[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 11 20:10:27 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39d3d8d1 by security tracker role at 2022-02-11T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...)
+ TODO: check
+CVE-2022-24974
+ RESERVED
+CVE-2022-24973
+ RESERVED
+CVE-2022-24972
+ RESERVED
+CVE-2022-24971
+ RESERVED
+CVE-2022-24970
+ RESERVED
+CVE-2022-24969
+ RESERVED
+CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...)
+ TODO: check
+CVE-2022-24967
+ RESERVED
+CVE-2022-24966
+ RESERVED
+CVE-2022-24965
+ RESERVED
+CVE-2022-24964
+ RESERVED
+CVE-2022-24963
+ RESERVED
+CVE-2022-24962
+ RESERVED
+CVE-2022-0568
+ RESERVED
+CVE-2022-0567
+ RESERVED
+CVE-2022-0566
+ RESERVED
+CVE-2022-0565
+ RESERVED
+CVE-2021-22590
+ RESERVED
+CVE-2020-22592
+ RESERVED
CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...)
NOT-FOR-US: Portainer
CVE-2022-24960
@@ -69,16 +109,16 @@ CVE-2022-24929
RESERVED
CVE-2022-24928
RESERVED
-CVE-2022-24927
- RESERVED
-CVE-2022-24926
- RESERVED
-CVE-2022-24925
- RESERVED
-CVE-2022-24924
- RESERVED
-CVE-2022-24923
- RESERVED
+CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...)
+ TODO: check
+CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...)
+ TODO: check
+CVE-2022-24925 (Improper input validation vulnerability in SettingsProvider prior to A ...)
+ TODO: check
+CVE-2022-24924 (An improper access control in LiveWallpaperService prior to versions 3 ...)
+ TODO: check
+CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget prior to ...)
+ TODO: check
CVE-2022-24922
RESERVED
CVE-2022-24921
@@ -513,18 +553,18 @@ CVE-2022-23104
RESERVED
CVE-2022-0563
RESERVED
-CVE-2022-0562
- RESERVED
-CVE-2022-0561
- RESERVED
-CVE-2022-0560
- RESERVED
+CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...)
+ TODO: check
+CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...)
+ TODO: check
+CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+ TODO: check
CVE-2022-0559
RESERVED
CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
NOT-FOR-US: microweber
-CVE-2022-0557
- RESERVED
+CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...)
+ TODO: check
CVE-2022-24703
RESERVED
CVE-2022-24702
@@ -1394,8 +1434,8 @@ CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination
NOTE: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...)
NOT-FOR-US: Mirantis Container Cloud Lens
-CVE-2022-0483
- RESERVED
+CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ TODO: check
CVE-2022-0482
RESERVED
CVE-2022-24372
@@ -1608,8 +1648,7 @@ CVE-2022-24291
RESERVED
CVE-2022-24290
RESERVED
-CVE-2022-24289
- RESERVED
+CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...)
NOT-FOR-US: Apache Cayenne
CVE-2022-24288
RESERVED
@@ -2294,8 +2333,7 @@ CVE-2022-0407 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219)
-CVE-2022-24112
- RESERVED
+CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...)
NOT-FOR-US: Apache APISIX
CVE-2022-0406
RESERVED
@@ -2826,26 +2864,26 @@ CVE-2021-46562
RESERVED
CVE-2022-24004
RESERVED
-CVE-2022-24003
- RESERVED
-CVE-2022-24002
- RESERVED
-CVE-2022-24001
- RESERVED
-CVE-2022-24000
- RESERVED
-CVE-2022-23999
- RESERVED
-CVE-2022-23998
- RESERVED
-CVE-2022-23997
- RESERVED
-CVE-2022-23996
- RESERVED
-CVE-2022-23995
- RESERVED
-CVE-2022-23994
- RESERVED
+CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...)
+ TODO: check
+CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...)
+ TODO: check
+CVE-2022-24001 (Information disclosure vulnerability in Edge Panel prior to Android S( ...)
