[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 20 15:47:13 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c681e48e by Moritz Muehlenhoff at 2022-06-20T16:46:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49228,7 +49228,7 @@ CVE-2022-20235
CVE-2022-20234
RESERVED
CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20232
RESERVED
CVE-2022-20231
@@ -49274,119 +49274,119 @@ CVE-2022-20212
CVE-2022-20211
RESERVED
CVE-2022-20210 (The UE and the EMM communicate with each other using NAS messages. Whe ...)
- TODO: check
+ NOT-FOR-US: Unisoc components for Android
CVE-2022-20209 (In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20208 (In parseRecursively of cppbor_parse.cpp, there is a possible out of bo ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20207 (In static definitions of GattServiceConfig.java, there is a possible p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20206 (In setPackageOrComponentEnabled of NotificationManagerService.java, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20205 (In isFileUri of FileUtil.java, there is a possible way to bypass the c ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20204 (In registerRemoteBugreportReceivers of DevicePolicyManagerService.java ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20203 (In multiple locations of the nanopb library, there is a possible way t ...)
TODO: check
CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a possible out of ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible leak of ho ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20199
RESERVED
CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start foreground ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20196 (In gallery3d and photos, there is a possible permission bypass due to ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20195 (In the keystore library, there is a possible prevention of access to s ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20194 (In onCreate of ChooseLockGeneric.java, there is a possible permission ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20193 (In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20192 (In grantEmbeddedWindowFocus of WindowManagerService.java, there is a p ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20191 (Product: AndroidVersions: Android kernelAndroid ID: A-209324757Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20190 (Product: AndroidVersions: Android kernelAndroid ID: A-208744915Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20189
RESERVED
CVE-2022-20188 (Product: AndroidVersions: Android kernelAndroid ID: A-207254598Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20187
RESERVED
CVE-2022-20186 (In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbi ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20185 (In TBD of TBD, there is a possible use after free bug. This could lead ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20184 (Product: AndroidVersions: Android kernelAndroid ID: A-209153114Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20183 (In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20182 (In handle_ramdump of pixel_loader.c, there is a possible way to create ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20181 (Product: AndroidVersions: Android kernelAndroid ID: A-210936609Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20180
RESERVED
CVE-2022-20179 (Product: AndroidVersions: Android kernelAndroid ID: A-211683760Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20178 (In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20177 (Product: AndroidVersions: Android kernelAndroid ID: A-209906686Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20176 (In auth_store of sjtag-driver.c, there is a possible read of uninitial ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20175 (Product: AndroidVersions: Android kernelAndroid ID: A-209252491Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20174 (In exynos_secEnv_init of mach-gs101.c, there is a possible out of boun ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20173 (Product: AndroidVersions: Android kernelAndroid ID: A-207116951Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20172 (In onbind of ShannonRcsService.java, there is a possible access to pro ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20171 (Product: AndroidVersions: Android kernelAndroid ID: A-215565667Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20170 (Product: AndroidVersions: Android kernelAndroid ID: A-209421931Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20169 (Product: AndroidVersions: Android kernelAndroid ID: A-211162353Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20168 (Product: AndroidVersions: Android kernelAndroid ID: A-210594998Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20167 (Product: AndroidVersions: Android kernelAndroid ID: A-204956204Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20166 (In various methods of kernel base drivers, there is a possible out of ...)
- linux 5.10.4-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
NOTE: https://git.kernel.org/linus/aa838896d87af561a33ecefea1caa4c15a68bc47 (5.10-rc1)
CVE-2022-20165 (In asn1_parse of asn1.c, there is a possible out of bounds read due to ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20164 (Product: AndroidVersions: Android kernelAndroid ID: A-204891956Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20163
RESERVED
CVE-2022-20162 (In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds r ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20161
RESERVED
CVE-2022-20160 (Product: AndroidVersions: Android kernelAndroid ID: A-210083655Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20159 (In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a pos ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20158
RESERVED
CVE-2022-20157
RESERVED
CVE-2022-20156 (In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20155 (In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-tr ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20154 (In lock_sock_nested of sock.c, there is a possible use after free due ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
@@ -49401,28 +49401,28 @@ CVE-2022-20153 (In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible us
NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
NOTE: https://git.kernel.org/linus/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (5.13-rc1)
CVE-2022-20152 (In the TitanM chip, there is a possible out of bounds write due to a m ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20151 (Product: AndroidVersions: Android kernelAndroid ID: A-210712565Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20150
RESERVED
CVE-2022-20149 (Product: AndroidVersions: Android kernelAndroid ID: A-211685939Referen ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20148 (In TBD of TBD, there is a possible use-after-free due to a race condit ...)
