[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 10 08:10:19 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78aad5ce by security tracker role at 2022-02-10T08:10:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-24703
+ RESERVED
+CVE-2022-24702
+ RESERVED
+CVE-2022-24701
+ RESERVED
+CVE-2022-24700
+ RESERVED
+CVE-2022-0556
+ RESERVED
+CVE-2022-0555
+ RESERVED
+CVE-2022-0554
+ RESERVED
+CVE-2022-0553
+ RESERVED
+CVE-2022-0552
+ RESERVED
CVE-2022-24699
RESERVED
CVE-2022-24698
@@ -104,22 +122,19 @@ CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM
TODO: check
CVE-2022-0535
RESERVED
-CVE-2022-0534
- RESERVED
+CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
+ TODO: check
CVE-2022-0533
RESERVED
-CVE-2022-0532
- RESERVED
+CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...)
NOT-FOR-US: cri-o
CVE-2022-0531
RESERVED
-CVE-2022-0530
- RESERVED
+CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
- unzip <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
TODO: clarify details
-CVE-2022-0529
- RESERVED
+CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
- unzip <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402
TODO: clarify details
@@ -135,12 +150,12 @@ CVE-2021-46677
RESERVED
CVE-2021-46676
RESERVED
-CVE-2022-24668
- RESERVED
-CVE-2022-24667
- RESERVED
-CVE-2022-24666
- RESERVED
+CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ TODO: check
+CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ TODO: check
+CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ TODO: check
CVE-2022-0528
RESERVED
CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
@@ -971,30 +986,30 @@ CVE-2022-24323
RESERVED
CVE-2022-24322
RESERVED
-CVE-2022-24321
- RESERVED
-CVE-2022-24320
- RESERVED
-CVE-2022-24319
- RESERVED
-CVE-2022-24318
- RESERVED
-CVE-2022-24317
- RESERVED
-CVE-2022-24316
- RESERVED
-CVE-2022-24315
- RESERVED
-CVE-2022-24314
- RESERVED
-CVE-2022-24313
- RESERVED
-CVE-2022-24312
- RESERVED
-CVE-2022-24311
- RESERVED
-CVE-2022-24310
- RESERVED
+CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
+CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
+ TODO: check
+CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
+ TODO: check
+CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...)
+ TODO: check
+CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...)
+ TODO: check
+CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...)
+ TODO: check
+CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...)
+ TODO: check
+CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...)
+ TODO: check
+CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ TODO: check
+CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...)
+ TODO: check
CVE-2022-24309
RESERVED
CVE-2022-0480
@@ -1591,7 +1606,7 @@ CVE-2022-24145 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack over
NOT-FOR-US: Tenda routers
CVE-2022-24144 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...)
NOT-FOR-US: Tenda routers
-CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to con ...)
NOT-FOR-US: Tenda routers
CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
NOT-FOR-US: Tenda routers
@@ -1972,8 +1987,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218)
-CVE-2022-0391 [urllib.parse does not sanitize URLs containing ASCII newline and tabs]
- RESERVED
+CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...)
- python3.9 3.9.7-1
[bullseye] - python3.9 <no-dsa> (Minor issue)
- python3.7 <removed>
@@ -3599,14 +3613,14 @@ CVE-2022-23633
RESERVED
CVE-2022-23632
RESERVED
-CVE-2022-23631
- RESERVED
+CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
+ TODO: check
CVE-2022-23630
RESERVED
CVE-2022-23629
RESERVED
-CVE-2022-23628
- RESERVED
+CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...)
+ TODO: check
CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...)
NOT-FOR-US: ArchiSteamFarm
CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
@@ -3617,22 +3631,22 @@ CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScrip
NOT-FOR-US: Frourio-express
CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
NOT-FOR-US: Frourio
-CVE-2022-23622
- RESERVED
-CVE-2022-23621
- RESERVED
-CVE-2022-23620
- RESERVED
-CVE-2022-23619
- RESERVED
-CVE-2022-23618
- RESERVED
-CVE-2022-23617
- RESERVED
-CVE-2022-23616
- RESERVED
-CVE-2022-23615
- RESERVED
+CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...)
