[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 4 20:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
45bad22c by security tracker role at 2022-01-04T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,195 @@
+CVE-2022-22567
+ RESERVED
+CVE-2022-22566
+ RESERVED
+CVE-2022-22565
+ RESERVED
+CVE-2022-22564
+ RESERVED
+CVE-2022-22563
+ RESERVED
+CVE-2022-22562
+ RESERVED
+CVE-2022-22561
+ RESERVED
+CVE-2022-22560
+ RESERVED
+CVE-2022-22559
+ RESERVED
+CVE-2022-22558
+ RESERVED
+CVE-2022-22557
+ RESERVED
+CVE-2022-22556
+ RESERVED
+CVE-2022-22555
+ RESERVED
+CVE-2022-22554
+ RESERVED
+CVE-2022-22553
+ RESERVED
+CVE-2022-22552
+ RESERVED
+CVE-2022-22551
+ RESERVED
+CVE-2022-22550
+ RESERVED
+CVE-2022-22549
+ RESERVED
+CVE-2022-22548
+ RESERVED
+CVE-2022-22547
+ RESERVED
+CVE-2022-22546
+ RESERVED
+CVE-2022-22545
+ RESERVED
+CVE-2022-22544
+ RESERVED
+CVE-2022-22543
+ RESERVED
+CVE-2022-22542
+ RESERVED
+CVE-2022-22541
+ RESERVED
+CVE-2022-22540
+ RESERVED
+CVE-2022-22539
+ RESERVED
+CVE-2022-22538
+ RESERVED
+CVE-2022-22537
+ RESERVED
+CVE-2022-22536
+ RESERVED
+CVE-2022-22535
+ RESERVED
+CVE-2022-22534
+ RESERVED
+CVE-2022-22533
+ RESERVED
+CVE-2022-22532
+ RESERVED
+CVE-2022-22531
+ RESERVED
+CVE-2022-22530
+ RESERVED
+CVE-2022-22529
+ RESERVED
+CVE-2022-22528
+ RESERVED
+CVE-2022-22527
+ RESERVED
+CVE-2022-0120
+ RESERVED
+CVE-2022-0119
+ RESERVED
+CVE-2022-0118
+ RESERVED
+CVE-2022-0117
+ RESERVED
+CVE-2022-0116
+ RESERVED
+CVE-2022-0115
+ RESERVED
+CVE-2022-0114
+ RESERVED
+CVE-2022-0113
+ RESERVED
+CVE-2022-0112
+ RESERVED
+CVE-2022-0111
+ RESERVED
+CVE-2022-0110
+ RESERVED
+CVE-2022-0109
+ RESERVED
+CVE-2022-0108
+ RESERVED
+CVE-2022-0107
+ RESERVED
+CVE-2022-0106
+ RESERVED
+CVE-2022-0105
+ RESERVED
+CVE-2022-0104
+ RESERVED
+CVE-2022-0103
+ RESERVED
+CVE-2022-0102
+ RESERVED
+CVE-2022-0101
+ RESERVED
+CVE-2022-0100
+ RESERVED
+CVE-2022-0099
+ RESERVED
+CVE-2022-0098
+ RESERVED
+CVE-2022-0097
+ RESERVED
+CVE-2022-0096
+ RESERVED
+CVE-2022-0095
+ RESERVED
+CVE-2022-0094
+ RESERVED
+CVE-2022-0093
+ RESERVED
+CVE-2022-0092
+ RESERVED
+CVE-2022-0091
+ RESERVED
+CVE-2022-0090
+ RESERVED
+CVE-2022-0089
+ RESERVED
+CVE-2022-0088
+ RESERVED
+CVE-2021-46140
+ RESERVED
+CVE-2021-46139
+ RESERVED
+CVE-2021-46138
+ RESERVED
+CVE-2021-46137
+ RESERVED
+CVE-2021-46136
+ RESERVED
+CVE-2021-46135
+ RESERVED
+CVE-2021-46134
+ RESERVED
+CVE-2021-46133
+ RESERVED
+CVE-2021-46132
+ RESERVED
+CVE-2021-46131
+ RESERVED
+CVE-2021-45722
+ RESERVED
+CVE-2021-45110
+ RESERVED
+CVE-2021-45073
+ RESERVED
+CVE-2021-44778
+ RESERVED
+CVE-2021-44468
+ RESERVED
+CVE-2021-44456
+ RESERVED
+CVE-2021-44452
+ RESERVED
+CVE-2021-43352
+ RESERVED
+CVE-2021-4199
+ RESERVED
+CVE-2021-4198
+ RESERVED
+CVE-2021-31564
+ RESERVED
+CVE-2021-23229
+ RESERVED
CVE-2022-22526
RESERVED
CVE-2022-22525
@@ -468,8 +660,8 @@ CVE-2022-22295
RESERVED
CVE-2022-22294
RESERVED
-CVE-2022-0086
- RESERVED
+CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ TODO: check
CVE-2022-0085
RESERVED
CVE-2022-0084
@@ -791,12 +983,12 @@ CVE-2021-45982
RESERVED
CVE-2021-45981
RESERVED
-CVE-2021-45980
- RESERVED
-CVE-2021-45979
- RESERVED
-CVE-2021-45978
- RESERVED
+CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ TODO: check
+CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ TODO: check
+CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ TODO: check
CVE-2021-45977
RESERVED
CVE-2021-45976
@@ -1252,10 +1444,10 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
-CVE-2021-45913
- RESERVED
-CVE-2021-45912
- RESERVED
+CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...)
