[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 28 21:10:28 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
63424b52 by security tracker role at 2021-10-28T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-20621
+ RESERVED
+CVE-2022-20620
+ RESERVED
+CVE-2022-20619
+ RESERVED
+CVE-2022-20618
+ RESERVED
+CVE-2022-20617
+ RESERVED
+CVE-2022-20616
+ RESERVED
+CVE-2022-20615
+ RESERVED
+CVE-2022-20614
+ RESERVED
+CVE-2022-20613
+ RESERVED
+CVE-2022-20612
+ RESERVED
+CVE-2021-43061
+ RESERVED
+CVE-2021-43060
+ RESERVED
+CVE-2021-43059
+ RESERVED
+CVE-2021-43058
+ RESERVED
+CVE-2021-3914
+ RESERVED
CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...)
- linux 5.14.9-1
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
@@ -4265,8 +4295,8 @@ CVE-2021-41730
RESERVED
CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)
NOT-FOR-US: BaiCloud-cms
-CVE-2021-41728
- RESERVED
+CVE-2021-41728 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News ...)
+ TODO: check
CVE-2021-41727
RESERVED
CVE-2021-41726
@@ -4633,8 +4663,8 @@ CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk softwar
NOT-FOR-US: LiderAhenk
CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
NOT-FOR-US: OpenVPN Access Server
-CVE-2021-3823
- RESERVED
+CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: jsoneditor
CVE-2021-41560
@@ -7905,8 +7935,8 @@ CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond
NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6)
NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6)
TODO: check, might only affect the upstream stable-0.6 branch and not an issue in src:libtpms in any released version in Debian
-CVE-2021-3745
- RESERVED
+CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
+ TODO: check
CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
RESERVED
- linux 5.14.12-1
@@ -11943,7 +11973,7 @@ CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Manage
NOT-FOR-US: Moxa
CVE-2021-38457 (The server permits communication without any authentication procedure, ...)
NOT-FOR-US: AUVESY
-CVE-2021-38456 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+CVE-2021-38456 (A use of hard-coded password vulnerability in the Moxa MXview Network ...)
NOT-FOR-US: Moxa
CVE-2021-38455 (The affected product’s OS Service does not verify any given para ...)
NOT-FOR-US: AUVESY
@@ -13370,8 +13400,8 @@ CVE-2021-37917
RESERVED
CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...)
NOT-FOR-US: Joplin
-CVE-2021-37915
- RESERVED
+CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...)
+ TODO: check
CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...)
NOT-FOR-US: Argo Workflows
CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...)
@@ -13739,8 +13769,8 @@ CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) b
NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...)
NOT-FOR-US: Hexagon GeoMedia WebMap
-CVE-2021-37748
- RESERVED
+CVE-2021-37748 (Multiple buffer overflows in the limited configuration shell (/sbin/gs ...)
+ TODO: check
CVE-2021-37747
RESERVED
CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...)
@@ -14850,8 +14880,8 @@ CVE-2021-37256
RESERVED
CVE-2021-37255
RESERVED
-CVE-2021-37254
- RESERVED
+CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...)
+ TODO: check
CVE-2021-37253
RESERVED
CVE-2021-37252
@@ -15429,42 +15459,42 @@ CVE-2021-37004
RESERVED
CVE-2021-37003
RESERVED
-CVE-2021-37002
- RESERVED
-CVE-2021-37001
- RESERVED
+CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...)
+ TODO: check
+CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...)
+ TODO: check
CVE-2021-37000
RESERVED
-CVE-2021-36999
- RESERVED
-CVE-2021-36998
- RESERVED
-CVE-2021-36997
- RESERVED
-CVE-2021-36996
- RESERVED
-CVE-2021-36995
- RESERVED
-CVE-2021-36994
- RESERVED
-CVE-2021-36993
- RESERVED
-CVE-2021-36992
- RESERVED
-CVE-2021-36991
- RESERVED
-CVE-2021-36990
- RESERVED
-CVE-2021-36989
- RESERVED
-CVE-2021-36988
- RESERVED
-CVE-2021-36987
- RESERVED
-CVE-2021-36986
- RESERVED
-CVE-2021-36985
- RESERVED
+CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...)
