[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 25 20:10:33 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82d2ff1d by security tracker role at 2022-02-25T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2022-26129
+ RESERVED
+CVE-2022-26128
+ RESERVED
+CVE-2022-26127
+ RESERVED
+CVE-2022-26126
+ RESERVED
+CVE-2022-26125
+ RESERVED
+CVE-2022-26122
+ RESERVED
+CVE-2022-26121
+ RESERVED
+CVE-2022-26120
+ RESERVED
+CVE-2022-26119
+ RESERVED
+CVE-2022-26118
+ RESERVED
+CVE-2022-26117
+ RESERVED
+CVE-2022-26116
+ RESERVED
+CVE-2022-26115
+ RESERVED
+CVE-2022-26114
+ RESERVED
+CVE-2022-26113
+ RESERVED
+CVE-2022-26112
+ RESERVED
+CVE-2022-26042
+ RESERVED
+CVE-2022-26007
+ RESERVED
+CVE-2022-26002
+ RESERVED
+CVE-2022-25995
+ RESERVED
+CVE-2022-0765
+ RESERVED
+CVE-2022-0764
+ RESERVED
+CVE-2022-0763
+ RESERVED
+CVE-2022-0762
+ RESERVED
+CVE-2021-4224
+ RESERVED
CVE-2022-26111
RESERVED
CVE-2022-26110
@@ -576,8 +626,8 @@ CVE-2022-0748
RESERVED
CVE-2022-0747
RESERVED
-CVE-2022-0746
- RESERVED
+CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...)
+ TODO: check
CVE-2022-0745
RESERVED
CVE-2022-0744
@@ -985,18 +1035,18 @@ CVE-2022-25650
RESERVED
CVE-2022-25172
RESERVED
-CVE-2022-25170
- RESERVED
+CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer overflow wh ...)
+ TODO: check
CVE-2022-24910
RESERVED
-CVE-2022-23985
- RESERVED
+CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write while pro ...)
+ TODO: check
CVE-2022-21809
RESERVED
CVE-2022-21238
RESERVED
-CVE-2022-21209
- RESERVED
+CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...)
+ TODO: check
CVE-2022-0730
RESERVED
CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
@@ -1642,8 +1692,8 @@ CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c i
NOTE: https://github.com/szymonh/rndis-co
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
-CVE-2022-25374
- RESERVED
+CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Infor ...)
+ TODO: check
CVE-2022-25373
RESERVED
CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...)
@@ -1792,15 +1842,13 @@ CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro ServerProt
NOT-FOR-US: Trend Micro
CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a static cre ...)
NOT-FOR-US: Trend Micro
-CVE-2022-25328
- RESERVED
+CVE-2022-25328 (The bash_completion script for fscrypt allows injection of commands vi ...)
- fscrypt <unfixed>
[bullseye] - fscrypt <no-dsa> (Minor issue)
[buster] - fscrypt <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1
NOTE: https://github.com/google/fscrypt/commit/fa1a1fdbdea65829ce24a6b6f86ce2961e465b02
-CVE-2022-25327
- RESERVED
+CVE-2022-25327 (The PAM module for fscrypt doesn't adequately validate fscrypt metadat ...)
- fscrypt <unfixed>
[bullseye] - fscrypt <no-dsa> (Minor issue)
[buster] - fscrypt <no-dsa> (Minor issue)
@@ -1808,8 +1856,7 @@ CVE-2022-25327
NOTE: https://github.com/google/fscrypt/commit/1a47718420317f893831b0223153d56005d5b02b
NOTE: https://github.com/google/fscrypt/commit/74e870b7bd1585b4b509da47e0e75db66336e576
NOTE: https://github.com/google/fscrypt/commit/b44fbe71e1e93c47050322af51725bac997641e0
-CVE-2022-25326
- RESERVED
+CVE-2022-25326 (fscrypt through v0.3.2 creates a world-writable directory by default w ...)
- fscrypt <unfixed>
[bullseye] - fscrypt <no-dsa> (Minor issue)
[buster] - fscrypt <no-dsa> (Minor issue)
@@ -2026,7 +2073,7 @@ CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the
NOTE: https://github.com/szymonh/d-os-descriptor
NOTE: https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4)
CVE-2022-0655
- RESERVED
+ REJECTED
CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: Node request-retry
CVE-2022-0653 (The Profile Builder – User Profile & User Registration Forms ...)
@@ -2266,8 +2313,8 @@ CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file syst
NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
CVE-2022-0616
RESERVED
-CVE-2022-0615
- RESERVED
+CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products for Lin ...)
