[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 24 21:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3800fb41 by security tracker role at 2022-08-24T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-2979
+ RESERVED
+CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was found ...)
+ TODO: check
CVE-2022-38730
RESERVED
CVE-2022-38729
@@ -241,7 +245,7 @@ CVE-2022-38649
RESERVED
CVE-2022-38648
RESERVED
-CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0245. ...)
+CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
@@ -595,8 +599,8 @@ CVE-2022-38496
RESERVED
CVE-2022-38495
RESERVED
-CVE-2022-38078
- RESERVED
+CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a command ...)
+ TODO: check
CVE-2022-2925
RESERVED
CVE-2022-2924
@@ -646,6 +650,7 @@ CVE-2022-38479
RESERVED
CVE-2022-38478
RESERVED
+ {DSA-5217-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
- thunderbird <unfixed>
@@ -686,6 +691,7 @@ CVE-2022-38474
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38474
CVE-2022-38473
RESERVED
+ {DSA-5217-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
- thunderbird <unfixed>
@@ -696,6 +702,7 @@ CVE-2022-38473
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38473
CVE-2022-38472
RESERVED
+ {DSA-5217-1 DLA-3080-1}
- firefox 104.0-1
- firefox-esr 102.2.0esr-1
- thunderbird <unfixed>
@@ -736,12 +743,12 @@ CVE-2022-38466
RESERVED
CVE-2022-38465
RESERVED
-CVE-2022-38089
- RESERVED
-CVE-2022-38080
- RESERVED
-CVE-2022-37333
- RESERVED
+CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/ ...)
+ TODO: check
+CVE-2022-38080 (Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedo ...)
+ TODO: check
+CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5. ...)
+ TODO: check
CVE-2022-2908
RESERVED
CVE-2022-2907
@@ -4189,14 +4196,14 @@ CVE-2022-37183
RESERVED
CVE-2022-37182
RESERVED
-CVE-2022-37181
- RESERVED
+CVE-2022-37181 (72crm 9.0 has an Arbitrary file upload vulnerability. ...)
+ TODO: check
CVE-2022-37180
RESERVED
CVE-2022-37179
RESERVED
-CVE-2022-37178
- RESERVED
+CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection vulnera ...)
+ TODO: check
CVE-2022-37177
RESERVED
CVE-2022-37176
@@ -4245,8 +4252,8 @@ CVE-2022-37155
RESERVED
CVE-2022-37154
RESERVED
-CVE-2022-37153
- RESERVED
+CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vu ...)
+ TODO: check
CVE-2022-37152
RESERVED
CVE-2022-37151
@@ -4671,8 +4678,8 @@ CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validatio
- intellij-idea <itp> (bug #747616)
CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Va ...)
- intellij-idea <itp> (bug #747616)
-CVE-2022-2569
- RESERVED
+CVE-2022-2569 (The affected device stores sensitive information in cleartext, which m ...)
+ TODO: check
CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2022-2567
@@ -5503,8 +5510,8 @@ CVE-2022-36635
RESERVED
CVE-2022-36634
RESERVED
-CVE-2022-36633
- RESERVED
+CVE-2022-36633 (Teleport 9.3.6 is vulnerable to Command injection leading to Remote Co ...)
+ TODO: check
CVE-2022-36632
RESERVED
CVE-2022-36631
@@ -10042,12 +10049,12 @@ CVE-2022-34847
RESERVED
CVE-2022-34839 (Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34838
- RESERVED
-CVE-2022-34837
- RESERVED
-CVE-2022-34836
- RESERVED
+CVE-2022-34838 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...)
+ TODO: check
+CVE-2022-34837 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...)
+ TODO: check
+CVE-2022-34836 (Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the use ...)
+ TODO: check
CVE-2022-34654
RESERVED
CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
@@ -10446,8 +10453,8 @@ CVE-2022-34745
RESERVED
CVE-2022-34744
RESERVED
-CVE-2022-2234
- RESERVED
+CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0 user may be able to modify param ...)
+ TODO: check
CVE-2022-2233
RESERVED
CVE-2022-2232
@@ -14441,8 +14448,8 @@ CVE-2022-33174 (Power Distribution Units running on Powertek firmware (multiple
NOT-FOR-US: Powertek
CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase Server before ...)
NOT-FOR-US: Couchbase Server
-CVE-2022-33172
- RESERVED
+CVE-2022-33172 (de.fac2 1.34 allows bypassing the User Presence protection mechanism w ...)
