Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c512a54 by security tracker role at 2022-03-16T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-0997
+ RESERVED
+CVE-2022-0996
+ RESERVED
+CVE-2022-0995
+ RESERVED
+CVE-2022-0994
+ RESERVED
CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data
transmissio ...)
TODO: check
CVE-2022-27224
@@ -37,16 +45,16 @@ CVE-2022-0987 [PackageKit: Information Disclosure in
Transaction Interface via t
[bullseye] - packagekit <no-dsa> (Minor issue)
[buster] - packagekit <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
-CVE-2022-0986
- RESERVED
+CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub
repositor ...)
+ TODO: check
CVE-2022-0985
RESERVED
CVE-2022-0984
RESERVED
CVE-2022-0983
RESERVED
-CVE-2022-0982
- RESERVED
+CVE-2022-0982 (The telnet_input_char function in
opt/src/accel-pppd/cli/telnet.c suff ...)
+ TODO: check
CVE-2022-0981
RESERVED
NOT-FOR-US: Quarkus
@@ -287,8 +295,8 @@ CVE-2022-0961 (The microweber application allows large
characters to insert in t
NOT-FOR-US: microweber
CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository
star7th/s ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0959
- RESERVED
+CVE-2022-0959 (When run in server mode, pgAdmin 4 allows users to store files
on the ...)
+ TODO: check
CVE-2022-0958
RESERVED
CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc
prior ...)
@@ -1027,8 +1035,8 @@ CVE-2022-0920
RESERVED
CVE-2022-0919
RESERVED
-CVE-2022-0918
- RESERVED
+CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that
allows ...)
+ TODO: check
CVE-2022-0917
RESERVED
CVE-2022-0916
@@ -1041,8 +1049,8 @@ CVE-2022-0913 (Integer Overflow or Wraparound in GitHub
repository microweber/mi
NOT-FOR-US: microweber
CVE-2022-0912 (Unrestricted Upload of File with Dangerous Type in GitHub
repository m ...)
NOT-FOR-US: microweber
-CVE-2022-0911
- RESERVED
+CVE-2022-0911 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
CVE-2022-26878 (drivers/bluetooth/virtio_bt.c in the Linux kernel before
5.16.3 has a ...)
- linux 5.16.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -1239,8 +1247,8 @@ CVE-2021-46707
RESERVED
CVE-2021-46706
RESERVED
-CVE-2021-46705
- RESERVED
+CVE-2021-46705 (A Insecure Temporary File vulnerability in grub-once of grub2
in SUSE ...)
+ TODO: check
CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network
destination p ...)
NOT-FOR-US: Veritas
CVE-2022-26777
@@ -1520,8 +1528,8 @@ CVE-2022-26661 (An XXE issue was discovered in Tryton
Application Platform (Serv
- tryton-server 6.0.16-1
NOTE: https://bugs.tryton.org/issue11219
NOTE:
https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
-CVE-2022-26660
- RESERVED
+CVE-2022-26660 (RunAsSpc 4.0 uses a universal and recoverable encryption key.
In posse ...)
+ TODO: check
CVE-2022-26659
RESERVED
CVE-2022-26658
@@ -2291,13 +2299,11 @@ CVE-2022-26356
RESERVED
CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6
causes deplo ...)
NOT-FOR-US: Citrix
-CVE-2022-26354 [vhost-vsock: missing virtqueue detach on error can lead to
memory leak]
- RESERVED
+CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of
error, ...)
- qemu <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
-CVE-2022-26353 [virtio-net: map leaking on error during receive]
- RESERVED
+CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw
was inadv ...)
- qemu <unfixed>
[buster] - qemu <not-affected> (Original upstream fix for CVE-2021-3748
not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197
@@ -2412,8 +2418,7 @@ CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an
attacker to retrieve potent
NOTE:
https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
NOTE:
https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information
NOTE: Fixed by:
https://github.com/phpmyadmin/phpmyadmin/commit/c04f85f2bb96c442086d9ad057953567cc794486
-CVE-2022-0811
- RESERVED
+CVE-2022-0811 (A flaw was found in CRI-O in the way it set kernel options for
a pod. ...)
NOT-FOR-US: cri-o
CVE-2022-26333
REJECTED
@@ -3561,8 +3566,8 @@ CVE-2022-23920
RESERVED
CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to
Remote ...)
