Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d4c2d2c0 by security tracker role at 2022-03-25T20:10:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,99 @@ +CVE-2022-27887 + RESERVED +CVE-2022-27886 + RESERVED +CVE-2022-27885 + RESERVED +CVE-2022-27884 + RESERVED +CVE-2022-27883 + RESERVED +CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedn ...) + TODO: check +CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buff ...) + TODO: check +CVE-2022-27873 + RESERVED +CVE-2022-27872 + RESERVED +CVE-2022-27871 + RESERVED +CVE-2022-27870 + RESERVED +CVE-2022-27869 + RESERVED +CVE-2022-27868 + RESERVED +CVE-2022-27867 + RESERVED +CVE-2022-27866 + RESERVED +CVE-2022-27865 + RESERVED +CVE-2022-27864 + RESERVED +CVE-2022-27186 + RESERVED +CVE-2022-27177 + RESERVED +CVE-2022-27171 + RESERVED +CVE-2022-26371 + RESERVED +CVE-2022-26064 + RESERVED +CVE-2022-1097 + RESERVED +CVE-2022-1096 + RESERVED +CVE-2022-1095 + RESERVED +CVE-2022-1094 + RESERVED +CVE-2022-1093 + RESERVED +CVE-2022-1092 + RESERVED +CVE-2022-1091 + RESERVED +CVE-2022-1090 + RESERVED +CVE-2022-1089 + RESERVED +CVE-2022-1088 + RESERVED +CVE-2022-1087 + RESERVED +CVE-2022-1086 + RESERVED +CVE-2022-1085 + RESERVED +CVE-2022-1084 + RESERVED +CVE-2022-1083 + RESERVED +CVE-2022-1082 + RESERVED +CVE-2022-1081 + RESERVED +CVE-2022-1080 + RESERVED +CVE-2022-1079 + RESERVED +CVE-2022-1078 + RESERVED +CVE-2022-1077 + RESERVED +CVE-2022-1076 + RESERVED +CVE-2022-1075 + RESERVED +CVE-2022-1074 + RESERVED +CVE-2022-1073 + RESERVED +CVE-2022-1072 + RESERVED CVE-2022-27494 RESERVED CVE-2022-26423 @@ -56,8 +152,8 @@ CVE-2022-1066 RESERVED CVE-2022-1065 RESERVED -CVE-2022-1064 - RESERVED +CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...) + TODO: check CVE-2022-1063 RESERVED CVE-2022-1062 @@ -66,7 +162,7 @@ CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareo - radare2 <unfixed> NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7 NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522 -CVE-2018-25032 [zlib memory corruption on deflate] +CVE-2018-25032 (zlib 1.2.11 allows memory corruption when deflating (i.e., when compre ...) - zlib <unfixed> (bug #1008265) NOTE: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 NOTE: https://www.openwall.com/lists/oss-security/2022/03/24/1 @@ -435,7 +531,7 @@ CVE-2022-1057 RESERVED CVE-2021-46739 RESERVED -CVE-2022-27666 (In the Linux kernel before 5.16.15, there is a buffer overflow in ESP ...) +CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...) - linux <unfixed> [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8) @@ -512,8 +608,8 @@ CVE-2022-1051 RESERVED CVE-2022-1050 RESERVED -CVE-2022-1049 - RESERVED +CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...) + TODO: check CVE-2022-1048 [race condition in snd_pcm_hw_free leading to use-after-free] RESERVED - linux <unfixed> @@ -816,8 +912,8 @@ CVE-2022-26017 RESERVED CVE-2022-25841 RESERVED -CVE-2022-1040 - RESERVED +CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...) + TODO: check CVE-2022-1039 RESERVED CVE-2022-1038 @@ -1454,8 +1550,7 @@ CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager p NOT-FOR-US: prasathmani/tinyfilemanager CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...) NOT-FOR-US: Bitrix Site Manager -CVE-2022-27227 - RESERVED +CVE-2022-27227 (In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and ...) - pdns-recursor <unfixed> [bullseye] - pdns-recursor <no-dsa> (Minor issue) [buster] - pdns-recursor <no-dsa> (Minor issue) @@ -1481,8 +1576,7 @@ CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows - 389-ds-base <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769 TODO: check details -CVE-2022-0995 [kernel bug in the watch_queue subsystem] - RESERVED +CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux kernel ...) - linux <unfixed> [buster] - linux <not-affected> (Vulnerable code not present) [stretch] - linux <not-affected> (Vulnerable code not present) @@ -1520,8 +1614,8 @@ CVE-2022-27194 RESERVED CVE-2022-0989 RESERVED -CVE-2022-0988 - RESERVED +CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...) + TODO: check CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via timing] RESERVED - packagekit <unfixed> @@ -1535,8 +1629,7 @@ CVE-2022-0985 RESERVED CVE-2022-0984 RESERVED -CVE-2022-0983 - RESERVED +CVE-2022-0983 (An SQL injection risk was identified in Badges code relating to config ...) - moodle <removed> CVE-2022-0982 (The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suff ...) NOT-FOR-US: ACCEL-PPP @@ -2733,8 +2826,8 @@ CVE-2022-0899 RESERVED CVE-2022-0898 RESERVED -CVE-2022-0897 - RESERVED +CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...) + TODO: check CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: microweber CVE-2022-0895 (Static Code Injection in GitHub repository microweber/microweber prior ...) @@ -4066,8 +4159,8 @@ CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote NOT-FOR-US: Contao Managed Edition CVE-2022-26264 RESERVED -CVE-2022-26263 - RESERVED +CVE-2022-26263 (Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scrip ...) + TODO: check CVE-2022-26262 RESERVED CVE-2022-26261 @@ -4664,8 +4757,7 @@ CVE-2022-0761 RESERVED CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...) NOT-FOR-US: WordPress plugin -CVE-2022-0759 - RESERVED +CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not includin ...) - ruby-kubeclient <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058404 NOTE: https://github.com/ManageIQ/kubeclient/issues/554 @@ -5787,20 +5879,20 @@ CVE-2022-25614 RESERVED CVE-2022-25613 RESERVED -CVE-2022-25612 - RESERVED -CVE-2022-25611 - RESERVED -CVE-2022-25610 - RESERVED +CVE-2022-25612 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) + TODO: check +CVE-2022-25611 (Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planne ...) + TODO: check +CVE-2022-25610 (Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat ...) + TODO: check CVE-2022-25609 (Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & ...) NOT-FOR-US: WordPress plugin CVE-2022-25608 (Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & ...) NOT-FOR-US: WordPress plugin CVE-2022-25607 (Authenticated (author or higher user role) SQL Injection (SQLi) vulner ...) NOT-FOR-US: WordPress plugin -CVE-2022-25606 - RESERVED +CVE-2022-25606 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + TODO: check CVE-2022-25605 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) NOT-FOR-US: WordPress plugin CVE-2022-25604 (Authenticated (contributor of higher user role) Stored Cross-Site Scri ...) @@ -5886,8 +5978,8 @@ CVE-2022-25584 RESERVED CVE-2022-25583 RESERVED -CVE-2022-25582 - RESERVED +CVE-2022-25582 (A stored cross-site scripting (XSS) vulnerability in the Column module ...) + TODO: check CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...) NOT-FOR-US: Classcms CVE-2022-25580 @@ -5896,14 +5988,14 @@ CVE-2022-25579 RESERVED CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...) NOT-FOR-US: taocms -CVE-2022-25577 - RESERVED +CVE-2022-25577 (ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password ...) + TODO: check CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) NOT-FOR-US: Anchor CMS CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking Managem ...) NOT-FOR-US: Parking Management System -CVE-2022-25574 - RESERVED +CVE-2022-25574 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...) + TODO: check CVE-2022-25573 RESERVED CVE-2022-25572 @@ -8089,10 +8181,10 @@ CVE-2022-24780 RESERVED CVE-2022-24779 RESERVED -CVE-2022-24778 - RESERVED -CVE-2022-24777 - RESERVED +CVE-2022-24778 (The imgcrypt library provides API exensions for containerd to support ...) + TODO: check +CVE-2022-24777 (grpc-swift is the Swift language implementation of gRPC, a remote proc ...) + TODO: check CVE-2022-24776 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder <itp> (bug #998029) CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...) @@ -9157,8 +9249,7 @@ CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All version NOT-FOR-US: Siemens CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...) NOT-FOR-US: beanstalk_console -CVE-2022-0500 - RESERVED +CVE-2022-0500 (A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leadi ...) - linux 5.16.10-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578 CVE-2022-0499 @@ -9177,8 +9268,7 @@ CVE-2022-0496 NOTE: Crash