[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 9 20:10:23 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4c6ba46 by security tracker role at 2022-03-09T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,53 @@
+CVE-2022-26782
+ RESERVED
+CVE-2022-26781
+ RESERVED
+CVE-2022-26780
+ RESERVED
+CVE-2022-26779
+ RESERVED
+CVE-2022-0906
+ RESERVED
+CVE-2022-0905
+ RESERVED
+CVE-2022-0904 (A stack overflow bug in the document extractor in Mattermost Server in ...)
+ TODO: check
+CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost serv ...)
+ TODO: check
+CVE-2022-0902
+ RESERVED
+CVE-2022-0901
+ RESERVED
+CVE-2022-0900
+ RESERVED
+CVE-2022-0899
+ RESERVED
+CVE-2022-0898
+ RESERVED
+CVE-2022-0897
+ RESERVED
+CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2022-0895
+ RESERVED
+CVE-2022-0894
+ RESERVED
+CVE-2022-0893
+ RESERVED
+CVE-2022-0892
+ RESERVED
+CVE-2021-46707
+ RESERVED
+CVE-2021-46706
+ RESERVED
+CVE-2021-46705
+ RESERVED
CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network destination p ...)
NOT-FOR-US: Veritas
CVE-2022-26777
RESERVED
-CVE-2022-0891
- RESERVED
+CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in tiffcrop.c i ...)
+ TODO: check
CVE-2022-0890
RESERVED
CVE-2022-26776
@@ -222,8 +266,8 @@ CVE-2022-0883
RESERVED
CVE-2022-0882
RESERVED
-CVE-2022-0881
- RESERVED
+CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...)
+ TODO: check
CVE-2022-XXXX [arbitrary PHP code execution]
- spip <unfixed>
[bullseye] - spip 3.2.11-3+deb11u3
@@ -623,7 +667,8 @@ CVE-2022-26488 (In Python before 3.10.3 on Windows, local users can gain privile
- python3.9 <not-affected> (Windows-specific)
- python3.7 <not-affected> (Windows-specific)
- python3.5 <not-affected> (Windows-specific)
-CVE-2022-26487 (Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through ...)
+CVE-2022-26487
+ REJECTED
NOT-FOR-US: Mitel
CVE-2021-46704 (In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to ...)
NOT-FOR-US: GenieACS
@@ -638,14 +683,14 @@ CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.
NOTE: https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
CVE-2022-26486
RESERVED
- {DSA-5094-1 DSA-5090-1 DLA-2933-1}
+ {DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1}
- firefox <unfixed>
- firefox-esr 91.6.1esr-1
- thunderbird 1:91.6.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26486
CVE-2022-26485
RESERVED
- {DSA-5094-1 DSA-5090-1 DLA-2933-1}
+ {DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1}
- firefox <unfixed>
- firefox-esr 91.6.1esr-1
- thunderbird 1:91.6.2-1
@@ -1014,8 +1059,8 @@ CVE-2022-26357
RESERVED
CVE-2022-26356
RESERVED
-CVE-2022-26355
- RESERVED
+CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deplo ...)
+ TODO: check
CVE-2022-26354
RESERVED
CVE-2022-26353
@@ -1122,8 +1167,8 @@ CVE-2022-0815
RESERVED
CVE-2022-0814
RESERVED
-CVE-2022-0813
- RESERVED
+CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially ...)
+ TODO: check
CVE-2022-0811
RESERVED
CVE-2022-26333
@@ -1700,8 +1745,8 @@ CVE-2022-26145
RESERVED
CVE-2022-26144
RESERVED
-CVE-2022-26143
- RESERVED
+CVE-2022-26143 (The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 F ...)
+ TODO: check
CVE-2022-26142
RESERVED
CVE-2022-26141
@@ -2912,6 +2957,7 @@ CVE-2022-0713 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2
NOTE: https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c
NOTE: https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1
CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...)
+ {DSA-5095-1}
- linux 5.16.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -3064,8 +3110,8 @@ CVE-2022-25568
RESERVED
CVE-2022-25567
RESERVED
-CVE-2022-25566
- RESERVED
+CVE-2022-25566 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
CVE-2022-25565
RESERVED
CVE-2022-25564
@@ -3074,38 +3120,38 @@ CVE-2022-25563
RESERVED
CVE-2022-25562
RESERVED
-CVE-2022-25561
- RESERVED
-CVE-2022-25560
- RESERVED
+CVE-2022-25561 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...)
+ TODO: check
+CVE-2022-25560 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...)
