[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 23 Dec 2021 00:10:40 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
864282de by security tracker role at 2021-12-23T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2021-45464
+       RESERVED
+CVE-2021-45463 (GEGL before 0.4.34 allows shell expansion when a pathname in a 
constru ...)
+       TODO: check
+CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash 
SGW-U/UPF. ...)
+       TODO: check
+CVE-2021-4158
+       RESERVED
 CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 
15.0.19.88, 1 ...)
        NOT-FOR-US: FreePBX
 CVE-2021-45460
@@ -478,8 +486,8 @@ CVE-2021-4145 [NULL pointer dereference in 
mirror_wait_on_conflicts() in block/m
        [stretch] - qemu <not-affected> (Vulnerable code introduced later)
        NOTE: Introduced by: 
https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288
 (v6.1.0-rc0)
        NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd
 (v6.2.0-rc0)
-CVE-2021-4144
-       RESERVED
+CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version 
prior to 2 ...)
+       TODO: check
 CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows 
policy bypass ...)
        - mbedtls <undetermined>
        TODO: check, seems to only affect 3.x branch
@@ -2917,10 +2925,10 @@ CVE-2021-44694
        RESERVED
 CVE-2021-44693
        RESERVED
-CVE-2021-4079
-       RESERVED
-CVE-2021-4078
-       RESERVED
+CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 
96.0.4664.93 a ...)
+       TODO: check
+CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 
allowed a  ...)
+       TODO: check
 CVE-2021-4077
        RESERVED
 CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
@@ -3242,70 +3250,54 @@ CVE-2021-4069 (vim is vulnerable to Use After Free ...)
        NOTE: 
https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 
(v8.2.3741)
 CVE-2021-44548
        RESERVED
-CVE-2021-4068
-       RESERVED
+CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome 
prior to ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4067
-       RESERVED
+CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS 
prior to ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4066
-       RESERVED
+CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 
96.0.4664.93 allo ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4065
-       RESERVED
+CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 
96.0.4664.93 allo ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4064
-       RESERVED
+CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS 
prior to ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4063
-       RESERVED
+CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 
96.0.4664. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4062
-       RESERVED
+CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 
96.0.4664.93 ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4061
-       RESERVED
+CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 
allowed a  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4060
        RESERVED
-CVE-2021-4059
-       RESERVED
+CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior 
to 96.0. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4058
-       RESERVED
+CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 
96.0.4664.93 a ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4057
-       RESERVED
+CVE-2021-4057 (Use after free in file API in Google Chrome prior to 
96.0.4664.93 allo ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4056
-       RESERVED
+CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 
allowe ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4055
-       RESERVED
+CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 
96.0.4664 ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4054
-       RESERVED
+CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 
96.0.4664. ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4053
-       RESERVED
+CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 
96.0.4664.93 a ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4052
-       RESERVED
+CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 
96.0.4664.93 allo ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2021-4051
@@ -5403,8 +5395,8 @@ CVE-2021-43855
        RESERVED
 CVE-2021-43854
        RESERVED
-CVE-2021-43853
-       RESERVED
+CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available 
for Mic ...)
+       TODO: check
 CVE-2021-43852
        RESERVED
 CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking 
applicat ...)
@@ -22733,42 +22725,42 @@ CVE-2021-38024
        RESERVED
 CVE-2021-38023
        RESERVED
-CVE-2021-38022
-       RESERVED
-CVE-2021-38021
-       RESERVED
-CVE-2021-38020
-       RESERVED
-CVE-2021-38019
-       RESERVED
-CVE-2021-38018
-       RESERVED
-CVE-2021-38017
-       RESERVED
-CVE-2021-38016
-       RESERVED
-CVE-2021-38015
-       RESERVED
-CVE-2021-38014
-       RESERVED
-CVE-2021-38013
-       RESERVED
-CVE-2021-38012
-       RESERVED
-CVE-2021-38011
-       RESERVED
-CVE-2021-38010
-       RESERVED
-CVE-2021-38009
-       RESERVED
-CVE-2021-38008
-       RESERVED
-CVE-2021-38007
-       RESERVED
-CVE-2021-38006
-       RESERVED
-CVE-2021-38005
-       RESERVED
+CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google 
Chrome pri ...)