+ TODO: check
+CVE-2022-24000 (PendingIntent hijacking vulnerability in DataUsageReminderReceiver pri ...)
+ TODO: check
+CVE-2022-23999 (PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb- ...)
+ TODO: check
+CVE-2022-23998 (Improper access control vulnerability in Camera prior to versions 11.1 ...)
+ TODO: check
+CVE-2022-23997 (Unprotected component vulnerability in StTheaterModeDurationAlarmRecei ...)
+ TODO: check
+CVE-2022-23996 (Unprotected component vulnerability in StTheaterModeReceiver in Wear O ...)
+ TODO: check
+CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceiver in W ...)
+ TODO: check
+CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...)
+ TODO: check
CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
NOT-FOR-US: pfSense
CVE-2022-23992
@@ -2890,8 +2928,7 @@ CVE-2022-23103
RESERVED
CVE-2022-0383
RESERVED
-CVE-2022-0382 [net ticp:fix a kernel-infoleak in __tipc_sendmsg()]
- RESERVED
+CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...)
- linux 5.15.15-1
NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...)
@@ -3579,8 +3616,7 @@ CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EI
NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC)
CVE-2022-23854
RESERVED
-CVE-2022-23853
- RESERVED
+CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...)
- kate <unfixed>
[bullseye] - kate <no-dsa> (Minor issue)
[buster] - kate <no-dsa> (Minor issue)
@@ -4046,8 +4082,8 @@ CVE-2022-23709
RESERVED
CVE-2022-23708
RESERVED
-CVE-2022-23707
- RESERVED
+CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...)
+ TODO: check
CVE-2022-23706
RESERVED
CVE-2022-23705
@@ -4793,26 +4829,26 @@ CVE-2022-23436
RESERVED
CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...)
NOT-FOR-US: android-gif-drawable
-CVE-2022-23434
- RESERVED
-CVE-2022-23433
- RESERVED
-CVE-2022-23432
- RESERVED
-CVE-2022-23431
- RESERVED
+CVE-2022-23434 (A vulnerability using PendingIntent in Bixby Vision prior to versions ...)
+ TODO: check
+CVE-2022-23433 (Improper access control vulnerability in Reminder prior to versions 12 ...)
+ TODO: check
+CVE-2022-23432 (An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw pri ...)
+ TODO: check
+CVE-2022-23431 (An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release ...)
+ TODO: check
CVE-2022-23430
RESERVED
-CVE-2022-23429
- RESERVED
-CVE-2022-23428
- RESERVED
-CVE-2022-23427
- RESERVED
-CVE-2022-23426
- RESERVED
-CVE-2022-23425
- RESERVED
+CVE-2022-23429 (An improper boundary check in audio hal service prior to SMR Feb-2022 ...)
+ TODO: check
+CVE-2022-23428 (An improper boundary check in eden_runtime hal service prior to SMR Fe ...)
+ TODO: check
+CVE-2022-23427 (PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver pri ...)
+ TODO: check
+CVE-2022-23426 (A vulnerability using PendingIntent in DeX Home and DeX for PC prior t ...)
+ TODO: check
+CVE-2022-23425 (Improper input validation in Exynos baseband prior to SMR Feb-2022 Rel ...)
+ TODO: check
CVE-2022-23424
RESERVED
CVE-2022-23423
@@ -5147,8 +5183,8 @@ CVE-2021-46357
RESERVED
CVE-2021-46356
RESERVED
-CVE-2021-46355
- RESERVED
+CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To expl ...)
+ TODO: check
CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
NOT-FOR-US: Thinfinity VirtualUI
CVE-2021-46353
@@ -6057,8 +6093,7 @@ CVE-2022-0187
RESERVED
CVE-2022-0186
RESERVED
-CVE-2022-0185 [vfs: fs_context: fix up param length parsing in legacy_parse_param]
- RESERVED
+CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...)
