[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 8 08:10:19 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44c381b1 by security tracker role at 2022-01-08T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...)
+ TODO: check
+CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...)
+ TODO: check
+CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...)
+ TODO: check
+CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...)
+ TODO: check
+CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an ...)
+ TODO: check
+CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...)
+ TODO: check
+CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...)
+ TODO: check
+CVE-2022-22820
+ RESERVED
+CVE-2022-22819
+ RESERVED
+CVE-2022-22818
+ RESERVED
+CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...)
+ TODO: check
+CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...)
+ TODO: check
+CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...)
+ TODO: check
+CVE-2022-22814
+ RESERVED
+CVE-2022-0155
+ RESERVED
CVE-2022-22813
RESERVED
CVE-2022-22812
@@ -303,10 +333,10 @@ CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux somet
NOT-FOR-US: zabbix-agent2 package for Alpine
CVE-2022-22703
RESERVED
-CVE-2022-22702
- RESERVED
-CVE-2022-22701
- RESERVED
+CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...)
+ TODO: check
+CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...)
+ TODO: check
CVE-2022-22700
RESERVED
CVE-2022-22699
@@ -1471,38 +1501,38 @@ CVE-2021-46062
RESERVED
CVE-2021-46061
RESERVED
-CVE-2021-46060
- RESERVED
-CVE-2021-46059
- RESERVED
-CVE-2021-46058
- RESERVED
+CVE-2021-46060 (A NULL Pointer Dereference vulnerability exists in GNU inetutils 2.2 v ...)
+ TODO: check
+CVE-2021-46059 (A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim ...)
+ TODO: check
+CVE-2021-46058 (AHheap-based Buffer Overflow vulnerabiity exists in GNU inetutils 2.2 ...)
+ TODO: check
CVE-2021-46057
RESERVED
CVE-2021-46056
RESERVED
-CVE-2021-46055
- RESERVED
-CVE-2021-46054
- RESERVED
-CVE-2021-46053
- RESERVED
-CVE-2021-46052
- RESERVED
-CVE-2021-46051
- RESERVED
-CVE-2021-46050
- RESERVED
-CVE-2021-46049
- RESERVED
-CVE-2021-46048
- RESERVED
-CVE-2021-46047
- RESERVED
-CVE-2021-46046
- RESERVED
-CVE-2021-46045
- RESERVED
+CVE-2021-46055 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ TODO: check
+CVE-2021-46054 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ TODO: check
+CVE-2021-46053 (A Denial of Service vulnerability exists in Binaryen 103. The program ...)
+ TODO: check
+CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ TODO: check
+CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...)
+ TODO: check
+CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...)
+ TODO: check
+CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...)
+ TODO: check
+CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ TODO: check
+CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...)
+ TODO: check
+CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
+ TODO: check
+CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
+ TODO: check
CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/2006
@@ -1872,20 +1902,20 @@ CVE-2022-22291
RESERVED
CVE-2022-22290
RESERVED
-CVE-2022-22289
- RESERVED
-CVE-2022-22288
- RESERVED
-CVE-2022-22287
- RESERVED
-CVE-2022-22286
- RESERVED
-CVE-2022-22285
- RESERVED
-CVE-2022-22284
- RESERVED
-CVE-2022-22283
- RESERVED
+CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...)
+ TODO: check
+CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 ...)
+ TODO: check
+CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 ...)
+ TODO: check
+CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to version ...)
+ TODO: check
+CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to version 12.2. ...)
+ TODO: check
+CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet prior to 16. ...)
+ TODO: check
+CVE-2022-22283 (Improper session management vulnerability in Samsung Health prior to 6 ...)
+ TODO: check
CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...)
NOT-FOR-US: Netgear
CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...)
@@ -1930,26 +1960,26 @@ CVE-2022-22274
RESERVED
CVE-2022-22273
RESERVED
-CVE-2022-22272
- RESERVED
-CVE-2022-22271
- RESERVED
-CVE-2022-22270
- RESERVED
-CVE-2022-22269
- RESERVED
-CVE-2022-22268
- RESERVED
-CVE-2022-22267
- RESERVED
-CVE-2022-22266
- RESERVED
-CVE-2022-22265
- RESERVED
-CVE-2022-22264
- RESERVED
-CVE-2022-22263
- RESERVED
+CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...)
