[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 26 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
abb98a5d by security tracker role at 2022-08-26T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-38785
+ RESERVED
+CVE-2022-38784
+ RESERVED
+CVE-2022-38783
+ RESERVED
+CVE-2022-38782
+ RESERVED
+CVE-2022-38781
+ RESERVED
+CVE-2022-38780
+ RESERVED
+CVE-2022-38779
+ RESERVED
+CVE-2022-38778
+ RESERVED
+CVE-2022-38777
+ RESERVED
+CVE-2022-38776
+ RESERVED
+CVE-2022-38775
+ RESERVED
+CVE-2022-38774
+ RESERVED
+CVE-2022-38773
+ RESERVED
+CVE-2022-3010
+ RESERVED
+CVE-2022-3009
+ RESERVED
+CVE-2022-3008
+ RESERVED
+CVE-2022-3007
+ RESERVED
+CVE-2022-3006
+ RESERVED
+CVE-2022-3005
+ RESERVED
+CVE-2022-3004
+ RESERVED
+CVE-2022-3003
+ RESERVED
+CVE-2022-3002
+ RESERVED
+CVE-2022-3001
+ RESERVED
+CVE-2022-3000
+ RESERVED
CVE-2022-38772
RESERVED
CVE-2022-38771
@@ -132,7 +180,7 @@ CVE-2022-2984
RESERVED
CVE-2022-2983
RESERVED
-CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0259. ...)
+CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
NOTE: https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260)
@@ -666,7 +714,7 @@ CVE-2022-38535
RESERVED
CVE-2022-38534
RESERVED
-CVE-2022-38533 (In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the e ...)
+CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797
@@ -4406,12 +4454,12 @@ CVE-2022-37154
RESERVED
CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vu ...)
NOT-FOR-US: Artica Proxy
-CVE-2022-37152
- RESERVED
-CVE-2022-37151
- RESERVED
-CVE-2022-37150
- RESERVED
+CVE-2022-37152 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...)
+ TODO: check
+CVE-2022-37151 (There is an unauthorized access vulnerability in Online Diagnostic Lab ...)
+ TODO: check
+CVE-2022-37150 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...)
+ TODO: check
CVE-2022-37149
RESERVED
CVE-2022-37148
@@ -5562,18 +5610,18 @@ CVE-2022-36685
RESERVED
CVE-2022-36684
RESERVED
-CVE-2022-36683
- RESERVED
-CVE-2022-36682
- RESERVED
-CVE-2022-36681
- RESERVED
-CVE-2022-36680
- RESERVED
-CVE-2022-36679
- RESERVED
-CVE-2022-36678
- RESERVED
+CVE-2022-36683 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-36682 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-36681 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-36680 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-36679 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-36678 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
CVE-2022-36677
RESERVED
CVE-2022-36676
@@ -5884,10 +5932,10 @@ CVE-2022-36524 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB
NOT-FOR-US: D-Link
CVE-2022-36523 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv20 ...)
NOT-FOR-US: D-Link
-CVE-2022-36522
- RESERVED
-CVE-2022-36521
- RESERVED
+CVE-2022-36522 (Mikrotik RouterOs through stable v6.48.3 was discovered to contain an ...)
+ TODO: check
+CVE-2022-36521 (Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers ...)
+ TODO: check
CVE-2022-36520 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...)
NOT-FOR-US: H3C
CVE-2022-36519 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...)
@@ -7970,8 +8018,8 @@ CVE-2022-35716 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 thr
NOT-FOR-US: IBM
CVE-2022-35715 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
NOT-FOR-US: IBM
-CVE-2022-35714
- RESERVED
+CVE-2022-35714 (IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scriptin ...)
+ TODO: check
CVE-2022-34861
RESERVED
CVE-2022-34842
@@ -11790,18 +11838,15 @@ CVE-2022-34305 (In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22,
NOTE: Only an issue in the Form authentication example from the examples web application
CVE-2022-34304
RESERVED
-CVE-2022-34303
- RESERVED
+CVE-2022-34303 (A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacke ...)
NOT-FOR-US: Eurosoft (UK) shim
NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates
NOTE: is out of scope for the Debian Security Tracker
-CVE-2022-34302
- RESERVED
+CVE-2022-34302 (A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. ...)
NOT-FOR-US: New Horizon Datasys Inc shim
NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates
NOTE: is out of scope for the Debian Security Tracker
-CVE-2022-34301
- RESERVED
+CVE-2022-34301 (A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-0 ...)
