[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 20 09:10:26 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1e297d5c by security tracker role at 2021-10-20T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-42742
+ RESERVED
+CVE-2021-42741
+ RESERVED
+CVE-2021-42740
+ RESERVED
+CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
+ TODO: check
+CVE-2021-42738
+ RESERVED
+CVE-2021-42737
+ RESERVED
+CVE-2021-42736
+ RESERVED
+CVE-2021-42735
+ RESERVED
+CVE-2021-42734
+ RESERVED
+CVE-2021-42733
+ RESERVED
+CVE-2021-42732
+ RESERVED
+CVE-2021-42731
+ RESERVED
+CVE-2021-42730
+ RESERVED
+CVE-2021-42729
+ RESERVED
+CVE-2021-42728
+ RESERVED
+CVE-2021-42727
+ RESERVED
+CVE-2021-42726
+ RESERVED
+CVE-2021-42725
+ RESERVED
+CVE-2021-42724
+ RESERVED
+CVE-2021-42723
+ RESERVED
+CVE-2021-42722
+ RESERVED
+CVE-2021-42721
+ RESERVED
+CVE-2021-42720
+ RESERVED
+CVE-2021-42719
+ RESERVED
+CVE-2021-42718
+ RESERVED
+CVE-2021-3894
+ RESERVED
CVE-2021-42717
RESERVED
CVE-2021-42716
@@ -2834,7 +2886,7 @@ CVE-2021-41993
CVE-2021-41992
RESERVED
CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...)
- {DSA-4989-1}
+ {DSA-4989-1 DLA-2788-1}
- strongswan 5.9.4-1
NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...)
@@ -4124,7 +4176,8 @@ CVE-2021-41430
RESERVED
CVE-2021-41429
RESERVED
-CVE-2021-41428 (Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= ...)
+CVE-2021-41428
+ REJECTED
NOT-FOR-US: DATEV
CVE-2021-41427
RESERVED
@@ -4725,8 +4778,8 @@ CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learni
NOT-FOR-US: OpenOlat
CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...)
NOT-FOR-US: Backstage
-CVE-2021-41150
- RESERVED
+CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and generat ...)
+ TODO: check
CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...)
TODO: check
CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
@@ -31084,21 +31137,19 @@ CVE-2021-30318
RESERVED
CVE-2021-30317
RESERVED
-CVE-2021-30316
- RESERVED
-CVE-2021-30315
- RESERVED
+CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...)
+ TODO: check
+CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
+ TODO: check
CVE-2021-30314
RESERVED
CVE-2021-30313
RESERVED
-CVE-2021-30312
- RESERVED
+CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30311
RESERVED
-CVE-2021-30310
- RESERVED
+CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30309
RESERVED
@@ -31106,18 +31157,15 @@ CVE-2021-30308
RESERVED
CVE-2021-30307
RESERVED
-CVE-2021-30306
- RESERVED
+CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30305
- RESERVED
+CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30304
- RESERVED
+CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...)
+ TODO: check
CVE-2021-30303
RESERVED
-CVE-2021-30302
- RESERVED
+CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30301
RESERVED
@@ -31127,8 +31175,7 @@ CVE-2021-30299
RESERVED
CVE-2021-30298
RESERVED
-CVE-2021-30297
- RESERVED
+CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30296
RESERVED
@@ -31138,18 +31185,15 @@ CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30293
RESERVED
-CVE-2021-30292
- RESERVED
+CVE-2021-30292 (Possible memory corruption due to lack of validation of client data us ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30291
- RESERVED
+CVE-2021-30291 (Possible memory corruption due to lack of validation of client data us ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...)
NOT-FOR-US: Snapdragon
CVE-2021-30289
RESERVED
-CVE-2021-30288
- RESERVED
+CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30287
RESERVED
@@ -31209,14 +31253,11 @@ CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30259
RESERVED
-CVE-2021-30258
- RESERVED
+CVE-2021-30258 (Possible buffer overflow due to improper size calculation of payload r ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30257
- RESERVED
+CVE-2021-30257 (Possible out of bound read or write in VR service due to lack of valid ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30256
- RESERVED
+CVE-2021-30256 (Possible stack overflow due to improper validation of camera name leng ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30255
RESERVED
@@ -34593,10 +34634,10 @@ CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arb
NOT-FOR-US: Chris Walz bit
CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
NOT-FOR-US: unofficial C/C++ Advanced Lint extension for Visual Studio Code
-CVE-2021-3455
- RESERVED
-CVE-2021-3454
- RESERVED
+CVE-2021-3455 (Disconnecting L2CAP channel right after invalid ATT request leads free ...)
+ TODO: check
+CVE-2021-3454 (Truncated L2CAP K-frame causes assertion failure. Zephyr versions > ...)