- linux 5.15.3-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
CVE-2022-20147 (In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20146 (In uploadFile of FileUploadServiceImpl.java, there is a possible incor ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2022-20145 (In startLegacyVpnPrivileged of Vpn.java, there is a possible way to re ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20144 (In multiple functions of AvatarPhotoController.java, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20143 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20142 (In createFromParcel of GeofenceHardwareRequestParcelable.java, there i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20141 (In ip_check_mc_rcu of igmp.c, there is a possible use after free due t ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -49431,21 +49431,22 @@ CVE-2022-20141 (In ip_check_mc_rcu of igmp.c, there is a possible use after free
NOTE: https://source.android.com/security/bulletin/2022-06-01
NOTE: https://git.kernel.org/linus/23d2b94043ca8835bd1e67749020e839f396a1c2 (5.15-rc1)
CVE-2022-20140 (In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds wri ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20139
RESERVED
+ NOT-FOR-US: Android
CVE-2022-20138 (In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.ja ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20137 (In onCreateContextMenu of NetworkProviderSettings.java, there is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20136
RESERVED
CVE-2022-20135 (In writeToParcel of GateKeeperResponse.java, there is a possible parce ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20134 (In readArguments of CallSubjectDialog.java, there is a possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20133 (In setDiscoverableTimeout of AdapterService.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20132 (In lg_probe and related functions of hid-lg.c and other USB HID files, ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
@@ -49453,23 +49454,23 @@ CVE-2022-20132 (In lg_probe and related functions of hid-lg.c and other USB HID
[stretch] - linux 4.9.303-1
NOTE: https://source.android.com/security/bulletin/2022-06-01
CVE-2022-20131 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20130 (In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android media framework
CVE-2022-20129 (In registerPhoneAccount of PhoneAccountRegistrar.java, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20128
RESERVED
CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20126 (In setScanMode of AdapterService.java, there is a possible way to enab ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20125 (In GBoard, there is a possible way to bypass factory reset protections ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20124 (In deletePackageX of DeletePackageHelper.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20123 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2022-20122
RESERVED
CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...)
@@ -50923,7 +50924,6 @@ CVE-2022-20007 (In startActivityForAttachedApplicationIfNeeded of RootWindowCont
NOT-FOR-US: Android
CVE-2022-20006 (In several functions of KeyguardServiceWrapper.java and related files, ...)
NOT-FOR-US: Android
- NOTE: No mention of this CVE in the linked Android bulletin
CVE-2022-20005 (In validateApkInstallLocked of PackageInstallerSession.java, there is ...)
NOT-FOR-US: Android
CVE-2022-20004 (In checkSlicePermission of SliceManagerService.java, it is possible to ...)
@@ -51895,7 +51895,7 @@ CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosy
CVE-2021-41673
RESERVED
CVE-2021-41672 (PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection i ...)
- TODO: check
+ NOT-FOR-US: PEEL Shopping CMS
CVE-2021-41671
RESERVED
CVE-2021-41670
@@ -51913,11 +51913,11 @@ CVE-2021-41665
CVE-2021-41664
RESERVED
CVE-2021-41663 (A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. T ...)
- TODO: check
+ NOT-FOR-US: Mini CMS
CVE-2021-41662 (The South Gate Inn Online Reservation System v1.0 contains an SQL inje ...)
- TODO: check
+ NOT-FOR-US: South Gate Inn Online Reservation System
CVE-2021-41661 (Church Management System version 1.0 is affected by a SQL anjection vu ...)
- TODO: check
+ NOT-FOR-US: Church Management System
CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...)
NOT-FOR-US: Sourcecodester
CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...)
@@ -51931,7 +51931,7 @@ CVE-2021-41656
CVE-2021-41655
RESERVED
CVE-2021-41654 (SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows at ...)