+ TODO: check
+CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ TODO: check
+CVE-2021-36997 (There is a Low memory error in Huawei Smartphone due to the unlimited ...)
+ TODO: check
+CVE-2021-36996 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ TODO: check
+CVE-2021-36995 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-36994 (There is a issue that trustlist strings being repeatedly inserted into ...)
+ TODO: check
+CVE-2021-36993 (There is a Memory leaks vulnerability in Huawei Smartphone.Successful ...)
+ TODO: check
+CVE-2021-36992 (There is a Public key verification vulnerability in Huawei Smartphone. ...)
+ TODO: check
+CVE-2021-36991 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-36990 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
+ TODO: check
+CVE-2021-36989 (There is a Kernel crash vulnerability in Huawei Smartphone.Successful ...)
+ TODO: check
+CVE-2021-36988 (There is a Parameter verification issue in Huawei Smartphone.Successfu ...)
+ TODO: check
+CVE-2021-36987 (There is a issue that nodes in the linked list being freed for multipl ...)
+ TODO: check
+CVE-2021-36986 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
+ TODO: check
+CVE-2021-36985 (There is a Code injection vulnerability in Huawei Smartphone.Successfu ...)
+ TODO: check
CVE-2021-36984
RESERVED
CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...)
@@ -22906,8 +22936,8 @@ CVE-2021-33808
RESERVED
CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...)
NOT-FOR-US: Cartadis Gespage
-CVE-2021-3579
- RESERVED
+CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
+ TODO: check
CVE-2021-3578 [possible remote code execution in isync/mbsync]
RESERVED
- isync 1.3.0-2.2 (bug #989564)
@@ -22920,8 +22950,8 @@ CVE-2021-33805
REJECTED
CVE-2021-3577
RESERVED
-CVE-2021-3576
- RESERVED
+CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...)
+ TODO: check
CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS]
RESERVED
- openjpeg2 <unfixed> (bug #989775)
@@ -30273,150 +30303,149 @@ CVE-2021-30922
REJECTED
CVE-2021-30921
REJECTED
-CVE-2021-30920
- REJECTED
-CVE-2021-30919
- REJECTED
-CVE-2021-30918
- REJECTED
-CVE-2021-30917
- REJECTED
-CVE-2021-30916
- REJECTED
-CVE-2021-30915
- REJECTED
-CVE-2021-30914
- REJECTED
-CVE-2021-30913
- REJECTED
-CVE-2021-30912
- REJECTED
-CVE-2021-30911
- REJECTED
-CVE-2021-30910
- REJECTED
-CVE-2021-30909
- REJECTED
-CVE-2021-30908
- REJECTED
-CVE-2021-30907
- REJECTED
-CVE-2021-30906
- REJECTED
-CVE-2021-30905
- REJECTED
+CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...)
+ TODO: check
+CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...)
+ TODO: check
+CVE-2021-30918 (A Lock Screen issue was addressed with improved state management. This ...)
+ TODO: check
+CVE-2021-30917 (A memory corruption issue existed in the processing of ICC profiles. T ...)
+ TODO: check
+CVE-2021-30916 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2021-30915 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30914 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2021-30913 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2021-30912 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2021-30911 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30910 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30909 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2021-30908 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2021-30907 (An integer overflow was addressed through improved input validation. T ...)
+ TODO: check
+CVE-2021-30906 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
CVE-2021-30904
REJECTED
-CVE-2021-30903
- REJECTED
-CVE-2021-30902
- REJECTED
-CVE-2021-30901
- REJECTED
-CVE-2021-30900
- REJECTED
-CVE-2021-30899
- REJECTED
+CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved bound ...)
+ TODO: check
+CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
CVE-2021-30898
REJECTED
CVE-2021-30897
REJECTED
-CVE-2021-30896
- REJECTED
-CVE-2021-30895
- REJECTED
-CVE-2021-30894
- REJECTED
+CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2021-30894 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
CVE-2021-30893
REJECTED
-CVE-2021-30892
- REJECTED
+CVE-2021-30892 (An inherited permissions issue was addressed with additional restricti ...)
