[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 30 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
615660b6 by security tracker role at 2022-03-30T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-28223 (Tekon KIO devices through 2022-03-30 allow an authenticated admin user ...)
+ TODO: check
+CVE-2022-28222
+ RESERVED
+CVE-2022-28221
+ RESERVED
+CVE-2022-28220
+ RESERVED
+CVE-2022-1185
+ RESERVED
+CVE-2022-1184
+ RESERVED
+CVE-2022-1183
+ RESERVED
+CVE-2022-1182
+ RESERVED
+CVE-2022-1181 (Stored Cross Site Scripting in GitHub repository openemr/openemr prior ...)
+ TODO: check
+CVE-2022-1180 (Reflected Cross Site Scripting in GitHub repository openemr/openemr pr ...)
+ TODO: check
+CVE-2022-1179 (Non-Privilege User Can Created New Rule and Lead to Stored Cross Site ...)
+ TODO: check
+CVE-2022-1178 (Stored Cross Site Scripting in GitHub repository openemr/openemr prior ...)
+ TODO: check
+CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub repo ...)
+ TODO: check
+CVE-2022-1176
+ RESERVED
+CVE-2022-1175
+ RESERVED
+CVE-2022-1174
+ RESERVED
+CVE-2022-1173
+ RESERVED
+CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
+ TODO: check
+CVE-2022-1171
+ RESERVED
+CVE-2022-1170
+ RESERVED
+CVE-2022-1169
+ RESERVED
+CVE-2022-1168
+ RESERVED
+CVE-2022-1167
+ RESERVED
+CVE-2022-1166
+ RESERVED
+CVE-2022-1165
+ RESERVED
+CVE-2022-1164
+ RESERVED
CVE-2022-28219
RESERVED
CVE-2022-28218
@@ -105,8 +157,8 @@ CVE-2022-1162
RESERVED
CVE-2022-1161
RESERVED
-CVE-2022-1160
- RESERVED
+CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...)
+ TODO: check
CVE-2022-28170
RESERVED
CVE-2022-28169
@@ -135,10 +187,10 @@ CVE-2022-1157
RESERVED
CVE-2022-1156
RESERVED
-CVE-2022-1155
- RESERVED
-CVE-2022-1154
- RESERVED
+CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...)
+ TODO: check
+CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...)
+ TODO: check
CVE-2022-1153
RESERVED
CVE-2022-1152
@@ -218,86 +270,106 @@ CVE-2022-1148
CVE-2022-1147
RESERVED
CVE-2022-1146
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1145
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1144
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1143
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1142
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1141
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1140
RESERVED
CVE-2022-1139
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1138
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1137
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1136
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1135
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1134
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1133
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1132
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1131
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1130
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1129
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1128
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1127
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1126
RESERVED
CVE-2022-1125
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -816,8 +888,8 @@ CVE-2022-27909
RESERVED
CVE-2022-27908
RESERVED
-CVE-2022-27907
- RESERVED
+CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. ...)
+ TODO: check
CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To ...)
NOT-FOR-US: Mendelson OFTP2
CVE-2022-27905
@@ -1199,8 +1271,8 @@ CVE-2022-27774
RESERVED
CVE-2022-27773
RESERVED
-CVE-2022-27772
- RESERVED
+CVE-2022-27772 (** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version ...)
+ TODO: check
CVE-2022-27771
RESERVED
CVE-2022-27770
@@ -2478,8 +2550,7 @@ CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-
NOT-FOR-US: iRZ Mobile Routers
CVE-2022-0999
RESERVED
-CVE-2022-0998
- RESERVED
+CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s virtio ...)
- linux 5.15.15-1 (unimportant)
[bullseye] - linux 5.10.92-1
[buster] - linux <not-affected> (ulnerable code not present)
@@ -6793,10 +6864,10 @@ CVE-2022-25622
RESERVED
CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...)
