Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
973812f3 by security tracker role at 2022-03-03T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-26365
+ RESERVED
+CVE-2022-26364
+ RESERVED
+CVE-2022-26363
+ RESERVED
+CVE-2022-26362
+ RESERVED
+CVE-2022-26361
+ RESERVED
+CVE-2022-26360
+ RESERVED
+CVE-2022-26359
+ RESERVED
+CVE-2022-26358
+ RESERVED
+CVE-2022-26357
+ RESERVED
+CVE-2022-26356
+ RESERVED
+CVE-2022-26355
+ RESERVED
CVE-2022-26354
RESERVED
CVE-2022-26353
@@ -427,12 +449,12 @@ CVE-2022-26173
RESERVED
CVE-2022-26172
RESERVED
-CVE-2022-26171
- RESERVED
-CVE-2022-26170
- RESERVED
-CVE-2022-26169
- RESERVED
+CVE-2022-26171 (Bank Management System v1.o was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2022-26170 (Simple Mobile Comparison Website v1.0 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2022-26169 (Air Cargo Management System v1.0 was discovered to contain a
SQL injec ...)
+ TODO: check
CVE-2022-26168
RESERVED
CVE-2022-26167
@@ -1922,8 +1944,7 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub
repository radareorg/radare2 p
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
NOTE:
https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
-CVE-2022-0711
- RESERVED
+CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses
containin ...)
- haproxy <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053666
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8
(v2.6-dev2)
@@ -2205,8 +2226,8 @@ CVE-2022-25473
RESERVED
CVE-2022-25472
RESERVED
-CVE-2022-25471
- RESERVED
+CVE-2022-25471 (An Insecure Direct Object Reference (IDOR) vulnerability in
OpenEMR 6. ...)
+ TODO: check
CVE-2022-25470
RESERVED
CVE-2022-25469
@@ -2349,20 +2370,20 @@ CVE-2022-25401 (The copy function of the file manager
in Cuppa CMS v1.0 allows a
NOT-FOR-US: Cuppa CMS
CVE-2022-25400
RESERVED
-CVE-2022-25399
- RESERVED
-CVE-2022-25398
- RESERVED
+CVE-2022-25399 (Simple Real Estate Portal System v1.0 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2022-25398 (Auto Spare Parts Management v1.0 was discovered to contain a
SQL injec ...)
+ TODO: check
CVE-2022-25397
RESERVED
-CVE-2022-25396
- RESERVED
-CVE-2022-25395
- RESERVED
-CVE-2022-25394
- RESERVED
-CVE-2022-25393
- RESERVED
+CVE-2022-25396 (Cosmetics and Beauty Product Online Store v1.0 was discovered
to conta ...)
+ TODO: check
+CVE-2022-25395 (Cosmetics and Beauty Product Online Store v1.0 was discovered
to conta ...)
+ TODO: check
+CVE-2022-25394 (Medical Store Management System v1.0 was discovered to contain
a SQL i ...)
+ TODO: check
+CVE-2022-25393 (Simple Bakery Shop Management v1.0 was discovered to contain a
SQL inj ...)
+ TODO: check
CVE-2022-25392
RESERVED
CVE-2022-25391
@@ -2616,8 +2637,8 @@ CVE-2022-0676 (Heap-based Buffer Overflow in GitHub
repository radareorg/radare2
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485
NOTE:
https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6
-CVE-2022-0675
- RESERVED
+CVE-2022-0675 (In certain situations it is possible for an unmanaged rule to
exist on ...)
+ TODO: check
CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer
overflow in ...)
{DSA-5085-1}
- expat 2.4.5-1
@@ -3248,20 +3269,20 @@ CVE-2022-0587 (Improper Authorization in Packagist
librenms/librenms prior to 22
NOT-FOR-US: LibreNMS
CVE-2021-46687
RESERVED
-CVE-2021-46270
- RESERVED
+CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken
Access Contr ...)
+ TODO: check
CVE-2021-45730
RESERVED
CVE-2021-45721
RESERVED
-CVE-2021-45074
- RESERVED
+CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to
Broken A ...)
+ TODO: check
CVE-2021-41834
RESERVED
CVE-2021-23163
RESERVED
-CVE-2022-25146
- RESERVED
+CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and
Liferay D ...)