in CLI tool, no security impact CVE-2022-0495 RESERVED -CVE-2022-0494 - RESERVED +CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...) - linux 5.16.14-1 NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5) CVE-2022-0493 @@ -9794,8 +9884,7 @@ CVE-2022-24272 RESERVED CVE-2022-23400 RESERVED -CVE-2022-0435 - RESERVED +CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.16.10-1 NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1 @@ -11504,8 +11593,8 @@ CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecode NOT-FOR-US: Sourcecodester CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...) NOT-FOR-US: Sourcecodester -CVE-2021-46426 - RESERVED +CVE-2021-46426 (phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find ...) + TODO: check CVE-2021-46425 RESERVED CVE-2021-46424 @@ -11750,8 +11839,7 @@ CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL inj - moodle <removed> CVE-2022-0331 RESERVED -CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store] - RESERVED +CVE-2022-0330 (A random memory access flaw was found in the Linux kernel's GPU i915 k ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} - linux 5.15.15-2 NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12 @@ -11866,8 +11954,7 @@ CVE-2022-21147 RESERVED CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: Mustache (implementation in PHP) -CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c] - RESERVED +CVE-2022-0322 (A flaw was found in the sctp_make_strreset_req function in net/sctp/sm ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.16-1 [bullseye] - linux 5.10.84-1 @@ -15037,16 +15124,14 @@ CVE-2021-46167 RESERVED CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...) NOT-FOR-US: Lens -CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses] - RESERVED +CVE-2021-4203 (A use-after-free read flaw was found in sock_getsockopt() in net/core/ ...) {DSA-5096-1 DLA-2941-1} - linux 5.14.12-1 [bullseye] - linux 5.10.84-1 [stretch] - linux 4.9.290-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230 NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4) -CVE-2021-4202 - RESERVED +CVE-2021-4202 (A use-after-free flaw was found in nci_request in net/nfc/nci/core.c i ...) {DSA-5096-1 DLA-2940-1} - linux 5.15.5-1 (unimportant) [bullseye] - linux 5.10.84-1 @@ -18798,8 +18883,7 @@ CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19 NOT-FOR-US: FreePBX CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...) NOT-FOR-US: Siemens -CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()] - RESERVED +CVE-2021-4157 (An out of memory bounds write flaw (1 or 2 bytes of memory) in the Lin ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 @@ -19263,8 +19347,7 @@ CVE-2021-4148 (A vulnerability was found in the Linux kernel's block_invalidatep [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://lkml.org/lkml/2021/9/17/1037 NOTE: https://lkml.org/lkml/2021/9/12/323 -CVE-2021-4147 [deadlock and crash in libxl driver] - RESERVED +CVE-2021-4147 (A flaw was found in the libvirt libxl driver. A malicious guest could ...) - libvirt 7.10.0-2 (bug #1002535) [bullseye] - libvirt <no-dsa> (Minor issue) [buster] - libvirt <no-dsa> (Minor issue) @@ -20301,8 +20384,8 @@ CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All ver NOT-FOR-US: Siemens CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...) NOT-FOR-US: Emerson -CVE-2021-44462 - RESERVED +CVE-2021-44462 (This vulnerability can be exploited by parsing maliciously crafted pro ...) + TODO: check CVE-2021-4137 RESERVED CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...) @@ -20618,8 +20701,8 @@ CVE-2021-45045 RESERVED CVE-2021-45044 RESERVED -CVE-2021-44768 - RESERVED +CVE-2021-44768 (Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable t ...) + TODO: check CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...) NOT-FOR-US: DIAEnergie CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...) @@ -21768,8 +21851,8 @@ CVE-2021-44753 RESERVED CVE-2021-44752 RESERVED -CVE-2021-44751 - RESERVED +CVE-2021-44751 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) + TODO: check CVE-2021-44750 (An arbitrary code execution vulnerability was found in the