+ TODO: check
CVE-2021-30891
REJECTED
-CVE-2021-30890
- REJECTED
-CVE-2021-30889
- REJECTED
-CVE-2021-30888
- REJECTED
-CVE-2021-30887
- REJECTED
-CVE-2021-30886
- REJECTED
+CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...)
+ TODO: check
+CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
CVE-2021-30885
REJECTED
-CVE-2021-30884
- REJECTED
-CVE-2021-30883
- REJECTED
-CVE-2021-30882
- REJECTED
-CVE-2021-30881
- REJECTED
-CVE-2021-30880
- REJECTED
-CVE-2021-30879
- REJECTED
+CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...)
+ TODO: check
+CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2021-30881 (An input validation issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2021-30880 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30879 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
CVE-2021-30878
REJECTED
-CVE-2021-30877
- REJECTED
-CVE-2021-30876
- REJECTED
-CVE-2021-30875
- REJECTED
-CVE-2021-30874
- REJECTED
-CVE-2021-30873
- REJECTED
+CVE-2021-30877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30876 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2021-30875 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ TODO: check
+CVE-2021-30874 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2021-30873 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2021-30872
REJECTED
-CVE-2021-30871
- REJECTED
-CVE-2021-30870
- REJECTED
+CVE-2021-30871 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ TODO: check
+CVE-2021-30870 (A logic issue existed in the handling of document loads. This issue wa ...)
+ TODO: check
CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...)
NOT-FOR-US: Apple
-CVE-2021-30868
- REJECTED
-CVE-2021-30867
- REJECTED
-CVE-2021-30866
- REJECTED
-CVE-2021-30865
- REJECTED
-CVE-2021-30864
- REJECTED
-CVE-2021-30863
- REJECTED
-CVE-2021-30862
- REJECTED
-CVE-2021-30861
- REJECTED
+CVE-2021-30868 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
+CVE-2021-30867 (The issue was addressed with improved authentication. This issue is fi ...)
+ TODO: check
+CVE-2021-30866 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
+ TODO: check
+CVE-2021-30865 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2021-30864 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30863 (This issue was addressed by improving Face ID anti-spoofing models. Th ...)
+ TODO: check
+CVE-2021-30862 (A validation issue was addressed with improved input sanitization. Thi ...)
+ TODO: check
+CVE-2021-30861 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2021-30860 (An integer overflow was addressed with improved input validation. This ...)
NOT-FOR-US: Apple
-CVE-2021-30859
- REJECTED
+CVE-2021-30859 (A type confusion issue was addressed with improved state handling. Thi ...)
+ TODO: check
CVE-2021-30858 (A use after free issue was addressed with improved memory management. ...)
{DSA-4976-1 DSA-4975-1}
- webkit2gtk 2.32.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.32.4-1
NOTE: https://webkitgtk.org/security/WSA-2021-0005.html
-CVE-2021-30857
- REJECTED
+CVE-2021-30857 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
CVE-2021-30856
REJECTED
-CVE-2021-30855
- REJECTED
-CVE-2021-30854
- REJECTED
-CVE-2021-30853
- REJECTED
-CVE-2021-30852
- REJECTED
-CVE-2021-30851
- REJECTED
+CVE-2021-30855 (A validation issue existed in the handling of symlinks. This issue was ...)
+ TODO: check
+CVE-2021-30854 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30853 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2021-30852 (A type confusion issue was addressed with improved memory handling. Th ...)
+ TODO: check
+CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking. ...)
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.1-1
@@ -30454,26 +30483,26 @@ CVE-2021-30842 (This issue was addressed with improved checks. This issue is fix
NOT-FOR-US: Apple
CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2021-30840
- RESERVED
+CVE-2021-30840 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2021-30839
RESERVED
CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...)
NOT-FOR-US: Apple
-CVE-2021-30836
- RESERVED
+CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2021-30834
- RESERVED
-CVE-2021-30833
- RESERVED
+CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2021-30833 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
-CVE-2021-30831
- RESERVED
+CVE-2021-30831 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...)
@@ -30486,40 +30515,40 @@ CVE-2021-30826 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2021-30824
- RESERVED
-CVE-2021-30823
- RESERVED
+CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2021-30822
RESERVED
-CVE-2021-30821
- RESERVED
+CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
CVE-2021-30820 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
-CVE-2021-30818
- RESERVED
-CVE-2021-30817
- RESERVED
-CVE-2021-30816
- RESERVED
+CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...)