- TODO: check
+ NOT-FOR-US: Wuzhicms
CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...)
NOT-FOR-US: TP-Link
CVE-2021-41652 (Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 al ...)
@@ -51957,7 +51957,7 @@ CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodest
CVE-2021-41642
RESERVED
CVE-2021-41641 (Deno <=1.14.0 file sandbox does not handle symbolic links correctly ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2021-41640
RESERVED
CVE-2021-41639
@@ -52340,7 +52340,7 @@ CVE-2021-41489
CVE-2021-41488
RESERVED
CVE-2021-41487 (NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserNam ...)
- TODO: check
+ NOT-FOR-US: NOKIA
CVE-2021-41486
RESERVED
CVE-2021-41485
@@ -52484,33 +52484,33 @@ CVE-2021-41423
CVE-2021-41422
RESERVED
CVE-2021-41421 (A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an a ...)
- TODO: check
+ NOT-FOR-US: MaianAffiliate
CVE-2021-41420 (A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authentic ...)
- TODO: check
+ NOT-FOR-US: MaianAffiliate
CVE-2021-41419
RESERVED
CVE-2021-41418 (AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulner ...)
- TODO: check
+ NOT-FOR-US: AriaNg
CVE-2021-41417
RESERVED
CVE-2021-41416
RESERVED
CVE-2021-41415 (Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vu ...)
- TODO: check
+ NOT-FOR-US: Subscription-Manager
CVE-2021-41414
RESERVED
CVE-2021-41413 (ok-file-formats master 2021-9-12 is affected by a buffer overflow in o ...)
- TODO: check
+ NOT-FOR-US: ok-file-formats
CVE-2021-41412
RESERVED
CVE-2021-41411 (drools <=7.59.x is affected by an XML External Entity (XXE) vulnera ...)
- TODO: check
+ NOT-FOR-US: drools
CVE-2021-41410
RESERVED
CVE-2021-41409
RESERVED
CVE-2021-41408 (VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection t ...)
- TODO: check
+ NOT-FOR-US: VoIPmonitor WEB GUI
CVE-2021-41407
RESERVED
CVE-2021-41406
@@ -52520,9 +52520,9 @@ CVE-2021-41405
CVE-2021-41404
RESERVED
CVE-2021-41403 (flatCore-CMS version 2.0.8 calls dangerous functions, causing server-s ...)
- TODO: check
+ NOT-FOR-US: flatCore CMS
CVE-2021-41402 (flatCore-CMS v2.0.8 has a code execution vulnerability, which could le ...)
- TODO: check
+ NOT-FOR-US: flatCore CMS
CVE-2021-41401
RESERVED
CVE-2021-41400
@@ -53777,7 +53777,7 @@ CVE-2021-40912
CVE-2021-40911
RESERVED
CVE-2021-40910 (There is a reflective cross-site scripting (XSS) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: PHPCMS
CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...)
NOT-FOR-US: Sourcecodester
CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...)
@@ -53791,9 +53791,9 @@ CVE-2021-40905 (The web management console of CheckMK Enterprise Edition (versio
CVE-2021-40904 (The web management console of CheckMK Raw Edition (versions 1.5.0 to 1 ...)
- check-mk <removed>
CVE-2021-40903 (A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor ...)
- TODO: check
+ NOT-FOR-US: Antminer
CVE-2021-40902 (flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) i ...)
- TODO: check
+ NOT-FOR-US: flatCore CMS
CVE-2021-40901
RESERVED
CVE-2021-40900
@@ -54137,7 +54137,7 @@ CVE-2021-40778 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null p
CVE-2021-40777 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...)
NOT-FOR-US: Adobe
CVE-2021-40776 (Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
NOT-FOR-US: Adobe
CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
@@ -54240,7 +54240,7 @@ CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.0
CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
NOT-FOR-US: Adobe
CVE-2021-40727 (Access of Memory Location After End of Buffer (CWE-788 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
@@ -56549,7 +56549,7 @@ CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, the
CVE-2021-39807 (In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2021-39806 (In closef of label_backends_android.c, there is a possible way to corr ...)
- TODO: check
+ NOT-FOR-US: Google Pixel
CVE-2021-39805 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
NOT-FOR-US: Android
CVE-2021-39804 (In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a m ...)