- weblate <itp> (bug #745661)
-CVE-2022-23812
- RESERVED
+CVE-2022-23812 (This affects the package node-ipc from 10.1.1 and before
10.1.3. This ...)
+ TODO: check
CVE-2022-23811
RESERVED
CVE-2022-22984
@@ -3623,8 +3628,8 @@ CVE-2022-21167
RESERVED
CVE-2022-21165
RESERVED
-CVE-2022-21164
- RESERVED
+CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of
Service ...)
+ TODO: check
CVE-2022-21149
RESERVED
CVE-2022-21144
@@ -4298,10 +4303,10 @@ CVE-2022-0707
RESERVED
CVE-2022-0706
RESERVED
-CVE-2022-0705
- RESERVED
-CVE-2022-0704
- RESERVED
+CVE-2022-0705 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2022-0704 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
CVE-2022-0703 (The GD Mylist WordPress plugin through 1.1.1 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0702 (The Petfinder Listings WordPress plugin through 1.0.18 does not
escape ...)
@@ -5187,20 +5192,20 @@ CVE-2022-25254
RESERVED
CVE-2022-25253
RESERVED
-CVE-2022-25252
- RESERVED
-CVE-2022-25251
- RESERVED
-CVE-2022-25250
- RESERVED
-CVE-2022-25249
- RESERVED
-CVE-2022-25248
- RESERVED
-CVE-2022-25247
- RESERVED
-CVE-2022-25246
- RESERVED
+CVE-2022-25252 (When connecting to a certain port Axeda agent (All versions)
and Axeda ...)
+ TODO: check
+CVE-2022-25251 (When connecting to a certain port Axeda agent (All versions)
and Axeda ...)
+ TODO: check
+CVE-2022-25250 (When connecting to a certain port Axeda agent (All versions)
and Axeda ...)
+ TODO: check
+CVE-2022-25249 (When connecting to a certain port Axeda agent (All versions)
and Axeda ...)
+ TODO: check
+CVE-2022-25248 (When connecting to a certain port Axeda agent (All versions)
and Axeda ...)
+ TODO: check
+CVE-2022-25247 (Axeda agent (All versions) and Axeda Desktop Server for
Windows (All v ...)
+ TODO: check
+CVE-2022-25246 (Axeda agent (All versions) and Axeda Desktop Server for
Windows (All v ...)
+ TODO: check
CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x
series vers ...)
NOT-FOR-US: a-blog cms
CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x
series vers ...)
@@ -6053,6 +6058,7 @@ CVE-2022-24976 (Atheme IRC Services before 7.2.12, when
used in conjunction with
NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4
NOTE:
https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
CVE-2022-0577 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ {DLA-2950-1}
- python-scrapy <unfixed>
NOTE: https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585
NOTE:
https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a
@@ -6576,8 +6582,8 @@ CVE-2022-24753 (Stripe CLI is a command-line tool for the
Stripe eCommerce platf
TODO: check
CVE-2022-24752 (SyliusGridBundle is a package of generic data grids for
Symfony applic ...)
TODO: check
-CVE-2022-24751
- RESERVED
+CVE-2022-24751 (Zulip is an open source group chat application. Starting with
version ...)
+ TODO: check
CVE-2022-24750 (UltraVNC is a free and open source remote pc access software.
A vulner ...)
NOT-FOR-US: UltraVNC
CVE-2022-24749 (Sylius is an open source eCommerce platform. In versions prior
to 1.9. ...)
@@ -6624,10 +6630,10 @@ CVE-2022-24731
RESERVED
CVE-2022-24730
RESERVED
-CVE-2022-24729
- RESERVED
-CVE-2022-24728
- RESERVED
+CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
+ TODO: check
+CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
+ TODO: check
CVE-2022-24727
REJECTED
CVE-2022-24726 (Istio is an open platform to connect, manage, and secure
microservices ...)
@@ -11965,8 +11971,8 @@ CVE-2022-23236
RESERVED
CVE-2022-23235
RESERVED
-CVE-2022-23234
- RESERVED
+CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a
vulnerability wh ...)
+ TODO: check
CVE-2022-23233 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.6.0 a ...)
NOT-FOR-US: StorageGRID Webscale
CVE-2022-23232 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.6.0 a ...)
@@ -16168,10 +16174,10 @@ CVE-2021-45854
RESERVED
CVE-2021-45853
RESERVED
-CVE-2021-45852
- RESERVED
-CVE-2021-45851
- RESERVED
+CVE-2021-45852 (An issue was discovered in Projectworlds Hospital Management
System v1 ...)
+ TODO: check
+CVE-2021-45851 (A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can
be carri ...)