{DSA-5050-1}
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -7209,8 +7244,8 @@ CVE-2022-22768
RESERVED
CVE-2022-22767
RESERVED
-CVE-2022-22766
- RESERVED
+CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
+ TODO: check
CVE-2022-22765
RESERVED
CVE-2022-22764
@@ -9266,10 +9301,10 @@ CVE-2021-4196
RESERVED
CVE-2021-4195
RESERVED
-CVE-2022-22292
- RESERVED
-CVE-2022-22291
- RESERVED
+CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...)
+ TODO: check
+CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...)
+ TODO: check
CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet prior to ...)
NOT-FOR-US: Samsung
CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...)
@@ -11273,8 +11308,7 @@ CVE-2021-45404
RESERVED
CVE-2021-45403
RESERVED
-CVE-2021-45402 [check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction]
- RESERVED
+CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linux kern ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -11310,12 +11344,12 @@ CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Bu
NOT-FOR-US: StarWind
CVE-2021-45388
REJECTED
-CVE-2021-45387
- RESERVED
-CVE-2021-45386
- RESERVED
-CVE-2021-45385
- RESERVED
+CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...)
+ TODO: check
+CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...)
+ TODO: check
+CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
+ TODO: check
CVE-2021-45384
RESERVED
CVE-2021-45383
@@ -14304,11 +14338,10 @@ CVE-2021-4047
NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242
CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2021-44521
- RESERVED
+CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...)
- cassandra <itp> (bug #585905)
-CVE-2021-4046
- RESERVED
+CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
+ TODO: check
CVE-2021-4045
RESERVED
CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
@@ -14533,8 +14566,8 @@ CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) ver
NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
NOT-FOR-US: Fresenius Kabi Agilia Link
-CVE-2021-4035
- RESERVED
+CVE-2021-4035 (A stored cross site scripting have been identified at the comments in ...)
+ TODO: check
CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
@@ -15403,6 +15436,7 @@ CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to
NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2
CVE-2021-44142 [Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution]
RESERVED
+ {DSA-5071-1}
- samba <unfixed> (bug #1004693)
NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914
@@ -15491,8 +15525,8 @@ CVE-2021-44113
RESERVED
CVE-2021-44112
RESERVED
-CVE-2021-44111
- RESERVED
+CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...)
+ TODO: check
CVE-2021-44110
RESERVED
CVE-2021-44109
@@ -20737,8 +20771,8 @@ CVE-2021-42942
RESERVED
CVE-2021-42941
RESERVED
-CVE-2021-42940
- RESERVED
+CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...)
+ TODO: check
CVE-2021-42939
RESERVED
CVE-2021-42938
@@ -29815,10 +29849,10 @@ CVE-2021-39690
RESERVED
CVE-2021-39689
RESERVED
-CVE-2021-39688
- RESERVED
-CVE-2021-39687
- RESERVED
+CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...)
+ TODO: check
+CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...)
+ TODO: check
CVE-2021-39686
RESERVED
CVE-2021-39685
@@ -29840,46 +29874,46 @@ CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible us
NOT-FOR-US: Pixel
CVE-2021-39678 (In <TBD> of <TBD>, there is a possible bypass of Factory R ...)
NOT-FOR-US: Pixel
-CVE-2021-39677
- RESERVED
-CVE-2021-39676
- RESERVED
-CVE-2021-39675
- RESERVED
-CVE-2021-39674
- RESERVED
+CVE-2021-39677 (In startVideoStream() there is a possibility of an OOB Read in the hea ...)
+ TODO: check
+CVE-2021-39676 (In writeThrowable of AndroidFuture.java, there is a possible parcel se ...)
+ TODO: check
+CVE-2021-39675 (In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds writ ...)
+ TODO: check
+CVE-2021-39674 (In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , the ...)
+ TODO: check
CVE-2021-39673
RESERVED
-CVE-2021-39672
- RESERVED
-CVE-2021-39671
- RESERVED
+CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a configura ...)