@@ -56795,7 +56795,7 @@ CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible
CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...)
NOT-FOR-US: Android
CVE-2021-39691 (In WindowManager, there is a possible tapjacking attack due to an inco ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...)
@@ -68232,27 +68232,27 @@ CVE-2021-35123 (Buffer copy in GATT multi notification due to improper length ch
CVE-2021-35122
RESERVED
CVE-2021-35121 (An array index is improperly used to lock and unlock a mutex which can ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-35120 (Improper handling between export and release functions on the same han ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-35119 (Potential out of Bounds read in FIPS event processing due to improper ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-35118 (An out-of-bounds write can occur due to an incorrect input check in th ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-35117 (An Out of Bounds read may potentially occur while processing an IBSS b ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-35116 (APK can load a crafted model into the CDSP which can lead to a comprom ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35115 (Improper handling of multiple session supported by PVM backend can lea ...)
NOT-FOR-US: Qualcomm
CVE-2021-35114 (Improper buffer initialization on the backend driver can lead to buffe ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35113
RESERVED
CVE-2021-35112 (A user with user level permission can access graphics protected region ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35111 (Improper validation of tag id while RRC sending tag id to MAC can lead ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-35110 (Possible buffer overflow to improper validation of hash segment of fil ...)
NOT-FOR-US: Qualcomm
CVE-2021-35109
@@ -68270,71 +68270,71 @@ CVE-2021-35104 (Possible buffer overflow due to improper parsing of headers whil
CVE-2021-35103 (Possible out of bound write due to improper validation of number of ti ...)
NOT-FOR-US: Qualcomm QCA-WiFi for Android
CVE-2021-35102 (Possible buffer overflow due to lack of validation for the length of N ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-35101 (Improper handling of writes to virtual GICR control can lead to assert ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35100 (Possible buffer over read due to improper calculation of string length ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35099
RESERVED
CVE-2021-35098 (Improper validation of session id in PCM routing process can lead to m ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35097
RESERVED
CVE-2021-35096 (Improper memory allocation during counter check DLM handling can lead ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35095 (Improper serialization of message queue client registration can lead t ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35094 (Improper verification of timeout-based authentication in identity cred ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35093 (Possible memory corruption in BT controller when it receives an oversi ...)
NOT-FOR-US: Qualcomm
CVE-2021-35092 (Processing DCB/AVB algorithm with an invalid queue index from IOCTL re ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35091 (Possible out of bounds read due to improper typecasting while handling ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35090 (Possible hypervisor memory corruption due to TOC TOU race condition wh ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35089 (Possible buffer overflow due to lack of input IB amount validation whi ...)
NOT-FOR-US: Qualcomm
CVE-2021-35088 (Possible out of bound read due to improper validation of IE length dur ...)
NOT-FOR-US: Qualcomm QCA-WiFi for Android
CVE-2021-35087 (Possible null pointer access due to improper validation of system info ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35086 (Possible buffer over read due to improper validation of SIB type when ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35085 (Possible buffer overflow due to lack of buffer length check during man ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35084 (Possible out of bound read due to lack of length check of data length ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35083 (Possible out of bound read due to improper validation of certificate c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2021-35082 (Improper integrity check can lead to race condition between tasks PDCP ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35081 (Possible buffer overflow due to improper validation of SSID length rec ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35080 (Disabled SMMU from secure side while RPM is assigned a secure stream c ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35079 (Improper validation of permissions for third party application accessi ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35078 (Possible memory leak due to improper validation of certificate chain l ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...)
NOT-FOR-US: Qualcomm
CVE-2021-35076 (Possible null pointer dereference due to improper validation of RRC co ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...)
NOT-FOR-US: Qualcomm
CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...)
NOT-FOR-US: Qualcomm
CVE-2021-35073 (Possible assertion due to improper validation of rank restriction fiel ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35072 (Possible buffer overflow due to improper validation of array index whi ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35071 (Possible buffer over read due to lack of size validation while copying ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35070 (RPM secure Stream can access any secure resource due to improper SMMU ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...)
NOT-FOR-US: Qualcomm
CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c681e48ecececdb93c31f5408d76821c13b1a025
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c681e48ecececdb93c31f5408d76821c13b1a025
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/cf1aacd9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list