+ TODO: check
CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
@@ -2757,7 +2804,7 @@ CVE-2022-25021
CVE-2022-25020
RESERVED
CVE-2022-25019
- RESERVED
+ REJECTED
CVE-2022-25018
RESERVED
CVE-2022-25017
@@ -3006,11 +3053,9 @@ CVE-2022-24950
RESERVED
CVE-2022-24949
RESERVED
-CVE-2022-24948
- RESERVED
+CVE-2022-24948 (A carefully crafted user preferences for submission could trigger an X ...)
- jspwiki <removed>
-CVE-2022-24947
- RESERVED
+CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...)
- jspwiki <removed>
CVE-2022-24946
RESERVED
@@ -3855,8 +3900,8 @@ CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor u
CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught exceptions ...)
- libmetadata-extractor-java <unfixed>
NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
-CVE-2022-24612
- RESERVED
+CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...)
+ TODO: check
CVE-2022-24611
RESERVED
CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...)
@@ -3894,8 +3939,8 @@ CVE-2022-24596
RESERVED
CVE-2022-24595
RESERVED
-CVE-2022-24594
- RESERVED
+CVE-2022-24594 (In waline 1.6.1, an attacker can submit messages using X-Forwarded-For ...)
+ TODO: check
CVE-2022-24593
RESERVED
CVE-2022-24592
@@ -4493,48 +4538,48 @@ CVE-2022-24349
RESERVED
CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...)
NOT-FOR-US: Argo CD
-CVE-2022-24347
- RESERVED
-CVE-2022-24346
- RESERVED
-CVE-2022-24345
- RESERVED
-CVE-2022-24344
- RESERVED
-CVE-2022-24343
- RESERVED
-CVE-2022-24342
- RESERVED
-CVE-2022-24341
- RESERVED
-CVE-2022-24340
- RESERVED
-CVE-2022-24339
- RESERVED
-CVE-2022-24338
- RESERVED
-CVE-2022-24337
- RESERVED
-CVE-2022-24336
- RESERVED
-CVE-2022-24335
- RESERVED
-CVE-2022-24334
- RESERVED
-CVE-2022-24333
- RESERVED
-CVE-2022-24332
- RESERVED
-CVE-2022-24331
- RESERVED
-CVE-2022-24330
- RESERVED
-CVE-2022-24329
- RESERVED
-CVE-2022-24328
- RESERVED
-CVE-2022-24327
- RESERVED
+CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS vi ...)
+ TODO: check
+CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via R ...)
+ TODO: check
+CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (with ...)
+ TODO: check
+CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on ...)
+ TODO: check
+CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could be set ...)
+ TODO: check
+CVE-2022-24342 (In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF w ...)
+ TODO: check
+CVE-2022-24341 (In JetBrains TeamCity before 2021.2.1, editing a user account to chang ...)
+ TODO: check
+CVE-2022-24340 (In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the c ...)
+ TODO: check
+CVE-2022-24339 (JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. ...)
+ TODO: check
+CVE-2022-24338 (JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. ...)
+ TODO: check
+CVE-2022-24337 (In JetBrains TeamCity before 2021.2, health items of pull requests wer ...)
+ TODO: check
+CVE-2022-24336 (In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can ...)
+ TODO: check
+CVE-2022-24335 (JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Tim ...)
+ TODO: check
+CVE-2022-24334 (In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed ...)
+ TODO: check
+CVE-2022-24333 (In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call wa ...)
+ TODO: check
+CVE-2022-24332 (In JetBrains TeamCity before 2021.2, a logout action didn't remove a R ...)
+ TODO: check
+CVE-2022-24331 (In JetBrains TeamCity before 2021.1.4, GitLab authentication impersona ...)
+ TODO: check
+CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a redirection to an external si ...)
+ TODO: check
+CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock dependen ...)
+ TODO: check
+CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user could perfo ...)
+ TODO: check
+CVE-2022-24327 (In JetBrains Hub before 2021.1.13890, integration with JetBrains Accou ...)
+ TODO: check
CVE-2022-24326
RESERVED
CVE-2022-24325
@@ -4667,8 +4712,7 @@ CVE-2022-24290
RESERVED
CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...)
NOT-FOR-US: Apache Cayenne
-CVE-2022-24288
- RESERVED
+CVE-2022-24288 (In Apache Airflow, prior to version 2.2.4, some example DAGs did not p ...)