- php-twig 3.3.8-1
NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
@@ -5602,12 +5616,12 @@ CVE-2022-23051
RESERVED
CVE-2022-23050
RESERVED
-CVE-2022-23049
- RESERVED
-CVE-2022-23048
- RESERVED
-CVE-2022-23047
- RESERVED
+CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...)
+ TODO: check
+CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...)
+ TODO: check
+CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...)
+ TODO: check
CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...)
NOT-FOR-US: PhpIPAM
CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...)
@@ -6103,8 +6117,8 @@ CVE-2022-0164
RESERVED
CVE-2022-0163
RESERVED
-CVE-2022-0162
- RESERVED
+CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...)
+ TODO: check
CVE-2022-0161
RESERVED
CVE-2022-0160
@@ -6515,20 +6529,20 @@ CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal In
NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
NOTE: https://github.com/follow-redirects/follow-redirects/issues/183
NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7)
-CVE-2022-22813
- RESERVED
-CVE-2022-22812
- RESERVED
-CVE-2022-22811
- RESERVED
-CVE-2022-22810
- RESERVED
-CVE-2022-22809
- RESERVED
-CVE-2022-22808
- RESERVED
-CVE-2022-22807
- RESERVED
+CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...)
+ TODO: check
+CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ TODO: check
+CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ TODO: check
+CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
+ TODO: check
+CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
+CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...)
+ TODO: check
+CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
+ TODO: check
CVE-2022-22806
RESERVED
CVE-2022-22805
@@ -6581,10 +6595,10 @@ CVE-2022-22782
RESERVED
CVE-2022-22781
RESERVED
-CVE-2022-22780
- RESERVED
-CVE-2022-22779
- RESERVED
+CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...)
+ TODO: check
+CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
+ TODO: check
CVE-2022-22778
RESERVED
CVE-2022-22777
@@ -7312,10 +7326,10 @@ CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: forge
CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...)
NOT-FOR-US: hoppscotch
-CVE-2022-22567
- RESERVED
-CVE-2022-22566
- RESERVED
+CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...)
+ TODO: check
+CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...)
+ TODO: check
CVE-2022-22565
RESERVED
CVE-2022-22564
@@ -7354,44 +7368,44 @@ CVE-2022-22548
RESERVED
CVE-2022-22547
RESERVED
-CVE-2022-22546
- RESERVED
-CVE-2022-22545
- RESERVED
-CVE-2022-22544
- RESERVED
-CVE-2022-22543
- RESERVED
-CVE-2022-22542
- RESERVED
+CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...)
+ TODO: check
+CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...)
+ TODO: check
+CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720 ...)
+ TODO: check
+CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...)
+ TODO: check
+CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...)
+ TODO: check
CVE-2022-22541
RESERVED
-CVE-2022-22540
- RESERVED
-CVE-2022-22539
- RESERVED
-CVE-2022-22538
- RESERVED
-CVE-2022-22537
- RESERVED
-CVE-2022-22536
- RESERVED
-CVE-2022-22535
- RESERVED
-CVE-2022-22534
- RESERVED
-CVE-2022-22533
- RESERVED
-CVE-2022-22532
- RESERVED
+CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...)
+ TODO: check
+CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...)
+ TODO: check
+CVE-2022-22538 (When a user opens a manipulated Adobe Illustrator file format (.ai, ai ...)
+ TODO: check
+CVE-2022-22537 (When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3 ...)
+ TODO: check
+CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Serve ...)
+ TODO: check
+CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...)
+ TODO: check
+CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...)
+ TODO: check
+CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...)
+ TODO: check
+CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...)
+ TODO: check
CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...)
NOT-FOR-US: SAP
CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...)
NOT-FOR-US: SAP
CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficie ...)