+       TODO: check
+CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome 
prior to 96. ...)
+       TODO: check
+CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google 
Chrome on ...)
+       TODO: check
+CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior 
to 96.0 ...)
+       TODO: check
+CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome 
prior to 9 ...)
+       TODO: check
+CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google 
Chrome pri ...)
+       TODO: check
+CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google 
Chrome p ...)
+       TODO: check
+CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior 
to 96.0.4 ...)
+       TODO: check
+CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 
96.0.4664 ...)
+       TODO: check
+CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google 
Chrome on Ch ...)
+       TODO: check
+CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 
allowed a  ...)
+       TODO: check
+CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 
96.0.46 ...)
+       TODO: check
+CVE-2021-38010 (Inappropriate implementation in service workers in Google 
Chrome prior ...)
+       TODO: check
+CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior 
to 96.0.4 ...)
+       TODO: check
+CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 
allowed ...)
+       TODO: check
+CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 
allowed a  ...)
+       TODO: check
+CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 
96.0.46 ...)
+       TODO: check
+CVE-2021-38005 (Use after free in loader in Google Chrome prior to 
96.0.4664.45 allowe ...)
+       TODO: check
 CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome 
prior to  ...)
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
@@ -68859,10 +68851,10 @@ CVE-2021-20052
        RESERVED
 CVE-2021-20051
        RESERVED
-CVE-2021-20050
-       RESERVED
-CVE-2021-20049
-       RESERVED
+CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series 
leads to ...)
+       TODO: check
+CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows 
a remot ...)
+       TODO: check
 CVE-2021-20048
        RESERVED
 CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) 
and ear ...)
@@ -96129,32 +96121,32 @@ CVE-2020-20607
        RESERVED
 CVE-2020-20606
        RESERVED
-CVE-2020-20605
-       RESERVED
+CVE-2020-20605 (Blog CMS v1.0 contains a cross-site scripting (XSS) 
vulnerability in t ...)
+       TODO: check
 CVE-2020-20604
        RESERVED
 CVE-2020-20603
        RESERVED
 CVE-2020-20602
        RESERVED
-CVE-2020-20601
-       RESERVED
-CVE-2020-20600
-       RESERVED
+CVE-2020-20601 (An issue in ThinkCMF X2.2.2 and below allows attackers to 
execute arbi ...)
+       TODO: check
+CVE-2020-20600 (MetInfo 7.0 beta contains a stored cross-site scripting (XSS) 
vulnerab ...)
+       TODO: check
 CVE-2020-20599
        RESERVED
-CVE-2020-20598
-       RESERVED
-CVE-2020-20597
-       RESERVED
+CVE-2020-20598 (A cross-site scripting (XSS) vulnerability in the Editing 
component of ...)
+       TODO: check
+CVE-2020-20597 (A cross-site scripting (XSS) vulnerability in the 
potrtalItemName para ...)
+       TODO: check
 CVE-2020-20596
        RESERVED
-CVE-2020-20595
-       RESERVED
+CVE-2020-20595 (A cross-site request forgery (CSRF) in OPMS v1.3 and below 
allows atta ...)
+       TODO: check
 CVE-2020-20594
        RESERVED
-CVE-2020-20593
-       RESERVED
+CVE-2020-20593 (A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an 
authent ...)
+       TODO: check
 CVE-2020-20592
        RESERVED
 CVE-2020-20591
@@ -96520,10 +96512,10 @@ CVE-2020-20428
        RESERVED
 CVE-2020-20427
        RESERVED
-CVE-2020-20426
-       RESERVED
-CVE-2020-20425
-       RESERVED
+CVE-2020-20426 (S-CMS Government Station Building System v5.0 contains a 
cross-site sc ...)
+       TODO: check
+CVE-2020-20425 (S-CMS Government Station Building System v5.0 contains a 
cross-site sc ...)
+       TODO: check
 CVE-2020-20424
        RESERVED
 CVE-2020-20423



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/864282de3a922e655fc28495736ab421be9a35e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/864282de3a922e655fc28495736ab421be9a35e7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to