+ TODO: check
CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either ...)
NOT-FOR-US: TypeORM
CVE-2022-33170
@@ -18532,6 +18539,7 @@ CVE-2022-31678
CVE-2022-31677
RESERVED
CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege es ...)
+ {DSA-5215-1}
- open-vm-tools 2:12.1.0-1 (bug #1018012)
NOTE: Fixed by: https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745 (stable-12.1.0)
NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2022-31676.patch/1205-Properly-check-authorization-on-incoming-guestOps-re.patch
@@ -30118,8 +30126,8 @@ CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c opt
NOT-FOR-US: SWHKD
CVE-2022-27813
RESERVED
-CVE-2022-27812
- RESERVED
+CVE-2022-27812 (Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the ...)
+ TODO: check
CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via shell met ...)
- ocrfeeder <unfixed> (bug #1008320)
[bullseye] - ocrfeeder <no-dsa> (Minor issue)
@@ -40524,8 +40532,7 @@ CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field
[buster] - mariadb-10.3 1:10.3.34-0+deb10u1
NOTE: https://jira.mariadb.org/browse/MDEV-25766
NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
-CVE-2021-4218
- RESERVED
+CVE-2021-4218 (A flaw was found in the Linux kernel’s implementation of reading ...)
- linux <not-affected> (Vulnerable code not present; specific to CentOS/RHEL)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359
NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always used copy_to_user()
@@ -41290,8 +41297,7 @@ CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 doe
NOT-FOR-US: WordPress plugin
CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-4217 [Null pointer dereference in Unicode strings code]
- RESERVED
+CVE-2021-4217 (A flaw was found in unzip. The vulnerability occurs due to improper ha ...)
- unzip <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583
NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
@@ -41815,13 +41821,11 @@ CVE-2022-0356
RESERVED
CVE-2021-4215
RESERVED
-CVE-2021-4214
- RESERVED
+CVE-2021-4214 (A heap overflow flaw was found in libpngs' pngimage.c program. This fl ...)
- libpng1.6 <unfixed> (unimportant)
NOTE: https://github.com/glennrp/libpng/issues/302
NOTE: Crash in CLI package, not shipped in binary packages
-CVE-2021-4213
- RESERVED
+CVE-2021-4213 (A flaw was found in JSS, where it did not properly free up all memory. ...)
- jss <unfixed> (bug #1014770)
[bullseye] - jss <no-dsa> (Minor issue)
[buster] - jss <no-dsa> (Minor issue)
@@ -42387,8 +42391,7 @@ CVE-2022-0341 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa2
NOT-FOR-US: vditor
CVE-2022-0340
RESERVED
-CVE-2021-4209
- RESERVED
+CVE-2021-4209 (A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash ...)
{DLA-3070-1}
- gnutls28 3.7.3-2
[bullseye] - gnutls28 3.7.1-5+deb11u1
@@ -45324,8 +45327,7 @@ CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-0177
REJECTED
-CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
- RESERVED
+CVE-2021-4204 (An out-of-bounds (OOB) memory access flaw was found in the Linux kerne ...)
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -48477,8 +48479,7 @@ CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denia
[stretch] - wireshark <not-affected> (The vulnerable code is not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
-CVE-2021-4189 [ftplib should not use the host from the PASV response]
- RESERVED
+CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfer Pro ...)
{DLA-2919-1}
- python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
- python3.9 3.9.7-1
@@ -49246,8 +49247,7 @@ CVE-2021-44461
RESERVED
CVE-2021-44460
RESERVED
-CVE-2021-4178
- RESERVED
+CVE-2021-4178 (A arbitrary code execution flaw was found in the Fabric 8 Kubernetes c ...)
NOT-FOR-US: fabric8io/kubernetes-client
NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388
@@ -49803,8 +49803,7 @@ CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squarin
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m)
NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html
NOTE: https://www.openssl.org/news/secadv/20220128.txt
-CVE-2021-4159 [bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()]
- RESERVED
+CVE-2021-4159 (A vulnerability was found in the Linux kernel's EBPF verifier when han ...)
- linux 5.7.6-1
[stretch] - linux <ignored> (Too risky to backport, and mitigated by default)
NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1)
@@ -49821,8 +49820,7 @@ CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a p
NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)
CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
NOT-FOR-US: Open5GS
-CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c]
- RESERVED
+CVE-2021-4158 (A NULL pointer dereference issue was found in the ACPI code of QEMU. A ...)