+ TODO: check
CVE-2021-45850
RESERVED
CVE-2021-45849
@@ -16251,10 +16257,10 @@ CVE-2021-45824
RESERVED
CVE-2021-45823
RESERVED
-CVE-2021-45822
- RESERVED
-CVE-2021-45821
- RESERVED
+CVE-2021-45822 (A cross-site scripting vulnerability is present in Xbtit 3.1.
The stor ...)
+ TODO: check
+CVE-2021-45821 (A blind SQL injection vulnerability exists in Xbtit 3.1 via
the sid pa ...)
+ TODO: check
CVE-2021-45820
RESERVED
CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted
service ...)
@@ -16321,10 +16327,10 @@ CVE-2021-45789 (An arbitrary file read vulnerability
was found in Metersphere v1
NOT-FOR-US: Metersphere
CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in
Metersphere v1. ...)
NOT-FOR-US: Metersphere
-CVE-2021-45787
- RESERVED
-CVE-2021-45786
- RESERVED
+CVE-2021-45787 (There is a stored Cross Site Scripting (XSS) vulnerability in
maccms v ...)
+ TODO: check
+CVE-2021-45786 (In maccms v10, an attacker can log in through
/index.php/user/login in ...)
+ TODO: check
CVE-2021-45785
RESERVED
CVE-2021-45784
@@ -18712,10 +18718,10 @@ CVE-2022-21948
RESERVED
CVE-2022-21947
RESERVED
-CVE-2022-21946
- RESERVED
-CVE-2022-21945
- RESERVED
+CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers
configura ...)
+ TODO: check
+CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE
Factory ...)
+ TODO: check
CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the
systemd ...)
NOT-FOR-US: SUSE packaging issue in watchman
CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding
2.12.3 and ...)
@@ -19278,7 +19284,7 @@ CVE-2021-45012
RESERVED
CVE-2021-45011
RESERVED
-CVE-2021-45010 (Path traversal vulnerability in the file upload functionality
in tinyf ...)
+CVE-2021-45010 (A Path traversal vulnerability in the file upload
functionality in tin ...)
TODO: check
CVE-2021-45009
RESERVED
@@ -27829,36 +27835,36 @@ CVE-2021-42735
RESERVED
CVE-2021-42734
RESERVED
-CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an
improper in ...)
+CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
Null pointe ...)
NOT-FOR-US: Adobe
CVE-2021-42732
RESERVED
CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a
Buffer Ov ...)
NOT-FOR-US: Adobe
-CVE-2021-42730
- RESERVED
-CVE-2021-42729
- RESERVED
-CVE-2021-42728
- RESERVED
-CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are
affected b ...)
+CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-42729 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-42728 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack
overflow vuln ...)
+ TODO: check
+CVE-2021-42727 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack
overflow vuln ...)
NOT-FOR-US: Adobe
-CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by
a memor ...)
+CVE-2021-42726 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
memory corr ...)
NOT-FOR-US: Adobe
-CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are
affected by ...)
+CVE-2021-42725 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
memory corr ...)
NOT-FOR-US: Adobe
-CVE-2021-42724
- RESERVED
-CVE-2021-42723 (Adobe Premiere Pro version 15.4 (and earlier) are affected by
a memory ...)
+CVE-2021-42724 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-42723 (Adobe Bridge version 11.1.1 (and earlier) is affected by an
out-of-bou ...)
NOT-FOR-US: Adobe
-CVE-2021-42722
- RESERVED
-CVE-2021-42721 (Adobe Media Encoder version 15.4 (and earlier) are affected by
a memor ...)
+CVE-2021-42722 (Adobe Bridge version 11.1.1 (and earlier) is affected by an
out-of-bou ...)
+ TODO: check
+CVE-2021-42721 (Acrobat Bridge versions 11.1.1 and earlier are affected by a
use-after ...)
NOT-FOR-US: Adobe
-CVE-2021-42720
- RESERVED
-CVE-2021-42719
- RESERVED
+CVE-2021-42720 (Adobe Bridge version 11.1.1 (and earlier) is affected by an
out-of-bou ...)
+ TODO: check
+CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an
out-of-bou ...)
+ TODO: check
CVE-2021-42718
RESERVED
CVE-2021-3894 [sctp: local DoS: unprivileged user can cause BUG()]
@@ -28253,8 +28259,8 @@ CVE-2022-0001 (Non-transparent sharing of branch
predictor selectors between con
NOTE:
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html
CVE-2021-42553
RESERVED
-CVE-2021-42552
- RESERVED
+CVE-2021-42552 (Cross-site Scripting (XSS) vulnerability in ArchivistaBox
webclient al ...)
