[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 18 20:10:40 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a74fe88 by security tracker role at 2022-01-18T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,387 @@
+CVE-2022-23398
+ RESERVED
+CVE-2022-23397
+ RESERVED
+CVE-2022-23396
+ RESERVED
+CVE-2022-23395
+ RESERVED
+CVE-2022-23394
+ RESERVED
+CVE-2022-23393
+ RESERVED
+CVE-2022-23392
+ RESERVED
+CVE-2022-23391
+ RESERVED
+CVE-2022-23390
+ RESERVED
+CVE-2022-23389
+ RESERVED
+CVE-2022-23388
+ RESERVED
+CVE-2022-23387
+ RESERVED
+CVE-2022-23386
+ RESERVED
+CVE-2022-23385
+ RESERVED
+CVE-2022-23384
+ RESERVED
+CVE-2022-23383
+ RESERVED
+CVE-2022-23382
+ RESERVED
+CVE-2022-23381
+ RESERVED
+CVE-2022-23380
+ RESERVED
+CVE-2022-23379
+ RESERVED
+CVE-2022-23378
+ RESERVED
+CVE-2022-23377
+ RESERVED
+CVE-2022-23376
+ RESERVED
+CVE-2022-23375
+ RESERVED
+CVE-2022-23374
+ RESERVED
+CVE-2022-23373
+ RESERVED
+CVE-2022-23372
+ RESERVED
+CVE-2022-23371
+ RESERVED
+CVE-2022-23370
+ RESERVED
+CVE-2022-23369
+ RESERVED
+CVE-2022-23368
+ RESERVED
+CVE-2022-23367
+ RESERVED
+CVE-2022-23366
+ RESERVED
+CVE-2022-23365
+ RESERVED
+CVE-2022-23364
+ RESERVED
+CVE-2022-23363
+ RESERVED
+CVE-2022-23362
+ RESERVED
+CVE-2022-23361
+ RESERVED
+CVE-2022-23360
+ RESERVED
+CVE-2022-23359
+ RESERVED
+CVE-2022-23358
+ RESERVED
+CVE-2022-23357
+ RESERVED
+CVE-2022-23356
+ RESERVED
+CVE-2022-23355
+ RESERVED
+CVE-2022-23354
+ RESERVED
+CVE-2022-23353
+ RESERVED
+CVE-2022-23352
+ RESERVED
+CVE-2022-23351
+ RESERVED
+CVE-2022-23350
+ RESERVED
+CVE-2022-23349
+ RESERVED
+CVE-2022-23348
+ RESERVED
+CVE-2022-23347
+ RESERVED
+CVE-2022-23346
+ RESERVED
+CVE-2022-23345
+ RESERVED
+CVE-2022-23344
+ RESERVED
+CVE-2022-23343
+ RESERVED
+CVE-2022-23342
+ RESERVED
+CVE-2022-23341
+ RESERVED
+CVE-2022-23340
+ RESERVED
+CVE-2022-23339
+ RESERVED
+CVE-2022-23338
+ RESERVED
+CVE-2022-23337
+ RESERVED
+CVE-2022-23336
+ RESERVED
+CVE-2022-23335
+ RESERVED
+CVE-2022-23334
+ RESERVED
+CVE-2022-23333
+ RESERVED
+CVE-2022-23332
+ RESERVED
+CVE-2022-23331
+ RESERVED
+CVE-2022-23330
+ RESERVED
+CVE-2022-23329
+ RESERVED
+CVE-2022-23328
+ RESERVED
+CVE-2022-23327
+ RESERVED
+CVE-2022-23326
+ RESERVED
+CVE-2022-23325
+ RESERVED
+CVE-2022-23324
+ RESERVED
+CVE-2022-23323
+ RESERVED
+CVE-2022-23322
+ RESERVED
+CVE-2022-23321
+ RESERVED
+CVE-2022-23320
+ RESERVED
+CVE-2022-23319
+ RESERVED
+CVE-2022-23318
+ RESERVED
+CVE-2022-23317
+ RESERVED
+CVE-2022-23316
+ RESERVED
+CVE-2022-23315
+ RESERVED
+CVE-2022-23314
+ RESERVED
+CVE-2022-23313
+ RESERVED
+CVE-2022-22137
+ RESERVED
+CVE-2022-21801
+ RESERVED
+CVE-2022-21796
+ RESERVED
+CVE-2022-0274
+ RESERVED
+CVE-2022-0273
+ RESERVED
+CVE-2022-0272
+ RESERVED
+CVE-2022-0271
+ RESERVED
+CVE-2022-0270
+ RESERVED
+CVE-2022-0269
+ RESERVED
+CVE-2022-0268
+ RESERVED
+CVE-2022-0267
+ RESERVED
+CVE-2021-46399
+ RESERVED
+CVE-2021-46398
+ RESERVED
+CVE-2021-46397
+ RESERVED
+CVE-2021-46396
+ RESERVED
+CVE-2021-46395
+ RESERVED
+CVE-2021-46394
+ RESERVED
+CVE-2021-46393
+ RESERVED
+CVE-2021-46392
+ RESERVED
+CVE-2021-46391
+ RESERVED
