[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 20 Oct 2021 01:10:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1e297d5c by security tracker role at 2021-10-20T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2021-42742
+       RESERVED
+CVE-2021-42741
+       RESERVED
+CVE-2021-42740
+       RESERVED
+CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has 
a buffe ...)
+       TODO: check
+CVE-2021-42738
+       RESERVED
+CVE-2021-42737
+       RESERVED
+CVE-2021-42736
+       RESERVED
+CVE-2021-42735
+       RESERVED
+CVE-2021-42734
+       RESERVED
+CVE-2021-42733
+       RESERVED
+CVE-2021-42732
+       RESERVED
+CVE-2021-42731
+       RESERVED
+CVE-2021-42730
+       RESERVED
+CVE-2021-42729
+       RESERVED
+CVE-2021-42728
+       RESERVED
+CVE-2021-42727
+       RESERVED
+CVE-2021-42726
+       RESERVED
+CVE-2021-42725
+       RESERVED
+CVE-2021-42724
+       RESERVED
+CVE-2021-42723
+       RESERVED
+CVE-2021-42722
+       RESERVED
+CVE-2021-42721
+       RESERVED
+CVE-2021-42720
+       RESERVED
+CVE-2021-42719
+       RESERVED
+CVE-2021-42718
+       RESERVED
+CVE-2021-3894
+       RESERVED
 CVE-2021-42717
        RESERVED
 CVE-2021-42716
@@ -2834,7 +2886,7 @@ CVE-2021-41993
 CVE-2021-41992
        RESERVED
 CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has 
a remot ...)
-       {DSA-4989-1}
+       {DSA-4989-1 DLA-2788-1}
        - strongswan 5.9.4-1
        NOTE: 
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
 CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer 
overflo ...)
@@ -4124,7 +4176,8 @@ CVE-2021-41430
        RESERVED
 CVE-2021-41429
        RESERVED
-CVE-2021-41428 (Insecure permissions in Update Manager &lt;= 5.8.0.2300 and 
DFL &lt;=  ...)
+CVE-2021-41428
+       REJECTED
        NOT-FOR-US: DATEV
 CVE-2021-41427
        RESERVED
@@ -4725,8 +4778,8 @@ CVE-2021-41152 (OpenOlat is a web-based e-learning 
platform for teaching, learni
        NOT-FOR-US: OpenOlat
 CVE-2021-41151 (Backstage is an open platform for building developer portals. 
In affec ...)
        NOT-FOR-US: Backstage
-CVE-2021-41150
-       RESERVED
+CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and 
generat ...)
+       TODO: check
 CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and 
generat ...)
        TODO: check
 CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end 
traceab ...)
@@ -31084,21 +31137,19 @@ CVE-2021-30318
        RESERVED
 CVE-2021-30317
        RESERVED
-CVE-2021-30316
-       RESERVED
-CVE-2021-30315
-       RESERVED
+CVE-2021-30316 (Possible out of bound memory access due to improper boundary 
check whi ...)
+       TODO: check
+CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor 
can lea ...)
+       TODO: check
 CVE-2021-30314
        RESERVED
 CVE-2021-30313
        RESERVED
-CVE-2021-30312
-       RESERVED
+CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU 
frame can l ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30311
        RESERVED
-CVE-2021-30310
-       RESERVED
+CVE-2021-30310 (Possible buffer overflow due to Improper validation of 
received CF-ACK ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30309
        RESERVED
@@ -31106,18 +31157,15 @@ CVE-2021-30308
        RESERVED
 CVE-2021-30307
        RESERVED
-CVE-2021-30306
-       RESERVED
+CVE-2021-30306 (Possible buffer over read due to improper buffer allocation 
for file l ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30305
-       RESERVED
+CVE-2021-30305 (Possible out of bound access due to lack of validation of page 
offset  ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30304
-       RESERVED
+CVE-2021-30304 (Possible buffer out of bound read can occur due to improper 
validation ...)