NOT-FOR-US: SAP
-CVE-2022-22528
- RESERVED
+CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installation make ...)
+ TODO: check
CVE-2022-22527
RESERVED
CVE-2022-0120
@@ -10940,8 +10954,8 @@ CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1,
NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3
CVE-2021-45287
RESERVED
-CVE-2021-45286
- RESERVED
+CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...)
+ TODO: check
CVE-2021-45285
RESERVED
CVE-2021-45284
@@ -12641,8 +12655,8 @@ CVE-2022-21827
RESERVED
CVE-2022-21826
RESERVED
-CVE-2022-21825
- RESERVED
+CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...)
+ TODO: check
CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
NOT-FOR-US: Ivanti
CVE-2021-44831
@@ -12859,8 +12873,8 @@ CVE-2022-21239
RESERVED
CVE-2022-21229
RESERVED
-CVE-2022-21226
- RESERVED
+CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
+ TODO: check
CVE-2022-21206
RESERVED
CVE-2022-21188
@@ -12877,8 +12891,8 @@ CVE-2022-21162
RESERVED
CVE-2022-21161
RESERVED
-CVE-2022-21156
- RESERVED
+CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...)
+ TODO: check
CVE-2022-21152
RESERVED
CVE-2022-21150
@@ -12993,8 +13007,8 @@ CVE-2021-44545
RESERVED
CVE-2021-44457
RESERVED
-CVE-2021-44454
- RESERVED
+CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
+ TODO: check
CVE-2021-43351
RESERVED
CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
@@ -13007,8 +13021,8 @@ CVE-2021-23188
RESERVED
CVE-2021-23168
RESERVED
-CVE-2021-23152
- RESERVED
+CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...)
+ TODO: check
CVE-2021-23145
RESERVED
CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
@@ -13830,8 +13844,8 @@ CVE-2022-21240
RESERVED
CVE-2022-21237
RESERVED
-CVE-2022-21218
- RESERVED
+CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...)
+ TODO: check
CVE-2022-21212
RESERVED
CVE-2022-21197
@@ -13844,8 +13858,8 @@ CVE-2022-21140
RESERVED
CVE-2022-21139
RESERVED
-CVE-2022-21133
- RESERVED
+CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
+ TODO: check
CVE-2021-44470
RESERVED
CVE-2021-4037 [security regression for CVE-2018-13405]
@@ -15607,8 +15621,8 @@ CVE-2022-21661 (WordPress is a free and open-source content management system wr
NOTE: https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214
NOTE: https://hackerone.com/reports/1378209
NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
-CVE-2022-21660
- RESERVED
+CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
+ TODO: check
CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...)
TODO: check
CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...)
@@ -17010,16 +17024,16 @@ CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During
NOT-FOR-US: snipe-it
CVE-2022-21216
RESERVED
-CVE-2022-21204
- RESERVED
+CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...)
+ TODO: check
CVE-2022-21200
RESERVED
-CVE-2022-21174
- RESERVED
-CVE-2022-21157
- RESERVED
-CVE-2022-21153
- RESERVED
+CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...)
+ TODO: check
+CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...)
+ TODO: check
+CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...)
+ TODO: check
CVE-2022-21151
RESERVED
CVE-2022-21138
@@ -17407,14 +17421,14 @@ CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC <
NOTE: Crash in CLI tool, no security impact
CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
NOT-FOR-US: django-helpdesk
-CVE-2022-21220
- RESERVED
+CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...)
+ TODO: check
CVE-2022-21207
RESERVED
-CVE-2022-21205
- RESERVED
-CVE-2022-21203
- RESERVED
+CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...)
+ TODO: check
+CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...)