+CVE-2021-46390
+ RESERVED
+CVE-2021-46389
+ RESERVED
+CVE-2021-46388
+ RESERVED
+CVE-2021-46387
+ RESERVED
+CVE-2021-46386
+ RESERVED
+CVE-2021-46385
+ RESERVED
+CVE-2021-46384
+ RESERVED
+CVE-2021-46383
+ RESERVED
+CVE-2021-46382
+ RESERVED
+CVE-2021-46381
+ RESERVED
+CVE-2021-46380
+ RESERVED
+CVE-2021-46379
+ RESERVED
+CVE-2021-46378
+ RESERVED
+CVE-2021-46377
+ RESERVED
+CVE-2021-46376
+ RESERVED
+CVE-2021-46375
+ RESERVED
+CVE-2021-46374
+ RESERVED
+CVE-2021-46373
+ RESERVED
+CVE-2021-46372
+ RESERVED
+CVE-2021-46371
+ RESERVED
+CVE-2021-46370
+ RESERVED
+CVE-2021-46369
+ RESERVED
+CVE-2021-46368
+ RESERVED
+CVE-2021-46367
+ RESERVED
+CVE-2021-46366
+ RESERVED
+CVE-2021-46365
+ RESERVED
+CVE-2021-46364
+ RESERVED
+CVE-2021-46363
+ RESERVED
+CVE-2021-46362
+ RESERVED
+CVE-2021-46361
+ RESERVED
+CVE-2021-46360
+ RESERVED
+CVE-2021-46359
+ RESERVED
+CVE-2021-46358
+ RESERVED
+CVE-2021-46357
+ RESERVED
+CVE-2021-46356
+ RESERVED
+CVE-2021-46355
+ RESERVED
+CVE-2021-46354
+ RESERVED
+CVE-2021-46353
+ RESERVED
+CVE-2021-46352
+ RESERVED
+CVE-2021-46351
+ RESERVED
+CVE-2021-46350
+ RESERVED
+CVE-2021-46349
+ RESERVED
+CVE-2021-46348
+ RESERVED
+CVE-2021-46347
+ RESERVED
+CVE-2021-46346
+ RESERVED
+CVE-2021-46345
+ RESERVED
+CVE-2021-46344
+ RESERVED
+CVE-2021-46343
+ RESERVED
+CVE-2021-46342
+ RESERVED
+CVE-2021-46341
+ RESERVED
+CVE-2021-46340
+ RESERVED
+CVE-2021-46339
+ RESERVED
+CVE-2021-46338
+ RESERVED
+CVE-2021-46337
+ RESERVED
+CVE-2021-46336
+ RESERVED
+CVE-2021-46335
+ RESERVED
+CVE-2021-46334
+ RESERVED
+CVE-2021-46333
+ RESERVED
+CVE-2021-46332
+ RESERVED
+CVE-2021-46331
+ RESERVED
+CVE-2021-46330
+ RESERVED
+CVE-2021-46329
+ RESERVED
+CVE-2021-46328
+ RESERVED
+CVE-2021-46327
+ RESERVED
+CVE-2021-46326
+ RESERVED
+CVE-2021-46325
+ RESERVED
+CVE-2021-46324
+ RESERVED
+CVE-2021-46323
+ RESERVED
+CVE-2021-46322
+ RESERVED
+CVE-2021-46321
+ RESERVED
+CVE-2021-46320
+ RESERVED
+CVE-2021-46319
+ RESERVED
+CVE-2021-46318
+ RESERVED
+CVE-2021-46317
+ RESERVED
+CVE-2021-46316
+ RESERVED
+CVE-2021-46315
+ RESERVED
+CVE-2021-46314
+ RESERVED
+CVE-2021-46313
+ RESERVED
+CVE-2021-46312
+ RESERVED
+CVE-2021-46311
+ RESERVED
+CVE-2021-46310
+ RESERVED
+CVE-2021-46309
+ RESERVED
+CVE-2021-46308
+ RESERVED
+CVE-2021-46307
+ RESERVED
+CVE-2021-46306
+ RESERVED
+CVE-2021-46305
+ RESERVED
CVE-2022-23312
RESERVED
CVE-2022-23311
@@ -12,20 +396,20 @@ CVE-2022-0266
RESERVED
CVE-2022-0265
RESERVED
-CVE-2022-23307
- RESERVED
+CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
+ TODO: check
CVE-2022-23306
RESERVED
-CVE-2022-23305
- RESERVED
-CVE-2022-0263
- RESERVED
-CVE-2022-0262
- RESERVED
-CVE-2022-0261
- RESERVED
-CVE-2022-0260
- RESERVED
+CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
+ TODO: check
+CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
+ TODO: check
+CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ TODO: check
+CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
+CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
CVE-2022-0259
RESERVED
CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...)