+ TODO: check
CVE-2022-25559
RESERVED
-CVE-2022-25558
- RESERVED
-CVE-2022-25557
- RESERVED
-CVE-2022-25556
- RESERVED
-CVE-2022-25555
- RESERVED
-CVE-2022-25554
- RESERVED
-CVE-2022-25553
- RESERVED
-CVE-2022-25552
- RESERVED
-CVE-2022-25551
- RESERVED
-CVE-2022-25550
- RESERVED
-CVE-2022-25549
- RESERVED
-CVE-2022-25548
- RESERVED
-CVE-2022-25547
- RESERVED
-CVE-2022-25546
- RESERVED
+CVE-2022-25558 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25557 (Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the ...)
+ TODO: check
+CVE-2022-25556 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...)
+ TODO: check
+CVE-2022-25555 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25554 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25553 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25552 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25551 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25550 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25549 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25548 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25547 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
+CVE-2022-25546 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
+ TODO: check
CVE-2022-25545
RESERVED
CVE-2022-25544
@@ -3447,7 +3493,7 @@ CVE-2022-25377
CVE-2022-25376
RESERVED
CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c in the ...)
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.10-1
NOTE: https://github.com/szymonh/rndis-co
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
@@ -3493,8 +3539,8 @@ CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse
NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9)
CVE-2022-25369
RESERVED
-CVE-2022-25368
- RESERVED
+CVE-2022-25368 (Spectre BHB is a variant of Spectre-v2 in which malicious code uses th ...)
+ TODO: check
CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
NOT-FOR-US: microweber
CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...)
@@ -3835,7 +3881,7 @@ CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind Server
CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...)
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.10-1
NOTE: https://github.com/szymonh/d-os-descriptor
NOTE: https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4)
@@ -3907,6 +3953,7 @@ CVE-2022-0645
RESERVED
CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
RESERVED
+ {DSA-5096-1 DLA-2941-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[stretch] - linux 4.9.290-1
@@ -4043,14 +4090,14 @@ CVE-2022-25214 (Improper access control on the LocalClientList.asp interface all
TODO: check
CVE-2022-25213 (Improper physical access control and use of hard-coded credentials in ...)
TODO: check
-CVE-2022-24915
- RESERVED
-CVE-2022-24432
- RESERVED
-CVE-2022-22985
- RESERVED
-CVE-2022-21146
- RESERVED
+CVE-2022-24915 (The absence of filters when loading some sections in the web applicati ...)
+ TODO: check
+CVE-2022-24432 (Persistent cross-site scripting (XSS) in the web interface of ipDIO al ...)
+ TODO: check
+CVE-2022-22985 (The absence of filters when loading some sections in the web applicati ...)
+ TODO: check
+CVE-2022-21146 (Persistent cross-site scripting in the web interface of ipDIO allows a ...)
+ TODO: check
CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
@@ -4082,6 +4129,7 @@ CVE-2022-21159
CVE-2022-0618
RESERVED
CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...)
+ {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.7-1
NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
@@ -4436,8 +4484,8 @@ CVE-2022-25092
RESERVED
CVE-2022-25091
RESERVED
-CVE-2022-25090
- RESERVED
+CVE-2022-25090 (Printix Secure Cloud Print Management 1.3.1035.0 creates a temporary f ...)
+ TODO: check
CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly u ...)
NOT-FOR-US: Printix Secure Cloud Print Management
CVE-2022-25088
@@ -4636,8 +4684,8 @@ CVE-2022-24997
RESERVED
CVE-2022-24996
RESERVED
-CVE-2022-24995
- RESERVED
+CVE-2022-24995 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ TODO: check
CVE-2022-24994
RESERVED
CVE-2022-24993
@@ -4812,7 +4860,7 @@ CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue run
CVE-2022-24960 (A use after free vulnerability was discovered in PDFTron SDK version 9 ...)
TODO: check
CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There is a ...)
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1}
- linux 5.16.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2)
@@ -5709,8 +5757,8 @@ CVE-2022-24620 (Piwigo version 12.2.0 is vulnerable to stored cross-site scripti
- piwigo <removed>
CVE-2022-24619
RESERVED
-CVE-2022-24618
- RESERVED
+CVE-2022-24618 (Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and e ...)
+ TODO: check
CVE-2022-24617
RESERVED
CVE-2022-24616
@@ -5737,26 +5785,26 @@ CVE-2022-24611
RESERVED
CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...)