+ TODO: check
+CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
+ TODO: check
CVE-2021-44775
RESERVED
CVE-2021-44465
@@ -2963,8 +3155,8 @@ CVE-2021-45391
RESERVED
CVE-2021-45390
RESERVED
-CVE-2021-45389
- RESERVED
+CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...)
+ TODO: check
CVE-2021-45388
RESERVED
CVE-2021-45387
@@ -3813,7 +4005,7 @@ CVE-2021-4127
RESERVED
CVE-2021-4126
RESERVED
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.4.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
CVE-2021-26264
@@ -4982,6 +5174,7 @@ CVE-2021-44792
CVE-2021-44791
RESERVED
CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
+ {DSA-5035-1}
- apache2 2.4.52-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
NOTE: Fixed by: https://svn.apache.org/r1896039
@@ -5717,7 +5910,7 @@ CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-44539
RESERVED
CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...)
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- element-web <itp> (bug #866502)
- olm 3.2.8~dfsg-1 (bug #1001664)
[buster] - olm <not-affected> (Vulnerable code introduced later)
@@ -6614,6 +6807,7 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficien
NOTE: https://github.com/acassen/keepalived/pull/2063
NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...)
+ {DSA-5035-1}
- apache2 2.4.52-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224
NOTE: Fixed by: https://svn.apache.org/r1895955
@@ -6764,8 +6958,8 @@ CVE-2021-44170
RESERVED
CVE-2021-44169
RESERVED
-CVE-2021-44168
- RESERVED
+CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
+ TODO: check
CVE-2021-44167
RESERVED
CVE-2021-44166
@@ -8930,8 +9124,8 @@ CVE-2021-43713
RESERVED
CVE-2021-43712
RESERVED
-CVE-2021-43711
- RESERVED
+CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
+ TODO: check
CVE-2021-43710
RESERVED
CVE-2021-43709
@@ -9365,7 +9559,7 @@ CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 re
CVE-2021-43547
RESERVED
CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9373,7 +9567,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9384,7 +9578,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s
- firefox <not-affected> (Only affects Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9392,7 +9586,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9400,7 +9594,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9411,7 +9605,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a
- firefox 95.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9419,7 +9613,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9427,7 +9621,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9435,7 +9629,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
- firefox-esr 91.4.0esr-1
- thunderbird 1:91.4.0-1
@@ -9443,7 +9637,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 93.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -9451,7 +9645,7 @@ CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -9472,12 +9666,12 @@ CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
CVE-2021-43529
RESERVED
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.3.0-1
NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...)
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
- thunderbird 1:91.4.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...)
@@ -9915,7 +10109,7 @@ CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allow
NOT-FOR-US: Sunnet eHRD
CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
NOT-FOR-US: Sunnet eHRD
-CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
+CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
- vim 2:8.2.3995-1
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
@@ -14559,30 +14753,30 @@ CVE-2022-20025
RESERVED
CVE-2022-20024
RESERVED
-CVE-2022-20023
- RESERVED
-CVE-2022-20022
- RESERVED
-CVE-2022-20021
- RESERVED
-CVE-2022-20020
- RESERVED
-CVE-2022-20019
- RESERVED
-CVE-2022-20018
- RESERVED
+CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...)
+ TODO: check
+CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...)
+ TODO: check
+CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...)
+ TODO: check
+CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...)
+ TODO: check
+CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to ...)
+ TODO: check
+CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...)
+ TODO: check
CVE-2022-20017
RESERVED
-CVE-2022-20016
- RESERVED
-CVE-2022-20015
- RESERVED
-CVE-2022-20014
- RESERVED
-CVE-2022-20013
- RESERVED
-CVE-2022-20012
- RESERVED
+CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...)
+ TODO: check
+CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...)
+ TODO: check
+CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...)
+ TODO: check
+CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...)
+ TODO: check
+CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...)
+ TODO: check
CVE-2021-42328
RESERVED
CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
@@ -15767,8 +15961,8 @@ CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dan
NOT-FOR-US: firefly-iii
CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...)
NOT-FOR-US: Trend Micro
-CVE-2021-3845
- RESERVED
+CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...)
+ TODO: check
CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
NOT-FOR-US: Apache OpenOffice
CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...)
@@ -15779,8 +15973,8 @@ CVE-2021-3844
RESERVED
CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...)
NOT-FOR-US: Lenovo
-CVE-2021-3842
- RESERVED
+CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+ TODO: check
CVE-2021-3841
RESERVED
CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...)
@@ -15904,8 +16098,8 @@ CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0
NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share
CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
-CVE-2021-41789
- RESERVED
+CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...)
