[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 18 20:10:31 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21bea913 by security tracker role at 2022-02-18T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,51 @@
-CVE-2022-25323
+CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+ TODO: check
+CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+ TODO: check
+CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
+ TODO: check
+CVE-2022-25334
+ RESERVED
+CVE-2022-25333
+ RESERVED
+CVE-2022-25332
+ RESERVED
+CVE-2022-25331
+ RESERVED
+CVE-2022-25330
+ RESERVED
+CVE-2022-25329
+ RESERVED
+CVE-2022-25328
+ RESERVED
+CVE-2022-25327
+ RESERVED
+CVE-2022-25326
+ RESERVED
+CVE-2022-23183
+ RESERVED
+CVE-2022-21179
+ RESERVED
+CVE-2022-0683
RESERVED
-CVE-2022-25322
+CVE-2022-0682
RESERVED
+CVE-2022-0681
+ RESERVED
+CVE-2022-0680
+ RESERVED
+CVE-2022-0679
+ RESERVED
+CVE-2022-0678
+ RESERVED
+CVE-2022-0677
+ RESERVED
+CVE-2021-4221
+ RESERVED
+CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
+ TODO: check
+CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...)
+ TODO: check
CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
NOT-FOR-US: Cerebrate
CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
@@ -52,12 +96,12 @@ CVE-2022-21158
RESERVED
CVE-2022-0674
RESERVED
-CVE-2022-0673
- RESERVED
-CVE-2022-0672
- RESERVED
-CVE-2022-0671
- RESERVED
+CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...)
+ TODO: check
+CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...)
+ TODO: check
+CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...)
+ TODO: check
CVE-2022-0670
RESERVED
CVE-2022-0669
@@ -66,20 +110,20 @@ CVE-2022-0668
RESERVED
CVE-2022-0667
RESERVED
-CVE-2022-0666
- RESERVED
+CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...)
+ TODO: check
CVE-2022-0665
RESERVED
-CVE-2022-0664
- RESERVED
+CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...)
+ TODO: check
CVE-2022-0663
RESERVED
CVE-2022-0662
RESERVED
CVE-2022-0661
RESERVED
-CVE-2022-0660
- RESERVED
+CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ TODO: check
CVE-2022-0659
RESERVED
CVE-2022-0658
@@ -92,10 +136,10 @@ CVE-2022-XXXX [Arbitrary File Write Vulnerability ]
- libpgjava 42.3.3-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
-CVE-2022-25299
- RESERVED
-CVE-2022-25298
- RESERVED
+CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...)
+ TODO: check
+CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...)
+ TODO: check
CVE-2022-25297
RESERVED
CVE-2022-25296
@@ -236,8 +280,7 @@ CVE-2022-0648
RESERVED
CVE-2022-0647
RESERVED
-CVE-2022-0646 [mctp: serial: Cancel pending work from ndo_uninit handler]
- RESERVED
+CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
CVE-2022-0645
@@ -274,8 +317,8 @@ CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium b
NOT-FOR-US: WordPress plugin
CVE-2022-0632
RESERVED
-CVE-2022-0631
- RESERVED
+CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
+ TODO: check
CVE-2022-0630
RESERVED
CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
@@ -978,8 +1021,7 @@ CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
-CVE-2022-0585
- RESERVED
+CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
- wireshark <unfixed>
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -1764,6 +1806,7 @@ CVE-2022-0544
RESERVED
CVE-2022-0543 [sandbox escape]
RESERVED
+ {DSA-5081-1}
- redis <unfixed> (bug #1005787)
NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
CVE-2022-0542
@@ -2311,7 +2354,7 @@ CVE-2022-24447
CVE-2022-24446
RESERVED
CVE-2022-24445
- RESERVED
+ REJECTED
CVE-2022-24444
RESERVED
CVE-2022-24443
@@ -2887,8 +2930,8 @@ CVE-2022-0452
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0451
- RESERVED
+CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
+ TODO: check
CVE-2022-0450
RESERVED
CVE-2022-0449
@@ -4026,10 +4069,10 @@ CVE-2022-23984
RESERVED
CVE-2022-23983
RESERVED
-CVE-2022-23982
- RESERVED
-CVE-2022-23981
- RESERVED
+CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
+ TODO: check
+CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
+ TODO: check
CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...)
NOT-FOR-US: WordPress plugin
CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -4891,12 +4934,12 @@ CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.