NOT-FOR-US: Alecto
-CVE-2022-24609
- RESERVED
-CVE-2022-24608
- RESERVED
-CVE-2022-24607
- RESERVED
-CVE-2022-24606
- RESERVED
-CVE-2022-24605
- RESERVED
-CVE-2022-24604
- RESERVED
-CVE-2022-24603
- RESERVED
-CVE-2022-24602
- RESERVED
-CVE-2022-24601
- RESERVED
-CVE-2022-24600
- RESERVED
+CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control vulnerability. ...)
+ TODO: check
+CVE-2022-24608 (Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/s ...)
+ TODO: check
+CVE-2022-24607 (Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. ...)
+ TODO: check
+CVE-2022-24606 (Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. ...)
+ TODO: check
+CVE-2022-24605 (Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. ...)
+ TODO: check
+CVE-2022-24604 (Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. ...)
+ TODO: check
+CVE-2022-24603 (Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. ...)
+ TODO: check
+CVE-2022-24602 (Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. ...)
+ TODO: check
+CVE-2022-24601 (Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.p ...)
+ TODO: check
+CVE-2022-24600 (Luocms v2.0 is affected by SQL Injection through /admin/login.php. An ...)
+ TODO: check
CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory leak vul ...)
- audiofile <unfixed>
[bullseye] - audiofile <no-dsa> (Minor issue)
@@ -5912,58 +5960,58 @@ CVE-2022-24528
RESERVED
CVE-2022-24527
RESERVED
-CVE-2022-24526
- RESERVED
-CVE-2022-24525
- RESERVED
+CVE-2022-24526 (Visual Studio Code Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-24525 (Windows Update Stack Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-24524
RESERVED
CVE-2022-24523
RESERVED
-CVE-2022-24522
- RESERVED
+CVE-2022-24522 (Skype Extension for Chrome Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-24521
RESERVED
-CVE-2022-24520
- RESERVED
-CVE-2022-24519
- RESERVED
-CVE-2022-24518
- RESERVED
-CVE-2022-24517
- RESERVED
+CVE-2022-24520 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-24519 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-24518 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
CVE-2022-24516
RESERVED
-CVE-2022-24515
- RESERVED
+CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-24514
RESERVED
CVE-2022-24513
RESERVED
-CVE-2022-24512
- RESERVED
-CVE-2022-24511
- RESERVED
-CVE-2022-24510
- RESERVED
-CVE-2022-24509
- RESERVED
-CVE-2022-24508
- RESERVED
-CVE-2022-24507
- RESERVED
-CVE-2022-24506
- RESERVED
-CVE-2022-24505
- RESERVED
+CVE-2022-24512 (.NET and Visual Studio Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-24511 (Microsoft Office Word Tampering Vulnerability. ...)
+ TODO: check
+CVE-2022-24510 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-24509 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-24508 (Windows SMBv3 Client/Server Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-24507 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
+CVE-2022-24506 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-24505 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is uniq ...)
+ TODO: check
CVE-2022-24504
RESERVED
-CVE-2022-24503
- RESERVED
-CVE-2022-24502
- RESERVED
-CVE-2022-24501
- RESERVED
+CVE-2022-24503 (Remote Desktop Protocol Client Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-24502 (Windows HTML Platforms Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-24501 (VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-24500
RESERVED
CVE-2022-24499
@@ -6022,54 +6070,54 @@ CVE-2022-24473
RESERVED
CVE-2022-24472
RESERVED
-CVE-2022-24471
- RESERVED
-CVE-2022-24470
- RESERVED
-CVE-2022-24469
- RESERVED
-CVE-2022-24468
- RESERVED
-CVE-2022-24467
- RESERVED
+CVE-2022-24471 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-24470 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-24469 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-24468 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-24467 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
CVE-2022-24466
RESERVED
-CVE-2022-24465
- RESERVED
-CVE-2022-24464
- RESERVED
-CVE-2022-24463
- RESERVED
-CVE-2022-24462
- RESERVED
-CVE-2022-24461
- RESERVED
-CVE-2022-24460
- RESERVED
-CVE-2022-24459
- RESERVED
+CVE-2022-24465 (Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-24464 (.NET and Visual Studio Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-24463 (Microsoft Exchange Server Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-24462 (Microsoft Word Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-24461 (Microsoft Office Visio Remote Code Execution Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-24460 (Tablet Windows User Interface Application Elevation of Privilege Vulne ...)