+ TODO: check
CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...)
NOT-FOR-US: Netgear
CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...)
@@ -17215,8 +17409,8 @@ CVE-2021-41238 (Hangfire is an open source system to perform background job proc
NOT-FOR-US: Hangfire
CVE-2021-41237
RESERVED
-CVE-2021-41236
- RESERVED
+CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ TODO: check
CVE-2021-41235
RESERVED
CVE-2021-41234
@@ -17454,8 +17648,8 @@ CVE-2021-41143
RESERVED
CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
NOT-FOR-US: Tuleap
-CVE-2021-41141
- RESERVED
+CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...)
NOT-FOR-US: Discourse plugin
CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -18924,8 +19118,7 @@ CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the
NOT-FOR-US: "com.onepeloton.erlich" mobile application
CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
NOT-FOR-US: Peleton
-CVE-2021-40525
- RESERVED
+CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...)
NOT-FOR-US: Apache James
CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: showdoc
@@ -19873,8 +20066,8 @@ CVE-2021-40150
RESERVED
CVE-2021-40149
RESERVED
-CVE-2021-40148
- RESERVED
+CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
+ TODO: check
CVE-2021-3743
RESERVED
{DSA-4978-1 DLA-2785-1}
@@ -20005,11 +20198,9 @@ CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...)
NOT-FOR-US: Cisco
-CVE-2021-40111
- RESERVED
+CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...)
NOT-FOR-US: Apache James
-CVE-2021-40110
- RESERVED
+CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...)
NOT-FOR-US: Apache James
CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...)
NOT-FOR-US: Concrete CMS
@@ -22401,8 +22592,8 @@ CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back
- libxstream-java 1.4.18-1 (bug #998054)
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
NOTE: https://x-stream.github.io/CVE-2021-39144.html
-CVE-2021-39143
- RESERVED
+CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ TODO: check
CVE-2021-39142
RESERVED
CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
@@ -23724,8 +23915,7 @@ CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remo
NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices
CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...)
NOT-FOR-US: TP-Link
-CVE-2021-38542
- RESERVED
+CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...)
NOT-FOR-US: Apache James
CVE-2021-38541
RESERVED
@@ -23805,7 +23995,7 @@ CVE-2021-38510 (The executable file warning was not presented when downloading .
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23813,7 +24003,7 @@ CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Java
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23821,7 +24011,7 @@ CVE-2021-38508 (By displaying a form validity message in the correct location at
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23829,7 +24019,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23844,7 +24034,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23852,7 +24042,7 @@ CVE-2021-38504 (When interacting with an HTML input element's file picker dialog
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
- {DSA-5034-1 DSA-5026-1 DLA-2863-1}
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 94.0-1
- firefox-esr 91.3.0esr-1
- thunderbird 1:91.3.0-1
@@ -23860,7 +24050,7 @@ CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT styl
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503
CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
- {DSA-5034-1}
+ {DSA-5034-1 DLA-2874-1}
[experimental] - thunderbird 1:91.2.0-1
- thunderbird 1:91.2.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
@@ -23872,7 +24062,7 @@ CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
- {DSA-5034-1 DSA-4981-1 DLA-2782-1}
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
[experimental] - thunderbird 1:91.2.0-1
@@ -23900,7 +24090,7 @@ CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...)
- {DSA-5034-1 DSA-4981-1 DLA-2782-1}
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
- firefox 93.0-1
- firefox-esr 91.2.0esr-1
[experimental] - thunderbird 1:91.2.0-1
@@ -31203,7 +31393,7 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authentic
NOT-FOR-US: Wowza Streaming Engine
CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...)
+CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...)
NOT-FOR-US: Thruk
CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...)
NOT-FOR-US: Thruk
@@ -32776,8 +32966,7 @@ CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL po
NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1)
CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
NOT-FOR-US: Secure 8 (Evalos)
-CVE-2021-34797
- RESERVED
+CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...)
NOT-FOR-US: Apache Geode
CVE-2021-34796
RESERVED
@@ -40188,8 +40377,8 @@ CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrato
NOT-FOR-US: McAfee
CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
NOT-FOR-US: McAfee
-CVE-2021-31833
- RESERVED
+CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...)
+ TODO: check
CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
NOT-FOR-US: McAfee
CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
@@ -59655,8 +59844,8 @@ CVE-2021-24044
RESERVED
CVE-2021-24043
RESERVED
-CVE-2021-24042
- RESERVED
+CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
+ TODO: check
CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
TODO: check
CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...)
@@ -119437,7 +119626,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue
NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This
NOTE: CVE is closely related to CVE-2020-1957.
-CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...)
+CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...)
- xmlgraphics-commons 2.4-2 (bug #984949)
[bullseye] - xmlgraphics-commons 2.4-2~deb11u1
[buster] - xmlgraphics-commons 2.3-1+deb10u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45bad22cecf3d41950b78712b657612be43a1904
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45bad22cecf3d41950b78712b657612be43a1904
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220104/29dd5349/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list