[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 30 09:10:22 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e8ad1d5 by security tracker role at 2021-10-30T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -65383,18 +65383,18 @@ CVE-2021-1125
RESERVED
CVE-2021-1124
RESERVED
-CVE-2021-1123
- RESERVED
-CVE-2021-1122
- RESERVED
-CVE-2021-1121
- RESERVED
-CVE-2021-1120
- RESERVED
-CVE-2021-1119
- RESERVED
-CVE-2021-1118
- RESERVED
+CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
+CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...)
TODO: check
CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
@@ -74238,8 +74238,8 @@ CVE-2020-25883
RESERVED
CVE-2020-25882
RESERVED
-CVE-2020-25881
- RESERVED
+CVE-2020-25881 (A vulnerability was discovered in the filename parameter in pathindex. ...)
+ TODO: check
CVE-2020-25880
RESERVED
CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 'Manage Users ...)
@@ -74254,10 +74254,10 @@ CVE-2020-25875 (A stored cross site scripting (XSS) vulnerability in the 'Smiley
NOT-FOR-US: Codoforum
CVE-2020-25874
RESERVED
-CVE-2020-25873
- RESERVED
-CVE-2020-25872
- RESERVED
+CVE-2020-25873 (A directory traversal vulnerability in the component system/manager/cl ...)
+ TODO: check
+CVE-2020-25872 (A vulnerability exists within the FileManagerController.php function i ...)
+ TODO: check
CVE-2020-25871
RESERVED
CVE-2020-25870
@@ -114195,6 +114195,7 @@ CVE-2020-10003 (An issue existed within the path validation logic for symlinks.
CVE-2020-10002 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-10001 (An input validation issue was addressed with improved memory handling. ...)
+ {DLA-2800-1}
- cups 2.3.3op2-1
[buster] - cups <no-dsa> (Minor issue)
NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2)
@@ -148885,6 +148886,7 @@ CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may all
CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...)
NOT-FOR-US: Victure PC530 devices
CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
+ {DLA-2799-1}
- opencv 4.1.2+dfsg-3
[buster] - opencv <no-dsa> (Minor issue)
[jessie] - opencv <no-dsa> (Minor issue)
@@ -153711,6 +153713,7 @@ CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a di
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b224e2f5739fe61de9fa69955d016725b2a4b78d
CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...)
+ {DLA-2799-1}
[experimental] - opencv 4.1.1+dfsg-1
- opencv 4.1.2+dfsg-3
[buster] - opencv <no-dsa> (Minor issue)
@@ -235934,13 +235937,13 @@ CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver fil
CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setP ...)
- {DLA-1438-1 DLA-1354-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886675)
NOTE: https://github.com/opencv/opencv/issues/10540
NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDec ...)
- {DLA-1438-1 DLA-1354-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886674)
NOTE: https://github.com/opencv/opencv/issues/10541
@@ -239588,7 +239591,7 @@ CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.
CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git versio ...)
NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
- {DLA-1438-1 DLA-1235-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886282)
NOTE: https://github.com/opencv/opencv/issues/9723
@@ -241113,7 +241116,7 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in read_c
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData fun ...)
- {DLA-1438-1 DLA-1235-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #885843)
NOTE: https://github.com/opencv/opencv/issues/10351
@@ -264284,17 +264287,17 @@ CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and
- connman 1.35-1 (bug #872844)
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875345)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875344)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875342)
NOTE: https://github.com/opencv/opencv/issues/9370
@@ -265116,22 +265119,22 @@ CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, an
CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...)
NOT-FOR-US: Liferay Portal
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invali ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -265143,7 +265146,7 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -265155,17 +265158,17 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -328439,7 +328442,7 @@ CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service
NOTE: https://arxiv.org/pdf/1701.04739.pdf
NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872043)
NOTE: https://arxiv.org/pdf/1701.04739.pdf
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e8ad1d51f339c1d7509227e33794d8adea679f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e8ad1d51f339c1d7509227e33794d8adea679f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211030/d90b7ae4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list