[Git][security-tracker-team/security-tracker][master] automatic update

Thu Oct 28 09:10:21 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b265d63 by security tracker role at 2021-10-28T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2021-43056 [KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest]
+CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...)
+	TODO: check
+CVE-2021-43055
+	RESERVED
+CVE-2021-43054
+	RESERVED
+CVE-2021-43053
+	RESERVED
+CVE-2021-43052
+	RESERVED
+CVE-2021-43051
+	RESERVED
+CVE-2021-43050
+	RESERVED
+CVE-2021-43049
+	RESERVED
+CVE-2021-43048
+	RESERVED
+CVE-2021-43047
+	RESERVED
+CVE-2021-43046
+	RESERVED
+CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -43,8 +65,8 @@ CVE-2021-3908
 	RESERVED
 CVE-2021-3907
 	RESERVED
-CVE-2021-3906
-	RESERVED
+CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous  ...)
+	TODO: check
 CVE-2018-25019
 	RESERVED
 CVE-2015-20067
@@ -97,10 +119,10 @@ CVE-2021-43011
 	RESERVED
 CVE-2021-3905
 	RESERVED
-CVE-2021-3904
-	RESERVED
-CVE-2021-3903
-	RESERVED
+CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...)
+	TODO: check
+CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
+	TODO: check
 CVE-2020-36503
 	RESERVED
 CVE-2021-43010
@@ -421,8 +443,8 @@ CVE-2021-42853
 	RESERVED
 CVE-2021-3902
 	RESERVED
-CVE-2021-3901
-	RESERVED
+CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: firefly-iii
 CVE-2021-42852
@@ -5420,8 +5442,8 @@ CVE-2021-41193
 	RESERVED
 CVE-2021-41192
 	RESERVED
-CVE-2021-41191
-	RESERVED
+CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...)
+	TODO: check
 CVE-2021-41190
 	RESERVED
 CVE-2021-41189
@@ -44824,8 +44846,7 @@ CVE-2021-25221
 	RESERVED
 CVE-2021-25220
 	RESERVED
-CVE-2021-25219 [Lame cache can be abused to severely degrade resolver performance]
-	RESERVED
+CVE-2021-25219 (In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3- ...)
 	- bind9 1:9.17.19-1
 	NOTE: https://kb.isc.org/docs/cve-2021-25219
 CVE-2021-25218 (In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ...)
@@ -65273,12 +65294,12 @@ CVE-2021-1119
 	RESERVED
 CVE-2021-1118
 	RESERVED
-CVE-2021-1117
-	RESERVED
-CVE-2021-1116
-	RESERVED
-CVE-2021-1115
-	RESERVED
+CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...)
+	TODO: check
+CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2021-1115 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
 CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...)
 	NOT-FOR-US: NVIDIA
 CVE-2021-1113 (NVIDIA camera firmware contains a vulnerability where an unauthorized  ...)
@@ -100703,7 +100724,7 @@ CVE-2020-14275 (Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13,
 	NOT-FOR-US: HCL
 CVE-2020-14274 (Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9 ...)
 	NOT-FOR-US: HCL
-CVE-2020-14273 (HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vul ...)
+CVE-2020-14273 (HCL Domino is susceptible to a Denial of Service (DoS) vulnerability d ...)
 	NOT-FOR-US: HCL Domino
 CVE-2020-14272
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b265d639edbfc52900af12b23db6b03956b87e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b265d639edbfc52900af12b23db6b03956b87e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211028/2427830a/attachment.htm>
