[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 16 20:10:33 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c512a54 by security tracker role at 2022-03-16T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-0997
+ RESERVED
+CVE-2022-0996
+ RESERVED
+CVE-2022-0995
+ RESERVED
+CVE-2022-0994
+ RESERVED
CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...)
TODO: check
CVE-2022-27224
@@ -37,16 +45,16 @@ CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via t
[bullseye] - packagekit <no-dsa> (Minor issue)
[buster] - packagekit <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
-CVE-2022-0986
- RESERVED
+CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...)
+ TODO: check
CVE-2022-0985
RESERVED
CVE-2022-0984
RESERVED
CVE-2022-0983
RESERVED
-CVE-2022-0982
- RESERVED
+CVE-2022-0982 (The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suff ...)
+ TODO: check
CVE-2022-0981
RESERVED
NOT-FOR-US: Quarkus
@@ -287,8 +295,8 @@ CVE-2022-0961 (The microweber application allows large characters to insert in t
NOT-FOR-US: microweber
CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star7th/s ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0959
- RESERVED
+CVE-2022-0959 (When run in server mode, pgAdmin 4 allows users to store files on the ...)
+ TODO: check
CVE-2022-0958
RESERVED
CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...)
@@ -1027,8 +1035,8 @@ CVE-2022-0920
RESERVED
CVE-2022-0919
RESERVED
-CVE-2022-0918
- RESERVED
+CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...)
+ TODO: check
CVE-2022-0917
RESERVED
CVE-2022-0916
@@ -1041,8 +1049,8 @@ CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/mi
NOT-FOR-US: microweber
CVE-2022-0912 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...)
NOT-FOR-US: microweber
-CVE-2022-0911
- RESERVED
+CVE-2022-0911 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
CVE-2022-26878 (drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a ...)
- linux 5.16.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1239,8 +1247,8 @@ CVE-2021-46707
RESERVED
CVE-2021-46706
RESERVED
-CVE-2021-46705
- RESERVED
+CVE-2021-46705 (A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE ...)
+ TODO: check
CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network destination p ...)
NOT-FOR-US: Veritas
CVE-2022-26777
@@ -1520,8 +1528,8 @@ CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Serv
- tryton-server 6.0.16-1
NOTE: https://bugs.tryton.org/issue11219
NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
-CVE-2022-26660
- RESERVED
+CVE-2022-26660 (RunAsSpc 4.0 uses a universal and recoverable encryption key. In posse ...)
+ TODO: check
CVE-2022-26659
RESERVED
CVE-2022-26658
@@ -2291,13 +2299,11 @@ CVE-2022-26356
RESERVED
CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deplo ...)
NOT-FOR-US: Citrix
-CVE-2022-26354 [vhost-vsock: missing virtqueue detach on error can lead to memory leak]
- RESERVED
+CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error, ...)
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
NOTE: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
-CVE-2022-26353 [virtio-net: map leaking on error during receive]
- RESERVED
+CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was inadv ...)
- qemu <unfixed>
[buster] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197
@@ -2412,8 +2418,7 @@ CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potent
NOTE: https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
NOTE: https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/c04f85f2bb96c442086d9ad057953567cc794486
-CVE-2022-0811
- RESERVED
+CVE-2022-0811 (A flaw was found in CRI-O in the way it set kernel options for a pod. ...)
NOT-FOR-US: cri-o
CVE-2022-26333
REJECTED
@@ -3561,8 +3566,8 @@ CVE-2022-23920
RESERVED
CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to Remote ...)
- weblate <itp> (bug #745661)
-CVE-2022-23812
- RESERVED
+CVE-2022-23812 (This affects the package node-ipc from 10.1.1 and before 10.1.3. This ...)
+ TODO: check
CVE-2022-23811
RESERVED
CVE-2022-22984
@@ -3623,8 +3628,8 @@ CVE-2022-21167
RESERVED
CVE-2022-21165
RESERVED
-CVE-2022-21164
- RESERVED
+CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of Service ...)
