020-22677
- RESERVED
+CVE-2020-22679 (Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 a ...)
+ TODO: check
+CVE-2020-22678 (An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulat ...)
+ TODO: check
+CVE-2020-22677 (An issue was discovered in gpac 0.8.0. The dump_data_hex function in b ...)
+ TODO: check
CVE-2020-22676
RESERVED
-CVE-2020-22675
- RESERVED
-CVE-2020-22674
- RESERVED
-CVE-2020-22673
- RESERVED
+CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function in stb ...)
+ TODO: check
+CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...)
+ TODO: check
+CVE-2020-22673 (Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows ...)
+ TODO: check
CVE-2020-22672
RESERVED
CVE-2020-22671
@@ -92593,7 +92631,7 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy
[stretch] - linux <not-affected> (Vulnerable configuration combination not possible)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
@@ -127291,7 +127329,7 @@ CVE-2020-3704 (u'While processing invalid connection request PDU which is nonsta
CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
- {DSA-4978-1}
+ {DSA-4978-1 DLA-2785-1}
- linux 5.14.6-1
[buster] - linux 4.19.208-1
NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/612ec9208554f8640eeef9fee038c15ae020f606
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/612ec9208554f8640eeef9fee038c15ae020f606
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211013/16572a81/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list