- airflow <itp> (bug #819700)
CVE-2022-24287
RESERVED
@@ -5583,12 +5627,12 @@ CVE-2022-24037
RESERVED
CVE-2022-24036
RESERVED
-CVE-2022-23921
- RESERVED
+CVE-2022-23921 (Exploitation of this vulnerability may result in local privilege escal ...)
+ TODO: check
CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...)
NOT-FOR-US: Advantech
-CVE-2022-21798
- RESERVED
+CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission of cr ...)
+ TODO: check
CVE-2022-21154
RESERVED
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
@@ -8459,8 +8503,8 @@ CVE-2022-0249
RESERVED
CVE-2022-0248
RESERVED
-CVE-2022-0247
- RESERVED
+CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
+ TODO: check
CVE-2022-0246
RESERVED
CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...)
@@ -12173,8 +12217,8 @@ CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remot
NOT-FOR-US: Foxit
CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
NOT-FOR-US: Foxit
-CVE-2021-45977
- RESERVED
+CVE-2021-45977 (JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, P ...)
+ TODO: check
CVE-2021-45976
RESERVED
CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...)
@@ -15063,8 +15107,7 @@ CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Mic
NOT-FOR-US: Trend Micro
CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...)
- airflow <itp> (bug #819700)
-CVE-2021-45229
- RESERVED
+CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen was suscep ...)
- airflow <itp> (bug #819700)
CVE-2021-45228
RESERVED
@@ -26855,8 +26898,8 @@ CVE-2021-42246
RESERVED
CVE-2021-42245
RESERVED
-CVE-2021-42244
- RESERVED
+CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo ...)
+ TODO: check
CVE-2021-42243
RESERVED
CVE-2021-42242
@@ -32347,14 +32390,14 @@ CVE-2021-40048
RESERVED
CVE-2021-40047
RESERVED
-CVE-2021-40046
- RESERVED
+CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation vulnerability. ...)
+ TODO: check
CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...)
NOT-FOR-US: Huawei
CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...)
NOT-FOR-US: Huawei
-CVE-2021-40043
- RESERVED
+CVE-2021-40043 (The laser command injection vulnerability exists on AIS-BW80H-00 versi ...)
+ TODO: check
CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
NOT-FOR-US: Huawei
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
@@ -34923,8 +34966,8 @@ CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged
NOT-FOR-US: IBM
CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
NOT-FOR-US: IBM
-CVE-2021-38993
- RESERVED
+CVE-2021-38993 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
+ TODO: check
CVE-2021-38992
RESERVED
CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...)
@@ -38800,8 +38843,8 @@ CVE-2021-37506
RESERVED
CVE-2021-37505
RESERVED
-CVE-2021-37504
- RESERVED
+CVE-2021-37504 (A cross-site scripting (XSS) vulnerability in the fileNameStr paramete ...)
+ TODO: check
CVE-2021-37503
RESERVED
CVE-2021-37502
@@ -39722,8 +39765,8 @@ CVE-2021-37105 (There is an improper file upload control vulnerability in Fusion
NOT-FOR-US: FusionCompute (Huawei)
CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...)
NOT-FOR-US: Huawei
-CVE-2021-37103
- RESERVED
+CVE-2021-37103 (There is an improper permission management vulnerability in the Wallet ...)
+ TODO: check
CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...)
NOT-FOR-US: Huawei
CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
@@ -39874,8 +39917,8 @@ CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartp
NOT-FOR-US: Huawei
CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...)
NOT-FOR-US: Huawei
-CVE-2021-37027
- RESERVED
+CVE-2021-37027 (There is a DoS vulnerability in smartphones. Successful exploitation o ...)
+ TODO: check
CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
@@ -66004,8 +66047,8 @@ CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary file
NOT-FOR-US: BigFileAgent
CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
NOT-FOR-US: ToWord of ToOffice
-CVE-2021-26617
- RESERVED
+CVE-2021-26617 (This issues due to insufficient verification of the various input valu ...)
+ TODO: check
CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
NOT-FOR-US: SecuwaySSL client for MacOS
CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
@@ -76044,8 +76087,8 @@ CVE-2021-22491 (There is an Input verification vulnerability in Huawei Smartphon
NOT-FOR-US: Huawei
CVE-2021-22490 (There is a Permission verification vulnerability in Huawei Smartphone. ...)
NOT-FOR-US: Huawei
-CVE-2021-22489
- RESERVED
+CVE-2021-22489 (There is a DoS vulnerability in smartphones. Successful exploitation o ...)
+ TODO: check
CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
NOT-FOR-US: Huawei
CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei Smartphone. Suc ...)