+ TODO: check
CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search
functionality o ...)
NOT-FOR-US: AlCoda NetBiblio WebOPAC
CVE-2021-42549 (Insufficient Input Validation in the search functionality of
Wordpress ...)
@@ -28289,8 +28295,8 @@ CVE-2021-42535
RESERVED
CVE-2021-42534 (The affected product’s web application does not properly
neutral ...)
NOT-FOR-US: Trane
-CVE-2021-42533
- RESERVED
+CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
double free ...)
+ TODO: check
CVE-2021-42532
RESERVED
CVE-2021-42531
@@ -28301,10 +28307,10 @@ CVE-2021-42529
RESERVED
CVE-2021-42528
RESERVED
-CVE-2021-42527
- RESERVED
-CVE-2021-42526
- RESERVED
+CVE-2021-42527 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
+ TODO: check
+CVE-2021-42526 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
+ TODO: check
CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an
out-of- ...)
NOT-FOR-US: Adobe
CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an
out-of-b ...)
@@ -30152,10 +30158,10 @@ CVE-2021-42266 (Adobe Animate version 21.0.9 (and
earlier) is affected by a memo
NOT-FOR-US: Adobe
CVE-2021-42265
RESERVED
-CVE-2021-42264
- RESERVED
-CVE-2021-42263
- RESERVED
+CVE-2021-42264 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null
pointer ...)
+ TODO: check
+CVE-2021-42263 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null
pointer ...)
+ TODO: check
CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session
authoriza ...)
- ledgersmb <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
@@ -30855,8 +30861,8 @@ CVE-2021-41989
RESERVED
CVE-2021-41988
RESERVED
-CVE-2021-41987
- RESERVED
+CVE-2021-41987 (In the SCEP Server of RouterOS in certain Mikrotik products,
an attack ...)
+ TODO: check
CVE-2021-41986
RESERVED
CVE-2021-41985
@@ -32970,6 +32976,7 @@ CVE-2021-41127 (Rasa is an open source machine learning
framework to automate te
CVE-2021-41126 (October is a Content Management System (CMS) and web platform
built on ...)
NOT-FOR-US: October CMS
CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for
Python. ...)
+ {DLA-2950-1}
- python-scrapy 2.5.1-1
[bullseye] - python-scrapy <no-dsa> (Minor issue)
[buster] - python-scrapy <no-dsa> (Minor issue)
@@ -33824,46 +33831,46 @@ CVE-2021-40797 (An issue was discovered in the routes
middleware in OpenStack Ne
NOTE: https://launchpad.net/bugs/1942179
NOTE: neutron-api in Debian is served over UWSGI, cf.
https://bugs.debian.org/994202
NOTE: and so serves the requests and stops the process.
-CVE-2021-40796
- RESERVED
+CVE-2021-40796 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null
pointer ...)
+ TODO: check
CVE-2021-40795
RESERVED
-CVE-2021-40794
- RESERVED
-CVE-2021-40793
- RESERVED
-CVE-2021-40792
- RESERVED
+CVE-2021-40794 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by
a memor ...)
+ TODO: check
+CVE-2021-40793 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by
a memor ...)
+ TODO: check
+CVE-2021-40792 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by
a memor ...)
+ TODO: check
CVE-2021-40791
RESERVED
CVE-2021-40790
RESERVED
-CVE-2021-40789
- RESERVED
-CVE-2021-40788
- RESERVED
-CVE-2021-40787
- RESERVED
-CVE-2021-40786
- RESERVED
-CVE-2021-40785
- RESERVED
+CVE-2021-40789 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
+ TODO: check
+CVE-2021-40788 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
+ TODO: check
+CVE-2021-40787 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
+ TODO: check
+CVE-2021-40786 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
+ TODO: check
+CVE-2021-40785 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
+ TODO: check
CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected
by a memo ...)
NOT-FOR-US: Adobe
CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected
by a memo ...)
NOT-FOR-US: Adobe
-CVE-2021-40782
- RESERVED
-CVE-2021-40781
- RESERVED
-CVE-2021-40780
- RESERVED
-CVE-2021-40779
- RESERVED
-CVE-2021-40778
- RESERVED
-CVE-2021-40777
- RESERVED
+CVE-2021-40782 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null
pointer ...)