+ TODO: check
CVE-2022-25145
RESERVED
CVE-2022-25144
@@ -3322,10 +3343,10 @@ CVE-2022-25117
RESERVED
CVE-2022-25116
RESERVED
-CVE-2022-25115
- RESERVED
-CVE-2022-25114
- RESERVED
+CVE-2022-25115 (A remote code execution (RCE) vulnerability in the Avatar
parameter un ...)
+ TODO: check
+CVE-2022-25114 (Event Management v1.0 was discovered to contain a reflected
cross-site ...)
+ TODO: check
CVE-2022-25113
RESERVED
CVE-2022-25112
@@ -3374,8 +3395,8 @@ CVE-2022-25091
RESERVED
CVE-2022-25090
RESERVED
-CVE-2022-25089
- RESERVED
+CVE-2022-25089 (Printix Secure Cloud Print Management 1.3.1035.0 incorrectly
uses Priv ...)
+ TODO: check
CVE-2022-25088
RESERVED
CVE-2022-25087
@@ -3468,8 +3489,8 @@ CVE-2022-25047
RESERVED
CVE-2022-25046
RESERVED
-CVE-2022-25045
- RESERVED
+CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
+ TODO: check
CVE-2022-25044
RESERVED
CVE-2022-25043
@@ -4217,8 +4238,8 @@ CVE-2022-24724
RESERVED
CVE-2022-24723
RESERVED
-CVE-2022-24722
- RESERVED
+CVE-2022-24722 (VIewComponent is a framework for building view components in
Ruby on R ...)
+ TODO: check
CVE-2022-24721
RESERVED
CVE-2022-24720 (image_processing is an image processing wrapper for libvips
and ImageM ...)
@@ -4478,8 +4499,8 @@ CVE-2022-24667 (A program using swift-nio-http2 is
vulnerable to a denial of ser
NOT-FOR-US: swift-nio-http2
CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of
service a ...)
NOT-FOR-US: swift-nio-http2
-CVE-2022-0528
- RESERVED
+CVE-2022-0528 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository
chatwoot/chat ...)
NOT-FOR-US: chatwoot
CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository
chatwoot/chat ...)
@@ -4716,8 +4737,8 @@ CVE-2022-24575
RESERVED
CVE-2022-24574
RESERVED
-CVE-2022-24573
- RESERVED
+CVE-2022-24573 (A stored cross-site scripting (XSS) vulnerability in the admin
interfa ...)
+ TODO: check
CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross
Site Sc ...)
NOT-FOR-US: Car Driving School Management System
CVE-2022-24571 (Car Driving School Management System v1.0 is affected by SQL
injection ...)
@@ -4736,8 +4757,8 @@ CVE-2022-24565 (Checkmk <=2.0.0p19 Fixed in 2.0.0p20
and Checkmk <=1.6.0p2
- check-mk <removed>
CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS)
vulnerabil ...)
- check-mk <removed>
-CVE-2022-24563
- RESERVED
+CVE-2022-24563 (In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2022-24562
RESERVED
CVE-2022-24561
@@ -6798,18 +6819,18 @@ CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x
before 7.0.2, Varnish Cach
NOTE: Fixed by:
https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4
(master)
NOTE: Fixed by:
https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327
(6.6.2)
NOTE: Test case:
https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4
(6.6.2)
-CVE-2022-23958
- RESERVED
-CVE-2022-23957
- RESERVED
-CVE-2022-23956
- RESERVED
-CVE-2022-23955
- RESERVED
-CVE-2022-23954
- RESERVED
-CVE-2022-23953
- RESERVED
+CVE-2022-23958 (Potential vulnerabilities have been identified in the BIOS for
some HP ...)
+ TODO: check
+CVE-2022-23957 (Potential vulnerabilities have been identified in the BIOS for
some HP ...)
+ TODO: check
+CVE-2022-23956 (Potential vulnerabilities have been identified in the BIOS for
some HP ...)
+ TODO: check
+CVE-2022-23955 (Potential vulnerabilities have been identified in the BIOS for
some HP ...)
+ TODO: check
+CVE-2022-23954 (Potential vulnerabilities have been identified in the BIOS for
some HP ...)
+ TODO: check
+CVE-2022-23953 (Potential vulnerabilities have been identified in the BIOS for
some HP ...)
+ TODO: check
CVE-2022-23952
RESERVED
CVE-2022-23951
@@ -7484,8 +7505,8 @@ CVE-2022-24301 (In Minetest before 5.4.0, players can add
or subtract items from
NOTE: Fixed by:
https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131
(5.4.0)
CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2)
through ...)