+ TODO: check
+CVE-2022-24459 (Windows Fax and Scan Service Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-24458
RESERVED
-CVE-2022-24457
- RESERVED
-CVE-2022-24456
- RESERVED
-CVE-2022-24455
- RESERVED
-CVE-2022-24454
- RESERVED
-CVE-2022-24453
- RESERVED
-CVE-2022-24452
- RESERVED
-CVE-2022-24451
- RESERVED
+CVE-2022-24457 (HEIF Image Extensions Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-24456 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-24455 (Windows CD-ROM Driver Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-24454 (Windows Security Support Provider Interface Elevation of Privilege Vul ...)
+ TODO: check
+CVE-2022-24453 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-24452 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-24451 (VP9 Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...)
NOT-FOR-US: nats-server
CVE-2022-24449
RESERVED
CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...)
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.7-1
NOTE: Fixed by: https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2)
CVE-2022-24447 (An issue was discovered in Zoho ManageEngine Key Manager Plus before 6 ...)
@@ -6153,8 +6201,8 @@ CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore
NOT-FOR-US: pimcore
CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...)
- peertube <itp> (bug #950821)
-CVE-2022-0507
- RESERVED
+CVE-2022-0507 (Found a potential security vulnerability inside the Pandora API. Affec ...)
+ TODO: check
CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
NOT-FOR-US: microweber
CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
@@ -6253,6 +6301,7 @@ CVE-2022-21233
CVE-2022-21128
RESERVED
CVE-2022-0492 (A vulnerability was found in the Linux kernel’s cgroup_release_a ...)
+ {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.7-1
NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1
NOTE: https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af
@@ -6271,8 +6320,8 @@ CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200, 300,
NOT-FOR-US: SAP
CVE-2022-24398 (Under certain conditions SAP Business Objects Business Intelligence Pl ...)
NOT-FOR-US: SAP
-CVE-2022-24397
- RESERVED
+CVE-2022-24397 (SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, doe ...)
+ TODO: check
CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does n ...)
NOT-FOR-US: SAP
CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
@@ -6302,6 +6351,7 @@ CVE-2022-24384
CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
NOT-FOR-US: CSV+
CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...)
+ {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.10-1 (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/
@@ -6322,8 +6372,8 @@ CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens E
NOT-FOR-US: Mirantis Container Cloud Lens
CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...)
NOT-FOR-US: Acronis VSS Doctor
-CVE-2022-0482
- RESERVED
+CVE-2022-0482 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
+ TODO: check
CVE-2022-24372
RESERVED
CVE-2022-24371
@@ -6800,14 +6850,13 @@ CVE-2022-23400
RESERVED
CVE-2022-0435
RESERVED
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.10-1
NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1
NOTE: Fixed by: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216
CVE-2022-0434 (The Page View Count WordPress plugin before 2.4.15 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS]
- RESERVED
+CVE-2022-0433 (A NULL pointer dereference flaw was found in the Linux kernel's BPF su ...)
- linux <not-affected> (Vulnerable code newer in a supported Debian release; only affected experimental)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259
NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1)
@@ -8511,8 +8560,8 @@ CVE-2021-46410
RESERVED
CVE-2021-46409
RESERVED
-CVE-2021-46408
- RESERVED
+CVE-2021-46408 (Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overf ...)
+ TODO: check
CVE-2021-46407
RESERVED
CVE-2021-46406
@@ -8720,7 +8769,7 @@ CVE-2022-0331
RESERVED
CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
RESERVED
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-2
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12
NOTE: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c
@@ -8836,6 +8885,7 @@ CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template En
NOT-FOR-US: Mustache (implementation in PHP)
CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
RESERVED
+ {DSA-5096-1 DLA-2941-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -9833,7 +9883,7 @@ CVE-2022-23412
RESERVED
CVE-2022-23411
RESERVED
-CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...)
+CVE-2022-23410 (AXIS IP Utility before 4.18.0 allows for remote code execution and loc ...)
NOT-FOR-US: AXIS IP Utility
CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...)
NOT-FOR-US: Craft CMS
@@ -10420,56 +10470,56 @@ CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Ent
NOT-FOR-US: corenlp
CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
- phoronix-test-suite <removed>
-CVE-2022-23301
- RESERVED
-CVE-2022-23300
- RESERVED
-CVE-2022-23299
- RESERVED
-CVE-2022-23298
- RESERVED
-CVE-2022-23297
- RESERVED
-CVE-2022-23296
- RESERVED
-CVE-2022-23295
- RESERVED
-CVE-2022-23294
- RESERVED
-CVE-2022-23293
- RESERVED
+CVE-2022-23301 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-23300 (Raw Image Extension Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-23299 (Windows PDEV Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-23298 (Windows NT OS Kernel Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-23297 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...)