+ TODO: check
CVE-2022-21181
RESERVED
CVE-2022-21180
@@ -22721,52 +22735,52 @@ CVE-2022-20048
RESERVED
CVE-2022-20047
RESERVED
-CVE-2022-20046
- RESERVED
-CVE-2022-20045
- RESERVED
-CVE-2022-20044
- RESERVED
-CVE-2022-20043
- RESERVED
-CVE-2022-20042
- RESERVED
-CVE-2022-20041
- RESERVED
-CVE-2022-20040
- RESERVED
-CVE-2022-20039
- RESERVED
-CVE-2022-20038
- RESERVED
-CVE-2022-20037
- RESERVED
-CVE-2022-20036
- RESERVED
-CVE-2022-20035
- RESERVED
-CVE-2022-20034
- RESERVED
-CVE-2022-20033
- RESERVED
-CVE-2022-20032
- RESERVED
-CVE-2022-20031
- RESERVED
-CVE-2022-20030
- RESERVED
-CVE-2022-20029
- RESERVED
-CVE-2022-20028
- RESERVED
-CVE-2022-20027
- RESERVED
-CVE-2022-20026
- RESERVED
-CVE-2022-20025
- RESERVED
-CVE-2022-20024
- RESERVED
+CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...)
+ TODO: check
+CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...)
+ TODO: check
+CVE-2022-20044 (In Bluetooth, there is a possible service crash due to a use after fre ...)
+ TODO: check
+CVE-2022-20043 (In Bluetooth, there is a possible escalation of privilege due to a mis ...)
+ TODO: check
+CVE-2022-20042 (In Bluetooth, there is a possible information disclosure due to incorr ...)
+ TODO: check
+CVE-2022-20041 (In Bluetooth, there is a possible escalation of privilege due to a mis ...)
+ TODO: check
+CVE-2022-20040 (In power_hal_manager_service, there is a possible permission bypass du ...)
+ TODO: check
+CVE-2022-20039 (In ccu driver, there is a possible memory corruption due to an integer ...)
+ TODO: check
+CVE-2022-20038 (In ccu driver, there is a possible memory corruption due to an incorre ...)
+ TODO: check
+CVE-2022-20037 (In ion driver, there is a possible information disclosure due to an in ...)
+ TODO: check
+CVE-2022-20036 (In ion driver, there is a possible information disclosure due to an in ...)
+ TODO: check
+CVE-2022-20035 (In vcu driver, there is a possible information disclosure due to a use ...)
+ TODO: check
+CVE-2022-20034 (In Preloader XFLASH, there is a possible escalation of privilege due t ...)
+ TODO: check
+CVE-2022-20033 (In camera driver, there is a possible out of bounds read due to an inc ...)
+ TODO: check
+CVE-2022-20032 (In vow driver, there is a possible memory corruption due to a race con ...)
+ TODO: check
+CVE-2022-20031 (In fb driver, there is a possible memory corruption due to a use after ...)
+ TODO: check
+CVE-2022-20030 (In vow driver, there is a possible out of bounds write due to a stack- ...)
+ TODO: check
+CVE-2022-20029 (In cmdq driver, there is a possible out of bounds read due to an incor ...)
+ TODO: check
+CVE-2022-20028 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20027 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20026 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20025 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20024 (In system service, there is a possible permission bypass due to a miss ...)
+ TODO: check
CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...)
NOT-FOR-US: MediaTek
CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...)
@@ -22779,8 +22793,8 @@ CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure d
NOT-FOR-US: MediaTek
CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...)
NOT-FOR-US: MediaTek
-CVE-2022-20017
- RESERVED
+CVE-2022-20017 (In ion driver, there is a possible information disclosure due to an in ...)
+ TODO: check
CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...)
NOT-FOR-US: MediaTek
CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...)
@@ -26781,7 +26795,7 @@ CVE-2021-40698
CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
NOT-FOR-US: Adobe
CVE-2021-40696
- RESERVED
+ REJECTED
CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...)
- moodle <removed>
CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...)
@@ -28453,10 +28467,10 @@ CVE-2021-40047
RESERVED
CVE-2021-40046
RESERVED
-CVE-2021-40045
- RESERVED
-CVE-2021-40044
- RESERVED
+CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...)