NOT-FOR-US: UUNIVERGE
-CVE-2022-25620
- RESERVED
-CVE-2022-25619
- RESERVED
+CVE-2022-25620 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2022-25619 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ TODO: check
CVE-2022-25618
RESERVED
CVE-2022-25617
@@ -6837,8 +6908,8 @@ CVE-2022-25600 (Cross-Site Request Forgery (CSRF) vulnerability affecting Delete
NOT-FOR-US: WordPress Plugin
CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-25598
- RESERVED
+CVE-2022-25598 (Apache DolphinScheduler user registration is vulnerable to Regular exp ...)
+ TODO: check
CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
@@ -11147,16 +11218,16 @@ CVE-2022-24137
RESERVED
CVE-2022-24136
RESERVED
-CVE-2022-24135
- RESERVED
+CVE-2022-24135 (QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2022-24134
RESERVED
CVE-2022-24133
RESERVED
-CVE-2022-24132
- RESERVED
-CVE-2022-24131
- RESERVED
+CVE-2022-24132 (phpshe V1.8 is affected by a denial of service (DoS) attack in the reg ...)
+ TODO: check
+CVE-2022-24131 (DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) ...)
+ TODO: check
CVE-2022-21170 (Improper check for certificate revocation in i-FILTER Ver.10.45R01 and ...)
NOT-FOR-US: i-FILTER
CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...)
@@ -12248,10 +12319,10 @@ CVE-2022-23871 (Multiple cross-site scripting (XSS) vulnerabilities in the compo
NOT-FOR-US: Gibbon CMS
CVE-2022-23870
RESERVED
-CVE-2022-23869
- RESERVED
-CVE-2022-23868
- RESERVED
+CVE-2022-23869 (In RuoYi v4.7.2 through the WebUI, user test1 does not have permission ...)
+ TODO: check
+CVE-2022-23868 (RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admi ...)
+ TODO: check
CVE-2022-23867
RESERVED
CVE-2022-23866
@@ -12852,24 +12923,24 @@ CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber
NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master)
CVE-2022-23802
RESERVED
-CVE-2022-23801
- RESERVED
-CVE-2022-23800
- RESERVED
-CVE-2022-23799
- RESERVED
-CVE-2022-23798
- RESERVED
-CVE-2022-23797
- RESERVED
-CVE-2022-23796
- RESERVED
-CVE-2022-23795
- RESERVED
-CVE-2022-23794
- RESERVED
-CVE-2022-23793
- RESERVED
+CVE-2022-23801 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS a ...)
+ TODO: check
+CVE-2022-23800 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate con ...)
+ TODO: check
+CVE-2022-23799 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific ...)
+ TODO: check
+CVE-2022-23798 (An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 th ...)
+ TODO: check
+CVE-2022-23797 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 th ...)
+ TODO: check
+CVE-2022-23796 (An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input ...)
+ TODO: check
+CVE-2022-23795 (An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 th ...)
+ TODO: check
+CVE-2022-23794 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 th ...)
+ TODO: check
+CVE-2022-23793 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 th ...)
+ TODO: check
CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
- mruby <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://github.com/mruby/mruby/commit/dccd66f9efecd0a974b735c62836fe566015cf37 (3.1.0-rc)
@@ -15041,8 +15112,8 @@ CVE-2022-23138
RESERVED
CVE-2022-23137
RESERVED
-CVE-2022-23136
- RESERVED
+CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway product. An at ...)
+ TODO: check
CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...)
NOT-FOR-US: ZTE
CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
@@ -15452,8 +15523,8 @@ CVE-2022-22998
RESERVED
CVE-2022-22997
RESERVED
-CVE-2022-22996
- RESERVED
+CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were affected by a ...)
+ TODO: check
CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default ...)
NOT-FOR-US: Western Digital
CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...)
@@ -16342,8 +16413,8 @@ CVE-2022-22774
RESERVED
CVE-2022-22773
RESERVED
-CVE-2022-22772
- RESERVED
+CVE-2022-22772 (The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s ...)
+ TODO: check
CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO JasperReports Libr ...)
- jasperreports <removed>
[stretch] - jasperreports <end-of-life> (cannot be supported due to lack of information)
@@ -24100,12 +24171,12 @@ CVE-2021-44314
RESERVED
CVE-2021-44313
RESERVED
-CVE-2021-44312
- RESERVED
+CVE-2021-44312 (An issue was discovered in Firmware Analysis and Comparison Tool v3.2. ...)