NOT-FOR-US: CryptoPro Secure Disk shim
NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates
NOTE: is out of scope for the Debian Security Tracker
@@ -18293,8 +18338,8 @@ CVE-2022-31775 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 throug
NOT-FOR-US: IBM
CVE-2022-31774 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...)
NOT-FOR-US: IBM
-CVE-2022-31773
- RESERVED
+CVE-2022-31773 (IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cro ...)
+ TODO: check
CVE-2022-31772
RESERVED
CVE-2022-31771
@@ -36353,8 +36398,8 @@ CVE-2022-25627
RESERVED
CVE-2022-25626
RESERVED
-CVE-2022-25625
- RESERVED
+CVE-2022-25625 (A malicious unauthorized PAM user can access the administration config ...)
+ TODO: check
CVE-2022-25624
RESERVED
CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege escalation ...)
@@ -41453,8 +41498,8 @@ CVE-2021-4217 (A flaw was found in unzip. The vulnerability occurs due to improp
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583
NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
NOTE: Crash in CLI tool, no security impact
-CVE-2021-4216
- RESERVED
+CVE-2021-4216 (A Floating point exception (division-by-zero) flaw was found in Mupdf ...)
+ TODO: check
CVE-2022-24035
RESERVED
CVE-2022-24034
@@ -41971,7 +42016,7 @@ CVE-2022-0357
CVE-2022-0356
RESERVED
CVE-2021-4215
- RESERVED
+ REJECTED
CVE-2021-4214 (A heap overflow flaw was found in libpngs' pngimage.c program. This fl ...)
- libpng1.6 <unfixed> (unimportant)
NOTE: https://github.com/glennrp/libpng/issues/302
@@ -44734,8 +44779,7 @@ CVE-2021-46284
RESERVED
CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0225
- RESERVED
+CVE-2022-0225 (A flaw was found in Keycloak. This flaw allows a privileged attacker t ...)
NOT-FOR-US: Keycloak
CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...)
- dolibarr <removed>
@@ -44751,8 +44795,7 @@ CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub r
NOT-FOR-US: jadx
CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0216
- RESERVED
+CVE-2022-0216 (A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ...)
- qemu <unfixed> (bug #1014590)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -44870,8 +44913,7 @@ CVE-2022-23179
RESERVED
CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...)
NOT-FOR-US: Reolink
-CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface]
- RESERVED
+CVE-2022-0217 (It was discovered that an internal Prosody library to load XML based o ...)
{DSA-5047-1}
- prosody 0.11.12-1 (bug #1003696)
[stretch] - prosody <ignored> (websocket module introduced in 0.10.0; internal XML API only used on trusted data)
@@ -44887,8 +44929,7 @@ CVE-2022-0209 (The Mitsol Social Post Feed WordPress plugin before 1.11 does not
NOT-FOR-US: Mitsol Social Post Feed plugin for WordPress
CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0207
- RESERVED
+CVE-2022-0207 (A race condition was found in vdsm. Functionality to obfuscate sensiti ...)
- vdsm <itp> (bug #668538)
CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...)
NOT-FOR-US: WordPress plugin
@@ -45821,8 +45862,7 @@ CVE-2022-22149 (A SQL injection vulnerability exists in the HelpdeskEmailActions
NOT-FOR-US: Lansweeper
CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak]
- RESERVED
+CVE-2022-0175 (A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). ...)
- virglrenderer <not-affected> (Introduced in 0.9.0 with refactor)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039003
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
@@ -45836,8 +45876,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2022-0171
- RESERVED
+CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...)
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -45846,8 +45885,7 @@ CVE-2022-0170 (peertube is vulnerable to Improper Access Control ...)
- peertube <itp> (bug #950821)
CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0168
- RESERVED
+CVE-2022-0168 (A denial of service (DOS) issue was found in the Linux kernel’s ...)
{DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -47889,8 +47927,7 @@ CVE-2022-0085 (Server-Side Request Forgery (SSRF) in GitHub repository dompdf/do
NOTE: Fixed by: https://github.com/dompdf/dompdf/commit/bb1ef65011a14730b7cfbe73506b4bb8a03704bd (v2.0.0)
NOTE: Introduced by https://github.com/dompdf/dompdf/commit/7454ec8f6f765e3b1d4dbbde72c9dcb38479f37e (v0.7.0-beta)
NOTE: https://huntr.dev/bounties/73dbcc78-5ba9-492f-9133-13bbc9f31236
-CVE-2022-0084
- RESERVED
+CVE-2022-0084 (A flaw was found in XNIO, specifically in the notifyReadClosed method. ...)