+ TODO: check
+CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...)
+ TODO: check
CVE-2021-40043
RESERVED
CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
@@ -28513,8 +28527,8 @@ CVE-2021-40017
RESERVED
CVE-2021-40016
RESERVED
-CVE-2021-40015
- RESERVED
+CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...)
+ TODO: check
CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
NOT-FOR-US: Huawei
CVE-2021-40013
@@ -28549,20 +28563,20 @@ CVE-2021-39999
RESERVED
CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...)
NOT-FOR-US: Huawei
-CVE-2021-39997
- RESERVED
+CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...)
+ TODO: check
CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...)
NOT-FOR-US: Huawei
CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
NOT-FOR-US: Huawei
-CVE-2021-39994
- RESERVED
+CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...)
+ TODO: check
CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...)
NOT-FOR-US: Huawei
-CVE-2021-39992
- RESERVED
-CVE-2021-39991
- RESERVED
+CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...)
+ TODO: check
+CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ TODO: check
CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...)
NOT-FOR-US: Huawei
CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...)
@@ -28571,8 +28585,8 @@ CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerabi
NOT-FOR-US: Huawei
CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
NOT-FOR-US: Huawei
-CVE-2021-39986
- RESERVED
+CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ TODO: check
CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...)
NOT-FOR-US: Huawei
CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...)
@@ -28657,8 +28671,8 @@ CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all ve
- gitlab <unfixed>
CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2021-39943
- RESERVED
+CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...)
+ TODO: check
CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
- gitlab <unfixed>
CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...)
@@ -35794,8 +35808,8 @@ CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful
NOT-FOR-US: Huawei
CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...)
NOT-FOR-US: Huawei
-CVE-2021-37115
- RESERVED
+CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ TODO: check
CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...)
NOT-FOR-US: Huawei
CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...)
@@ -35806,12 +35820,12 @@ CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful
NOT-FOR-US: Huawei
CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...)
NOT-FOR-US: Huawei
-CVE-2021-37109
- RESERVED
+CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...)
+ TODO: check
CVE-2021-37108
RESERVED
-CVE-2021-37107
- RESERVED
+CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...)
+ TODO: check
CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...)
NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...)
@@ -37679,8 +37693,8 @@ CVE-2021-36304
RESERVED
CVE-2021-36303
RESERVED
-CVE-2021-36302
- RESERVED
+CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...)
+ TODO: check
CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...)
NOT-FOR-US: Dell
CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...)
@@ -45225,8 +45239,8 @@ CVE-2021-33168
RESERVED
CVE-2021-33167
RESERVED
-CVE-2021-33166
- RESERVED
+CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...)
+ TODO: check
CVE-2021-33165
RESERVED
CVE-2021-33164
@@ -45247,8 +45261,8 @@ CVE-2021-33157
RESERVED
CVE-2021-33156
RESERVED
-CVE-2021-33155
- RESERVED
+CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...)
+ TODO: check
CVE-2021-33154
RESERVED
CVE-2021-33153
@@ -45263,8 +45277,8 @@ CVE-2021-33149
RESERVED
CVE-2021-33148
RESERVED
-CVE-2021-33147
- RESERVED
+CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
+ TODO: check
CVE-2021-33146
RESERVED
CVE-2021-33145
@@ -45279,12 +45293,12 @@ CVE-2021-33141
RESERVED
CVE-2021-33140
RESERVED
-CVE-2021-33139
- RESERVED
+CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...)
+ TODO: check
CVE-2021-33138
RESERVED
-CVE-2021-33137
- RESERVED
+CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...)
+ TODO: check
CVE-2021-33136
RESERVED
CVE-2021-33135
@@ -45299,8 +45313,8 @@ CVE-2021-33131
RESERVED
CVE-2021-33130
RESERVED
-CVE-2021-33129
- RESERVED
+CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...)