- qemu 1:6.2+dfsg-2
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -49848,8 +49846,7 @@ CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec f
[buster] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/libsndfile/libsndfile/issues/731
NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
-CVE-2021-4155
- RESERVED
+CVE-2021-4155 (A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS ...)
{DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
@@ -50890,8 +50887,7 @@ CVE-2021-45235
RESERVED
CVE-2021-45234
RESERVED
-CVE-2021-4142
- RESERVED
+CVE-2021-4142 (The Candlepin component of Red Hat Satellite was affected by an improp ...)
NOT-FOR-US: Red Hat Satellite / Candlepin
CVE-2021-4141
RESERVED
@@ -51565,8 +51561,7 @@ CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
NOTE: binutils not covered by security support
-CVE-2021-4125
- RESERVED
+CVE-2021-4125 (It was found that the original fix for log4j CVE-2021-44228 and CVE-20 ...)
NOT-FOR-US: OpenShift metering hive containers
CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...)
- logback 1:1.2.8-1
@@ -51584,8 +51579,7 @@ CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input D
NOTE: Issues only in janus-demos built from src:janus
CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
-CVE-2021-4122 [decryption through LUKS2 reencryption crash recovery]
- RESERVED
+CVE-2021-4122 (It was found that a specially crafted LUKS header could trick cryptset ...)
{DSA-5070-1}
- cryptsetup 2:2.4.3-1 (bug #1003686)
[buster] - cryptsetup <not-affected> (Vulnerable code not present; does not support online LUKS2 reencryption)
@@ -53627,13 +53621,11 @@ CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to
NOTE: Introduced by https://github.com/gpac/gpac/commit/bc1704db1523eb3161af90da44b8394d4512855f
CVE-2021-4042
RESERVED
-CVE-2021-4041 [Improper shell escaping in ansible-runner]
- RESERVED
+CVE-2021-4041 (A flaw was found in ansible-runner. An improper escaping of the shell ...)
- ansible-runner 2.1.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074
NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0)
-CVE-2021-4040
- RESERVED
+CVE-2021-4040 (A flaw was found in AMQ Broker. This issue can cause a partial interru ...)
NOT-FOR-US: Red Hat AMQ Broker
CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyxel NW ...)
NOT-FOR-US: Zyxel
@@ -53854,8 +53846,7 @@ CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector
NOT-FOR-US: Intel
CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M Android appli ...)
NOT-FOR-US: Intel
-CVE-2021-4037 [security regression for CVE-2018-13405]
- RESERVED
+CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() functio ...)
- linux 5.14.6-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239
NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
@@ -54374,8 +54365,7 @@ CVE-2021-4030 (A cross-site request forgery vulnerability in the HTTP daemon of
NOT-FOR-US: Zyxel
CVE-2021-4029 (A command injection vulnerability in the CGI program of the Zyxel ARMO ...)
NOT-FOR-US: Zyxel
-CVE-2021-4028 [use-after-free in RDMA listen()]
- RESERVED
+CVE-2021-4028 (A flaw in the Linux kernel's implementation of RDMA communications man ...)
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -54971,8 +54961,7 @@ CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier be
NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53
CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: ShowDoc
-CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()]
- RESERVED
+CVE-2021-3999 (A flaw was found in glibc. An off-by-one buffer overflow and underflow ...)
- glibc 2.33-4
[bullseye] - glibc <no-dsa> (Minor issue)
[buster] - glibc <no-dsa> (Minor issue)
@@ -54981,8 +54970,7 @@ CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()]
NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=472e799a5f2102bc0c3206dbd5a801765fceb39c
-CVE-2021-3998 [Unexpected return value from realpath() for too long results]
- RESERVED
+CVE-2021-3998 (A flaw was found in glibc. The realpath() function can mistakenly retu ...)
- glibc 2.33-4
[bullseye] - glibc <not-affected> (Vulnerable code introduced later)
[buster] - glibc <not-affected> (Vulnerable code introduced later)
@@ -58391,8 +58379,8 @@ CVE-2021-43311
RESERVED
CVE-2021-43310
RESERVED
-CVE-2021-43309
- RESERVED
+CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
+ TODO: check
CVE-2021-43308 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
NOT-FOR-US: Node markdown-link-extractor
CVE-2021-43307 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
@@ -61962,8 +61950,8 @@ CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vuln
NOT-FOR-US: Android
CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...)