+ TODO: check
CVE-2021-3453 (Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS m ...)
NOT-FOR-US: Lenovo
CVE-2021-3452 (A potential vulnerability in the system shutdown SMI callback function ...)
@@ -60062,28 +60103,25 @@ CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh compone
NOTE: https://go-review.googlesource.com/c/crypto/+/278852
NOTE: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
NOTE: Introduced in: https://github.com/golang/crypto/commit/cbcb750295291b33242907a04be40e80801d0cfc (2019-05-10)
-CVE-2021-1985
- RESERVED
+CVE-2021-1985 (Possible buffer over read due to lack of data length check in QVR Serv ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1984
- RESERVED
+CVE-2021-1984 (Possible buffer overflow due to improper validation of index value whi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1983
- RESERVED
+CVE-2021-1983 (Possible buffer overflow due to improper handling of negative data len ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1982
RESERVED
CVE-2021-1981
RESERVED
-CVE-2021-1980
- RESERVED
+CVE-2021-1980 (Possible buffer over read due to lack of length check while parsing be ...)
+ TODO: check
CVE-2021-1979
RESERVED
CVE-2021-1978
RESERVED
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1977
- RESERVED
+CVE-2021-1977 (Possible buffer over read due to improper validation of frame length w ...)
+ TODO: check
CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1975
@@ -60098,17 +60136,13 @@ CVE-2021-1971 (Possible assertion due to lack of physical layer state validation
NOT-FOR-US: Snapdragon
CVE-2021-1970 (Possible out of bound read due to lack of length check of FT sub-eleme ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1969
- RESERVED
+CVE-2021-1969 (Improper validation of kernel buffer address while copying information ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1968
- RESERVED
+CVE-2021-1968 (Improper validation of kernel buffer address while copying information ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1967
- RESERVED
+CVE-2021-1967 (Possible stack buffer overflow due to lack of check on the maximum num ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1966
- RESERVED
+CVE-2021-1966 (Possible buffer overflow due to lack of length check of source and des ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1965 (Possible buffer overflow due to lack of parameter length check during ...)
NOT-FOR-US: Snapdragon
@@ -60122,8 +60156,7 @@ CVE-2021-1961 (Possible buffer overflow due to lack of offset length check while
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted opcode in LM ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1959
- RESERVED
+CVE-2021-1959 (Possible memory corruption due to lack of bound check of input index i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1958 (A race condition in fastrpc kernel driver for dynamic process creation ...)
NOT-FOR-US: Snapdragon
@@ -60143,8 +60176,7 @@ CVE-2021-1951
RESERVED
CVE-2021-1950
RESERVED
-CVE-2021-1949
- RESERVED
+CVE-2021-1949 (Possible integer overflow due to improper check of batch count value w ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...)
NOT-FOR-US: Qualcomm components for Android
@@ -60170,8 +60202,7 @@ CVE-2021-1938 (Possible assertion due to improper verification while creating an
NOT-FOR-US: Snapdragon
CVE-2021-1937 (Reachable assertion is possible while processing peer association WLAN ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1936
- RESERVED
+CVE-2021-1936 (Null pointer dereference can occur due to lack of null check for user ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1935 (Possible null pointer dereference due to lack of validation check for ...)
NOT-FOR-US: Qualcomm components for Android
@@ -60179,8 +60210,7 @@ CVE-2021-1934 (Possible memory corruption due to improper check when application
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1933 (UE assertion is possible due to improper validation of invite message ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1932
- RESERVED
+CVE-2021-1932 (Improper access control in trusted application environment can cause u ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer length w ...)
NOT-FOR-US: Snapdragon
@@ -60210,8 +60240,7 @@ CVE-2021-1919 (Integer underflow can occur when the RTCP length is lesser than t
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1918
RESERVED
-CVE-2021-1917
- RESERVED
+CVE-2021-1917 (Null pointer dereference can occur due to memory allocation failure in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1916 (Possible buffer underflow due to lack of check for negative indices va ...)
NOT-FOR-US: Qualcomm components for Android
@@ -60219,8 +60248,7 @@ CVE-2021-1915 (Buffer overflow can occur due to improper validation of NDP appli
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper handlin ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1913
- RESERVED
+CVE-2021-1913 (Possible integer overflow due to improper length check while updating ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1912
RESERVED
@@ -108895,8 +108923,7 @@ CVE-2020-11305 (Integer overflow in boot due to improper length check on argumen
NOT-FOR-US: Snapdragon
CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer length check. ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11303
- RESERVED
+CVE-2020-11303 (Accepting AMSDU frames with mismatched destination and source address ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11302
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e297d5cfaec433d1f5b7f924a4d038a0e132f7d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e297d5cfaec433d1f5b7f924a4d038a0e132f7d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211020/d83c882e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list