[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 25 20:10:32 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4c2d2c0 by security tracker role at 2022-03-25T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2022-27887
+ RESERVED
+CVE-2022-27886
+ RESERVED
+CVE-2022-27885
+ RESERVED
+CVE-2022-27884
+ RESERVED
+CVE-2022-27883
+ RESERVED
+CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedn ...)
+ TODO: check
+CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buff ...)
+ TODO: check
+CVE-2022-27873
+ RESERVED
+CVE-2022-27872
+ RESERVED
+CVE-2022-27871
+ RESERVED
+CVE-2022-27870
+ RESERVED
+CVE-2022-27869
+ RESERVED
+CVE-2022-27868
+ RESERVED
+CVE-2022-27867
+ RESERVED
+CVE-2022-27866
+ RESERVED
+CVE-2022-27865
+ RESERVED
+CVE-2022-27864
+ RESERVED
+CVE-2022-27186
+ RESERVED
+CVE-2022-27177
+ RESERVED
+CVE-2022-27171
+ RESERVED
+CVE-2022-26371
+ RESERVED
+CVE-2022-26064
+ RESERVED
+CVE-2022-1097
+ RESERVED
+CVE-2022-1096
+ RESERVED
+CVE-2022-1095
+ RESERVED
+CVE-2022-1094
+ RESERVED
+CVE-2022-1093
+ RESERVED
+CVE-2022-1092
+ RESERVED
+CVE-2022-1091
+ RESERVED
+CVE-2022-1090
+ RESERVED
+CVE-2022-1089
+ RESERVED
+CVE-2022-1088
+ RESERVED
+CVE-2022-1087
+ RESERVED
+CVE-2022-1086
+ RESERVED
+CVE-2022-1085
+ RESERVED
+CVE-2022-1084
+ RESERVED
+CVE-2022-1083
+ RESERVED
+CVE-2022-1082
+ RESERVED
+CVE-2022-1081
+ RESERVED
+CVE-2022-1080
+ RESERVED
+CVE-2022-1079
+ RESERVED
+CVE-2022-1078
+ RESERVED
+CVE-2022-1077
+ RESERVED
+CVE-2022-1076
+ RESERVED
+CVE-2022-1075
+ RESERVED
+CVE-2022-1074
+ RESERVED
+CVE-2022-1073
+ RESERVED
+CVE-2022-1072
+ RESERVED
CVE-2022-27494
RESERVED
CVE-2022-26423
@@ -56,8 +152,8 @@ CVE-2022-1066
RESERVED
CVE-2022-1065
RESERVED
-CVE-2022-1064
- RESERVED
+CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...)
+ TODO: check
CVE-2022-1063
RESERVED
CVE-2022-1062
@@ -66,7 +162,7 @@ CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareo
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
-CVE-2018-25032 [zlib memory corruption on deflate]
+CVE-2018-25032 (zlib 1.2.11 allows memory corruption when deflating (i.e., when compre ...)
- zlib <unfixed> (bug #1008265)
NOTE: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
NOTE: https://www.openwall.com/lists/oss-security/2022/03/24/1
@@ -435,7 +531,7 @@ CVE-2022-1057
RESERVED
CVE-2021-46739
RESERVED
-CVE-2022-27666 (In the Linux kernel before 5.16.15, there is a buffer overflow in ESP ...)
+CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
@@ -512,8 +608,8 @@ CVE-2022-1051
RESERVED
CVE-2022-1050
RESERVED
-CVE-2022-1049
- RESERVED
+CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
+ TODO: check
CVE-2022-1048 [race condition in snd_pcm_hw_free leading to use-after-free]
RESERVED
- linux <unfixed>
@@ -816,8 +912,8 @@ CVE-2022-26017
RESERVED
CVE-2022-25841
RESERVED
-CVE-2022-1040
- RESERVED
+CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...)
+ TODO: check
CVE-2022-1039
RESERVED
CVE-2022-1038
@@ -1454,8 +1550,7 @@ CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager p
NOT-FOR-US: prasathmani/tinyfilemanager
CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...)
NOT-FOR-US: Bitrix Site Manager
-CVE-2022-27227
- RESERVED
+CVE-2022-27227 (In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and ...)
- pdns-recursor <unfixed>
[bullseye] - pdns-recursor <no-dsa> (Minor issue)
[buster] - pdns-recursor <no-dsa> (Minor issue)
@@ -1481,8 +1576,7 @@ CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows
- 389-ds-base <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
TODO: check details
-CVE-2022-0995 [kernel bug in the watch_queue subsystem]
- RESERVED
+CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux kernel ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1520,8 +1614,8 @@ CVE-2022-27194
RESERVED
CVE-2022-0989
RESERVED
-CVE-2022-0988
- RESERVED
+CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
+ TODO: check
CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via timing]
RESERVED
- packagekit <unfixed>
@@ -1535,8 +1629,7 @@ CVE-2022-0985
RESERVED
CVE-2022-0984
RESERVED
-CVE-2022-0983
- RESERVED
+CVE-2022-0983 (An SQL injection risk was identified in Badges code relating to config ...)