+ TODO: check
+CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...)
+ TODO: check
CVE-2021-39670
RESERVED
-CVE-2021-39669
- RESERVED
-CVE-2021-39668
- RESERVED
+CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...)
+ TODO: check
+CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...)
+ TODO: check
CVE-2021-39667
RESERVED
-CVE-2021-39666
- RESERVED
-CVE-2021-39665
- RESERVED
-CVE-2021-39664
- RESERVED
-CVE-2021-39663
- RESERVED
-CVE-2021-39662
- RESERVED
+CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...)
+ TODO: check
+CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...)
+ TODO: check
+CVE-2021-39664 (In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of b ...)
+ TODO: check
+CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, ther ...)
+ TODO: check
+CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...)
+ TODO: check
CVE-2021-39661
RESERVED
CVE-2021-39660
RESERVED
CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
NOT-FOR-US: Android
-CVE-2021-39658
- RESERVED
+CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment。ismsEx s ...)
+ TODO: check
CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...)
- linux 5.10.12-1
[buster] - linux 4.19.171-1
@@ -29937,8 +29971,8 @@ CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, t
CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...)
- linux 4.16.5-1
NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
-CVE-2021-39635
- RESERVED
+CVE-2021-39635 (ims_ex is a vendor system service used to manage VoLTE in unisoc devic ...)
+ TODO: check
CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...)
- linux 5.8.14-1
[buster] - linux 4.19.152-1
@@ -29954,8 +29988,8 @@ CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fau
NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14)
CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...)
NOT-FOR-US: Android
-CVE-2021-39631
- RESERVED
+CVE-2021-39631 (In clear_data_dlg_text of strings.xml, there is a possible situation w ...)
+ TODO: check
CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...)
NOT-FOR-US: Android
CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...)
@@ -29978,14 +30012,14 @@ CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java,
NOT-FOR-US: Android
CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...)
NOT-FOR-US: Android
-CVE-2021-39619
- RESERVED
+CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is a pos ...)
+ TODO: check
CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2021-39617
RESERVED
-CVE-2021-39616
- RESERVED
+CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 ...)
+ TODO: check
CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
RESERVED
{DLA-2808-1}
@@ -31832,7 +31866,8 @@ CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a
NOT-FOR-US: IBM
CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
NOT-FOR-US: IBM
-CVE-2021-38892 (IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQ ...)
+CVE-2021-38892
+ REJECTED
NOT-FOR-US: IBM
CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...)
NOT-FOR-US: IBM
@@ -32304,8 +32339,8 @@ CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been re
NOT-FOR-US: QNAP
CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
NOT-FOR-US: QNAP
-CVE-2021-38679
- RESERVED
+CVE-2021-38679 (An improper authentication vulnerability has been reported to affect Q ...)
+ TODO: check
CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...)
NOT-FOR-US: QNAP
CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
@@ -41211,14 +41246,14 @@ CVE-2021-35079
RESERVED
CVE-2021-35078
RESERVED
-CVE-2021-35077
- RESERVED
+CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...)
+ TODO: check
CVE-2021-35076
RESERVED
-CVE-2021-35075
- RESERVED
-CVE-2021-35074
- RESERVED
+CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...)
+ TODO: check
+CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...)
+ TODO: check
CVE-2021-35073
RESERVED
CVE-2021-35072
@@ -41227,10 +41262,10 @@ CVE-2021-35071
RESERVED
CVE-2021-35070
RESERVED
-CVE-2021-35069
- RESERVED
-CVE-2021-35068
- RESERVED
+CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...)
+ TODO: check
+CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...)
+ TODO: check
CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...)
NOT-FOR-US: Meross MSG100 devices
CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
@@ -43201,8 +43236,8 @@ CVE-2021-34237
RESERVED
CVE-2021-34236
RESERVED
-CVE-2021-34235
- RESERVED
+CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...)