+ TODO: check
CVE-2022-21149
RESERVED
CVE-2022-21144
@@ -4298,10 +4303,10 @@ CVE-2022-0707
RESERVED
CVE-2022-0706
RESERVED
-CVE-2022-0705
- RESERVED
-CVE-2022-0704
- RESERVED
+CVE-2022-0705 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2022-0704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
CVE-2022-0703 (The GD Mylist WordPress plugin through 1.1.1 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0702 (The Petfinder Listings WordPress plugin through 1.0.18 does not escape ...)
@@ -5187,20 +5192,20 @@ CVE-2022-25254
RESERVED
CVE-2022-25253
RESERVED
-CVE-2022-25252
- RESERVED
-CVE-2022-25251
- RESERVED
-CVE-2022-25250
- RESERVED
-CVE-2022-25249
- RESERVED
-CVE-2022-25248
- RESERVED
-CVE-2022-25247
- RESERVED
-CVE-2022-25246
- RESERVED
+CVE-2022-25252 (When connecting to a certain port Axeda agent (All versions) and Axeda ...)
+ TODO: check
+CVE-2022-25251 (When connecting to a certain port Axeda agent (All versions) and Axeda ...)
+ TODO: check
+CVE-2022-25250 (When connecting to a certain port Axeda agent (All versions) and Axeda ...)
+ TODO: check
+CVE-2022-25249 (When connecting to a certain port Axeda agent (All versions) and Axeda ...)
+ TODO: check
+CVE-2022-25248 (When connecting to a certain port Axeda agent (All versions) and Axeda ...)
+ TODO: check
+CVE-2022-25247 (Axeda agent (All versions) and Axeda Desktop Server for Windows (All v ...)
+ TODO: check
+CVE-2022-25246 (Axeda agent (All versions) and Axeda Desktop Server for Windows (All v ...)
+ TODO: check
CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...)
NOT-FOR-US: a-blog cms
CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...)
@@ -6053,6 +6058,7 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with
NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4
NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
CVE-2022-0577 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ {DLA-2950-1}
- python-scrapy <unfixed>
NOTE: https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585
NOTE: https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a
@@ -6576,8 +6582,8 @@ CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platf
TODO: check
CVE-2022-24752 (SyliusGridBundle is a package of generic data grids for Symfony applic ...)
TODO: check
-CVE-2022-24751
- RESERVED
+CVE-2022-24751 (Zulip is an open source group chat application. Starting with version ...)
+ TODO: check
CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. A vulner ...)
NOT-FOR-US: UltraVNC
CVE-2022-24749 (Sylius is an open source eCommerce platform. In versions prior to 1.9. ...)
@@ -6624,10 +6630,10 @@ CVE-2022-24731
RESERVED
CVE-2022-24730
RESERVED
-CVE-2022-24729
- RESERVED
-CVE-2022-24728
- RESERVED
+CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
+ TODO: check
+CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
+ TODO: check
CVE-2022-24727
REJECTED
CVE-2022-24726 (Istio is an open platform to connect, manage, and secure microservices ...)
@@ -11965,8 +11971,8 @@ CVE-2022-23236
RESERVED
CVE-2022-23235
RESERVED
-CVE-2022-23234
- RESERVED
+CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a vulnerability wh ...)
+ TODO: check
CVE-2022-23233 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...)
NOT-FOR-US: StorageGRID Webscale
CVE-2022-23232 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...)
@@ -16168,10 +16174,10 @@ CVE-2021-45854
RESERVED
CVE-2021-45853
RESERVED
-CVE-2021-45852
- RESERVED
-CVE-2021-45851
- RESERVED
+CVE-2021-45852 (An issue was discovered in Projectworlds Hospital Management System v1 ...)
+ TODO: check
+CVE-2021-45851 (A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carri ...)
+ TODO: check
CVE-2021-45850
RESERVED
CVE-2021-45849
@@ -16251,10 +16257,10 @@ CVE-2021-45824
RESERVED
CVE-2021-45823
RESERVED
-CVE-2021-45822
- RESERVED
-CVE-2021-45821
- RESERVED
+CVE-2021-45822 (A cross-site scripting vulnerability is present in Xbtit 3.1. The stor ...)
+ TODO: check
+CVE-2021-45821 (A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid pa ...)
+ TODO: check
CVE-2021-45820
RESERVED
CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service ...)
@@ -16321,10 +16327,10 @@ CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1
NOT-FOR-US: Metersphere
CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...)