+ TODO: check
+CVE-2021-40781 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null
pointer ...)
+ TODO: check
+CVE-2021-40780 (Adobe Media Encoder version 15.4.1 (and earlier) is affected
by a memo ...)
+ TODO: check
+CVE-2021-40779 (Adobe Media Encoder version 15.4.1 (and earlier) is affected
by a memo ...)
+ TODO: check
+CVE-2021-40778 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null
pointer ...)
+ TODO: check
+CVE-2021-40777 (Adobe Media Encoder version 15.4.1 (and earlier) is affected
by a memo ...)
+ TODO: check
CVE-2021-40776
RESERVED
CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a
memory corru ...)
@@ -33878,22 +33885,22 @@ CVE-2021-40771 (Adobe Prelude version 10.1 (and
earlier) is affected by a memory
NOT-FOR-US: Adobe
CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a
memory corru ...)
NOT-FOR-US: Adobe
-CVE-2021-40769
- RESERVED
-CVE-2021-40768
- RESERVED
-CVE-2021-40767
- RESERVED
-CVE-2021-40766
- RESERVED
-CVE-2021-40765
- RESERVED
-CVE-2021-40764
- RESERVED
-CVE-2021-40763
- RESERVED
-CVE-2021-40762
- RESERVED
+CVE-2021-40769 (Adobe Character Animator version 4.4 (and earlier versions)
are affect ...)
+ TODO: check
+CVE-2021-40768 (Adobe Character Animator version 4.4 (and earlier) is affected
by a Nu ...)
+ TODO: check
+CVE-2021-40767 (Adobe Character Animator version 4.4 (and earlier) is affected
by an A ...)
+ TODO: check
+CVE-2021-40766 (Adobe Character Animator version 4.4 (and earlier versions)
are affect ...)
+ TODO: check
+CVE-2021-40765 (Adobe Character Animator version 4.4 (and earlier) is affected
by a me ...)
+ TODO: check
+CVE-2021-40764 (Adobe Character Animator version 4.4 (and earlier) is affected
by a me ...)
+ TODO: check
+CVE-2021-40763 (Adobe Character Animator version 4.4 (and earlier) is affected
by a me ...)
+ TODO: check
+CVE-2021-40762 (Adobe Character Animator version 4.4 (and earlier) is affected
by a Nu ...)
+ TODO: check
CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected
by a Null ...)
NOT-FOR-US: Adobe
CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected
by a memo ...)
@@ -33916,8 +33923,8 @@ CVE-2021-40752 (Adobe After Effects version 18.4 (and
earlier) is affected by a
NOT-FOR-US: Adobe
CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by
a memory ...)
NOT-FOR-US: Adobe
-CVE-2021-40750
- RESERVED
+CVE-2021-40750 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
Null pointe ...)
+ TODO: check
CVE-2021-40749
RESERVED
CVE-2021-40748
@@ -33932,24 +33939,24 @@ CVE-2021-40744
RESERVED
CVE-2021-40743
RESERVED
-CVE-2021-40742
- RESERVED
-CVE-2021-40741
- RESERVED
-CVE-2021-40740
- RESERVED
-CVE-2021-40739
- RESERVED
-CVE-2021-40738
- RESERVED
-CVE-2021-40737
- RESERVED
-CVE-2021-40736
- RESERVED
-CVE-2021-40735
- RESERVED
-CVE-2021-40734
- RESERVED
+CVE-2021-40742 (Adobe Audition version 14.4 (and earlier) is affected by a
Null pointe ...)
+ TODO: check
+CVE-2021-40741 (Adobe Audition version 14.4 (and earlier) is affected by an
Access of ...)
+ TODO: check
+CVE-2021-40740 (Adobe Audition version 14.4 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-40739 (Adobe Audition version 14.4 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-40738 (Adobe Audition version 14.4 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-40737 (Adobe Audition version 14.4 (and earlier) is affected by a
Null pointe ...)
+ TODO: check
+CVE-2021-40736 (Adobe Audition version 14.4 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-40735 (Adobe Audition version 14.4 (and earlier) is affected by a
memory corr ...)
+ TODO: check
+CVE-2021-40734 (Adobe Audition version 14.4 (and earlier) is affected by a
memory corr ...)
+ TODO: check
CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a
memory cor ...)
NOT-FOR-US: Adobe
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null
pointer ...)