+ TODO: check
CVE-2021-44311
RESERVED
-CVE-2021-44310
- RESERVED
+CVE-2021-44310 (An issue was discovered in Firmware Analysis and Comparison Tool v3.2. ...)
+ TODO: check
CVE-2021-44309
RESERVED
CVE-2021-44308
@@ -29714,7 +29785,8 @@ CVE-2021-43087
RESERVED
CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compressi ...)
NOT-FOR-US: ARM astcenc
-CVE-2021-43085 (An Insecure Permissions vulnerability exists in the OpenSSL Project 3. ...)
+CVE-2021-43085
+ REJECTED
- openssl <undetermined>
NOTE: https://github.com/openssl/openssl/issues/16873
TODO: check, possibly as oulined only in 3.x versions
@@ -33501,8 +33573,8 @@ CVE-2022-20004
RESERVED
CVE-2022-20003
RESERVED
-CVE-2022-20002
- RESERVED
+CVE-2022-20002 (In incfs, there is a possible way of mounting on arbitrary paths due t ...)
+ TODO: check
CVE-2021-42039
RESERVED
CVE-2021-42038
@@ -39062,112 +39134,112 @@ CVE-2021-39793 (In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a p
NOT-FOR-US: Pixel
CVE-2021-39792 (In usb_gadget_giveback_request of core.c, there is a possible use afte ...)
NOT-FOR-US: Android kernel patches
-CVE-2021-39791
- RESERVED
-CVE-2021-39790
- RESERVED
-CVE-2021-39789
- RESERVED
-CVE-2021-39788
- RESERVED
-CVE-2021-39787
- RESERVED
-CVE-2021-39786
- RESERVED
+CVE-2021-39791 (In WallpaperManagerService, there is a possible way to determine wheth ...)
+ TODO: check
+CVE-2021-39790 (In Dialer, there is a possible way to manipulate visual voicemail sett ...)
+ TODO: check
+CVE-2021-39789 (In Telecom, there is a possible leak of TTY mode change due to a missi ...)
+ TODO: check
+CVE-2021-39788 (In TelecomManager, there is a possible way to check if a particular se ...)
+ TODO: check
+CVE-2021-39787 (In SystemUI, there is a possible arbitrary Activity launch due to a co ...)
+ TODO: check
+CVE-2021-39786 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2021-39785
RESERVED
-CVE-2021-39784
- RESERVED
-CVE-2021-39783
- RESERVED
-CVE-2021-39782
- RESERVED
-CVE-2021-39781
- RESERVED
-CVE-2021-39780
- RESERVED
-CVE-2021-39779
- RESERVED
-CVE-2021-39778
- RESERVED
-CVE-2021-39777
- RESERVED
-CVE-2021-39776
- RESERVED
-CVE-2021-39775
- RESERVED
-CVE-2021-39774
- RESERVED
-CVE-2021-39773
- RESERVED
-CVE-2021-39772
- RESERVED
-CVE-2021-39771
- RESERVED
-CVE-2021-39770
- RESERVED
-CVE-2021-39769
- RESERVED
-CVE-2021-39768
- RESERVED
-CVE-2021-39767
- RESERVED
-CVE-2021-39766
- RESERVED
-CVE-2021-39765
- RESERVED
-CVE-2021-39764
- RESERVED
-CVE-2021-39763
- RESERVED
-CVE-2021-39762
- RESERVED
-CVE-2021-39761
- RESERVED
-CVE-2021-39760
- RESERVED
-CVE-2021-39759
- RESERVED
-CVE-2021-39758
- RESERVED
-CVE-2021-39757
- RESERVED
-CVE-2021-39756
- RESERVED
-CVE-2021-39755
- RESERVED
-CVE-2021-39754
- RESERVED
-CVE-2021-39753
- RESERVED
-CVE-2021-39752
- RESERVED
-CVE-2021-39751
- RESERVED
-CVE-2021-39750
- RESERVED
-CVE-2021-39749
- RESERVED
-CVE-2021-39748
- RESERVED
-CVE-2021-39747
- RESERVED
-CVE-2021-39746
- RESERVED
-CVE-2021-39745
- RESERVED
-CVE-2021-39744
- RESERVED
-CVE-2021-39743
- RESERVED
-CVE-2021-39742
- RESERVED
-CVE-2021-39741
- RESERVED
-CVE-2021-39740
- RESERVED
-CVE-2021-39739
- RESERVED
+CVE-2021-39784 (In CellBroadcastReceiver, there is a possible path to enable specific ...)