- moodle <removed>
CVE-2022-0982 (The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suff ...)
NOT-FOR-US: ACCEL-PPP
@@ -2733,8 +2826,8 @@ CVE-2022-0899
RESERVED
CVE-2022-0898
RESERVED
-CVE-2022-0897
- RESERVED
+CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...)
+ TODO: check
CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template Engine ...)
NOT-FOR-US: microweber
CVE-2022-0895 (Static Code Injection in GitHub repository microweber/microweber prior ...)
@@ -4066,8 +4159,8 @@ CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote
NOT-FOR-US: Contao Managed Edition
CVE-2022-26264
RESERVED
-CVE-2022-26263
- RESERVED
+CVE-2022-26263 (Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scrip ...)
+ TODO: check
CVE-2022-26262
RESERVED
CVE-2022-26261
@@ -4664,8 +4757,7 @@ CVE-2022-0761
RESERVED
CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0759
- RESERVED
+CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not includin ...)
- ruby-kubeclient <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058404
NOTE: https://github.com/ManageIQ/kubeclient/issues/554
@@ -5787,20 +5879,20 @@ CVE-2022-25614
RESERVED
CVE-2022-25613
RESERVED
-CVE-2022-25612
- RESERVED
-CVE-2022-25611
- RESERVED
-CVE-2022-25610
- RESERVED
+CVE-2022-25612 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ TODO: check
+CVE-2022-25611 (Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planne ...)
+ TODO: check
+CVE-2022-25610 (Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat ...)
+ TODO: check
CVE-2022-25609 (Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25608 (Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25607 (Authenticated (author or higher user role) SQL Injection (SQLi) vulner ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-25606
- RESERVED
+CVE-2022-25606 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
+ TODO: check
CVE-2022-25605 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25604 (Authenticated (contributor of higher user role) Stored Cross-Site Scri ...)
@@ -5886,8 +5978,8 @@ CVE-2022-25584
RESERVED
CVE-2022-25583
RESERVED
-CVE-2022-25582
- RESERVED
+CVE-2022-25582 (A stored cross-site scripting (XSS) vulnerability in the Column module ...)
+ TODO: check
CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...)
NOT-FOR-US: Classcms
CVE-2022-25580
@@ -5896,14 +5988,14 @@ CVE-2022-25579
RESERVED
CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...)
NOT-FOR-US: taocms
-CVE-2022-25577
- RESERVED
+CVE-2022-25577 (ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password ...)
+ TODO: check
CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
NOT-FOR-US: Anchor CMS
CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking Managem ...)
NOT-FOR-US: Parking Management System
-CVE-2022-25574
- RESERVED
+CVE-2022-25574 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...)
+ TODO: check
CVE-2022-25573
RESERVED
CVE-2022-25572
@@ -8089,10 +8181,10 @@ CVE-2022-24780
RESERVED
CVE-2022-24779
RESERVED
-CVE-2022-24778
- RESERVED
-CVE-2022-24777
- RESERVED
+CVE-2022-24778 (The imgcrypt library provides API exensions for containerd to support ...)
+ TODO: check
+CVE-2022-24777 (grpc-swift is the Swift language implementation of gRPC, a remote proc ...)
+ TODO: check
CVE-2022-24776 (Flask-AppBuilder is an application development framework, built on top ...)
- flask-appbuilder <itp> (bug #998029)
CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...)
@@ -9157,8 +9249,7 @@ CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All version
NOT-FOR-US: Siemens
CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...)
NOT-FOR-US: beanstalk_console
-CVE-2022-0500
- RESERVED
+CVE-2022-0500 (A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leadi ...)
- linux 5.16.10-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
CVE-2022-0499
@@ -9177,8 +9268,7 @@ CVE-2022-0496
NOTE: Crash in CLI tool, no security impact
CVE-2022-0495
RESERVED
-CVE-2022-0494
- RESERVED
+CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...)
- linux 5.16.14-1
NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5)
CVE-2022-0493
@@ -9794,8 +9884,7 @@ CVE-2022-24272
RESERVED
CVE-2022-23400
RESERVED
-CVE-2022-0435
- RESERVED
+CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...)
{DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.10-1
NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1
@@ -11504,8 +11593,8 @@ CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecode
NOT-FOR-US: Sourcecodester
CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-46426
- RESERVED
+CVE-2021-46426 (phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find ...)