NOT-FOR-US: Metersphere
-CVE-2021-45787
- RESERVED
-CVE-2021-45786
- RESERVED
+CVE-2021-45787 (There is a stored Cross Site Scripting (XSS) vulnerability in maccms v ...)
+ TODO: check
+CVE-2021-45786 (In maccms v10, an attacker can log in through /index.php/user/login in ...)
+ TODO: check
CVE-2021-45785
RESERVED
CVE-2021-45784
@@ -18712,10 +18718,10 @@ CVE-2022-21948
RESERVED
CVE-2022-21947
RESERVED
-CVE-2022-21946
- RESERVED
-CVE-2022-21945
- RESERVED
+CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers configura ...)
+ TODO: check
+CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE Factory ...)
+ TODO: check
CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...)
NOT-FOR-US: SUSE packaging issue in watchman
CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)
@@ -19278,7 +19284,7 @@ CVE-2021-45012
RESERVED
CVE-2021-45011
RESERVED
-CVE-2021-45010 (Path traversal vulnerability in the file upload functionality in tinyf ...)
+CVE-2021-45010 (A Path traversal vulnerability in the file upload functionality in tin ...)
TODO: check
CVE-2021-45009
RESERVED
@@ -27829,36 +27835,36 @@ CVE-2021-42735
RESERVED
CVE-2021-42734
RESERVED
-CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...)
+CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...)
NOT-FOR-US: Adobe
CVE-2021-42732
RESERVED
CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
NOT-FOR-US: Adobe
-CVE-2021-42730
- RESERVED
-CVE-2021-42729
- RESERVED
-CVE-2021-42728
- RESERVED
-CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...)
+CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-42729 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-42728 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vuln ...)
+ TODO: check
+CVE-2021-42727 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vuln ...)
NOT-FOR-US: Adobe
-CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
+CVE-2021-42726 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
NOT-FOR-US: Adobe
-CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...)
+CVE-2021-42725 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
NOT-FOR-US: Adobe
-CVE-2021-42724
- RESERVED
-CVE-2021-42723 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...)
+CVE-2021-42724 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-42723 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...)
NOT-FOR-US: Adobe
-CVE-2021-42722
- RESERVED
-CVE-2021-42721 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
+CVE-2021-42722 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...)
+ TODO: check
+CVE-2021-42721 (Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after ...)
NOT-FOR-US: Adobe
-CVE-2021-42720
- RESERVED
-CVE-2021-42719
- RESERVED
+CVE-2021-42720 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...)
+ TODO: check
+CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...)
+ TODO: check
CVE-2021-42718
RESERVED
CVE-2021-3894 [sctp: local DoS: unprivileged user can cause BUG()]
@@ -28253,8 +28259,8 @@ CVE-2022-0001 (Non-transparent sharing of branch predictor selectors between con
NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html
CVE-2021-42553
RESERVED
-CVE-2021-42552
- RESERVED
+CVE-2021-42552 (Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient al ...)
+ TODO: check
CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...)
NOT-FOR-US: AlCoda NetBiblio WebOPAC
CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...)
@@ -28289,8 +28295,8 @@ CVE-2021-42535
RESERVED
CVE-2021-42534 (The affected product’s web application does not properly neutral ...)
NOT-FOR-US: Trane
-CVE-2021-42533
- RESERVED
+CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a double free ...)
+ TODO: check
CVE-2021-42532
RESERVED
CVE-2021-42531
@@ -28301,10 +28307,10 @@ CVE-2021-42529
RESERVED
CVE-2021-42528
RESERVED
-CVE-2021-42527
- RESERVED
-CVE-2021-42526
- RESERVED
+CVE-2021-42527 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
+ TODO: check
+CVE-2021-42526 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
+ TODO: check
CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of- ...)
NOT-FOR-US: Adobe
CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
@@ -30152,10 +30158,10 @@ CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memo
NOT-FOR-US: Adobe
CVE-2021-42265
RESERVED
-CVE-2021-42264
- RESERVED
-CVE-2021-42263
- RESERVED
+CVE-2021-42264 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...)
+ TODO: check
+CVE-2021-42263 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...)
+ TODO: check
CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...)