+ TODO: check
CVE-2021-34234
RESERVED
CVE-2021-34233
@@ -48995,8 +49030,8 @@ CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact
NOT-FOR-US: OX App Suite
CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...)
NOT-FOR-US: Chamilo
-CVE-2021-31932
- RESERVED
+CVE-2021-31932 (Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentic ...)
+ TODO: check
CVE-2021-31931
RESERVED
CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
@@ -49606,8 +49641,7 @@ CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not ha
NOT-FOR-US: Versa
CVE-2019-25029 (In Versa Director, the command injection is an attack in which the goa ...)
NOT-FOR-US: Versa
-CVE-2020-13672 [SA-CORE-2021-002]
- RESERVED
+CVE-2020-13672 (Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization ...)
{DLA-2637-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2021-002
@@ -53459,26 +53493,26 @@ CVE-2021-30328
RESERVED
CVE-2021-30327
RESERVED
-CVE-2021-30326
- RESERVED
-CVE-2021-30325
- RESERVED
-CVE-2021-30324
- RESERVED
-CVE-2021-30323
- RESERVED
-CVE-2021-30322
- RESERVED
+CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
+ TODO: check
+CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...)
+ TODO: check
+CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...)
+ TODO: check
+CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...)
+ TODO: check
+CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...)
+ TODO: check
CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...)
NOT-FOR-US: Snapdragon
CVE-2021-30320
RESERVED
CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30318
- RESERVED
-CVE-2021-30317
- RESERVED
+CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...)
+ TODO: check
+CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...)
+ TODO: check
CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...)
NOT-FOR-US: Snapdragon
CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
@@ -53493,8 +53527,8 @@ CVE-2021-30311 (Possible heap overflow due to lack of index validation before al
NOT-FOR-US: Qualcomm
CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30309
- RESERVED
+CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...)
+ TODO: check
CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...)
NOT-FOR-US: Qualcomm
CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...)
@@ -70073,8 +70107,8 @@ CVE-2021-23599
RESERVED
CVE-2021-23598
RESERVED
-CVE-2021-23597
- RESERVED
+CVE-2021-23597 (This affects the package fastify-multipart before 5.3.1. By providing ...)
+ TODO: check
CVE-2021-23596
RESERVED
CVE-2021-23595
@@ -71850,10 +71884,10 @@ CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that co
NOT-FOR-US: Schneider Electric
CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22824
- RESERVED
-CVE-2021-22823
- RESERVED
+CVE-2021-22824 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ TODO: check
+CVE-2021-22823 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...)
@@ -71886,28 +71920,28 @@ CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause
NOT-FOR-US: Schneider Electric
CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22806
- RESERVED
-CVE-2021-22805
- RESERVED
-CVE-2021-22804
- RESERVED
-CVE-2021-22803
- RESERVED
-CVE-2021-22802
- RESERVED
-CVE-2021-22801
- RESERVED
-CVE-2021-22800
- RESERVED
+CVE-2021-22806 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...)
+ TODO: check
+CVE-2021-22805 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
+CVE-2021-22804 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2021-22803 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ TODO: check
+CVE-2021-22802 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ TODO: check
+CVE-2021-22801 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
+ TODO: check
+CVE-2021-22800 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ TODO: check
CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22798
- RESERVED
+CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...)
+ TODO: check
CVE-2021-22797
RESERVED
-CVE-2021-22796
- RESERVED
+CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
+ TODO: check
CVE-2021-22795
RESERVED
CVE-2021-22794
@@ -71922,14 +71956,14 @@ CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a D
NOT-FOR-US: Schneider Electric
CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22788
- RESERVED
-CVE-2021-22787
- RESERVED
+CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause d ...)