- epub2txt2 <itp> (bug #1004115)
-CVE-2022-23849
- RESERVED
+CVE-2022-23849 (The biometric lock in Devolutions Password Hub for iOS before
2021.3.4 ...)
+ TODO: check
CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to
0.6.16. ...)
NOT-FOR-US: calibre-web
CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3.
...)
@@ -8012,8 +8033,8 @@ CVE-2022-23658
RESERVED
CVE-2022-23657
RESERVED
-CVE-2022-23656
- RESERVED
+CVE-2022-23656 (Zulip is an open source team chat app. The `main` development
branch o ...)
+ TODO: check
CVE-2022-23655 (Octobercms is a self-hosted CMS platform based on the Laravel
PHP Fram ...)
NOT-FOR-US: October CMS
CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions
an authen ...)
@@ -8054,8 +8075,8 @@ CVE-2022-23642 (Sourcegraph is a code search and
navigation engine. Sourcegraph
NOT-FOR-US: Sourcegraph
CVE-2022-23641 (Discourse is an open source discussion platform. In versions
prior to ...)
NOT-FOR-US: Discourse
-CVE-2022-23640
- RESERVED
+CVE-2022-23640 (Excel-Streaming-Reader is an easy-to-use implementation of a
streaming ...)
+ TODO: check
CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives,
scoped t ...)
- rust-crossbeam <unfixed>
- rust-crossbeam-utils-0.7 <unfixed>
@@ -10328,8 +10349,8 @@ CVE-2022-22946
RESERVED
CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability.
A malici ...)
NOT-FOR-US: VMware
-CVE-2022-22944
- RESERVED
+CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site
scripting (XSS ...)
+ TODO: check
CVE-2022-22943
RESERVED
CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
@@ -10403,8 +10424,8 @@ CVE-2022-22911
RESERVED
CVE-2022-22910
RESERVED
-CVE-2022-22909
- RESERVED
+CVE-2022-22909 (HotelDruid v3.0.3 was discovered to contain a remote code
execution (R ...)
+ TODO: check
CVE-2022-22908 (SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows
attackers, ...)
NOT-FOR-US: Sangfor VDI Client
CVE-2022-22907
@@ -17715,8 +17736,7 @@ CVE-2021-4078 (Type confusion in V8 in Google Chrome
prior to 96.0.4664.93 allow
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2021-4077
RESERVED
-CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
- RESERVED
+CVE-2021-4076 (A flaw exists in tang, a network-based cryptographic binding
server, w ...)
{DSA-5025-1}
- tang 11-1
[buster] - tang <not-affected> (Vulnerable code introduced later)
@@ -18723,8 +18743,8 @@ CVE-2021-44345
RESERVED
CVE-2021-44344
RESERVED
-CVE-2021-44343
- RESERVED
+CVE-2021-44343 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer
Overflo ...)
+ TODO: check
CVE-2021-44342 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer
Overflo ...)
NOT-FOR-US: ok-file-formats
CVE-2021-44341
@@ -18739,8 +18759,8 @@ CVE-2021-44337
RESERVED
CVE-2021-44336
RESERVED
-CVE-2021-44335
- RESERVED
+CVE-2021-44335 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer
Overflo ...)
+ TODO: check
CVE-2021-44334 (David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer
Overflo ...)
NOT-FOR-US: ok-file-formats
CVE-2021-44333
@@ -22873,8 +22893,7 @@ CVE-2021-43297 (A deserialization vulnerability existed
in dubbo hessian-lite 3.
NOT-FOR-US: Apache Dubbo
CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a
Restricte ...)
NOT-FOR-US: Grav CMS
-CVE-2021-23222
- RESERVED
+CVE-2021-23222 (A man-in-the-middle attacker can inject false responses to the
client' ...)
{DSA-5007-1 DSA-5006-1 DLA-2817-1}
- postgresql-14 14.1-1
- postgresql-13 <unfixed>
@@ -24738,8 +24757,8 @@ CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are
affected by a sandbox escap
NOT-FOR-US: Zepl Notebooks
CVE-2021-42951 (A Remote Code Execution (RCE) vulnerability exists in
Algorithmia MSOL ...)
NOT-FOR-US: Algorithmia MSOL
-CVE-2021-42950
- RESERVED
+CVE-2021-42950 (Remote Code Execution (RCE) vulnerability exists in Zepl
Notebooks all ...)