+ TODO: check
+CVE-2021-39783 (In rcsservice, there is a possible way to modify TTY mode due to a mis ...)
+ TODO: check
+CVE-2021-39782 (In Telephony, there is a possible unauthorized modification of the PLM ...)
+ TODO: check
+CVE-2021-39781 (In SmsController, there is a possible information disclosure due to a ...)
+ TODO: check
+CVE-2021-39780 (In Traceur, there is a possible bypass of developer settings requireme ...)
+ TODO: check
+CVE-2021-39779 (In getCallStateUsingPackage of Telecom Service, there is a missing per ...)
+ TODO: check
+CVE-2021-39778 (In Telecomm, there is a possible way to determine whether an app is in ...)
+ TODO: check
+CVE-2021-39777 (In Telephony, there is a possible way to determine whether an app is i ...)
+ TODO: check
+CVE-2021-39776 (In NFC, there is a possible memory corruption due to a use after free. ...)
+ TODO: check
+CVE-2021-39775 (In People, there is a possible way to determine whether an app is inst ...)
+ TODO: check
+CVE-2021-39774 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2021-39773 (In VpnManagerService, there is a possible disclosure of installed VPN ...)
+ TODO: check
+CVE-2021-39772 (In Bluetooth, there is a possible way to access the a2dp audio control ...)
+ TODO: check
+CVE-2021-39771 (In Settings, there is a possible way to misrepresent which app wants t ...)
+ TODO: check
+CVE-2021-39770 (In Framework, there is a possible disclosure of the device owner packa ...)
+ TODO: check
+CVE-2021-39769 (In Device Policy, there is a possible way to determine whether an app ...)
+ TODO: check
+CVE-2021-39768 (In Settings, there is a possible way to add an auto-connect WiFi netwo ...)
+ TODO: check
+CVE-2021-39767 (In miniadb, there is a possible way to get read/write access to recove ...)
+ TODO: check
+CVE-2021-39766 (In Settings, there is a possible way to determine whether an app is in ...)
+ TODO: check
+CVE-2021-39765 (In Gallery, there is a possible permission bypass due to a confused de ...)
+ TODO: check
+CVE-2021-39764 (In Settings, there is a possible way to display an incorrect app name ...)
+ TODO: check
+CVE-2021-39763 (In Settings, there is a possible way to make the user enable WiFi due ...)
+ TODO: check
+CVE-2021-39762 (In tremolo, there is a possible out of bounds read due to an integer o ...)
+ TODO: check
+CVE-2021-39761 (In Media, there is a possible way to determine whether an app is insta ...)
+ TODO: check
+CVE-2021-39760 (In AudioService, there is a possible way to determine whether an app i ...)
+ TODO: check
+CVE-2021-39759 (In libstagefright, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2021-39758 (In WindowManager, there is a possible way to start a foreground activi ...)
+ TODO: check
+CVE-2021-39757 (In PermissionController, there is a possible permission bypass due to ...)
+ TODO: check
+CVE-2021-39756 (In Framework, there is a possible way to determine whether an app is i ...)
+ TODO: check
+CVE-2021-39755 (In DevicePolicyManager, there is a possible way to reveal the existenc ...)
+ TODO: check
+CVE-2021-39754 (In ContextImpl, there is a possible way to determine whether an app is ...)
+ TODO: check
+CVE-2021-39753 (In DomainVerificationService, there is a possible way to access app do ...)
+ TODO: check
+CVE-2021-39752 (In Bubbles, there is a possible way to interfere with Bubbles due to a ...)
+ TODO: check
+CVE-2021-39751 (In Settings, there is a possible way to read Bluetooth device names wi ...)