- ledgersmb <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
@@ -30855,8 +30861,8 @@ CVE-2021-41989
RESERVED
CVE-2021-41988
RESERVED
-CVE-2021-41987
- RESERVED
+CVE-2021-41987 (In the SCEP Server of RouterOS in certain Mikrotik products, an attack ...)
+ TODO: check
CVE-2021-41986
RESERVED
CVE-2021-41985
@@ -32970,6 +32976,7 @@ CVE-2021-41127 (Rasa is an open source machine learning framework to automate te
CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...)
NOT-FOR-US: October CMS
CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...)
+ {DLA-2950-1}
- python-scrapy 2.5.1-1
[bullseye] - python-scrapy <no-dsa> (Minor issue)
[buster] - python-scrapy <no-dsa> (Minor issue)
@@ -33824,46 +33831,46 @@ CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Ne
NOTE: https://launchpad.net/bugs/1942179
NOTE: neutron-api in Debian is served over UWSGI, cf. https://bugs.debian.org/994202
NOTE: and so serves the requests and stops the process.
-CVE-2021-40796
- RESERVED
+CVE-2021-40796 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...)
+ TODO: check
CVE-2021-40795
RESERVED
-CVE-2021-40794
- RESERVED
-CVE-2021-40793
- RESERVED
-CVE-2021-40792
- RESERVED
+CVE-2021-40794 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...)
+ TODO: check
+CVE-2021-40793 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...)
+ TODO: check
+CVE-2021-40792 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...)
+ TODO: check
CVE-2021-40791
RESERVED
CVE-2021-40790
RESERVED
-CVE-2021-40789
- RESERVED
-CVE-2021-40788
- RESERVED
-CVE-2021-40787
- RESERVED
-CVE-2021-40786
- RESERVED
-CVE-2021-40785
- RESERVED
+CVE-2021-40789 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
+ TODO: check
+CVE-2021-40788 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
+ TODO: check
+CVE-2021-40787 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
+ TODO: check
+CVE-2021-40786 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
+ TODO: check
+CVE-2021-40785 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
+ TODO: check
CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
NOT-FOR-US: Adobe
CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
NOT-FOR-US: Adobe
-CVE-2021-40782
- RESERVED
-CVE-2021-40781
- RESERVED
-CVE-2021-40780
- RESERVED
-CVE-2021-40779
- RESERVED
-CVE-2021-40778
- RESERVED
-CVE-2021-40777
- RESERVED
+CVE-2021-40782 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...)
+ TODO: check
+CVE-2021-40781 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...)
+ TODO: check
+CVE-2021-40780 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...)
+ TODO: check
+CVE-2021-40779 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...)
+ TODO: check
+CVE-2021-40778 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...)
+ TODO: check
+CVE-2021-40777 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...)
+ TODO: check
CVE-2021-40776
RESERVED
CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
@@ -33878,22 +33885,22 @@ CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory
NOT-FOR-US: Adobe
CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
NOT-FOR-US: Adobe
-CVE-2021-40769
- RESERVED
-CVE-2021-40768
- RESERVED
-CVE-2021-40767
- RESERVED
-CVE-2021-40766
- RESERVED
-CVE-2021-40765
- RESERVED
-CVE-2021-40764
- RESERVED
-CVE-2021-40763
- RESERVED
-CVE-2021-40762
- RESERVED
+CVE-2021-40769 (Adobe Character Animator version 4.4 (and earlier versions) are affect ...)
+ TODO: check
+CVE-2021-40768 (Adobe Character Animator version 4.4 (and earlier) is affected by a Nu ...)
+ TODO: check
+CVE-2021-40767 (Adobe Character Animator version 4.4 (and earlier) is affected by an A ...)
+ TODO: check
+CVE-2021-40766 (Adobe Character Animator version 4.4 (and earlier versions) are affect ...)
+ TODO: check
+CVE-2021-40765 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...)
+ TODO: check
+CVE-2021-40764 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...)
+ TODO: check
+CVE-2021-40763 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...)
+ TODO: check
+CVE-2021-40762 (Adobe Character Animator version 4.4 (and earlier) is affected by a Nu ...)
+ TODO: check
CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...)