+ TODO: check
CVE-2021-42949
RESERVED
CVE-2021-42948
@@ -25183,8 +25202,7 @@ CVE-2021-42745
RESERVED
CVE-2021-3895
RESERVED
-CVE-2021-23192 [dcerpc requests don't check all fragments against the first
auth_state]
- RESERVED
+CVE-2021-23192 (A flaw was found in the way samba implemented DCE/RPC. If a
client to ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <not-affected> (Vulnerable code introduced later)
@@ -30688,14 +30706,14 @@ CVE-2021-41005
RESERVED
CVE-2021-41004
RESERVED
-CVE-2021-41003
- RESERVED
-CVE-2021-41002
- RESERVED
-CVE-2021-41001
- RESERVED
-CVE-2021-41000
- RESERVED
+CVE-2021-41003 (Multiple unauthenticated command injection vulnerabilities
were discov ...)
+ TODO: check
+CVE-2021-41002 (Multiple authenticated remote path traversal vulnerabilities
were disc ...)
+ TODO: check
+CVE-2021-41001 (An authenticated remote code execution vulnerability was
discovered in ...)
+ TODO: check
+CVE-2021-41000 (Multiple authenticated remote code execution vulnerabilities
were disc ...)
+ TODO: check
CVE-2021-40999 (A remote arbitrary command execution vulnerability was
discovered in A ...)
NOT-FOR-US: Aruba
CVE-2021-40998 (A remote arbitrary command execution vulnerability was
discovered in A ...)
@@ -31865,8 +31883,7 @@ CVE-2021-3773 (A flaw in netfilter could allow a
network-connected attacker to i
NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
NOTE:
https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
TODO: fill in tracking details
-CVE-2021-3772 [Invalid chunks may be used to remotely remove existing
associations]
- RESERVED
+CVE-2021-3772 (A flaw was found in the Linux SCTP stack. A blind attacker may
be able ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694
@@ -32834,8 +32851,7 @@ CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~
pastes, a different vulne
NOT-FOR-US: EmTec ZOC
CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in
the Any2 ...)
NOT-FOR-US: Apache Any23
-CVE-2021-3738 [crash in dsdb stack]
- RESERVED
+CVE-2021-3738 (In DCE/RPC it is possible to share the handles (cookies for
resource s ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
@@ -35043,16 +35059,14 @@ CVE-2021-39247 (Zint Barcode Generator before 2.10.0
has a one-byte buffer over-
NOTE: Introduced in
https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/
CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a
correlatio ...)
NOT-FOR-US: Tor Browser
-CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
- RESERVED
+CVE-2021-3716 (A flaw was found in nbdkit due to to improperly caching
plaintext stat ...)
- nbdkit 1.26.5-1
[bullseye] - nbdkit <no-dsa> (Minor issue)
[buster] - nbdkit <not-affected> (Vulnerable code introduced later)
[stretch] - nbdkit <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by:
https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8
(v1.11.8)
NOTE:
https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html
-CVE-2021-3715
- RESERVED
+CVE-2021-3715 (A flaw was found in the "Routing decision" classifier in the
Linux ker ...)
- linux 5.5.17-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
@@ -37413,20 +37427,20 @@ CVE-2021-38271
RESERVED
CVE-2021-38270
RESERVED
-CVE-2021-38269
- RESERVED
+CVE-2021-38269 (Liferay Portal through v7.4.0 and Liferay DXP through v7.1
were discov ...)
+ TODO: check
CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal through
v7.3.6 and L ...)
NOT-FOR-US: Liferay
-CVE-2021-38267
- RESERVED
-CVE-2021-38266
- RESERVED
-CVE-2021-38265
- RESERVED
-CVE-2021-38264
- RESERVED
-CVE-2021-38263
- RESERVED
+CVE-2021-38267 (Liferay Portal through v7.3.6 and Liferay DXP through v7.3
were discov ...)
+ TODO: check
+CVE-2021-38266 (Liferay Portal through v7.2.1 and Liferay DXP through v7.2
does not co ...)
+ TODO: check
+CVE-2021-38265 (Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below
were di ...)
+ TODO: check
+CVE-2021-38264 (Liferay Portal v7.4.1 and below was discovered to contain a
cross-site ...)
+ TODO: check
+CVE-2021-38263 (Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below
were di ...)