+ TODO: check
+CVE-2022-23296 (Windows Installer Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-23295 (Raw Image Extension Remote Code Execution Vulnerability. This CVE ID i ...)
+ TODO: check
+CVE-2022-23294 (Windows Event Tracing Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-23293 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...)
+ TODO: check
CVE-2022-23292
RESERVED
-CVE-2022-23291
- RESERVED
-CVE-2022-23290
- RESERVED
+CVE-2022-23291 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-23290 (Windows Inking COM Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-23289
RESERVED
-CVE-2022-23288
- RESERVED
-CVE-2022-23287
- RESERVED
-CVE-2022-23286
- RESERVED
-CVE-2022-23285
- RESERVED
-CVE-2022-23284
- RESERVED
-CVE-2022-23283
- RESERVED
-CVE-2022-23282
- RESERVED
-CVE-2022-23281
- RESERVED
+CVE-2022-23288 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ TODO: check
+CVE-2022-23287 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-23286 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2022-23285 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-23284 (Windows Print Spooler Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-23283 (Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is uniq ...)
+ TODO: check
+CVE-2022-23282 (Paint 3D Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-23281 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ TODO: check
CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23279
RESERVED
-CVE-2022-23278
- RESERVED
-CVE-2022-23277
- RESERVED
+CVE-2022-23278 (Microsoft Defender for Endpoint Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-23277 (Microsoft Exchange Server Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23275
@@ -10490,10 +10540,10 @@ CVE-2022-23268
RESERVED
CVE-2022-23267
RESERVED
-CVE-2022-23266
- RESERVED
-CVE-2022-23265
- RESERVED
+CVE-2022-23266 (Microsoft Defender for IoT Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-23265 (Microsoft Defender for IoT Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-23264
RESERVED
CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -10516,8 +10566,8 @@ CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-23253
- RESERVED
+CVE-2022-23253 (Point-to-Point Tunneling Protocol Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23251
@@ -10846,8 +10896,7 @@ CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly
NOT-FOR-US: WordPress plugin
CVE-2022-0205 (The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol]
- RESERVED
+CVE-2022-0204 (A heap overflow vulnerability was found in bluez in versions prior to ...)
- bluez <unfixed> (bug #1003712)
[bullseye] - bluez <no-dsa> (Minor issue)
[buster] - bluez <no-dsa> (Minor issue)
@@ -11454,7 +11503,7 @@ CVE-2022-22943 (VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) con
NOT-FOR-US: VMware
CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
RESERVED
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1}
- linux 5.15.15-2
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4
@@ -11967,6 +12016,7 @@ CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised
NOT-FOR-US: Lens
CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses]
RESERVED
+ {DSA-5096-1 DLA-2941-1}
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
[stretch] - linux 4.9.290-1
@@ -11974,6 +12024,7 @@ CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses]
NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4)
CVE-2021-4202
RESERVED
+ {DLA-2940-1}
- linux 5.15.5-1 (unimportant)
[bullseye] - linux 5.10.84-1
NOTE: CONFIG_NFC_NCI not enabled in Debian
@@ -12164,8 +12215,8 @@ CVE-2022-22797
RESERVED
CVE-2022-22796
RESERVED
-CVE-2022-22795
- RESERVED
+CVE-2022-22795 (Signiant - Manager+Agents XML External Entity (XXE) - Extract internal ...)
+ TODO: check
CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker c ...)
NOT-FOR-US: Cybonet
CVE-2022-22793 (Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a ...)
@@ -14519,8 +14570,8 @@ CVE-2022-0024
RESERVED
CVE-2022-0023
RESERVED
-CVE-2022-0022
- RESERVED
+CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...)
+ TODO: check
CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...)
NOT-FOR-US: Palo Alto Networks
CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...)
@@ -15605,7 +15656,7 @@ CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.1-1
CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1}
- linux 5.15.15-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
@@ -15657,7 +15708,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular e
CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
NOT-FOR-US: Moxa
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1}
- linux 5.15.15-1
[stretch] - linux <ignored> (Minor issue; f2fs is not supportable)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
@@ -15725,7 +15776,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
CVE-2021-4155
RESERVED
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
@@ -16846,16 +16897,16 @@ CVE-2022-22012
RESERVED
CVE-2022-22011
RESERVED
-CVE-2022-22010
- RESERVED
+CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
+ TODO: check
CVE-2022-22009
RESERVED
CVE-2022-22008
RESERVED
-CVE-2022-22007
- RESERVED
-CVE-2022-22006
- RESERVED
+CVE-2022-22007 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-22006 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...)