- jboss-xnio 3.8.7-2 (bug #1013280)
[bullseye] - jboss-xnio <no-dsa> (Minor issue)
[buster] - jboss-xnio <no-dsa> (Minor issue)
@@ -60236,7 +60273,7 @@ CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5
CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...)
NOT-FOR-US: Apache Avro
CVE-2021-3913
- RESERVED
+ REJECTED
CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
NOT-FOR-US: Kaseya
CVE-2021-43043 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
@@ -64137,8 +64174,7 @@ CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Serv
NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013
NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
-CVE-2021-3864 [descendant's dumpable setting with certain SUID binaries]
- RESERVED
+CVE-2021-3864 (A flaw was found in the way the dumpable flag setting was handled when ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2021/10/20/2
CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...)
@@ -64157,8 +64193,7 @@ CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerabili
NOT-FOR-US: zephyr-rtos
CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
NOT-FOR-US: JFrog Artifactory
-CVE-2021-3859
- RESERVED
+CVE-2021-3859 (A flaw was found in Undertow that tripped the client-side invocation t ...)
- undertow 2.2.16-1 (bug #1015983)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378
NOTE: https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
@@ -64253,8 +64288,7 @@ CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database c
NOT-FOR-US: Apache Superset
CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
NOT-FOR-US: Apache Superset
-CVE-2021-3856
- RESERVED
+CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows read ...)
NOT-FOR-US: Keycloak
CVE-2021-3855
RESERVED
@@ -68514,8 +68548,7 @@ CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...)
NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1)
CVE-2021-3755
REJECTED
-CVE-2021-3754
- RESERVED
+CVE-2021-3754 (A flaw was found in keycloak where an attacker is able to register him ...)
NOT-FOR-US: Keycloak
CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...)
{DSA-4978-1 DLA-2843-1 DLA-2785-1}
@@ -68648,8 +68681,8 @@ CVE-2021-40287
RESERVED
CVE-2021-40286
RESERVED
-CVE-2021-40285
- RESERVED
+CVE-2021-40285 (htmly v2.8.1 was discovered to contain an arbitrary file deletion vuln ...)
+ TODO: check
CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...)
NOT-FOR-US: D-Link
CVE-2021-40283
@@ -69140,8 +69173,7 @@ CVE-2021-3739 (A NULL pointer dereference flaw was found in the btrfs_rm_device
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3
-CVE-2021-3735 [ahci: deadlock issue leads to denial of service]
- RESERVED
+CVE-2021-3735 (A deadlock issue was found in the AHCI controller device of QEMU. It o ...)
- qemu <unfixed> (bug #1014767)
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -70722,10 +70754,10 @@ CVE-2021-39396
RESERVED
CVE-2021-39395
RESERVED
-CVE-2021-39394
- RESERVED
-CVE-2021-39393
- RESERVED
+CVE-2021-39394 (mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery ...)
+ TODO: check
+CVE-2021-39393 (mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) ...)
+ TODO: check
CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...)
NOT-FOR-US: MyLittleBackup
CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...)
@@ -72777,8 +72809,7 @@ CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PD
NOT-FOR-US: Foxit
CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
NOT-FOR-US: Foxit
-CVE-2021-3703
- RESERVED
+CVE-2021-3703 (It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-3319 ...)
NOT-FOR-US: Red Hat Serverless
CVE-2021-3702 (A race condition flaw was found in ansible-runner, where an attacker c ...)
- ansible-runner <not-affected> (Vulnerable code introduced later)
@@ -73723,7 +73754,7 @@ CVE-2021-38211
CVE-2021-38210
RESERVED
CVE-2021-3691
- RESERVED
+ REJECTED
CVE-2021-3690 (A flaw was found in Undertow. A buffer leak on the incoming WebSocket ...)
- undertow 2.2.10-1
NOTE: https://issues.redhat.com/browse/UNDERTOW-1935
@@ -74034,8 +74065,7 @@ CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctl
NOT-FOR-US: Corero SecureWatch Managed Services
CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...)
NOT-FOR-US: Corero SecureWatch Managed Services
-CVE-2021-3688
- RESERVED
+CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in all ver ...)
NOT-FOR-US: Red Hat JBoss Core Services HTTP Server
CVE-2021-38135
RESERVED
@@ -75514,8 +75544,7 @@ CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in
NOT-FOR-US: Apache OFBiz
CVE-2021-37607
RESERVED
-CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory segment counts]
- RESERVED
+CVE-2021-3669 (A flaw was found in the Linux kernel. Measuring usage of the shared me ...)