+ TODO: check
CVE-2021-38262
RESERVED
CVE-2021-38261
@@ -38699,8 +38713,7 @@ CVE-2021-37845
NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes
CVE-2021-37844
RESERVED
-CVE-2021-3677 [Memory disclosure in certain queries]
- RESERVED
+CVE-2021-3677 (A flaw was found in postgresql. A purpose-crafted query can
read arbit ...)
- postgresql-13 13.4-1
[bullseye] - postgresql-13 13.4-0+deb11u1
- postgresql-11 <removed>
@@ -39377,8 +39390,7 @@ CVE-2021-37580 (A flaw was found in Apache ShenYu
Admin. The incorrect use of JW
NOT-FOR-US: Apache ShenYu Admin
CVE-2021-37579 (The Dubbo Provider will check the incoming request and the
correspondi ...)
NOT-FOR-US: Apache Dubbo
-CVE-2021-3667
- RESERVED
+CVE-2021-3667 (An improper locking issue was found in the
virStoragePoolLookupByTarge ...)
- libvirt 7.6.0-1 (bug #991594)
[bullseye] - libvirt <no-dsa> (Minor issue)
[buster] - libvirt <no-dsa> (Minor issue)
@@ -40185,8 +40197,7 @@ CVE-2021-3659 [NULL pointer dereference in
llsec_key_alloc() in net/mac802154/ll
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
NOTE:
https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8
-CVE-2021-3658
- RESERVED
+CVE-2021-3658 (bluetoothd from bluez incorrectly saves adapters' Discoverable
status ...)
- bluez 5.61-1 (bug #991596)
[bullseye] - bluez <no-dsa> (Minor issue)
[buster] - bluez <no-dsa> (Minor issue)
@@ -40723,8 +40734,7 @@ CVE-2021-3655 (A vulnerability was found in the Linux
kernel in versions prior t
{DLA-2843-1 DLA-2785-1}
- linux 5.10.46-3
[buster] - linux 4.19.208-1
-CVE-2021-3654 [novnc allows open redirection]
- RESERVED
+CVE-2021-3654 (A vulnerability was found in openstack-nova's console proxy,
noVNC. By ...)
- nova 2:23.0.2-3 (bug #991441)
[bullseye] - nova <no-dsa> (Minor issue)
[buster] - nova <no-dsa> (Minor issue)
@@ -43005,8 +43015,7 @@ CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a
heap-based buffer overflow in Un
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373
NOTE:
https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml
-CVE-2021-3631 [insecure sVirt label generation]
- RESERVED
+CVE-2021-3631 (A flaw was found in libvirt while it generates SELinux MCS
category pa ...)
- libvirt 7.6.0-1 (bug #990709)
[bullseye] - libvirt <no-dsa> (Minor issue)
[buster] - libvirt <no-dsa> (Minor issue)
@@ -44208,8 +44217,7 @@ CVE-2021-3624 [buffer-overflow caused by
integer-overflow in foveon_load_camf()]
[bullseye] - dcraw <no-dsa> (Minor issue)
[buster] - dcraw <no-dsa> (Minor issue)
[stretch] - dcraw <no-dsa> (Minor issue)
-CVE-2021-3623 [out-of-bounds access when trying to resume the state of the
vTPM]
- RESERVED
+CVE-2021-3623 (A flaw was found in libtpms. The flaw can be triggered by
specially-cr ...)
- libtpms 0.9.1-1 (bug #990522)
NOTE: https://github.com/stefanberger/libtpms/pull/223
NOTE:
https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
@@ -57900,22 +57908,19 @@ CVE-2021-26252 (A flaw was found in htmldoc in
v1.9.12. Heap buffer overflow in
NOTE: https://github.com/michaelrsweet/htmldoc/issues/412
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
NOTE: Crash in CLI tool, no security impact
-CVE-2021-23206
- RESERVED
+CVE-2021-23206 (A flaw was found in htmldoc in v1.9.12 and prior. A stack
buffer overf ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/416
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8
NOTE: Crash in CLI tool, no security impact
-CVE-2021-23191
- RESERVED
+CVE-2021-23191 (A security issue was found in htmldoc v1.9.12 and before. A
NULL point ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/415
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
NOTE: Crash in CLI tool, no security impact
-CVE-2021-23180
- RESERVED
+CVE-2021-23180 (A flaw was found in htmldoc in v1.9.12 and before. Null
pointer derefe ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/973812f34d168ed92def64a24484ea5158cddb06
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/973812f34d168ed92def64a24484ea5158cddb06
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