@@ -16886,8 +16937,8 @@ CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...)
NOT-FOR-US: Microsoft
-CVE-2022-21990
- RESERVED
+CVE-2022-21990 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...)
@@ -16912,16 +16963,16 @@ CVE-2022-21979
RESERVED
CVE-2022-21978
RESERVED
-CVE-2022-21977
- RESERVED
+CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
+ TODO: check
CVE-2022-21976
RESERVED
-CVE-2022-21975
- RESERVED
+CVE-2022-21975 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...)
NOT-FOR-US: Microsoft
-CVE-2022-21973
- RESERVED
+CVE-2022-21973 (Windows Media Center Update Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2022-21972
RESERVED
CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
@@ -16932,8 +16983,8 @@ CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. T
NOT-FOR-US: Microsoft
CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-21967
- RESERVED
+CVE-2022-21967 (Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerabilit ...)
+ TODO: check
CVE-2022-21966
RESERVED
CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...)
@@ -17228,6 +17279,7 @@ CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847)
CVE-2021-4135
RESERVED
+ {DSA-5096-1 DLA-2941-1}
- linux 5.15.15-1 (unimportant)
[bullseye] - linux 5.10.92-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -17453,7 +17505,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel thro
NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
CVE-2021-45070
@@ -18634,6 +18686,7 @@ CVE-2021-4085
CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: Pimcore
CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...)
+ {DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.5-2
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4)
@@ -18657,8 +18710,8 @@ CVE-2021-44752
RESERVED
CVE-2021-44751
RESERVED
-CVE-2021-44750
- RESERVED
+CVE-2021-44750 (An arbitrary code execution vulnerability was found in the F-Secure Su ...)
+ TODO: check
CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was discove ...)
NOT-FOR-US: F-Secure
CVE-2021-44748 (A vulnerability affecting F-Secure SAFE browser was discovered whereby ...)
@@ -18718,6 +18771,7 @@ CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark d
CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
NOT-FOR-US: Lexmark
CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
+ {DSA-5096-1 DLA-2941-1}
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -20246,8 +20300,7 @@ CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get
NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
CVE-2021-44226
RESERVED
-CVE-2021-4023
- RESERVED
+CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux kerne ...)
- linux 5.15.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -20508,6 +20561,7 @@ CVE-2021-4004
CVE-2021-4003
RESERVED
CVE-2021-4002 (A memory leak flaw in the Linux kernel's hugetlbfs memory usage was fo ...)
+ {DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1
@@ -21022,10 +21076,11 @@ CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator databa
CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...)
NOT-FOR-US: SmarterTools
CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...)
- {DSA-5092-1}
+ {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-2
NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...)
+ {DSA-5096-1 DLA-2941-1}
- linux 5.15.5-2
[bullseye] - linux 5.10.84-1
NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
@@ -23781,7 +23836,7 @@ CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF fi
CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...)
- {DLA-2843-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
@@ -26072,16 +26127,16 @@ CVE-2021-42859
RESERVED
CVE-2021-42858
RESERVED
-CVE-2021-42857
- RESERVED
-CVE-2021-42856
- RESERVED
-CVE-2021-42855
- RESERVED
-CVE-2021-42854
- RESERVED
-CVE-2021-42853
- RESERVED
+CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
+ TODO: check
+CVE-2021-42856 (It was discovered that the /DsaDataTest endpoint is susceptible to Cro ...)
+ TODO: check
+CVE-2021-42855 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
+ TODO: check
+CVE-2021-42854 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
+ TODO: check
+CVE-2021-42853 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
+ TODO: check
CVE-2021-3902
RESERVED
CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -26230,10 +26285,10 @@ CVE-2021-42789
RESERVED
CVE-2021-42788
RESERVED
-CVE-2021-42787
- RESERVED
-CVE-2021-42786
- RESERVED
+CVE-2021-42787 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
+ TODO: check
+CVE-2021-42786 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
+ TODO: check
CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...)
NOT-FOR-US: TightVNC Viewer
CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...)
@@ -26371,7 +26426,7 @@ CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command
- node-shell-quote 1.7.3+~1.7.1-1 (bug #998418)
NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3)
CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
- {DLA-2843-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://seclists.org/oss-sec/2021/q2/46
@@ -26798,12 +26853,14 @@ CVE-2022-0003
RESERVED
CVE-2022-0002
RESERVED
+ {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.12-1
NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html
CVE-2022-0001
RESERVED
+ {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.12-1
NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
@@ -28474,34 +28531,34 @@ CVE-2022-20062
RESERVED
CVE-2022-20061
RESERVED
-CVE-2022-20060
- RESERVED
-CVE-2022-20059
- RESERVED
-CVE-2022-20058
- RESERVED
-CVE-2022-20057
- RESERVED
-CVE-2022-20056
- RESERVED
-CVE-2022-20055
- RESERVED
-CVE-2022-20054
- RESERVED
-CVE-2022-20053
- RESERVED
+CVE-2022-20060 (In preloader (usb), there is a possible permission bypass due to a mis ...)