+ TODO: check
+CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ TODO: check
CVE-2021-22786
RESERVED
-CVE-2021-22785
- RESERVED
+CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
+ TODO: check
CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22783
@@ -72002,8 +72036,8 @@ CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Defin
NOT-FOR-US: Schneider
CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
NOT-FOR-US: Schneider
-CVE-2021-22748
- RESERVED
+CVE-2021-22748 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
NOT-FOR-US: Tricon
CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
@@ -75310,8 +75344,8 @@ CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardco
NOT-FOR-US: Online Course Registration
CVE-2020-36063
RESERVED
-CVE-2020-36062
- RESERVED
+CVE-2020-36062 (Dairy Farm Shop Management System v1.0 was discovered to contain hardc ...)
+ TODO: check
CVE-2020-36061
RESERVED
CVE-2020-36060
@@ -80740,6 +80774,7 @@ CVE-2021-20002
REJECTED
CVE-2021-20001
RESERVED
+ {DSA-5072-1}
- debian-edu-config 2.12.16
NOTE: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
CVE-2020-35488 (The fileop module of the NXLog service in NXLog Community Edition 2.10 ...)
@@ -88944,8 +88979,8 @@ CVE-2021-0526 (In memory management driver, there is a possible out of bounds wr
NOT-FOR-US: MediaTek components for Android
CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...)
NOT-FOR-US: MediaTek components for Android
-CVE-2021-0524
- RESERVED
+CVE-2021-0524 (In isServiceDistractionOptimized of CarPackageManagerService.java, the ...)
+ TODO: check
CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...)
NOT-FOR-US: Android
CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...)
@@ -93988,8 +94023,8 @@ CVE-2020-26730
RESERVED
CVE-2020-26729
RESERVED
-CVE-2020-26728
- RESERVED
+CVE-2020-26728 (A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi an ...)
+ TODO: check
CVE-2020-26727
RESERVED
CVE-2020-26726
@@ -121605,12 +121640,12 @@ CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri
NOT-FOR-US: Philips
CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
NOT-FOR-US: Softing Industrial Automation
-CVE-2020-14523
- RESERVED
+CVE-2020-14523 (Multiple Mitsubishi Electric Factory Automation products have a vulner ...)
+ TODO: check
CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...)
NOT-FOR-US: Softing Industrial Automation
-CVE-2020-14521
- RESERVED
+CVE-2020-14521 (Multiple Mitsubishi Electric Factory Automation engineering software p ...)
+ TODO: check
CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...)
NOT-FOR-US: Inductive Automation Ignition
CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...)
@@ -124400,27 +124435,27 @@ CVE-2020-13679
RESERVED
CVE-2020-13678
RESERVED
-CVE-2020-13677
- RESERVED
-CVE-2020-13676
- RESERVED
-CVE-2020-13675
- RESERVED
-CVE-2020-13674
- RESERVED
-CVE-2020-13673
- RESERVED
+CVE-2020-13677 (Under some circumstances, the Drupal core JSON:API module does not pro ...)
+ TODO: check
+CVE-2020-13676 (The QuickEdit module does not properly check access to fields in some ...)
+ TODO: check
+CVE-2020-13675 (Drupal's JSON:API and REST/File modules allow file uploads through the ...)
+ TODO: check
+CVE-2020-13674 (The QuickEdit module does not properly validate access to routes, whic ...)
+ TODO: check
+CVE-2020-13673 (The Entity Embed module provides a filter to allow embedding entities ...)
+ TODO: check
CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...)
{DLA-2458-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-012
NOTE: https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84
-CVE-2020-13670
- RESERVED
-CVE-2020-13669
- RESERVED
-CVE-2020-13668
- RESERVED
+CVE-2020-13670 (Information Disclosure vulnerability in file module of Drupal Core all ...)
+ TODO: check
+CVE-2020-13669 (Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core al ...)
+ TODO: check
+CVE-2020-13668 (Access Bypass vulnerability in Drupal Core allows for an attacker to l ...)
+ TODO: check
CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...)
NOT-FOR-US: Drupal 8.x
CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39d3d8d11912a7eb1468b1ed36376dac7a297045
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39d3d8d11912a7eb1468b1ed36376dac7a297045
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220211/7424493b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list