Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be8377ec by security tracker role at 2021-09-25T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2021-41610
+ RESERVED
+CVE-2021-41609
+ RESERVED
+CVE-2021-41608
+ RESERVED
CVE-2021-41607
RESERVED
CVE-2021-41606
@@ -230,10 +236,10 @@ CVE-2021-41506
RESERVED
CVE-2021-41505
RESERVED
-CVE-2021-41504
- RESERVED
-CVE-2021-41503
- RESERVED
+CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue
exists in ...)
+ TODO: check
+CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L
v2.17 and ...)
+ TODO: check
CVE-2021-41502
RESERVED
CVE-2021-41501
@@ -1151,6 +1157,7 @@ CVE-2021-41075
CVE-2021-41074
RESERVED
CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through
5.14.6 ...)
+ {DSA-4978-1}
- linux 5.14.6-2
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -2098,10 +2105,10 @@ CVE-2021-40657
RESERVED
CVE-2021-40656
RESERVED
-CVE-2021-40655
- RESERVED
-CVE-2021-40654
- RESERVED
+CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2
Firmware Ve ...)
+ TODO: check
+CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2
2.01mt. An ...)
+ TODO: check
CVE-2021-40653
RESERVED
CVE-2021-40652
@@ -2616,6 +2623,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before
2.2 does not validate add
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
NOTE:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end
in fs/ex ...)
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE:
https://lore.kernel.org/linux-ext4/[email protected]/
CVE-2021-40437
@@ -2863,6 +2871,7 @@ CVE-2021-3754
RESERVED
CVE-2021-3753
RESERVED
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE:
https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
CVE-2021-3752
@@ -3282,6 +3291,7 @@ CVE-2021-40148
RESERVED
CVE-2021-3743
RESERVED
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE: https://lists.openwall.net/netdev/2021/08/17/124
NOTE:
https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
@@ -3457,6 +3467,7 @@ CVE-2021-40081
RESERVED
CVE-2021-3739
RESERVED
+ {DSA-4978-1}
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4422,6 +4433,7 @@ CVE-2021-3733 [Denial of service when identifying crafted
invalid RFCs]
NOTE:
https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f
(3.6.14)
CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user
namespace can reveal files]
RESERVED
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
NOTE:
https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631
@@ -7798,6 +7810,7 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the
Linux kernel before 5.12.
- linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has
incorrect co ...)
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE:
https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before
5.12.11 inco ...)
@@ -7978,6 +7991,7 @@ CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53,
7.77, 7.81, KRNL64NUC
CVE-2021-38161
RESERVED
CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8,
there is a ...)
+ {DSA-4978-1}
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -8004,6 +8018,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the
userinfo subcomponent of a URI
NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
NOTE:
https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux
kernel be ...)
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE:
https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such
as image ...)
@@ -8544,6 +8559,7 @@ CVE-2021-3681
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
NOT-FOR-US: showdoc
CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module
functionalit ...)
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE:
https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak
Pseudo-Random N ...)
@@ -9298,7 +9314,7 @@ CVE-2021-37599 (The exporter/Login.aspx login form in the
Exporter in Nuance Win
NOT-FOR-US: Nuance
CVE-2021-3668
RESERVED
-CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can
potentially cause ...)
+CVE-2021-37600 (** DISPUTED ** An integer overflow in util-linux through
2.37.1 can po ...)
- util-linux 2.36.1-8 (low; bug #991619)
[buster] - util-linux <no-dsa> (Minor issue)
[stretch] - util-linux <no-dsa> (Minor issue)
@@ -9435,6 +9451,7 @@ CVE-2021-37539
CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled
Modification of ...)
NOT-FOR-US: Node body-parser-xml
CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through
5.13.5 on t ...)
+ {DSA-4978-1}
- linux 5.14.6-1
[stretch] - linux <ignored> (powerpc architectures not included in LTS)
NOTE:
https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
@@ -10298,6 +10315,7 @@ CVE-2021-37140
RESERVED
CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
RESERVED
+ {DSA-4978-1}
- linux 5.14.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
@@ -11105,6 +11123,7 @@ CVE-2021-36775
RESERVED
CVE-2021-3653 [KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl]
RESERVED
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a
malformed ...)
@@ -47802,8 +47821,8 @@ CVE-2021-21744
RESERVED
CVE-2021-21743
RESERVED
-CVE-2021-21742
- RESERVED
+CVE-2021-21742 (There is an information leak vulnerability in the message
service app ...)
+ TODO: check
CVE-2021-21741 (A conference management system of ZTE is impacted by a command
executi ...)
NOT-FOR-US: ZTE
CVE-2021-21740 (There is an information leak vulnerability in the digital
media player ...)
@@ -81114,8 +81133,8 @@ CVE-2020-20516
RESERVED
CVE-2020-20515
RESERVED
-CVE-2020-20514
- RESERVED
+CVE-2020-20514 (A Cross-Site Request Forgery (CSRF) in Maccms v10 via
admin.php/admin/ ...)
+ TODO: check
CVE-2020-20513
RESERVED
CVE-2020-20512
@@ -81126,8 +81145,8 @@ CVE-2020-20510
RESERVED
CVE-2020-20509
RESERVED
-CVE-2020-20508
- RESERVED
+CVE-2020-20508 (Shopkit v2.7 contains a reflective cross-site scripting (XSS)
vulnerab ...)
+ TODO: check
CVE-2020-20507
RESERVED
CVE-2020-20506
@@ -90346,6 +90365,7 @@ CVE-2020-16120 (Overlayfs did not properly perform
permission checking when copy
[stretch] - linux <not-affected> (Vulnerable configuration combination
not possible)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable
by a loca ...)
+ {DSA-4978-1}
- linux 5.14.6-1
[bullseye] - linux <no-dsa> (Minor issue, blacklisted by default,
revisit if fixed upstream)
[buster] - linux <no-dsa> (Minor issue, blacklisted by default, revisit
if fixed upstream)
@@ -125045,6 +125065,7 @@ CVE-2020-3704 (u'While processing invalid connection
request PDU which is nonsta
CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due
to lack ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal
errors ...)
+ {DSA-4978-1}
- linux 5.14.6-1
NOTE:
https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=bcx1gwwfiw1_somu_gvnct...@mail.gmail.com/
NOTE:
https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be8377eccdea6c7831e7b6c9006758d90002b568
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be8377eccdea6c7831e7b6c9006758d90002b568
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