- linux 5.15.3-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
@@ -77513,7 +77542,7 @@ CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity S
CVE-2021-36759
RESERVED
CVE-2021-3651
- RESERVED
+ REJECTED
CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...)
NOT-FOR-US: 1Password
CVE-2021-36757
@@ -77569,8 +77598,7 @@ CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input Du
NOT-FOR-US: btcpayserver
CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...)
NOT-FOR-US: Node viking04/merge
-CVE-2021-3644
- RESERVED
+CVE-2021-3644 (A flaw was found in wildfly-core in all versions. If a vault expressio ...)
- wildfly <itp> (bug #752018)
CVE-2020-36419
RESERVED
@@ -79056,8 +79084,7 @@ CVE-2021-36091 (Agents are able to list appointments in the calendars without re
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
-CVE-2021-3632
- RESERVED
+CVE-2021-3632 (A flaw was found in Keycloak. This vulnerability allows anyone to regi ...)
NOT-FOR-US: Keycloak
CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...)
- libcommons-compress-java 1.21-1 (bug #991041)
@@ -79586,7 +79613,7 @@ CVE-2021-3629 (A flaw was found in Undertow. A potential security issue in flow
CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...)
NOT-FOR-US: OpenKM
CVE-2021-3627
- RESERVED
+ REJECTED
CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...)
- apr 1.7.0-7 (bug #992789)
[bullseye] - apr 1.7.0-6+deb11u1
@@ -79598,8 +79625,7 @@ CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was
NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198
NOTE: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
-CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary directories]
- RESERVED
+CVE-2021-35939 (It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was inco ...)
- rpm <unfixed> (bug #990543)
[bullseye] - rpm <ignored> (Minor issue)
[buster] - rpm <ignored> (Minor issue)
@@ -83409,8 +83435,7 @@ CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions <
NOT-FOR-US: JT2Go
CVE-2021-3586 (A flaw was found in servicemesh-operator. The NetworkPolicy resources ...)
NOT-FOR-US: Maistra
-CVE-2021-3585
- RESERVED
+CVE-2021-3585 (A flaw was found in openstack-tripleo-heat-templates. Plain passwords ...)
- tripleo-heat-templates <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247
CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...)
@@ -84541,8 +84566,8 @@ CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379
[buster] - openjpeg2 <no-dsa> (Minor issue)
[stretch] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1347
-CVE-2021-3574
- RESERVED
+CVE-2021-3574 (A vulnerability was found in ImageMagick-7.0.11-5, where executing a c ...)
+ TODO: check
CVE-2021-33804
RESERVED
CVE-2021-33803
@@ -85346,8 +85371,7 @@ CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because
NOT-FOR-US: Pexip Infinity
CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
NOT-FOR-US: Pexip Infinity
-CVE-2021-3563
- RESERVED
+CVE-2021-3563 (A flaw was found in openstack-keystone. Only the first 72 characters o ...)
- keystone <unfixed> (bug #989998)
[bullseye] - keystone <no-dsa> (Minor issue)
[buster] - keystone <no-dsa> (Minor issue)
@@ -99536,8 +99560,8 @@ CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote a
NOT-FOR-US: Clipper
CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...)
NOT-FOR-US: Zoom
-CVE-2021-3427
- RESERVED
+CVE-2021-3427 (The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. ...)
+ TODO: check
CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated ...)
NOT-FOR-US: LUCY Security Awareness Software
CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session is not ...)
@@ -100919,8 +100943,7 @@ CVE-2021-27567
RESERVED
CVE-2021-27566
RESERVED
-CVE-2021-3414
- RESERVED
+CVE-2021-3414 (A flaw was found in satellite. When giving granular permission related ...)
NOT-FOR-US: Red Hat Satellite
CVE-2021-27565 (The web server in InterNiche NicheStack through 4.0.1 allows remote at ...)
NOT-FOR-US: InterNiche NicheStack
@@ -120261,8 +120284,7 @@ CVE-2021-20261 (A race condition was found in the Linux kernels implementation o
- linux 4.5.1-1
NOTE: https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932150
-CVE-2021-20260
- RESERVED
+CVE-2021-20260 (A flaw was found in the Foreman project. The Datacenter plugin exposes ...)
- foreman <itp> (bug #663101)
CVE-2021-20259 (A flaw was found in the Foreman project. The Proxmox compute resource ...)
- foreman <itp> (bug #663101)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb98a5d112f7cf91cbae70d6857d2e7984f5417
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb98a5d112f7cf91cbae70d6857d2e7984f5417
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220826/1c923248/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list