@@ -36254,10 +36261,10 @@ CVE-2021-39795
RESERVED
CVE-2021-39794
RESERVED
-CVE-2021-39793
- RESERVED
-CVE-2021-39792
- RESERVED
+CVE-2021-39793 (In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a
possibl ...)
+ TODO: check
+CVE-2021-39792 (In usb_gadget_giveback_request of core.c, there is a possible
use afte ...)
+ TODO: check
CVE-2021-39791
RESERVED
CVE-2021-39790
@@ -36366,128 +36373,122 @@ CVE-2021-39739
RESERVED
CVE-2021-39738
RESERVED
-CVE-2021-39737
- RESERVED
-CVE-2021-39736
- RESERVED
-CVE-2021-39735
- RESERVED
-CVE-2021-39734
- RESERVED
-CVE-2021-39733
- RESERVED
-CVE-2021-39732
- RESERVED
-CVE-2021-39731
- RESERVED
-CVE-2021-39730
- RESERVED
-CVE-2021-39729
- RESERVED
+CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID:
A-208229524Referen ...)
+ TODO: check
+CVE-2021-39736 (In prepare_io_entry and prepare_response of lwis_ioctl.c and
lwis_peri ...)
+ TODO: check
+CVE-2021-39735 (In gasket_alloc_coherent_memory of gasket_page_table.c, there
is a pos ...)
+ TODO: check
+CVE-2021-39734 (In sendMessage of OneToOneChatImpl.java (? TBD), there is a
possible w ...)
+ TODO: check
+CVE-2021-39733 (In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a
possible out ...)
+ TODO: check
+CVE-2021-39732 (In copy_io_entries of lwis_ioctl.c, there is a possible out of
bounds ...)
+ TODO: check
+CVE-2021-39731 (In ProtocolStkProactiveCommandAdapter::Init of
protocolstkadapter.cpp, ...)
+ TODO: check
+CVE-2021-39730 (In TBD of TBD, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2021-39729 (In the TitanM chip, there is a possible out of bounds write
due to a m ...)
+ TODO: check
CVE-2021-39728
RESERVED
-CVE-2021-39727
- RESERVED
-CVE-2021-39726
- RESERVED
-CVE-2021-39725
- RESERVED
-CVE-2021-39724
- RESERVED
-CVE-2021-39723
- RESERVED
-CVE-2021-39722
- RESERVED
-CVE-2021-39721
- RESERVED
-CVE-2021-39720
- RESERVED
-CVE-2021-39719
- RESERVED
-CVE-2021-39718
- RESERVED
-CVE-2021-39717
- RESERVED
-CVE-2021-39716
- RESERVED
-CVE-2021-39715
- RESERVED
-CVE-2021-39714
- RESERVED
+CVE-2021-39727 (In eicPresentationRetrieveEntryValue of
acropora/app/identity/libeic/E ...)
+ TODO: check
+CVE-2021-39726 (In cd_ParseMsg of cd_codec.c, there is a possible out of
bounds read d ...)
+ TODO: check
+CVE-2021-39725 (In gasket_free_coherent_memory_all of gasket_page_table.c,
there is a ...)
+ TODO: check
+CVE-2021-39724 (In TuningProviderBase::GetTuningTreeSet of
tuning_provider_base.cc, th ...)
+ TODO: check
+CVE-2021-39723 (Product: AndroidVersions: Android kernelAndroid ID:
A-209014813Referen ...)
+ TODO: check
+CVE-2021-39722 (In ProtocolStkProactiveCommandAdapter::Init of
protocolstkadapter.cpp, ...)
+ TODO: check
+CVE-2021-39721 (In TBD of TBD, there is a possible out of bounds write due to
memory c ...)
+ TODO: check
+CVE-2021-39720 (Product: AndroidVersions: Android kernelAndroid ID:
A-207433926Referen ...)
+ TODO: check
+CVE-2021-39719 (In lwis_top_register_io of lwis_device_top.c, there is a
possible out ...)
+ TODO: check
+CVE-2021-39718 (In ProtocolStkProactiveCommandAdapter::Init of
protocolstkadapter.cpp, ...)
+ TODO: check
+CVE-2021-39717 (In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible
out of bo ...)
+ TODO: check
+CVE-2021-39716 (Product: AndroidVersions: Android kernelAndroid ID:
A-206977562Referen ...)
+ TODO: check
+CVE-2021-39715 (In __show_regs of process.c, there is a possible leak of
kernel memory ...)
+ TODO: check
+CVE-2021-39714 (In ion_buffer_kmap_get of ion.c, there is a possible
use-after-free du ...)