+ TODO: check
CVE-2021-46425
RESERVED
CVE-2021-46424
@@ -11750,8 +11839,7 @@ CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL inj
- moodle <removed>
CVE-2022-0331
RESERVED
-CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
- RESERVED
+CVE-2022-0330 (A random memory access flaw was found in the Linux kernel's GPU i915 k ...)
{DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-2
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12
@@ -11866,8 +11954,7 @@ CVE-2022-21147
RESERVED
CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...)
NOT-FOR-US: Mustache (implementation in PHP)
-CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
- RESERVED
+CVE-2022-0322 (A flaw was found in the sctp_make_strreset_req function in net/sctp/sm ...)
{DSA-5096-1 DLA-2941-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
@@ -15037,16 +15124,14 @@ CVE-2021-46167
RESERVED
CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...)
NOT-FOR-US: Lens
-CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses]
- RESERVED
+CVE-2021-4203 (A use-after-free read flaw was found in sock_getsockopt() in net/core/ ...)
{DSA-5096-1 DLA-2941-1}
- linux 5.14.12-1
[bullseye] - linux 5.10.84-1
[stretch] - linux 4.9.290-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4)
-CVE-2021-4202
- RESERVED
+CVE-2021-4202 (A use-after-free flaw was found in nci_request in net/nfc/nci/core.c i ...)
{DSA-5096-1 DLA-2940-1}
- linux 5.15.5-1 (unimportant)
[bullseye] - linux 5.10.84-1
@@ -18798,8 +18883,7 @@ CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19
NOT-FOR-US: FreePBX
CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...)
NOT-FOR-US: Siemens
-CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
- RESERVED
+CVE-2021-4157 (An out of memory bounds write flaw (1 or 2 bytes of memory) in the Lin ...)
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
@@ -19263,8 +19347,7 @@ CVE-2021-4148 (A vulnerability was found in the Linux kernel's block_invalidatep
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2021/9/17/1037
NOTE: https://lkml.org/lkml/2021/9/12/323
-CVE-2021-4147 [deadlock and crash in libxl driver]
- RESERVED
+CVE-2021-4147 (A flaw was found in the libvirt libxl driver. A malicious guest could ...)
- libvirt 7.10.0-2 (bug #1002535)
[bullseye] - libvirt <no-dsa> (Minor issue)
[buster] - libvirt <no-dsa> (Minor issue)
@@ -20301,8 +20384,8 @@ CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All ver
NOT-FOR-US: Siemens
CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
NOT-FOR-US: Emerson
-CVE-2021-44462
- RESERVED
+CVE-2021-44462 (This vulnerability can be exploited by parsing maliciously crafted pro ...)
+ TODO: check
CVE-2021-4137
RESERVED
CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
@@ -20618,8 +20701,8 @@ CVE-2021-45045
RESERVED
CVE-2021-45044
RESERVED
-CVE-2021-44768
- RESERVED
+CVE-2021-44768 (Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable t ...)
+ TODO: check
CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
NOT-FOR-US: DIAEnergie
CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
@@ -21768,8 +21851,8 @@ CVE-2021-44753
RESERVED
CVE-2021-44752
RESERVED
-CVE-2021-44751
- RESERVED
+CVE-2021-44751 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...)
+ TODO: check
CVE-2021-44750 (An arbitrary code execution vulnerability was found in the F-Secure Su ...)
NOT-FOR-US: F-Secure
CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was discove ...)
@@ -22516,8 +22599,8 @@ CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (
NOT-FOR-US: SiPass
CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
NOT-FOR-US: SiPass
-CVE-2021-44477
- RESERVED
+CVE-2021-44477 (GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external ...)
+ TODO: check
CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...)
- lapack 3.10.0-2 (bug #1001902)
[bullseye] - lapack <no-dsa> (Minor issue)
@@ -26131,8 +26214,8 @@ CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow.
NOT-FOR-US: Amazon
CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...)
NOT-FOR-US: Amazon
-CVE-2021-43636
- RESERVED
+CVE-2021-43636 (Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu ...)
+ TODO: check
CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...)
NOT-FOR-US: Codex
CVE-2021-43634
@@ -26390,8 +26473,7 @@ CVE-2021-3942
RESERVED
CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...)
NOT-FOR-US: Apache Apisix
-CVE-2021-3941
- RESERVED
+CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...)
- openexr <unfixed>
[stretch] - openexr <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789
@@ -26578,8 +26660,7 @@ CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-
NOTE: https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 (v1.16.1)
CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
NOT-FOR-US: ohmyzsh
-CVE-2021-3933
- RESERVED
+CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...)