+ TODO: check
+CVE-2022-20059 (In preloader (usb), there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2022-20058 (In preloader (usb), there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2022-20057 (In btif, there is a possible memory corruption due to incorrect error ...)
+ TODO: check
+CVE-2022-20056 (In preloader (usb), there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2022-20055 (In preloader (usb), there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2022-20054 (In ims service, there is a possible AT command injection due to a miss ...)
+ TODO: check
+CVE-2022-20053 (In ims service, there is a possible escalation of privilege due to a m ...)
+ TODO: check
CVE-2022-20052
RESERVED
-CVE-2022-20051
- RESERVED
-CVE-2022-20050
- RESERVED
-CVE-2022-20049
- RESERVED
-CVE-2022-20048
- RESERVED
-CVE-2022-20047
- RESERVED
+CVE-2022-20051 (In ims service, there is a possible unexpected application behavior du ...)
+ TODO: check
+CVE-2022-20050 (In connsyslogger, there is a possible symbolic link following due to i ...)
+ TODO: check
+CVE-2022-20049 (In vpu, there is a possible escalation of privilege due to a missing p ...)
+ TODO: check
+CVE-2022-20048 (In video decoder, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-20047 (In video decoder, there is a possible out of bounds write due to a mis ...)
+ TODO: check
CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...)
NOT-FOR-US: MediaTek
CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...)
@@ -29685,7 +29742,7 @@ CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed
NOTE: https://github.com/hashicorp/nomad/issues/11243
NOTE: https://github.com/hashicorp/nomad/pull/11257
CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...)
- {DLA-2843-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
@@ -33015,6 +33072,7 @@ CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to i
NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
TODO: fill in tracking details
CVE-2021-3772 (A flaw was found in the Linux SCTP stack. A blind attacker may be able ...)
+ {DSA-5096-1 DLA-2941-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694
@@ -33218,6 +33276,7 @@ CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnera
NOT-FOR-US: Microsoft
CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
RESERVED
+ {DSA-5096-1 DLA-2941-1}
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -33454,7 +33513,7 @@ CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into
NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...)
- {DLA-2843-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.16-1 (unimportant)
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2
@@ -33539,6 +33598,7 @@ CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_io
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel’s Bluetooth ...)
+ {DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
@@ -33944,6 +34004,7 @@ CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond
CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
NOT-FOR-US: flatcore-cms
CVE-2021-3744 (A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gc ...)
+ {DSA-5096-1 DLA-2941-1}
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -34951,10 +35012,12 @@ CVE-2021-39715
RESERVED
CVE-2021-39714
RESERVED
+ {DLA-2940-1}
- linux 4.12.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
CVE-2021-39713
RESERVED
+ {DSA-5096-1 DLA-2941-1}
- linux 5.2.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
CVE-2021-39712
@@ -34990,6 +35053,7 @@ CVE-2021-39699
RESERVED
CVE-2021-39698
RESERVED
+ {DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
@@ -35017,11 +35081,12 @@ CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a po
NOT-FOR-US: Android
CVE-2021-39686
RESERVED
+ {DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
CVE-2021-39685
RESERVED
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.5-2
NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...)
@@ -38475,6 +38540,7 @@ CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Inje
CVE-2021-38301
RESERVED
CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate ...)
+ {DSA-5096-1 DLA-2941-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[stretch] - linux <ignored> (mips not supported in LTS)
@@ -42348,8 +42414,8 @@ CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows
NOT-FOR-US: Longhorn
CVE-2021-36778
RESERVED
-CVE-2021-36777
- RESERVED
+CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
+ TODO: check
CVE-2021-36776
RESERVED
CVE-2021-36775
@@ -43371,6 +43437,7 @@ CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospit
CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...)
NOT-FOR-US: Care2x Open Source Hospital Information Management
CVE-2021-3640 (A flaw use-after-free in function sco_sock_sendmsg() of the Linux kern ...)