NOT-FOR-US: TransmitMail
CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
NOT-FOR-US: TransmitMail
-CVE-2022-21176
- RESERVED
-CVE-2022-21143
- RESERVED
-CVE-2022-21141
- RESERVED
+CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ TODO: check
+CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ TODO: check
+CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ TODO: check
CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
- moodle <removed>
CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
@@ -5326,8 +5369,8 @@ CVE-2022-23649
RESERVED
CVE-2022-23648
RESERVED
-CVE-2022-23647
- RESERVED
+CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
+ TODO: check
CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
TODO: check
CVE-2022-23645
@@ -6267,8 +6310,8 @@ CVE-2021-46374
RESERVED
CVE-2021-46373
RESERVED
-CVE-2021-46372
- RESERVED
+CVE-2021-46372 (Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. Wh ...)
+ TODO: check
CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...)
NOT-FOR-US: antd-admin
CVE-2021-46370
@@ -8718,8 +8761,8 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
-CVE-2022-0138
- RESERVED
+CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ TODO: check
CVE-2022-0137
RESERVED
CVE-2022-0136
@@ -10065,10 +10108,10 @@ CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unli
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/2000
NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
-CVE-2021-46037
- RESERVED
-CVE-2021-46036
- RESERVED
+CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
+ TODO: check
+CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...)
+ TODO: check
CVE-2021-46035
RESERVED
CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
@@ -12071,12 +12114,12 @@ CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocati
NOT-FOR-US: Juniper
CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...)
NOT-FOR-US: Juniper
-CVE-2022-21800
- RESERVED
-CVE-2022-21215
- RESERVED
-CVE-2022-21196
- RESERVED
+CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ TODO: check
+CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...)
+ TODO: check
+CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ TODO: check
CVE-2022-21155
RESERVED
CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
@@ -12337,7 +12380,7 @@ CVE-2021-45446
CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
NOT-FOR-US: Unisys
CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
- {DSA-5078-1}
+ {DSA-5078-1 DLA-2926-1}
- zsh 5.8.1-1
NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
@@ -12448,8 +12491,8 @@ CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linu
NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60
NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6
-CVE-2021-45401
- RESERVED
+CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...)
+ TODO: check
CVE-2021-45400
RESERVED
CVE-2021-45399
@@ -12526,7 +12569,7 @@ CVE-2021-45366
RESERVED
CVE-2021-45365
RESERVED
-CVE-2021-45364 (A Code Execution vulnerability exists in Statamic Version through 3.2. ...)
+CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...)
NOT-FOR-US: Statamic
CVE-2021-45363
RESERVED
@@ -14052,8 +14095,8 @@ CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (
NOT-FOR-US: MiniCMS
CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
NOT-FOR-US: Taocms
-CVE-2021-44968
- RESERVED
+CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...)
+ TODO: check
CVE-2021-44967
RESERVED
CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
@@ -14620,8 +14663,7 @@ CVE-2021-4095
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194
CVE-2021-4094
RESERVED
-CVE-2021-4093
- RESERVED
+CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...)
- linux 5.14.16-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -14630,14 +14672,12 @@ CVE-2021-4093
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: yetiforcecrm
-CVE-2021-4091 [double-free of the virtual attribute context in persistent search]
- RESERVED
+CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
- 389-ds-base <unfixed>
[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
-CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
- RESERVED
+CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...)
- linux 5.15.5-1
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -14833,9 +14873,11 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...)
+ {DSA-5080-1}
- snapd <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
+ {DSA-5080-1}
- snapd <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
CVE-2021-44729
@@ -19258,11 +19300,9 @@ CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who i
NOT-FOR-US: Philips
CVE-2021-3949
RESERVED
-CVE-2021-3948
- RESERVED
+CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...)
NOT-FOR-US: Migration Toolkit for Containers
-CVE-2021-3947 [NVME: Arbitrary Memory Read]
- RESERVED
+CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...)
- qemu 1:6.2+dfsg-1
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -19795,8 +19835,7 @@ CVE-2021-43401
RESERVED
CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
-CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
- RESERVED
+CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
- qemu 1:6.2+dfsg-1
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
@@ -32816,8 +32855,8 @@ CVE-2021-39028
RESERVED
CVE-2021-39027
RESERVED
-CVE-2021-39026
- RESERVED
+CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
+ TODO: check
CVE-2021-39025
RESERVED
CVE-2021-39024
@@ -32998,8 +33037,8 @@ CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an a
NOT-FOR-US: IBM
CVE-2021-38936
RESERVED
-CVE-2021-38935
- RESERVED
+CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
+ TODO: check
CVE-2021-38934
RESERVED
CVE-2021-38933
@@ -37538,8 +37577,7 @@ CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3
NOT-FOR-US: Sonatype
CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...)
NOT-FOR-US: CyberArk Identity
-CVE-2021-3657 [multiple buffer overflows in isync/mbsync]
- RESERVED
+CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...)