@@ -71,12 +455,12 @@ CVE-2022-0264 [bpf: Fix kernel address leakage in atomic fetch]
NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6)
CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0244
- RESERVED
+CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2022-0243
RESERVED
-CVE-2022-23302
- RESERVED
+CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
+ TODO: check
CVE-2022-22142
RESERVED
CVE-2022-21805
@@ -255,18 +639,18 @@ CVE-2022-23220
RESERVED
CVE-2022-0237
RESERVED
-CVE-2022-0236
- RESERVED
+CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)
+ TODO: check
CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...)
- node-fetch <unfixed>
NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
TODO: check fixing commit
CVE-2022-0234
RESERVED
-CVE-2022-0233
- RESERVED
-CVE-2022-0232
- RESERVED
+CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...)
+ TODO: check
+CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...)
+ TODO: check
CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: livehelperchat
CVE-2022-0230
@@ -377,8 +761,8 @@ CVE-2022-0218
RESERVED
CVE-2022-0216
RESERVED
-CVE-2022-0215
- RESERVED
+CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...)
+ TODO: check
CVE-2022-0214
RESERVED
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
@@ -479,8 +863,8 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket
NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448
NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3
-CVE-2022-0210
- RESERVED
+CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...)
+ TODO: check
CVE-2022-0209
RESERVED
CVE-2022-0208
@@ -759,8 +1143,8 @@ CVE-2022-23085
RESERVED
CVE-2022-23084
RESERVED
-CVE-2022-23083
- RESERVED
+CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...)
+ TODO: check
CVE-2022-23082
RESERVED
CVE-2022-23081
@@ -1257,8 +1641,7 @@ CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
-CVE-2022-0172
- RESERVED
+CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-0171
RESERVED
@@ -1901,16 +2284,13 @@ CVE-2022-22734
RESERVED
CVE-2022-22733
RESERVED
-CVE-2022-0154
- RESERVED
+CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-0153
RESERVED
-CVE-2022-0152
- RESERVED
+CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2022-0151
- RESERVED
+CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-0150
RESERVED
@@ -2076,10 +2456,10 @@ CVE-2022-22693
RESERVED
CVE-2022-22692
RESERVED
-CVE-2022-22691
- RESERVED
-CVE-2022-22690
- RESERVED
+CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...)
+ TODO: check
+CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
+ TODO: check
CVE-2022-22689
RESERVED
CVE-2022-22688
@@ -2141,11 +2521,9 @@ CVE-2022-0127
RESERVED
CVE-2022-0126
RESERVED
-CVE-2022-0125
- RESERVED
+CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2022-0124
- RESERVED
+CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- gitlab <unfixed>
CVE-2022-0123
RESERVED
@@ -2607,15 +2985,13 @@ CVE-2022-0095
RESERVED
CVE-2022-0094
RESERVED
-CVE-2022-0093
- RESERVED
+CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- gitlab <unfixed>
CVE-2022-0092
RESERVED
CVE-2022-0091
RESERVED
-CVE-2022-0090
- RESERVED
+CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- gitlab <unfixed>
CVE-2022-0089
RESERVED
@@ -3423,10 +3799,10 @@ CVE-2021-46015
RESERVED
CVE-2021-46014
RESERVED
-CVE-2021-46013
- RESERVED
+CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...)
+ TODO: check
CVE-2021-46012
- RESERVED
+ REJECTED
CVE-2021-46011
RESERVED
CVE-2021-46010
@@ -3439,8 +3815,8 @@ CVE-2021-46007
RESERVED
CVE-2021-46006
RESERVED
-CVE-2021-46005
- RESERVED
+CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...)
+ TODO: check
CVE-2021-46004
RESERVED
CVE-2021-46003
@@ -5582,8 +5958,8 @@ CVE-2021-4147 [deadlock and crash in libxl driver]
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
-CVE-2021-4146
- RESERVED
+CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...)