+ TODO: check
+CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...)
+ TODO: check
+CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
NOT-FOR-US: Apple
-CVE-2021-30814
- RESERVED
-CVE-2021-30813
- RESERVED
+CVE-2021-30814 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2021-30813 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2021-30812
RESERVED
CVE-2021-30811 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...)
NOT-FOR-US: Apple
-CVE-2021-30809
- RESERVED
-CVE-2021-30808
- RESERVED
+CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2021-30806
@@ -51036,28 +51065,28 @@ CVE-2021-22493
REJECTED
CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2021-22491
- RESERVED
-CVE-2021-22490
- RESERVED
+CVE-2021-22491 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ TODO: check
+CVE-2021-22490 (There is a Permission verification vulnerability in Huawei Smartphone. ...)
+ TODO: check
CVE-2021-22489
RESERVED
-CVE-2021-22488
- RESERVED
-CVE-2021-22487
- RESERVED
-CVE-2021-22486
- RESERVED
-CVE-2021-22485
- RESERVED
+CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ TODO: check
+CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei Smartphone. Suc ...)
+ TODO: check
+CVE-2021-22486 (There is a issue of Unstandardized field names in Huawei Smartphone. S ...)
+ TODO: check
+CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections in Huawei ...)
+ TODO: check
CVE-2021-22484
RESERVED
-CVE-2021-22483
- RESERVED
-CVE-2021-22482
- RESERVED
-CVE-2021-22481
- RESERVED
+CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. Successf ...)
+ TODO: check
+CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smartphone. ...)
+ TODO: check
+CVE-2021-22481 (There is a Verification errors vulnerability in Huawei Smartphone.Succ ...)
+ TODO: check
CVE-2021-22480
RESERVED
CVE-2021-22479
@@ -51068,58 +51097,58 @@ CVE-2021-22477
RESERVED
CVE-2021-22476
RESERVED
-CVE-2021-22475
- RESERVED
-CVE-2021-22474
- RESERVED
-CVE-2021-22473
- RESERVED
-CVE-2021-22472
- RESERVED
-CVE-2021-22471
- RESERVED
-CVE-2021-22470
- RESERVED
-CVE-2021-22469
- RESERVED
-CVE-2021-22468
- RESERVED
-CVE-2021-22467
- RESERVED
-CVE-2021-22466
- RESERVED
-CVE-2021-22465
- RESERVED
-CVE-2021-22464
- RESERVED
-CVE-2021-22463
- RESERVED
-CVE-2021-22462
- RESERVED
-CVE-2021-22461
- RESERVED
-CVE-2021-22460
- RESERVED
-CVE-2021-22459
- RESERVED
-CVE-2021-22458
- RESERVED
-CVE-2021-22457
- RESERVED
-CVE-2021-22456
- RESERVED
-CVE-2021-22455
- RESERVED
-CVE-2021-22454
- RESERVED
-CVE-2021-22453
- RESERVED
-CVE-2021-22452
- RESERVED
-CVE-2021-22451
- RESERVED
-CVE-2021-22450
- RESERVED
+CVE-2021-22475 (There is an Improper permission management vulnerability in Huawei Sma ...)
+ TODO: check
+CVE-2021-22474 (There is an Out-of-bounds memory access in Huawei Smartphone.Successfu ...)
+ TODO: check
+CVE-2021-22473 (There is an Authentication vulnerability in Huawei Smartphone.Successf ...)
+ TODO: check
+CVE-2021-22472 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ TODO: check
+CVE-2021-22471 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ TODO: check
+CVE-2021-22470 (A component of the HarmonyOS has a Privileges Controls vulnerability. ...)
+ TODO: check
+CVE-2021-22469 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
+ TODO: check
+CVE-2021-22468 (A component of the HarmonyOS has a Exposure of Sensitive Information t ...)
+ TODO: check
+CVE-2021-22467 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ TODO: check
+CVE-2021-22466 (A component of the HarmonyOS has a Use After Free vulnerability. Local ...)
+ TODO: check
+CVE-2021-22465 (A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerab ...)