+ TODO: check
CVE-2021-33128
RESERVED
CVE-2021-33127
@@ -45317,40 +45331,38 @@ CVE-2021-33122
RESERVED
CVE-2021-33121
RESERVED
-CVE-2021-33120
- RESERVED
+CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html
-CVE-2021-33119
- RESERVED
+CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...)
+ TODO: check
CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...)
NOT-FOR-US: Intel
CVE-2021-33117
RESERVED
CVE-2021-33116
RESERVED
-CVE-2021-33115
- RESERVED
-CVE-2021-33114
- RESERVED
-CVE-2021-33113
- RESERVED
+CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...)
+ TODO: check
+CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ TODO: check
+CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ TODO: check
CVE-2021-33112
RESERVED
CVE-2021-33111
RESERVED
-CVE-2021-33110
- RESERVED
+CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
+ TODO: check
CVE-2021-33109
RESERVED
CVE-2021-33108
RESERVED
-CVE-2021-33107
- RESERVED
+CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...)
+ TODO: check
CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...)
NOT-FOR-US: Intel
-CVE-2021-33105
- RESERVED
+CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...)
NOT-FOR-US: Intel
CVE-2021-33104
RESERVED
@@ -45358,8 +45370,8 @@ CVE-2021-33103
RESERVED
CVE-2021-33102
RESERVED
-CVE-2021-33101
- RESERVED
+CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...)
+ TODO: check
CVE-2021-33100
RESERVED
CVE-2021-33099
@@ -45371,8 +45383,8 @@ CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html
CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...)
NOT-FOR-US: Intel
-CVE-2021-33096
- RESERVED
+CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...)
+ TODO: check
CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...)
NOT-FOR-US: Intel
CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
@@ -45427,8 +45439,8 @@ CVE-2021-33070
RESERVED
CVE-2021-33069
RESERVED
-CVE-2021-33068
- RESERVED
+CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...)
+ TODO: check
CVE-2021-33067
RESERVED
CVE-2021-33066
@@ -45441,8 +45453,8 @@ CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Seri
NOT-FOR-US: Intel
CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...)
NOT-FOR-US: Intel
-CVE-2021-33061
- RESERVED
+CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...)
+ TODO: check
CVE-2021-33060
RESERVED
CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...)
@@ -62071,14 +62083,14 @@ CVE-2021-26618
RESERVED
CVE-2021-26617
RESERVED
-CVE-2021-26616
- RESERVED
+CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
+ TODO: check
CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
NOT-FOR-US: ARK library
CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
NOT-FOR-US: IpTime C200 camera
-CVE-2021-26613
- RESERVED
+CVE-2021-26613 (improper input validation vulnerability in nexacro permits copying fil ...)
+ TODO: check
CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...)
NOT-FOR-US: Tobesoft Nexacro
CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
@@ -70854,8 +70866,8 @@ CVE-2021-22956 (An uncontrolled resource consumption vulnerability exists in Cit
NOT-FOR-US: Citrix
CVE-2021-22955 (A unauthenticated denial of service vulnerability exists in Citrix ADC ...)
NOT-FOR-US: Citrix
-CVE-2021-22954
- RESERVED
+CVE-2021-22954 (A cross-site request forgery vulnerability exists in Concrete CMS < ...)
+ TODO: check
CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
NOT-FOR-US: Concrete CMS
CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
@@ -71251,8 +71263,8 @@ CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames
NOT-FOR-US: Schneider Electric
CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22817
- RESERVED
+CVE-2021-22817 (A CWE-276: Incorrect Default Permissions vulnerability exists that cou ...)
+ TODO: check
CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...)