+ TODO: check
+CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...)
+ TODO: check
+CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan- ...)
+ TODO: check
+CVE-2022-22269 (Keeping sensitive data in unprotected BluetoothSettingsProvider prior ...)
+ TODO: check
+CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 ...)
+ TODO: check
+CVE-2022-22267 (Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior ...)
+ TODO: check
+CVE-2022-22266 ((Applicable to China models only) Unprotected WifiEvaluationService in ...)
+ TODO: check
+CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU driver ...)
+ TODO: check
+CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to SMR Jan ...)
+ TODO: check
+CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...)
+ TODO: check
CVE-2021-45919
RESERVED
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
@@ -4696,8 +4726,8 @@ CVE-2021-4126
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
CVE-2021-26264
RESERVED
-CVE-2021-23173
- RESERVED
+CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
+ TODO: check
CVE-2021-23157
RESERVED
CVE-2021-23138
@@ -5731,8 +5761,8 @@ CVE-2022-21825
RESERVED
CVE-2022-21824
RESERVED
-CVE-2022-21823
- RESERVED
+CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
+ TODO: check
CVE-2021-44831
RESERVED
CVE-2021-44830
@@ -6626,8 +6656,7 @@ CVE-2021-44530
RESERVED
CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...)
NOT-FOR-US: Ivanti
-CVE-2021-44528 [Possible Open Redirect in Host Authorization Middleware]
- RESERVED
+CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >= 6.0.0 that c ...)
- rails <unfixed> (bug #1001817)
[buster] - rails <not-affected> (Vulnerable code introduced later)
[stretch] - rails <not-affected> (Vulnerable code introduced later)
@@ -13255,10 +13284,10 @@ CVE-2021-42751
RESERVED
CVE-2021-42750
RESERVED
-CVE-2021-42749
- RESERVED
-CVE-2021-42748
- RESERVED
+CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...)
+ TODO: check
+CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...)
+ TODO: check
CVE-2021-42747
RESERVED
CVE-2021-42745
@@ -15074,8 +15103,8 @@ CVE-2020-36487
RESERVED
CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...)
NOT-FOR-US: Swift File Transfer Mobile
-CVE-2021-42392
- RESERVED
+CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
+ TODO: check
CVE-2021-42391
RESERVED
CVE-2021-42390
@@ -21085,104 +21114,104 @@ CVE-2021-40043
RESERVED
CVE-2021-40042
RESERVED
-CVE-2021-40041
- RESERVED
+CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
+ TODO: check
CVE-2021-40040
RESERVED
-CVE-2021-40039
- RESERVED
-CVE-2021-40038
- RESERVED
-CVE-2021-40037
- RESERVED
+CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...)
+ TODO: check
+CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...)
+ TODO: check
+CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...)
+ TODO: check
CVE-2021-40036
RESERVED
-CVE-2021-40035
- RESERVED
+CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ TODO: check
CVE-2021-40034
RESERVED
CVE-2021-40033
RESERVED
-CVE-2021-40032
- RESERVED
-CVE-2021-40031
- RESERVED
+CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
+ TODO: check
+CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
+ TODO: check
CVE-2021-40030
RESERVED
-CVE-2021-40029
- RESERVED
-CVE-2021-40028
- RESERVED
-CVE-2021-40027
- RESERVED
-CVE-2021-40026
- RESERVED
-CVE-2021-40025
- RESERVED
+CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ TODO: check
+CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ TODO: check
+CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...)
+ TODO: check
+CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...)
+ TODO: check
+CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...)
+ TODO: check
CVE-2021-40024
RESERVED
CVE-2021-40023
RESERVED
-CVE-2021-40022
- RESERVED
-CVE-2021-40021
- RESERVED
-CVE-2021-40020
- RESERVED
+CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
+ TODO: check
+CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ TODO: check
+CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...)