+ TODO: check
CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c]
RESERVED
- qemu 1:6.2+dfsg-1
@@ -5721,8 +6097,8 @@ CVE-2021-45396
RESERVED
CVE-2021-45395
RESERVED
-CVE-2021-45394
- RESERVED
+CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...)
+ TODO: check
CVE-2021-45393
RESERVED
CVE-2021-45392
@@ -7580,12 +7956,12 @@ CVE-2021-44842
RESERVED
CVE-2021-44841
RESERVED
-CVE-2021-44840
- RESERVED
+CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...)
+ TODO: check
CVE-2021-44839
RESERVED
-CVE-2021-44838
- RESERVED
+CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...)
+ TODO: check
CVE-2021-44837
RESERVED
CVE-2021-44836
@@ -7914,8 +8290,7 @@ CVE-2021-4085
RESERVED
CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: Pimcore
-CVE-2021-4083
- RESERVED
+CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...)
- linux 5.15.5-2
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4)
@@ -7925,8 +8300,8 @@ CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During
NOT-FOR-US: Pimcore
CVE-2021-44758
RESERVED
-CVE-2021-44757
- RESERVED
+CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...)
+ TODO: check
CVE-2021-44756
RESERVED
CVE-2021-44755
@@ -8172,8 +8547,8 @@ CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 i
NOT-FOR-US: Zoho ManageEngine
CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: snipe-it
-CVE-2021-4074
- RESERVED
+CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...)
+ TODO: check
CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...)
@@ -8560,8 +8935,8 @@ CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33)
-CVE-2021-43353
- RESERVED
+CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...)
+ TODO: check
CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
@@ -9526,8 +9901,8 @@ CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...)
NOT-FOR-US: Gin-Vue-Admin
CVE-2021-44218
RESERVED
-CVE-2021-44217
- RESERVED
+CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...)
+ TODO: check
CVE-2021-44216
RESERVED
CVE-2021-44215
@@ -10377,8 +10752,8 @@ CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to c
TODO: check
CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...)
NOT-FOR-US: Discourse
-CVE-2022-21683
- RESERVED
+CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...)
+ TODO: check
CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...)
- flatpak 1.12.3-1
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
@@ -18817,12 +19192,12 @@ CVE-2021-41811
RESERVED
CVE-2021-41810
RESERVED
-CVE-2021-41809
- RESERVED
-CVE-2021-41808
- RESERVED
-CVE-2021-41807
- RESERVED
+CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...)
+ TODO: check
+CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...)
+ TODO: check
+CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...)
+ TODO: check
CVE-2021-41806
RESERVED
CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...)
@@ -19442,10 +19817,10 @@ CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.8
NOT-FOR-US: ARCHIBUS Web Central
CVE-2021-41552
RESERVED
-CVE-2021-41551
- RESERVED
-CVE-2021-41550
- RESERVED
+CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
+ TODO: check
+CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...)
+ TODO: check
CVE-2021-41549
RESERVED
CVE-2021-41548
@@ -23340,8 +23715,7 @@ CVE-2021-39948
RESERVED
CVE-2021-39947
RESERVED
-CVE-2021-39946
- RESERVED
+CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...)
- gitlab <unfixed>
CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...)
- gitlab <unfixed>
@@ -23349,8 +23723,7 @@ CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versi
- gitlab <unfixed>
CVE-2021-39943
RESERVED
-CVE-2021-39942
- RESERVED
+CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
- gitlab <unfixed>
CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...)
- gitlab <unfixed>
@@ -23388,8 +23761,7 @@ CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html
-CVE-2021-39927
- RESERVED
+CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...)
- gitlab <unfixed>
CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...)
{DSA-5019-1}
@@ -23489,8 +23861,8 @@ CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebindi
- gitlab <unfixed>
CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
- gitlab <unfixed>
-CVE-2021-39892
- RESERVED
+CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...)
+ TODO: check
CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
- gitlab <unfixed>
CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...)
@@ -26152,12 +26524,12 @@ CVE-2021-38787
RESERVED
CVE-2021-38786
RESERVED
-CVE-2021-38785
- RESERVED
-CVE-2021-38784
- RESERVED
-CVE-2021-38783
- RESERVED
+CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...)
+ TODO: check
+CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...)
+ TODO: check
+CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...)
+ TODO: check
CVE-2021-38782
RESERVED
CVE-2021-38781
@@ -26346,14 +26718,14 @@ CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint
- consul <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15)
-CVE-2021-38697
- RESERVED
-CVE-2021-38696
- RESERVED
-CVE-2021-38695
- RESERVED
-CVE-2021-38694
- RESERVED
+CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...)