+ {DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
@@ -46037,8 +46104,8 @@ CVE-2021-35253
RESERVED
CVE-2021-35252
RESERVED
-CVE-2021-35251
- RESERVED
+CVE-2021-35251 (Sensitive information could be displayed when a detailed technical err ...)
+ TODO: check
CVE-2021-35250
RESERVED
CVE-2021-35249
@@ -49240,10 +49307,10 @@ CVE-2021-33854
RESERVED
CVE-2021-33853
RESERVED
-CVE-2021-33852
- RESERVED
-CVE-2021-33851
- RESERVED
+CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (javascri ...)
+ TODO: check
+CVE-2021-33851 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
+ TODO: check
CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...)
NOT-FOR-US: Microsoft
CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
@@ -50836,7 +50903,7 @@ CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices A
NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1)
NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1)
CVE-2021-3558
- RESERVED
+ REJECTED
- moodle <removed>
CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...)
NOT-FOR-US: Argo CD
@@ -51341,6 +51408,7 @@ CVE-2021-33028
CVE-2021-33027 (Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy i ...)
- singularity-container <not-affected> (Only affects Enterprise version)
CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...)
+ {DLA-2940-1}
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08
@@ -52721,15 +52789,15 @@ CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN St
CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...)
NOT-FOR-US: QSAN
CVE-2021-32505
- RESERVED
+ REJECTED
CVE-2021-32504
RESERVED
CVE-2021-32503
RESERVED
CVE-2021-32502
- RESERVED
+ REJECTED
CVE-2021-32501
- RESERVED
+ REJECTED
CVE-2021-32500
RESERVED
CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
@@ -57507,7 +57575,7 @@ CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optim
NOTE: https://github.com/rust-lang/rust/issues/80335
NOTE: https://github.com/rust-lang/rust/pull/81728
CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in the L ...)
- {DLA-2689-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2689-1}
- linux 5.10.9-1
NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
@@ -59081,6 +59149,7 @@ CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9. arch/x86
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03
CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/s ...)
+ {DSA-5095-1}
- linux 5.16.7-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
@@ -61452,7 +61521,7 @@ CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip
[buster] - linux 4.19.181-1
NOTE: https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22
CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...)
- {DLA-2690-1}
+ {DLA-2940-1 DLA-2690-1}
- linux 5.10.28-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
@@ -62204,7 +62273,7 @@ CVE-2021-28951 (An issue was discovered in fs/io_uring.c in the Linux kernel thr
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49
CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before ...)
- {DLA-2689-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2689-1}
- linux 5.10.24-1
NOTE: https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed
CVE-2021-28949
@@ -62735,23 +62804,23 @@ CVE-2021-28717
CVE-2021-28716
RESERVED
CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
- {DSA-5050-1}
+ {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
@@ -77662,6 +77731,7 @@ CVE-2021-22602
CVE-2021-22601
RESERVED
CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...)
+ {DSA-5096-1 DLA-2941-1}
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -84592,12 +84662,12 @@ CVE-2021-20323
RESERVED
NOT-FOR-US: Keycloak
CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
- {DLA-2843-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...)
- {DLA-2843-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
@@ -84612,7 +84682,7 @@ CVE-2021-20319 (An improper signature verification vulnerability was found in co
CVE-2021-20318 (The HornetQ component of Artemis in EAP 7 was not updated with the fix ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...)
- {DLA-2843-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2843-1}
- linux 5.4.6-1
NOTE: https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1)
CVE-2021-20316
@@ -84863,8 +84933,7 @@ CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 m
- mediawiki 1:1.35.2-1
NOTE: https://github.com/pygments/pygments/issues/1625
NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
-CVE-2021-20269 [incorrect permissions on kdump dmesg file]
- RESERVED
+CVE-2021-20269 (A flaw was found in the permissions of a log file created by kexec-too ...)
- kexec-tools <unfixed> (bug #985105)
[bullseye] - kexec-tools <no-dsa> (Minor issue)
[buster] - kexec-tools <no-dsa> (Minor issue)
@@ -89431,7 +89500,7 @@ CVE-2020-29376 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V
CVE-2020-29375 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...)
NOT-FOR-US: V-SOL devices
CVE-2020-29374 (An issue was discovered in the Linux kernel before 5.7.3, related to m ...)
- {DLA-2690-1 DLA-2689-1}
+ {DSA-5096-1 DLA-2941-1 DLA-2690-1 DLA-2689-1}
- linux 5.7.6-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4c6ba46fde64a6d1f27c8246d4a96bf68a4dee1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4c6ba46fde64a6d1f27c8246d4a96bf68a4dee1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220309/9466cfc8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list