{DLA-2940-1}
- linux 4.12.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
-CVE-2021-39713
- RESERVED
+CVE-2021-39713 (Product: AndroidVersions: Android kernelAndroid ID:
A-173788806Referen ...)
{DSA-5096-1 DLA-2941-1}
- linux 5.2.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
-CVE-2021-39712
- RESERVED
-CVE-2021-39711
- RESERVED
+CVE-2021-39712 (In TBD of TBD, there is a possible user after free
vulnerability due t ...)
+ TODO: check
+CVE-2021-39711 (In bpf_prog_test_run_skb of test_run.c, there is a possible
out of bou ...)
- linux 4.18.6-1
NOTE:
https://git.kernel.org/linus/6e6fddc78323533be570873abb728b7e0ba7e024
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
-CVE-2021-39710
- RESERVED
-CVE-2021-39709
- RESERVED
-CVE-2021-39708
- RESERVED
-CVE-2021-39707
- RESERVED
-CVE-2021-39706
- RESERVED
-CVE-2021-39705
- RESERVED
-CVE-2021-39704
- RESERVED
-CVE-2021-39703
- RESERVED
-CVE-2021-39702
- RESERVED
-CVE-2021-39701
- RESERVED
+CVE-2021-39710 (Product: AndroidVersions: Android kernelAndroid ID:
A-202160245Referen ...)
+ TODO: check
+CVE-2021-39709 (In sendSipAccountsRemovedNotification of
SipAccountRegistry.java, ther ...)
+ TODO: check
+CVE-2021-39708 (In gatt_process_notification of gatt_cl.cc, there is a
possible out of ...)
+ TODO: check
+CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a
possible way ...)
+ TODO: check
+CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way
to clea ...)
+ TODO: check
+CVE-2021-39705 (In getNotificationTag of LegacyVoicemailNotifier.java, there
is a poss ...)
+ TODO: check
+CVE-2021-39704 (In deleteNotificationChannelGroup of
NotificationManagerService.java, ...)
+ TODO: check
+CVE-2021-39703 (In updateState of UsbDeviceManager.java, there is a possible
unauthori ...)
+ TODO: check
+CVE-2021-39702 (In onCreate of RequestManageCredentials.java, there is a
possible way ...)
+ TODO: check
+CVE-2021-39701 (In serviceConnection of ControlsProviderLifecycleManager.kt,
there is ...)
+ TODO: check
CVE-2021-39700
RESERVED
CVE-2021-39699
RESERVED
-CVE-2021-39698
- RESERVED
+CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory
corrupt ...)
{DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
-CVE-2021-39697
- RESERVED
+CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is
a possib ...)
+ TODO: check
CVE-2021-39696
RESERVED
-CVE-2021-39695
- RESERVED
-CVE-2021-39694
- RESERVED
-CVE-2021-39693
- RESERVED
-CVE-2021-39692
- RESERVED
+CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible
permissi ...)
+ TODO: check
+CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for
default apps ...)
+ TODO: check
+CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a
possible way to ...)
+ TODO: check
+CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible
way to se ...)
+ TODO: check
CVE-2021-39691
RESERVED
-CVE-2021-39690
- RESERVED
-CVE-2021-39689
- RESERVED
+CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is
a possi ...)
+ TODO: check
+CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible
way to p ...)
+ TODO: check
CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to
TBD. This ...)
NOT-FOR-US: Pixel
CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2021-39686
- RESERVED
+CVE-2021-39686 (In several functions of binder.c, there is a possible way to
represent ...)
{DSA-5096-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.15-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
-CVE-2021-39685
- RESERVED
+CVE-2021-39685 (In various setup methods of the USB gadget subsystem, there is
a possi ...)
{DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1}
- linux 5.15.5-2
NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
@@ -36525,8 +36526,8 @@ CVE-2021-39669 (In onCreate of
InstallCaCertificateWarning.java, there is a poss
NOT-FOR-US: Android
CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible
Intent ...)
NOT-FOR-US: Android
-CVE-2021-39667
- RESERVED
+CVE-2021-39667 (In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is
a possi ...)
+ TODO: check
CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of
bounds re ...)
NOT-FOR-US: Android
CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible
out of bo ...)
@@ -36633,8 +36634,8 @@ CVE-2021-39626 (In onAttach of
ConnectedDeviceDashboardFragment.java, there is a
NOT-FOR-US: Android
CVE-2021-39625 (In showCarrierAppInstallationNotification of
EuiccNotificationManager. ...)