NOT-FOR-US: Adobe
CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
@@ -33916,8 +33923,8 @@ CVE-2021-40752 (Adobe After Effects version 18.4 (and earlier) is affected by a
NOT-FOR-US: Adobe
CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...)
NOT-FOR-US: Adobe
-CVE-2021-40750
- RESERVED
+CVE-2021-40750 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...)
+ TODO: check
CVE-2021-40749
RESERVED
CVE-2021-40748
@@ -33932,24 +33939,24 @@ CVE-2021-40744
RESERVED
CVE-2021-40743
RESERVED
-CVE-2021-40742
- RESERVED
-CVE-2021-40741
- RESERVED
-CVE-2021-40740
- RESERVED
-CVE-2021-40739
- RESERVED
-CVE-2021-40738
- RESERVED
-CVE-2021-40737
- RESERVED
-CVE-2021-40736
- RESERVED
-CVE-2021-40735
- RESERVED
-CVE-2021-40734
- RESERVED
+CVE-2021-40742 (Adobe Audition version 14.4 (and earlier) is affected by a Null pointe ...)
+ TODO: check
+CVE-2021-40741 (Adobe Audition version 14.4 (and earlier) is affected by an Access of ...)
+ TODO: check
+CVE-2021-40740 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-40739 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-40738 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-40737 (Adobe Audition version 14.4 (and earlier) is affected by a Null pointe ...)
+ TODO: check
+CVE-2021-40736 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-40735 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...)
+ TODO: check
+CVE-2021-40734 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...)
+ TODO: check
CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
NOT-FOR-US: Adobe
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
@@ -36254,10 +36261,10 @@ CVE-2021-39795
RESERVED
CVE-2021-39794
RESERVED
-CVE-2021-39793
- RESERVED
-CVE-2021-39792
- RESERVED
+CVE-2021-39793 (In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possibl ...)
+ TODO: check
+CVE-2021-39792 (In usb_gadget_giveback_request of core.c, there is a possible use afte ...)
+ TODO: check
CVE-2021-39791
RESERVED
CVE-2021-39790
@@ -36366,128 +36373,122 @@ CVE-2021-39739
RESERVED
CVE-2021-39738
RESERVED
-CVE-2021-39737
- RESERVED
-CVE-2021-39736
- RESERVED
-CVE-2021-39735
- RESERVED
-CVE-2021-39734
- RESERVED
-CVE-2021-39733
- RESERVED
-CVE-2021-39732
- RESERVED
-CVE-2021-39731
- RESERVED
-CVE-2021-39730
- RESERVED
-CVE-2021-39729
- RESERVED
+CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID: A-208229524Referen ...)
+ TODO: check
+CVE-2021-39736 (In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_peri ...)
+ TODO: check
+CVE-2021-39735 (In gasket_alloc_coherent_memory of gasket_page_table.c, there is a pos ...)
+ TODO: check
+CVE-2021-39734 (In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible w ...)
+ TODO: check
+CVE-2021-39733 (In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out ...)
+ TODO: check
+CVE-2021-39732 (In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds ...)
+ TODO: check
+CVE-2021-39731 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...)
+ TODO: check
+CVE-2021-39730 (In TBD of TBD, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2021-39729 (In the TitanM chip, there is a possible out of bounds write due to a m ...)
+ TODO: check
CVE-2021-39728
RESERVED
-CVE-2021-39727
- RESERVED
-CVE-2021-39726
- RESERVED
-CVE-2021-39725
- RESERVED
-CVE-2021-39724
- RESERVED
-CVE-2021-39723
- RESERVED
-CVE-2021-39722
- RESERVED
-CVE-2021-39721
- RESERVED
-CVE-2021-39720
- RESERVED
-CVE-2021-39719
- RESERVED
-CVE-2021-39718
- RESERVED
-CVE-2021-39717
- RESERVED
-CVE-2021-39716
- RESERVED
-CVE-2021-39715
- RESERVED
-CVE-2021-39714
- RESERVED
+CVE-2021-39727 (In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/E ...)
+ TODO: check
+CVE-2021-39726 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...)
+ TODO: check
+CVE-2021-39725 (In gasket_free_coherent_memory_all of gasket_page_table.c, there is a ...)