+ TODO: check
+CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...)
+ TODO: check
+CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...)
+ TODO: check
+CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...)
+ TODO: check
CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...)
NOT-FOR-US: UCWeb UC
CVE-2021-38693
@@ -28669,14 +29041,14 @@ CVE-2021-37869
RESERVED
CVE-2021-37868
RESERVED
-CVE-2021-37867
- RESERVED
-CVE-2021-37866
- RESERVED
-CVE-2021-37865
- RESERVED
-CVE-2021-37864
- RESERVED
+CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...)
+ TODO: check
+CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...)
+ TODO: check
+CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...)
+ TODO: check
+CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...)
+ TODO: check
CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...)
TODO: check
CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...)
@@ -34906,7 +35278,7 @@ CVE-2021-35249
RESERVED
CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
NOT-FOR-US: SolarWinds
-CVE-2021-35247 (Serv-U web login screen was allowing characters that were not sanitize ...)
+CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...)
NOT-FOR-US: SolarWinds
CVE-2021-35246
RESERVED
@@ -36857,18 +37229,18 @@ CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before
NOT-FOR-US: Zoom Client for Meetings for Windows
CVE-2021-34407
REJECTED
-CVE-2021-34406
- RESERVED
-CVE-2021-34405
- RESERVED
-CVE-2021-34404
- RESERVED
-CVE-2021-34403
- RESERVED
-CVE-2021-34402
- RESERVED
-CVE-2021-34401
- RESERVED
+CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...)
+ TODO: check
+CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone’ ...)
+ TODO: check
+CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...)
+ TODO: check
+CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...)
+ TODO: check
+CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...)
+ TODO: check
+CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...)
+ TODO: check
CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
NOT-FOR-US: NVIDIA
CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
@@ -37787,10 +38159,10 @@ CVE-2021-33967
RESERVED
CVE-2021-33966
RESERVED
-CVE-2021-33965
- RESERVED
-CVE-2021-33964
- RESERVED
+CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ TODO: check
+CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ TODO: check
CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...)
NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface
CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...)
@@ -43636,7 +44008,8 @@ CVE-2021-31773
RESERVED
CVE-2021-31772
RESERVED
-CVE-2021-31771 (** DISPUTED ** Splinterware System Scheduler Professional version 5.30 ...)
+CVE-2021-31771
+ REJECTED
NOT-FOR-US: Splinterware
CVE-2021-31770
RESERVED
@@ -48728,8 +49101,8 @@ CVE-2021-29874
RESERVED
CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...)
NOT-FOR-US: IBM
-CVE-2021-29872
- RESERVED
+CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...)
+ TODO: check
CVE-2021-29871
RESERVED
CVE-2021-29870
@@ -49298,8 +49671,8 @@ CVE-2021-29634
RESERVED
CVE-2021-29633
RESERVED
-CVE-2021-29632
- RESERVED
+CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...)
+ TODO: check
CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...)
NOT-FOR-US: FreeBSD
CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...)
@@ -50361,8 +50734,8 @@ CVE-2021-29217
RESERVED
CVE-2021-29216
RESERVED
-CVE-2021-29215
- RESERVED
+CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
+ TODO: check
CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
NOT-FOR-US: HPE
CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
@@ -66476,8 +66849,8 @@ CVE-2021-22568 (When using the dart pub publish command to publish a package to
TODO: check
CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...)
TODO: check
-CVE-2021-22566
- RESERVED
+CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...)
+ TODO: check
CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...)
TODO: check
CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
@@ -116986,14 +117359,14 @@ CVE-2020-14112
RESERVED
CVE-2020-14111
RESERVED
-CVE-2020-14110
- RESERVED
+CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...)
+ TODO: check
CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...)
NOT-FOR-US: Xiaomi
CVE-2020-14108
RESERVED
-CVE-2020-14107
- RESERVED
+CVE-2020-14107 (A stack overflow in the HTTP server of Cast can be exploited to make t ...)
+ TODO: check
CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...)
NOT-FOR-US: Xiaomi
CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...)
@@ -213548,6 +213921,7 @@ CVE-2018-19049
CVE-2017-18351
RESERVED
CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...)
+ {DLA-2887-1}
- lighttpd 1.4.52-1 (bug #913528)
[jessie] - lighttpd <no-dsa> (Minor issue)
NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a74fe883456bae65bf3f663f378fc9fcf8179e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a74fe883456bae65bf3f663f378fc9fcf8179e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220118/29eacb97/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list