+       TODO: check
 CVE-2021-30303
        RESERVED
-CVE-2021-30302
-       RESERVED
+CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from 
unauthenticated  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30301
        RESERVED
@@ -31127,8 +31175,7 @@ CVE-2021-30299
        RESERVED
 CVE-2021-30298
        RESERVED
-CVE-2021-30297
-       RESERVED
+CVE-2021-30297 (Possible out of bound read due to improper validation of 
packet length ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30296
        RESERVED
@@ -31138,18 +31185,15 @@ CVE-2021-30294 (Potential null pointer dereference in 
KGSL GPU auxiliary command
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30293
        RESERVED
-CVE-2021-30292
-       RESERVED
+CVE-2021-30292 (Possible memory corruption due to lack of validation of client 
data us ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30291
-       RESERVED
+CVE-2021-30291 (Possible memory corruption due to lack of validation of client 
data us ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30290 (Possible null pointer dereference due to race condition 
between timeli ...)
        NOT-FOR-US: Snapdragon
 CVE-2021-30289
        RESERVED
-CVE-2021-30288
-       RESERVED
+CVE-2021-30288 (Possible stack overflow due to improper length check of TLV 
while copy ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30287
        RESERVED
@@ -31209,14 +31253,11 @@ CVE-2021-30260 (Possible Integer overflow to buffer 
overflow issue can occur due
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30259
        RESERVED
-CVE-2021-30258
-       RESERVED
+CVE-2021-30258 (Possible buffer overflow due to improper size calculation of 
payload r ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30257
-       RESERVED
+CVE-2021-30257 (Possible out of bound read or write in VR service due to lack 
of valid ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30256
-       RESERVED
+CVE-2021-30256 (Possible stack overflow due to improper validation of camera 
name leng ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30255
        RESERVED
@@ -34593,10 +34634,10 @@ CVE-2021-28954 (In Chris Walz bit before 1.0.5 on 
Windows, attackers can run arb
        NOT-FOR-US: Chris Walz bit
 CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for 
Visual S ...)
        NOT-FOR-US: unofficial C/C++ Advanced Lint extension for Visual Studio 
Code
-CVE-2021-3455
-       RESERVED
-CVE-2021-3454
-       RESERVED
+CVE-2021-3455 (Disconnecting L2CAP channel right after invalid ATT request 
leads free ...)
+       TODO: check
+CVE-2021-3454 (Truncated L2CAP K-frame causes assertion failure. Zephyr 
versions &gt; ...)
+       TODO: check
 CVE-2021-3453 (Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have 
BIOS m ...)
        NOT-FOR-US: Lenovo
 CVE-2021-3452 (A potential vulnerability in the system shutdown SMI callback 
function ...)
@@ -60062,28 +60103,25 @@ CVE-2020-29652 (A nil pointer dereference in the 
golang.org/x/crypto/ssh compone
        NOTE: https://go-review.googlesource.com/c/crypto/+/278852
        NOTE: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
        NOTE: Introduced in: 
https://github.com/golang/crypto/commit/cbcb750295291b33242907a04be40e80801d0cfc
 (2019-05-10)
-CVE-2021-1985
-       RESERVED
+CVE-2021-1985 (Possible buffer over read due to lack of data length check in 
QVR Serv ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1984
-       RESERVED
+CVE-2021-1984 (Possible buffer overflow due to improper validation of index 
value whi ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1983
-       RESERVED
+CVE-2021-1983 (Possible buffer overflow due to improper handling of negative 
data len ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1982
        RESERVED
 CVE-2021-1981
        RESERVED
-CVE-2021-1980
-       RESERVED
+CVE-2021-1980 (Possible buffer over read due to lack of length check while 
parsing be ...)
+       TODO: check
 CVE-2021-1979
        RESERVED
 CVE-2021-1978
        RESERVED
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1977
-       RESERVED
+CVE-2021-1977 (Possible buffer over read due to improper validation of frame 
length w ...)