+ TODO: check
+CVE-2021-22464 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
+ TODO: check
+CVE-2021-22463 (A component of the HarmonyOS has a Use After Free vulnerability . Loca ...)
+ TODO: check
+CVE-2021-22462 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ TODO: check
+CVE-2021-22461 (A component of the HarmonyOS has a Allocation of Resources Without Lim ...)
+ TODO: check
+CVE-2021-22460 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
+ TODO: check
+CVE-2021-22459 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ TODO: check
+CVE-2021-22458 (A component of the HarmonyOS has a Improper Restriction of Operations ...)
+ TODO: check
+CVE-2021-22457 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ TODO: check
+CVE-2021-22456 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ TODO: check
+CVE-2021-22455 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ TODO: check
+CVE-2021-22454 (A component of the HarmonyOS has a External Control of System or Confi ...)
+ TODO: check
+CVE-2021-22453 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ TODO: check
+CVE-2021-22452 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ TODO: check
+CVE-2021-22451 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ TODO: check
+CVE-2021-22450 (A component of the HarmonyOS has a Incomplete Cleanup vulnerability. L ...)
+ TODO: check
CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...)
NOT-FOR-US: Elf-G10HN (Huawei)
CVE-2021-22448
@@ -51146,8 +51175,8 @@ CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability
NOT-FOR-US: Huawei
CVE-2021-22437
RESERVED
-CVE-2021-22436
- RESERVED
+CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei Smartphone.Successful ...)
+ TODO: check
CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...)
NOT-FOR-US: Huawei
CVE-2021-22434
@@ -51204,20 +51233,20 @@ CVE-2021-22409 (There is a denial of service vulnerability in some versions of M
NOT-FOR-US: Huawei
CVE-2021-22408
RESERVED
-CVE-2021-22407
- RESERVED
-CVE-2021-22406
- RESERVED
-CVE-2021-22405
- RESERVED
-CVE-2021-22404
- RESERVED
-CVE-2021-22403
- RESERVED
-CVE-2021-22402
- RESERVED
-CVE-2021-22401
- RESERVED
+CVE-2021-22407 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
+ TODO: check
+CVE-2021-22406 (There is an Uncaught Exception vulnerability in Huawei Smartphone.Succ ...)
+ TODO: check
+CVE-2021-22405 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
+ TODO: check
+CVE-2021-22404 (There is a Directory traversal vulnerability in Huawei Smartphone.Succ ...)
+ TODO: check
+CVE-2021-22403 (There is a vulnerability of hijacking unverified providers in Huawei S ...)
+ TODO: check
+CVE-2021-22402 (There is a DoS vulnerability in Huawei Smartphone.Successful exploitat ...)
+ TODO: check
+CVE-2021-22401 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ TODO: check
CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...)
NOT-FOR-US: Huawei
CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
@@ -51266,7 +51295,7 @@ CVE-2021-22378 (There is a race condition vulnerability in eCNS280_TD V100R005C0
NOT-FOR-US: Huawei
CVE-2021-22377 (There is a command injection vulnerability in S12700 V200R019C00SPC500 ...)
NOT-FOR-US: Huawei
-CVE-2021-22376 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
+CVE-2021-22376 (A component of the HarmonyOS has a Improper Privilege Management vulne ...)
NOT-FOR-US: Huawei
CVE-2021-22375 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...)
NOT-FOR-US: Huawei
@@ -51366,7 +51395,7 @@ CVE-2021-22328 (There is a denial of service vulnerability in some huawei produc
NOT-FOR-US: Huawei
CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...)
NOT-FOR-US: Huawei
-CVE-2021-22326 (There is an Incorrect Privilege Assignment Vulnerability in Huawei Sma ...)
+CVE-2021-22326 (A component of the HarmonyOS has a Privilege Dropping / Lowering Error ...)
NOT-FOR-US: Huawei
CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
NOT-FOR-US: Huawei
@@ -51462,8 +51491,8 @@ CVE-2021-22280
RESERVED
CVE-2021-22279
RESERVED
-CVE-2021-22278
- RESERVED
+CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
+ TODO: check
CVE-2021-22277
RESERVED
CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
@@ -51903,10 +51932,10 @@ CVE-2021-22099
RESERVED
CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...)