NOT-FOR-US: Android
-CVE-2022-20359
- REJECTED
+CVE-2022-20359 (In various methods of NotificationManagerService.java, there is a poss ...)
+ TODO: check
CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible informatio ...)
@@ -62202,7 +62190,7 @@ CVE-2022-20241 (In Messaging, there is a possible way to attach a private file t
NOT-FOR-US: Android
CVE-2022-20240
RESERVED
-CVE-2022-20239 ('remap_pfn_range' here may map out of size kernel memory (for example, ...)
+CVE-2022-20239 (remap_pfn_range' here may map out of size kernel memory (for example, ...)
NOT-FOR-US: Unisoc
CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for example, ...)
NOT-FOR-US: Unisoc
@@ -62467,8 +62455,7 @@ CVE-2022-20124 (In deletePackageX of DeletePackageHelper.java, there is a possib
NOT-FOR-US: Android
CVE-2022-20123 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2022-20122
- RESERVED
+CVE-2022-20122 (The PowerVR GPU driver allows unprivileged apps to allocated pinned me ...)
NOT-FOR-US: Imagination Technologies
CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...)
NOT-FOR-US: Pixel
@@ -69589,8 +69576,7 @@ CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory
NOT-FOR-US: Adobe
CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
-CVE-2021-39815
- RESERVED
+CVE-2021-39815 (The PowerVR GPU driver allows unprivileged apps to allocated pinned me ...)
NOT-FOR-US: Imagination Technologies
CVE-2021-39814 (In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds wr ...)
NOT-FOR-US: Pixel
@@ -93067,6 +93053,7 @@ CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 all
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...)
+ {DSA-5216-1}
- chromium 93.0.4577.82-1 (bug #990079)
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -93433,7 +93420,7 @@ CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kern
CVE-2021-30480 (Zoom Chat through 2021-04-09 on Windows and macOS allows certain remot ...)
NOT-FOR-US: Zoom Chat
CVE-2021-3488
- RESERVED
+ REJECTED
CVE-2021-30479 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
- zulip-server <itp> (bug #800052)
CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
@@ -120846,7 +120833,7 @@ CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation failure
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
NOTE: Crash in CLI tool, no security impact
CVE-2020-35520
- RESERVED
+ REJECTED
CVE-2020-35519 (An out-of-bounds (OOB) memory access flaw was found in x25_bind in net ...)
- linux 5.9.15-1
[buster] - linux 4.19.171-1
@@ -128569,10 +128556,10 @@ CVE-2021-0949
RESERVED
CVE-2021-0948
RESERVED
-CVE-2021-0947
- RESERVED
-CVE-2021-0946
- RESERVED
+CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on th ...)
+ TODO: check
+CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameI ...)
+ TODO: check
CVE-2021-0945
RESERVED
CVE-2021-0944
@@ -128710,16 +128697,16 @@ CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use aft
NOT-FOR-US: Mediatek
CVE-2021-0892
RESERVED
-CVE-2021-0891
- RESERVED
+CVE-2021-0891 (An unprivileged app can trigger PowerVR driver to return an uninitiali ...)
+ TODO: check
CVE-2021-0890
RESERVED
CVE-2021-0889 (In Android TV , there is a possible silent pairing due to lack of rate ...)
NOT-FOR-US: Android TV
CVE-2021-0888
RESERVED
-CVE-2021-0887
- RESERVED
+CVE-2021-0887 (In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kern ...)
+ TODO: check
CVE-2021-0886
RESERVED
CVE-2021-0885
@@ -129099,8 +129086,8 @@ CVE-2021-0700
RESERVED
CVE-2021-0699
RESERVED
-CVE-2021-0698
- RESERVED
+CVE-2021-0698 (In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel ...)
+ TODO: check
CVE-2021-0697
RESERVED
CVE-2021-0696
@@ -198630,7 +198617,7 @@ CVE-2020-1725 (A flaw was found in keycloak before version 13.0.0. In some scena
NOT-FOR-US: Keycloak
CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...)
NOT-FOR-US: Keycloak
-CVE-2020-1723 (The logout endpoint /oauth/logout?redirect=url can be abused to redire ...)
+CVE-2020-1723 (A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint ...)
NOT-FOR-US: Keycloak
CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
- freeipa 4.8.8-2 (bug #966200)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3800fb41f0d57b7d5cb0b971e72d9caf4b48d30f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3800fb41f0d57b7d5cb0b971e72d9caf4b48d30f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220824/3a3acc0b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list