@@ -90822,52 +90834,52 @@ CVE-2021-0185
RESERVED
CVE-2021-0184
RESERVED
-CVE-2021-0183
- RESERVED
+CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ TODO: check
CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
NOT-FOR-US: Intel Hardware Accelerated Execution Manager
CVE-2021-0181
RESERVED
CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
NOT-FOR-US: Intel Hardware Accelerated Execution Manager
-CVE-2021-0179
- RESERVED
-CVE-2021-0178
- RESERVED
-CVE-2021-0177
- RESERVED
-CVE-2021-0176
- RESERVED
-CVE-2021-0175
- RESERVED
-CVE-2021-0174
- RESERVED
-CVE-2021-0173
- RESERVED
-CVE-2021-0172
- RESERVED
-CVE-2021-0171
- RESERVED
-CVE-2021-0170
- RESERVED
-CVE-2021-0169
- RESERVED
-CVE-2021-0168
- RESERVED
-CVE-2021-0167
- RESERVED
-CVE-2021-0166
- RESERVED
-CVE-2021-0165
- RESERVED
-CVE-2021-0164
- RESERVED
-CVE-2021-0163
- RESERVED
-CVE-2021-0162
- RESERVED
-CVE-2021-0161
- RESERVED
+CVE-2021-0179 (Improper Use of Validation Framework in software for Intel(R) PROSet/W ...)
+ TODO: check
+CVE-2021-0178 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ TODO: check
+CVE-2021-0177 (Improper Validation of Consistency within input in software for Intel( ...)
+ TODO: check
+CVE-2021-0176 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ TODO: check
+CVE-2021-0175 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ TODO: check
+CVE-2021-0174 (Improper Use of Validation Framework in firmware for some Intel(R) PRO ...)
+ TODO: check
+CVE-2021-0173 (Improper Validation of Consistency within input in firmware for some I ...)
+ TODO: check
+CVE-2021-0172 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ TODO: check
+CVE-2021-0171 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ TODO: check
+CVE-2021-0170 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ TODO: check
+CVE-2021-0169 (Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...)
+ TODO: check
+CVE-2021-0168 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ TODO: check
+CVE-2021-0167 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ TODO: check
+CVE-2021-0166 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ TODO: check
+CVE-2021-0165 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ TODO: check
+CVE-2021-0164 (Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...)
+ TODO: check
+CVE-2021-0163 (Improper Validation of Consistency within input in software for Intel( ...)
+ TODO: check
+CVE-2021-0162 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ TODO: check
+CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ TODO: check
CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...)
NOT-FOR-US: Intel
CVE-2021-0159
@@ -90876,8 +90888,8 @@ CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R)
NOT-FOR-US: Intel
CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for some Int ...)
NOT-FOR-US: Intel
-CVE-2021-0156
- RESERVED
+CVE-2021-0156 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ TODO: check
CVE-2021-0155
RESERVED
CVE-2021-0154
@@ -90894,14 +90906,14 @@ CVE-2021-0149
RESERVED
CVE-2021-0148 (Insertion of information into log file in firmware for some Intel(R) S ...)
NOT-FOR-US: Intel
-CVE-2021-0147
- RESERVED
+CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for some Int ...)
+ TODO: check
CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
-CVE-2021-0145
- RESERVED
+CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) Processor ...)
+ TODO: check
CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
NOT-FOR-US: Intel
CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...)
@@ -90942,17 +90954,16 @@ CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
CVE-2021-0128
RESERVED
-CVE-2021-0127
- RESERVED
+CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors may a ...)
- intel-microcode <unfixed>
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
CVE-2021-0126
RESERVED
-CVE-2021-0125
- RESERVED
-CVE-2021-0124
- RESERVED
+CVE-2021-0125 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0124 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
CVE-2021-0123
RESERVED
CVE-2021-0122
@@ -90961,48 +90972,48 @@ CVE-2021-0121 (Improper access control in the installer for some Intel(R) Iris(R
NOT-FOR-US: Intel
CVE-2021-0120 (Improper initialization in the installer for some Intel(R) Graphics DC ...)