+ TODO: check
+CVE-2021-39724 (In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, th ...)
+ TODO: check
+CVE-2021-39723 (Product: AndroidVersions: Android kernelAndroid ID: A-209014813Referen ...)
+ TODO: check
+CVE-2021-39722 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...)
+ TODO: check
+CVE-2021-39721 (In TBD of TBD, there is a possible out of bounds write due to memory c ...)
+ TODO: check
+CVE-2021-39720 (Product: AndroidVersions: Android kernelAndroid ID: A-207433926Referen ...)
+ TODO: check
+CVE-2021-39719 (In lwis_top_register_io of lwis_device_top.c, there is a possible out ...)
+ TODO: check
+CVE-2021-39718 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...)
+ TODO: check
+CVE-2021-39717 (In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bo ...)
+ TODO: check
+CVE-2021-39716 (Product: AndroidVersions: Android kernelAndroid ID: A-206977562Referen ...)
+ TODO: check
+CVE-2021-39715 (In __show_regs of process.c, there is a possible leak of kernel memory ...)
+ TODO: check
+CVE-2021-39714 (In ion_buffer_kmap_get of ion.c, there is a possible use-after-free du ...)
{DLA-2940-1}
- linux 4.12.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
-CVE-2021-39713
- RESERVED
+CVE-2021-39713 (Product: AndroidVersions: Android kernelAndroid ID: A-173788806Referen ...)
{DSA-5096-1 DLA-2941-1}
- linux 5.2.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
-CVE-2021-39712
- RESERVED
-CVE-2021-39711
- RESERVED
+CVE-2021-39712 (In TBD of TBD, there is a possible user after free vulnerability due t ...)
+ TODO: check
+CVE-2021-39711 (In bpf_prog_test_run_skb of test_run.c, there is a possible out of bou ...)
- linux 4.18.6-1
NOTE: https://git.kernel.org/linus/6e6fddc78323533be570873abb728b7e0ba7e024
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
-CVE-2021-39710
- RESERVED
-CVE-2021-39709
- RESERVED
-CVE-2021-39708
- RESERVED
-CVE-2021-39707
- RESERVED
-CVE-2021-39706
- RESERVED
-CVE-2021-39705
- RESERVED
-CVE-2021-39704
- RESERVED
-CVE-2021-39703
- RESERVED
-CVE-2021-39702
- RESERVED
-CVE-2021-39701
- RESERVED
+CVE-2021-39710 (Product: AndroidVersions: Android kernelAndroid ID: A-202160245Referen ...)
+ TODO: check
+CVE-2021-39709 (In sendSipAccountsRemovedNotification of SipAccountRegistry.java, ther ...)
+ TODO: check
+CVE-2021-39708 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...)
+ TODO: check
+CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a possible way ...)
+ TODO: check
+CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way to clea ...)
+ TODO: check
+CVE-2021-39705 (In getNotificationTag of LegacyVoicemailNotifier.java, there is a poss ...)
+ TODO: check
+CVE-2021-39704 (In deleteNotificationChannelGroup of NotificationManagerService.java, ...)
+ TODO: check
+CVE-2021-39703 (In updateState of UsbDeviceManager.java, there is a possible unauthori ...)
+ TODO: check
+CVE-2021-39702 (In onCreate of RequestManageCredentials.java, there is a possible way ...)
+ TODO: check
+CVE-2021-39701 (In serviceConnection of ControlsProviderLifecycleManager.kt, there is ...)
+ TODO: check
CVE-2021-39700
RESERVED
CVE-2021-39699
RESERVED
-CVE-2021-39698
- RESERVED
+CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory corrupt ...)
{DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
-CVE-2021-39697
- RESERVED
+CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is a possib ...)
+ TODO: check
CVE-2021-39696
RESERVED
-CVE-2021-39695
- RESERVED
-CVE-2021-39694
- RESERVED
-CVE-2021-39693
- RESERVED
-CVE-2021-39692
- RESERVED
+CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible permissi ...)
+ TODO: check
+CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for default apps ...)
+ TODO: check
+CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible way to ...)
+ TODO: check
+CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...)