@@ -76062,12 +76105,12 @@ CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smart
NOT-FOR-US: Huawei
CVE-2021-22481 (There is a Verification errors vulnerability in Huawei Smartphone.Succ ...)
NOT-FOR-US: Huawei
-CVE-2021-22480
- RESERVED
-CVE-2021-22479
- RESERVED
-CVE-2021-22478
- RESERVED
+CVE-2021-22480 (The interface of a certain HarmonyOS module has an integer overflow vu ...)
+ TODO: check
+CVE-2021-22479 (The interface of a certain HarmonyOS module has an invalid address acc ...)
+ TODO: check
+CVE-2021-22478 (The interface of a certain HarmonyOS module has a UAF vulnerability. S ...)
+ TODO: check
CVE-2021-22477
RESERVED
CVE-2021-22476
@@ -76126,8 +76169,8 @@ CVE-2021-22450 (A component of the HarmonyOS has a Incomplete Cleanup vulnerabil
NOT-FOR-US: HarmonyOS
CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...)
NOT-FOR-US: Elf-G10HN (Huawei)
-CVE-2021-22448
- RESERVED
+CVE-2021-22448 (There is an improper verification vulnerability in smartphones. Succes ...)
+ TODO: check
CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional Conditions Vulne ...)
NOT-FOR-US: Huawei
CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
@@ -76140,38 +76183,38 @@ CVE-2021-22443 (There is an Input Verification Vulnerability in Huawei Smartphon
NOT-FOR-US: Huawei
CVE-2021-22442 (There is an Improper Validation of Integrity Check Value Vulnerability ...)
NOT-FOR-US: Huawei
-CVE-2021-22441
- RESERVED
+CVE-2021-22441 (Some Huawei products have an integer overflow vulnerability. Successfu ...)
+ TODO: check
CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...)
NOT-FOR-US: Huawei
CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
NOT-FOR-US: Huawei
CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
NOT-FOR-US: Huawei
-CVE-2021-22437
- RESERVED
+CVE-2021-22437 (There is a software integer overflow leading to a TOCTOU condition in ...)
+ TODO: check
CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei Smartphone.Successful ...)
NOT-FOR-US: Huawei
CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...)
NOT-FOR-US: Huawei
-CVE-2021-22434
- RESERVED
-CVE-2021-22433
- RESERVED
-CVE-2021-22432
- RESERVED
-CVE-2021-22431
- RESERVED
-CVE-2021-22430
- RESERVED
-CVE-2021-22429
- RESERVED
+CVE-2021-22434 (There is a memory address out of bounds vulnerability in smartphones. ...)
+ TODO: check
+CVE-2021-22433 (There is a memory address out of bounds in smartphones. Successful exp ...)
+ TODO: check
+CVE-2021-22432 (There is a vulnerability when configuring permission isolation in smar ...)
+ TODO: check
+CVE-2021-22431 (There is a vulnerability when configuring permission isolation in smar ...)
+ TODO: check
+CVE-2021-22430 (There is a logic bypass vulnerability in smartphones. Successful explo ...)
+ TODO: check
+CVE-2021-22429 (There is a memory address out of bounds in smartphones. Successful exp ...)
+ TODO: check
CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartpho ...)
NOT-FOR-US: Huawei
-CVE-2021-22426
- RESERVED
+CVE-2021-22426 (There is a memory address out of bounds in smartphones. Successful exp ...)
+ TODO: check
CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...)
@@ -76232,10 +76275,10 @@ CVE-2021-22397 (There is a privilege escalation vulnerability in Huawei ManageOn
NOT-FOR-US: Huawei
CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei products. ...)
NOT-FOR-US: Huawei
-CVE-2021-22395
- RESERVED
-CVE-2021-22394
- RESERVED
+CVE-2021-22395 (There is a code injection vulnerability in smartphones. Successful exp ...)
+ TODO: check
+CVE-2021-22394 (There is a buffer overflow vulnerability in smartphones. Successful ex ...)
+ TODO: check
CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...)
NOT-FOR-US: CloudEngine (Huawei)
CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...)
@@ -76384,8 +76427,8 @@ CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A m
NOT-FOR-US: Huawei
CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...)
NOT-FOR-US: Huawei
-CVE-2021-22319
- RESERVED
+CVE-2021-22319 (There is an improper verification vulnerability in smartphones. Succes ...)
+ TODO: check
CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulner ...)
NOT-FOR-US: HarmonyOS
CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d2ff1de0968f21ef631b90dfae3c1d0c5b17eb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82d2ff1de0968f21ef631b90dfae3c1d0c5b17eb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220225/dd8748f6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list