+ TODO: check
CVE-2021-40019
RESERVED
-CVE-2021-40018
- RESERVED
+CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
+ TODO: check
CVE-2021-40017
RESERVED
CVE-2021-40016
RESERVED
CVE-2021-40015
RESERVED
-CVE-2021-40014
- RESERVED
+CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ TODO: check
CVE-2021-40013
RESERVED
CVE-2021-40012
RESERVED
-CVE-2021-40011
- RESERVED
-CVE-2021-40010
- RESERVED
-CVE-2021-40009
- RESERVED
+CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in the dis ...)
+ TODO: check
+CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ TODO: check
+CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...)
+ TODO: check
CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...)
NOT-FOR-US: Huawei
CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...)
NOT-FOR-US: Huawei
-CVE-2021-40006
- RESERVED
-CVE-2021-40005
- RESERVED
-CVE-2021-40004
- RESERVED
-CVE-2021-40003
- RESERVED
-CVE-2021-40002
- RESERVED
-CVE-2021-40001
- RESERVED
-CVE-2021-40000
- RESERVED
+CVE-2021-40006 (The fingerprint module has a security risk of brute force cracking. Su ...)
+ TODO: check
+CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...)
+ TODO: check
+CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...)
+ TODO: check
+CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...)
+ TODO: check
+CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ TODO: check
+CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...)
+ TODO: check
+CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ TODO: check
CVE-2021-39999
RESERVED
-CVE-2021-39998
- RESERVED
+CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...)
+ TODO: check
CVE-2021-39997
RESERVED
-CVE-2021-39996
- RESERVED
+CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...)
+ TODO: check
CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
NOT-FOR-US: Huawei
CVE-2021-39994
RESERVED
-CVE-2021-39993
- RESERVED
+CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...)
+ TODO: check
CVE-2021-39992
RESERVED
CVE-2021-39991
@@ -32693,8 +32722,8 @@ CVE-2021-35249
RESERVED
CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
NOT-FOR-US: SolarWinds
-CVE-2021-35247
- RESERVED
+CVE-2021-35247 (Serv-U web login screen was allowing characters that were not sanitize ...)
+ TODO: check
CVE-2021-35246
RESERVED
CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
@@ -38023,12 +38052,12 @@ CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-base
NOT-FOR-US: WebAccess HMI Designer
CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...)
NOT-FOR-US: Suitelink
-CVE-2021-32998
- RESERVED
+CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...)
+ TODO: check
CVE-2021-32997
RESERVED
-CVE-2021-32996
- RESERVED
+CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...)
+ TODO: check
CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
NOT-FOR-US: Cscape
CVE-2021-32994
@@ -45054,8 +45083,8 @@ CVE-2021-30362
RESERVED
CVE-2021-30361
RESERVED
-CVE-2021-30360
- RESERVED
+CVE-2021-30360 (Users have access to the directory where the installation repair occur ...)
+ TODO: check
CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...)
NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers
CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...)
@@ -61722,8 +61751,8 @@ CVE-2021-23596
RESERVED
CVE-2021-23595
RESERVED
-CVE-2021-23594
- RESERVED
+CVE-2021-23594 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ TODO: check
CVE-2021-23593
RESERVED
CVE-2021-23592
@@ -61774,8 +61803,8 @@ CVE-2021-23570
RESERVED
CVE-2021-23569
RESERVED
-CVE-2021-23568
- RESERVED
+CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...)
+ TODO: check
CVE-2021-23567
RESERVED
CVE-2021-23566
@@ -61824,8 +61853,8 @@ CVE-2021-23545
RESERVED
CVE-2021-23544
RESERVED
-CVE-2021-23543
- RESERVED
+CVE-2021-23543 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ TODO: check
CVE-2021-23542
RESERVED
CVE-2021-23541
@@ -65250,8 +65279,8 @@ CVE-2021-22062
RESERVED
CVE-2021-22061
RESERVED
-CVE-2021-22060
- RESERVED
+CVE-2021-22060 (In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...)
+ TODO: check
CVE-2021-22059
RESERVED
CVE-2021-22058
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c381b1ad5fc5da9876dcb8e75d3022e4188330
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c381b1ad5fc5da9876dcb8e75d3022e4188330
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220108/282ff3c8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list