NOT-FOR-US: UAA server
-CVE-2021-22097
- RESERVED
-CVE-2021-22096
- RESERVED
+CVE-2021-22097 (In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring ...)
+ TODO: check
+CVE-2021-22096 (In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ...)
+ TODO: check
CVE-2021-22095
RESERVED
CVE-2021-22094
@@ -52003,14 +52032,14 @@ CVE-2021-22049
RESERVED
CVE-2021-22048
RESERVED
-CVE-2021-22047
- RESERVED
+CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older ...)
+ TODO: check
CVE-2021-22046
RESERVED
CVE-2021-22045
RESERVED
-CVE-2021-22044
- RESERVED
+CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
+ TODO: check
CVE-2021-22043
RESERVED
CVE-2021-22042
@@ -61312,8 +61341,8 @@ CVE-2021-1823
RESERVED
CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
-CVE-2021-1821
- RESERVED
+CVE-2021-1821 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...)
{DSA-4797-1}
- webkit2gtk 2.30.1-1
@@ -61563,8 +61592,8 @@ CVE-2020-29631
RESERVED
CVE-2020-29630
RESERVED
-CVE-2020-29629
- RESERVED
+CVE-2020-29629 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2020-29628
RESERVED
CVE-2020-29627
@@ -75466,8 +75495,8 @@ CVE-2020-25424
RESERVED
CVE-2020-25423
RESERVED
-CVE-2020-25422
- RESERVED
+CVE-2020-25422 (A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS ...)
+ TODO: check
CVE-2020-25421
RESERVED
CVE-2020-25420
@@ -82284,8 +82313,8 @@ CVE-2020-22314
RESERVED
CVE-2020-22313
RESERVED
-CVE-2020-22312
- RESERVED
+CVE-2020-22312 (A cross-site scripting (XSS) vulnerability was discovered in the OJ/ad ...)
+ TODO: check
CVE-2020-22311
RESERVED
CVE-2020-22310
@@ -113725,8 +113754,8 @@ CVE-2020-9899 (A memory corruption issue was addressed with improved input valid
NOT-FOR-US: Apple
CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
-CVE-2020-9897
- RESERVED
+CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...)
+ TODO: check
CVE-2020-9896
RESERVED
CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...)
@@ -114095,8 +114124,8 @@ CVE-2020-10007 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
-CVE-2020-10005
- RESERVED
+CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...)
+ TODO: check
CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...)
@@ -118935,8 +118964,8 @@ CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote ad
NOT-FOR-US: ZOOK
CVE-2020-7876
RESERVED
-CVE-2020-7875
- RESERVED
+CVE-2020-7875 (DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, w ...)
+ TODO: check
CVE-2020-7874 (Download of code without integrity check vulnerability in NEXACRO14 Ru ...)
NOT-FOR-US: NEXACRO14 Runtime ActiveX control of tobesoft
CVE-2020-7873 (Download of code without integrity check vulnerability in ActiveX cont ...)
@@ -130503,8 +130532,8 @@ CVE-2019-19812
RESERVED
CVE-2019-19811
RESERVED
-CVE-2019-19810
- RESERVED
+CVE-2019-19810 (Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Jav ...)
+ TODO: check
CVE-2019-19809
RESERVED
CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of configuration fi ...)
@@ -209296,7 +209325,7 @@ CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net
NOTE: https://www.openwall.com/lists/oss-security/2018/09/18/1
NOTE: Fixed by: https://git.kernel.org/linus/5d407b071dc369c26a38398326ee2be53651cfe4
CVE-2018-14640
- RESERVED
+ REJECTED
CVE-2018-14639
REJECTED
CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...)
@@ -247885,7 +247914,7 @@ CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before
NOTE: Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad
NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
CVE-2018-1105
- RESERVED
+ REJECTED
CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows us ...)
NOT-FOR-US: Ansible Tower
CVE-2018-1103 (Openshift Enterprise source-to-image before version 1.1.10 is vulnerab ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63424b5204b604a8446cffd720c4e09971ba5c04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63424b5204b604a8446cffd720c4e09971ba5c04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211028/fb94c0bc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list