- openexr <unfixed>
[stretch] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783
@@ -28624,10 +28705,10 @@ CVE-2021-43093
RESERVED
CVE-2021-43092
RESERVED
-CVE-2021-43091
- RESERVED
-CVE-2021-43090
- RESERVED
+CVE-2021-43091 (An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via ...)
+ TODO: check
+CVE-2021-43090 (An XML External Entity (XXE) vulnerability exists in all versions of s ...)
+ TODO: check
CVE-2021-43089
RESERVED
CVE-2021-43088
@@ -34165,8 +34246,8 @@ CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize
NOT-FOR-US: Device42 Remote Collector
CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...)
NOT-FOR-US: fabiocaccamo/utils.js
-CVE-2021-3814
- RESERVED
+CVE-2021-3814 (It was found that 3scale's APIdocs does not validate the access token, ...)
+ TODO: check
CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...)
NOT-FOR-US: chatwoot
CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
@@ -49222,8 +49303,8 @@ CVE-2021-35256
RESERVED
CVE-2021-35255
RESERVED
-CVE-2021-35254
- RESERVED
+CVE-2021-35254 (SolarWinds received a report of a vulnerability related to an input th ...)
+ TODO: check
CVE-2021-35253
RESERVED
CVE-2021-35252
@@ -52302,8 +52383,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther
NOTE: https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f
CVE-2021-3587
REJECTED
-CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
- RESERVED
+CVE-2021-3582 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
- qemu 1:5.2+dfsg-11 (bug #990565)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -52781,8 +52861,7 @@ CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.
NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2)
CVE-2021-3568
RESERVED
-CVE-2021-3567
- RESERVED
+CVE-2021-3567 (A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. ...)
- caribou 0.4.21-7.1 (bug #980061)
[buster] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2)
[stretch] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2)
@@ -67972,8 +68051,8 @@ CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as u
- linux 5.10.24-1
[buster] - linux 4.19.181-1
NOTE: https://xenbits.xen.org/xsa/advisory-367.html
-CVE-2021-3422
- RESERVED
+CVE-2021-3422 (The lack of validation of a key-value field in the Splunk-to-Splunk pr ...)
+ TODO: check
CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...)
- rpm 4.16.1.2+dfsg1-1 (bug #985308)
[buster] - rpm <no-dsa> (Minor issue)
@@ -71082,12 +71161,12 @@ CVE-2021-26624
RESERVED
CVE-2021-26623
RESERVED
-CVE-2021-26622
- RESERVED
-CVE-2021-26621
- RESERVED
-CVE-2021-26620
- RESERVED
+CVE-2021-26622 (An remote code execution vulnerability due to SSTI vulnerability and i ...)
+ TODO: check
+CVE-2021-26621 (An Buffer Overflow vulnerability leading to remote code execution was ...)
+ TODO: check
+CVE-2021-26620 (An improper authentication vulnerability leading to information leakag ...)
+ TODO: check
CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...)
NOT-FOR-US: BigFileAgent
CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
@@ -82011,8 +82090,8 @@ CVE-2021-22102
RESERVED
CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...)
NOT-FOR-US: Cloud Foundry Cloud Controller
-CVE-2021-22100
- RESERVED
+CVE-2021-22100 (In cloud foundry CAPI versions prior to 1.122, a denial-of-service att ...)
+ TODO: check
CVE-2021-22099
RESERVED
CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...)
@@ -87821,8 +87900,7 @@ CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versi
CVE-2021-20324
RESERVED
NOT-FOR-US: WildFly Elytron
-CVE-2021-20323
- RESERVED
+CVE-2021-20323 (A POST based reflected Cross Site Scripting vulnerability on has been ...)
NOT-FOR-US: Keycloak
CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
{DSA-5096-1 DLA-2941-1 DLA-2843-1}
@@ -88004,8 +88082,7 @@ CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/sto
NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
NOTE: golang-github-containers-buildah uses golang-github-containers-storage compression support.
NOTE: docker.io already uses the same library as the fix for golang-github-containers-storage.
-CVE-2021-20290
- RESERVED
+CVE-2021-20290 (An improper authorization handling flaw was found in Foreman. The Open ...)
- foreman <itp> (bug #663101)
CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...)
NOT-FOR-US: Keycloak
@@ -114505,8 +114582,8 @@ CVE-2020-21556
RESERVED
CVE-2020-21555
RESERVED
-CVE-2020-21554
- RESERVED
+CVE-2020-21554 (A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_lis ...)
+ TODO: check
CVE-2020-21553
RESERVED
CVE-2020-21552
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4c2d2c03e5ae7864dcac7e933c4a400a53f18cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4c2d2c03e5ae7864dcac7e933c4a400a53f18cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220325/ad5afa5b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list