- isync 1.4.4-1
[bullseye] - isync 1.3.0-2.2+deb11u1
[buster] - isync <no-dsa> (Minor issue)
@@ -53557,8 +53595,8 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This
NOT-FOR-US: Apple
CVE-2021-30651
RESERVED
-CVE-2021-30650
- RESERVED
+CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
+ TODO: check
CVE-2021-30649
RESERVED
CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...)
@@ -63950,10 +63988,10 @@ CVE-2021-26621
RESERVED
CVE-2021-26620
RESERVED
-CVE-2021-26619
- RESERVED
-CVE-2021-26618
- RESERVED
+CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...)
+ TODO: check
+CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
+ TODO: check
CVE-2021-26617
RESERVED
CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
@@ -75871,6 +75909,7 @@ CVE-2021-21709
RESERVED
CVE-2021-21708
RESERVED
+ {DSA-5082-1}
- php8.1 <unfixed>
- php7.4 <removed>
- php7.3 <removed>
@@ -75878,6 +75917,7 @@ CVE-2021-21708
NOTE: Fixed in 8.1.3, 7.4.28
NOTE: PHP Bug: https://bugs.php.net/81708
CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...)
+ {DSA-5082-1}
- php8.1 8.1.0-1
- php8.0 <removed>
- php7.4 7.4.26-1
@@ -80646,8 +80686,7 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma
- mongodb <removed>
[stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
NOTE: https://jira.mongodb.org/browse/SERVER-53929
-CVE-2021-20325
- RESERVED
+CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
- apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
CVE-2021-20324
@@ -80656,20 +80695,17 @@ CVE-2021-20324
CVE-2021-20323
RESERVED
NOT-FOR-US: Keycloak
-CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies]
- RESERVED
+CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
{DLA-2843-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
-CVE-2021-20321
- RESERVED
+CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...)
{DLA-2843-1}
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
-CVE-2021-20320
- RESERVED
+CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...)
- linux 5.14.9-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -80691,8 +80727,7 @@ CVE-2021-20316
[buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842
-CVE-2021-20315 [locking protection bypass allow unauthorized user to kill existing applications or start new ones]
- RESERVED
+CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...)
- gnome-shell <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285
TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
@@ -97684,8 +97719,7 @@ CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation
- qemu 1:5.2+dfsg-1 (bug #975276)
[buster] - qemu <postponed> (Fix along in future DSA)
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0)
-CVE-2020-25722 [AD DC UPN vs samAccountName not checked]
- RESERVED
+CVE-2020-25722 (Multiple flaws were found in the way samba AD DC implemented access an ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
@@ -97702,24 +97736,21 @@ CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (e
NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html
CVE-2020-25720
RESERVED
-CVE-2020-25719 [AD DC Username based races when no PAC is given]
- RESERVED
+CVE-2020-25719 (A flaw was found in the way Samba, as an Active Directory Domain Contr ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html
-CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers]
- RESERVED
+CVE-2020-25718 (A flaw was found in the way samba, as an Active Directory Domain Contr ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
-CVE-2020-25717 [A user on the domain can become root on domain members]
- RESERVED
+CVE-2020-25717 (A flaw was found in the way Samba maps domain users to local users. An ...)
{DSA-5015-1 DSA-5003-1}
- samba 2:4.13.14+dfsg-1
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
@@ -141096,8 +141127,8 @@ CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.
NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
CVE-2020-8243 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...)
NOT-FOR-US: Pulse Connect Secure
-CVE-2020-8242
- RESERVED
+CVE-2020-8242 (Unsanitized user input in ExpressionEngine <= 5.4.0 control panel m ...)
+ TODO: check
CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could al ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a ...)
@@ -141480,8 +141511,8 @@ CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that re
NOT-FOR-US: Bitdefender
CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
NOT-FOR-US: Bitdefender
-CVE-2020-8107
- RESERVED
+CVE-2020-8107 (A Process Control vulnerability in ProductAgentUI.exe as used in Bitde ...)
+ TODO: check
CVE-2020-8106
REJECTED
CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...)
@@ -347937,7 +347968,7 @@ CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 a
NOT-FOR-US: Android
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before 20 ...)
NOT-FOR-US: Android
-CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client be ...)
+CVE-2016-2408 (Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service b ...)
NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
REJECTED
@@ -349102,8 +349133,7 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
- samba 2:4.5.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
-CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext authentication]
- RESERVED
+CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21bea913efa87e81b0252e40857942c0561adbde
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21bea913efa87e81b0252e40857942c0561adbde
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220218/299e32ea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list