NOT-FOR-US: Intel
-CVE-2021-0119
- RESERVED
-CVE-2021-0118
- RESERVED
-CVE-2021-0117
- RESERVED
-CVE-2021-0116
- RESERVED
-CVE-2021-0115
- RESERVED
-CVE-2021-0114 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
+CVE-2021-0119 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0118 (Out-of-bounds read in the firmware for some Intel(R) Processors may al ...)
+ TODO: check
+CVE-2021-0117 (Pointer issues in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0116 (Out-of-bounds write in the firmware for some Intel(R) Processors may a ...)
+ TODO: check
+CVE-2021-0115 (Buffer overflow in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0114 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
NOT-FOR-US: Intel
CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
NOT-FOR-US: Intel
CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...)
NOT-FOR-US: Intel
-CVE-2021-0111
- RESERVED
+CVE-2021-0111 (NULL pointer dereference in the firmware for some Intel(R) Processors ...)
+ TODO: check
CVE-2021-0110 (Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH D ...)
NOT-FOR-US: Intel
CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
NOT-FOR-US: Intel
CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...)
NOT-FOR-US: Intel
-CVE-2021-0107
- RESERVED
+CVE-2021-0107 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
+ TODO: check
CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...)
NOT-FOR-US: Intel
CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...)
NOT-FOR-US: Intel
CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...)
NOT-FOR-US: Intel
-CVE-2021-0103
- RESERVED
+CVE-2021-0103 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...)
NOT-FOR-US: Intel
CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
NOT-FOR-US: Intel
CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...)
NOT-FOR-US: Intel
-CVE-2021-0099
- RESERVED
+CVE-2021-0099 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...)
NOT-FOR-US: Intel
CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...)
@@ -91013,12 +91024,12 @@ CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Process
NOT-FOR-US: Intel
CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...)
NOT-FOR-US: Intel
-CVE-2021-0093
- RESERVED
-CVE-2021-0092
- RESERVED
-CVE-2021-0091
- RESERVED
+CVE-2021-0093 (Incorrect default permissions in the firmware for some Intel(R) Proces ...)
+ TODO: check
+CVE-2021-0092 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0091 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...)
NOT-FOR-US: Intel
CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...)
@@ -91054,16 +91065,16 @@ CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wi
NOT-FOR-US: Intel
CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...)
NOT-FOR-US: Intel
-CVE-2021-0076
- RESERVED
+CVE-2021-0076 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ TODO: check
CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...)
NOT-FOR-US: Intel
CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...)
NOT-FOR-US: Intel
CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...)
NOT-FOR-US: Intel
-CVE-2021-0072
- RESERVED
+CVE-2021-0072 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ TODO: check
CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
NOT-FOR-US: Intel
CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...)
@@ -91074,8 +91085,8 @@ CVE-2021-0068
RESERVED
CVE-2021-0067 ( Improper access control in system firmware for some Intel(R) ...)
NOT-FOR-US: Intel
-CVE-2021-0066
- RESERVED
+CVE-2021-0066 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ TODO: check
CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...)
NOT-FOR-US: Intel
CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...)
@@ -91086,8 +91097,8 @@ CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers befor
NOT-FOR-US: Intel drivers for Windows
CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...)
NOT-FOR-US: Intel drivers for Windows
-CVE-2021-0060
- RESERVED
+CVE-2021-0060 (Insufficient compartmentalization in HECI subsystem for the Intel(R) S ...)
+ TODO: check
CVE-2021-0059
RESERVED
CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...)
@@ -125474,8 +125485,8 @@ CVE-2020-12990
REJECTED
CVE-2020-12989
REJECTED
-CVE-2020-12988
- REJECTED
+CVE-2020-12988 (A potential denial of service (DoS) vulnerability exists in the integr ...)
+ TODO: check
CVE-2020-12987 (A heap information leak/kernel pool address disclosure vulnerability i ...)
NOT-FOR-US: AMD
CVE-2020-12986 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78aad5ce28c3148c64f8e59635f2acfd49cb4fe6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78aad5ce28c3148c64f8e59635f2acfd49cb4fe6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220210/da0ef315/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list