+       TODO: check
 CVE-2021-1976 (A use after free can occur due to improper validation of P2P 
device ad ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1975
@@ -60098,17 +60136,13 @@ CVE-2021-1971 (Possible assertion due to lack of 
physical layer state validation
        NOT-FOR-US: Snapdragon
 CVE-2021-1970 (Possible out of bound read due to lack of length check of FT 
sub-eleme ...)
        NOT-FOR-US: Snapdragon
-CVE-2021-1969
-       RESERVED
+CVE-2021-1969 (Improper validation of kernel buffer address while copying 
information ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1968
-       RESERVED
+CVE-2021-1968 (Improper validation of kernel buffer address while copying 
information ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1967
-       RESERVED
+CVE-2021-1967 (Possible stack buffer overflow due to lack of check on the 
maximum num ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1966
-       RESERVED
+CVE-2021-1966 (Possible buffer overflow due to lack of length check of source 
and des ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1965 (Possible buffer overflow due to lack of parameter length check 
during  ...)
        NOT-FOR-US: Snapdragon
@@ -60122,8 +60156,7 @@ CVE-2021-1961 (Possible buffer overflow due to lack of 
offset length check while
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted 
opcode in LM ...)
        NOT-FOR-US: Snapdragon
-CVE-2021-1959
-       RESERVED
+CVE-2021-1959 (Possible memory corruption due to lack of bound check of input 
index i ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1958 (A race condition in fastrpc kernel driver for dynamic process 
creation ...)
        NOT-FOR-US: Snapdragon
@@ -60143,8 +60176,7 @@ CVE-2021-1951
        RESERVED
 CVE-2021-1950
        RESERVED
-CVE-2021-1949
-       RESERVED
+CVE-2021-1949 (Possible integer overflow due to improper check of batch count 
value w ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1948 (Possible out of bound read due to lack of length check of data 
while p ...)
        NOT-FOR-US: Qualcomm components for Android
@@ -60170,8 +60202,7 @@ CVE-2021-1938 (Possible assertion due to improper 
verification while creating an
        NOT-FOR-US: Snapdragon
 CVE-2021-1937 (Reachable assertion is possible while processing peer 
association WLAN ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1936
-       RESERVED
+CVE-2021-1936 (Null pointer dereference can occur due to lack of null check 
for user  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1935 (Possible null pointer dereference due to lack of validation 
check for  ...)
        NOT-FOR-US: Qualcomm components for Android
@@ -60179,8 +60210,7 @@ CVE-2021-1934 (Possible memory corruption due to 
improper check when application
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1933 (UE assertion is possible due to improper validation of invite 
message  ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1932
-       RESERVED
+CVE-2021-1932 (Improper access control in trusted application environment can 
cause u ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer 
length w ...)
        NOT-FOR-US: Snapdragon
@@ -60210,8 +60240,7 @@ CVE-2021-1919 (Integer underflow can occur when the 
RTCP length is lesser than t
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1918
        RESERVED
-CVE-2021-1917
-       RESERVED
+CVE-2021-1917 (Null pointer dereference can occur due to memory allocation 
failure in ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1916 (Possible buffer underflow due to lack of check for negative 
indices va ...)
        NOT-FOR-US: Qualcomm components for Android
@@ -60219,8 +60248,7 @@ CVE-2021-1915 (Buffer overflow can occur due to 
improper validation of NDP appli
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper 
handlin ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-1913
-       RESERVED
+CVE-2021-1913 (Possible integer overflow due to improper length check while 
updating  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-1912
        RESERVED
@@ -108895,8 +108923,7 @@ CVE-2020-11305 (Integer overflow in boot due to 
improper length check on argumen
        NOT-FOR-US: Snapdragon
 CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer 
length check. ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11303
-       RESERVED
+CVE-2020-11303 (Accepting AMSDU frames with mismatched destination and source 
address  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11302
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e297d5cfaec433d1f5b7f924a4d038a0e132f7d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e297d5cfaec433d1f5b7f924a4d038a0e132f7d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to