NOT-FOR-US: Android
-CVE-2021-39624
- RESERVED
+CVE-2021-39624 (In Package Manger, there is a possible permanent denial of
service due ...)
+ TODO: check
CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out
of boun ...)
NOT-FOR-US: Android
CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset
Protection ...)
@@ -50714,8 +50715,8 @@ CVE-2021-33855
RESERVED
CVE-2021-33854
RESERVED
-CVE-2021-33853
- RESERVED
+CVE-2021-33853 (A Cross-Site Scripting (XSS) attack can cause arbitrary code
(javascri ...)
+ TODO: check
CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code
(JavaScri ...)
NOT-FOR-US: post-duplicator-image plugin for WordPress
CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code
(JavaScri ...)
@@ -60543,14 +60544,12 @@ CVE-2021-23180 (A flaw was found in htmldoc in
v1.9.12 and before. Null pointer
NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
NOTE: Crash in CLI tool, no security impact
-CVE-2021-23165
- RESERVED
+CVE-2021-23165 (A flaw was found in htmldoc before v1.9.12. Heap buffer
overflow in ps ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/413
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
-CVE-2021-23158
- RESERVED
+CVE-2021-23158 (A flaw was found in htmldoc in v1.9.12. Double-free in
function pspdf_ ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/414
@@ -76669,8 +76668,8 @@ CVE-2021-23650
RESERVED
CVE-2021-23649
RESERVED
-CVE-2021-23648
- RESERVED
+CVE-2021-23648 (The package @braintree/sanitize-url before 6.0.0 are
vulnerable to Cro ...)
+ TODO: check
CVE-2021-23647
RESERVED
CVE-2021-23646
@@ -86211,8 +86210,7 @@ CVE-2021-20300 (A flaw was found in OpenEXR's
hufUncompress functionality in Ope
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0
(master)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d
(2.5.x)
-CVE-2021-20299 [Null-dereference READ in Imf_2_5::Header::operator]
- RESERVED
+CVE-2021-20299 (A flaw was found in OpenEXR's Multipart input file
functionality. A cr ...)
{DLA-2732-1}
- openexr 2.5.4-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740
@@ -86406,8 +86404,7 @@ CVE-2021-20259 (A flaw was found in the Foreman
project. The Proxmox compute res
- foreman <itp> (bug #663101)
CVE-2021-20258
RESERVED
-CVE-2021-20257 [net: e1000: infinite loop while processing transmit
descriptors]
- RESERVED
+CVE-2021-20257 (An infinite loop flaw was found in the e1000 NIC emulator of
the QEMU. ...)
{DLA-2623-1}
- qemu 1:5.2+dfsg-9 (bug #984450)
[bullseye] - qemu <postponed> (Minor issue)
@@ -86801,8 +86798,7 @@ CVE-2021-20181 (A race condition flaw was found in the
9pfs server implementatio
- qemu 1:5.2+dfsg-4
[buster] - qemu <postponed> (Minor issue)
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
-CVE-2021-20180
- RESERVED
+CVE-2021-20180 (A flaw was found in ansible module where credentials are
disclosed in ...)
- ansible <unfixed> (bug #985753)
[bullseye] - ansible <no-dsa> (Minor issue)
[buster] - ansible <no-dsa> (Minor issue)
@@ -94743,8 +94739,8 @@ CVE-2021-0959 (In jit_memory_region.cc, there is a
possible bypass of memory res
NOT-FOR-US: Android
CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of
potentially se ...)
NOT-FOR-US: Android
-CVE-2021-0957
- RESERVED
+CVE-2021-0957 (In NotificationStackScrollLayout of
NotificationStackScrollLayout.java ...)
+ TODO: check
CVE-2021-0956 (In NfcTag::discoverTechnologies (activation) of NfcTag.cpp,
there is a ...)
NOT-FOR-US: Android
CVE-2021-0955 (In pf_write_buf of FuseDaemon.cpp, there is possible memory
corruption ...)
@@ -103218,8 +103214,7 @@ CVE-2020-25722 (Multiple flaws were found in the way
samba AD DC implemented acc
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html
-CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid)]
- RESERVED
+CVE-2020-25721 (Kerberos acceptors need easy access to stable AD identifiers
(eg objec ...)
{DSA-5003-1}
- samba 2:4.13.14+dfsg-1
[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c512a54348237d6b3fc67be2b142471510a5144
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c512a54348237d6b3fc67be2b142471510a5144
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