+ TODO: check
+CVE-2021-39750 (In PackageManager, there is a possible way to change the splash screen ...)
+ TODO: check
+CVE-2021-39749 (In WindowManager, there is a possible way to start non-exported and pr ...)
+ TODO: check
+CVE-2021-39748 (In InputMethodEditor, there is a possible way to access some files acc ...)
+ TODO: check
+CVE-2021-39747 (In Settings Provider, there is a possible way to list values of non-re ...)
+ TODO: check
+CVE-2021-39746 (In PermissionController, there is a possible way to delete some local ...)
+ TODO: check
+CVE-2021-39745 (In DevicePolicyManager, there is a possible way to determine whether a ...)
+ TODO: check
+CVE-2021-39744 (In DevicePolicyManager, there is a possible way to determine whether a ...)
+ TODO: check
+CVE-2021-39743 (In PackageManager, there is a possible way to update the last usage ti ...)
+ TODO: check
+CVE-2021-39742 (In Voicemail, there is a possible way to retrieve a trackable identifi ...)
+ TODO: check
+CVE-2021-39741 (In Keymaster, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2021-39740 (In Messaging, there is a possible way to bypass attachment restriction ...)
+ TODO: check
+CVE-2021-39739 (In ArrayMap, there is a possible leak of the content of SMS messages d ...)
+ TODO: check
CVE-2021-39738
RESERVED
CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID: A-208229524Referen ...)
@@ -66404,8 +66476,7 @@ CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before 3.3.1
NOT-FOR-US: GetSimpleCMS
CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The Shel ...)
- foreman <itp> (bug #663101)
-CVE-2021-3456
- RESERVED
+CVE-2021-3456 (An improper authorization handling flaw was found in Foreman. The Salt ...)
- foreman <itp> (bug #663101)
CVE-2021-28975 (WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's de ...)
NOT-FOR-US: WP Mailster
@@ -79017,10 +79088,10 @@ CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allo
NOT-FOR-US: Bosch
CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP cameras c ...)
NOT-FOR-US: Bosch
-CVE-2021-23851
- RESERVED
-CVE-2021-23850
- RESERVED
+CVE-2021-23851 (A specially crafted TCP/IP packet may cause the camera recovery image ...)
+ TODO: check
+CVE-2021-23850 (A specially crafted TCP/IP packet may cause a camera recovery image te ...)
+ TODO: check
CVE-2021-23849 (A vulnerability in the web-based interface allows an unauthenticated r ...)
NOT-FOR-US: Bosch IP cameras
CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...)
@@ -90063,8 +90134,7 @@ CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory le
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=bbd53f1010b3d6a7b55d0094b2370c3a49322ddb (3.0.29)
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=4490d451f9b61baada414233897a83ec8d9908aa (3.0.29)
-CVE-2020-35501
- RESERVED
+CVE-2020-35501 (A flaw was found in the Linux kernels implementation of audit rules, w ...)
- linux <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/18/1
NOTE: https://lore.kernel.org/linux-audit/7230785.EvYhyI6sBW@x2/
@@ -97416,8 +97486,8 @@ CVE-2021-1035 (In setLaunchIntent of BluetoothDevicePickerPreferenceController.j
NOT-FOR-US: Android
CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...)
NOT-FOR-US: Android
-CVE-2021-1033
- RESERVED
+CVE-2021-1033 (In createGeneralSlice of ConnectedDevicesSliceProvider.java.java, ther ...)
+ TODO: check
CVE-2021-1032 (In getMimeGroup of PackageManagerService.java, there is a possible way ...)
NOT-FOR-US: Android
CVE-2021-1031 (In cancelNotificationsFromListener of NotificationManagerService.java, ...)
@@ -97482,8 +97552,8 @@ CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of b
NOT-FOR-US: Android
CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bo ...)
NOT-FOR-US: Android
-CVE-2021-1000
- RESERVED
+CVE-2021-1000 (In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, t ...)
+ TODO: check
CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a possibl ...)
NOT-FOR-US: Android
CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible ou ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615660b67de131e3c5076cc39cfe01fe20c599ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615660b67de131e3c5076cc39cfe01fe20c599ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220330/f4bd98a1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list