+ TODO: check
CVE-2021-39691
RESERVED
-CVE-2021-39690
- RESERVED
-CVE-2021-39689
- RESERVED
+CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...)
+ TODO: check
+CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...)
+ TODO: check
CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...)
NOT-FOR-US: Pixel
CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-39686
- RESERVED
+CVE-2021-39686 (In several functions of binder.c, there is a possible way to represent ...)
{DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
-CVE-2021-39685
- RESERVED
+CVE-2021-39685 (In various setup methods of the USB gadget subsystem, there is a possi ...)
{DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.5-2
NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
@@ -36525,8 +36526,8 @@ CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a poss
NOT-FOR-US: Android
CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...)
NOT-FOR-US: Android
-CVE-2021-39667
- RESERVED
+CVE-2021-39667 (In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possi ...)
+ TODO: check
CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...)
NOT-FOR-US: Android
CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...)
@@ -36633,8 +36634,8 @@ CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a
NOT-FOR-US: Android
CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
NOT-FOR-US: Android
-CVE-2021-39624
- RESERVED
+CVE-2021-39624 (In Package Manger, there is a possible permanent denial of service due ...)
+ TODO: check
CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
NOT-FOR-US: Android
CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...)
@@ -50714,8 +50715,8 @@ CVE-2021-33855
RESERVED
CVE-2021-33854
RESERVED
-CVE-2021-33853
- RESERVED
+CVE-2021-33853 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascri ...)
+ TODO: check
CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
NOT-FOR-US: post-duplicator-image plugin for WordPress
CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
@@ -60543,14 +60544,12 @@ CVE-2021-23180 (A flaw was found in htmldoc in v1.9.12 and before. Null pointer
NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
NOTE: Crash in CLI tool, no security impact
-CVE-2021-23165
- RESERVED
+CVE-2021-23165 (A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in ps ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/413
NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
-CVE-2021-23158
- RESERVED
+CVE-2021-23158 (A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_ ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/414
@@ -76669,8 +76668,8 @@ CVE-2021-23650
RESERVED
CVE-2021-23649
RESERVED
-CVE-2021-23648
- RESERVED
+CVE-2021-23648 (The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cro ...)
+ TODO: check
CVE-2021-23647
RESERVED
CVE-2021-23646
@@ -86211,8 +86210,7 @@ CVE-2021-20300 (A flaw was found in OpenEXR's hufUncompress functionality in Ope
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0 (master)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5.x)
-CVE-2021-20299 [Null-dereference READ in Imf_2_5::Header::operator]
- RESERVED
+CVE-2021-20299 (A flaw was found in OpenEXR's Multipart input file functionality. A cr ...)
{DLA-2732-1}
- openexr 2.5.4-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740
@@ -86406,8 +86404,7 @@ CVE-2021-20259 (A flaw was found in the Foreman project. The Proxmox compute res
- foreman <itp> (bug #663101)
CVE-2021-20258
RESERVED
-CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
- RESERVED
+CVE-2021-20257 (An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. ...)
{DLA-2623-1}
- qemu 1:5.2+dfsg-9 (bug #984450)
[bullseye] - qemu <postponed> (Minor issue)
@@ -86801,8 +86798,7 @@ CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementatio
- qemu 1:5.2+dfsg-4
[buster] - qemu <postponed> (Minor issue)
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
-CVE-2021-20180
- RESERVED
+CVE-2021-20180 (A flaw was found in ansible module where credentials are disclosed in ...)
- ansible <unfixed> (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -94743,8 +94739,8 @@ CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory res
NOT-FOR-US: Android
CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...)
NOT-FOR-US: Android
-CVE-2021-0957
- RESERVED
+CVE-2021-0957 (In NotificationStackScrollLayout of NotificationStackScrollLayout.java ...)
+ TODO: check
CVE-2021-0956 (In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a ...)
NOT-FOR-US: Android
CVE-2021-0955 (In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption ...)
@@ -103218,8 +103214,7 @@ CVE-2020-25722 (Multiple flaws were found in the way samba AD DC implemented acc
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html
-CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)]
- RESERVED
+CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers (eg objec ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c512a54348237d6b3fc67be2b142471510a5144
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c512a54348237d6b3fc67be2b142471510a5144
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220316/a55588b1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list