F-Secure Su ...) NOT-FOR-US: F-Secure CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was discove ...) @@ -22516,8 +22599,8 @@ CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 ( NOT-FOR-US: SiPass CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) NOT-FOR-US: SiPass -CVE-2021-44477 - RESERVED +CVE-2021-44477 (GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external ...) + TODO: check CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...) - lapack 3.10.0-2 (bug #1001902) [bullseye] - lapack <no-dsa> (Minor issue) @@ -26131,8 +26214,8 @@ CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. NOT-FOR-US: Amazon CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...) NOT-FOR-US: Amazon -CVE-2021-43636 - RESERVED +CVE-2021-43636 (Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu ...) + TODO: check CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...) NOT-FOR-US: Codex CVE-2021-43634 @@ -26390,8 +26473,7 @@ CVE-2021-3942 RESERVED CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...) NOT-FOR-US: Apache Apisix -CVE-2021-3941 - RESERVED +CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...) - openexr <unfixed> [stretch] - openexr <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789 @@ -26578,8 +26660,7 @@ CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man- NOTE: https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 (v1.16.1) CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...) NOT-FOR-US: ohmyzsh -CVE-2021-3933 - RESERVED +CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...) - openexr <unfixed> [stretch] - openexr <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783 @@ -28624,10 +28705,10 @@ CVE-2021-43093 RESERVED CVE-2021-43092 RESERVED -CVE-2021-43091 - RESERVED -CVE-2021-43090 - RESERVED +CVE-2021-43091 (An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via ...) + TODO: check +CVE-2021-43090 (An XML External Entity (XXE) vulnerability exists in all versions of s ...) + TODO: check CVE-2021-43089 RESERVED CVE-2021-43088 @@ -34165,8 +34246,8 @@ CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize NOT-FOR-US: Device42 Remote Collector CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...) NOT-FOR-US: fabiocaccamo/utils.js -CVE-2021-3814 - RESERVED +CVE-2021-3814 (It was found that 3scale's APIdocs does not validate the access token, ...) + TODO: check CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...) NOT-FOR-US: chatwoot CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) @@ -49222,8 +49303,8 @@ CVE-2021-35256 RESERVED CVE-2021-35255 RESERVED -CVE-2021-35254 - RESERVED +CVE-2021-35254 (SolarWinds received a report of a vulnerability related to an input th ...) + TODO: check CVE-2021-35253 RESERVED CVE-2021-35252 @@ -52302,8 +52383,7 @@ CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. Ther NOTE: https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f CVE-2021-3587 REJECTED -CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device] - RESERVED +CVE-2021-3582 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) - qemu 1:5.2+dfsg-11 (bug #990565) [buster] - qemu <no-dsa> (Minor issue) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -52781,8 +52861,7 @@ CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0. NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2) CVE-2021-3568 RESERVED -CVE-2021-3567 - RESERVED +CVE-2021-3567 (A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. ...) - caribou 0.4.21-7.1 (bug #980061) [buster] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2) [stretch] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2) @@ -67972,8 +68051,8 @@ CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as u - linux 5.10.24-1 [buster] - linux 4.19.181-1 NOTE: https://xenbits.xen.org/xsa/advisory-367.html -CVE-2021-3422 - RESERVED +CVE-2021-3422 (The lack of validation of a key-value field in the Splunk-to-Splunk pr ...) + TODO: check CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...) - rpm 4.16.1.2+dfsg1-1 (bug #985308) [buster] - rpm <no-dsa> (Minor issue) @@ -71082,12 +71161,12 @@ CVE-2021-26624 RESERVED CVE-2021-26623 RESERVED -CVE-2021-26622 - RESERVED -CVE-2021-26621 - RESERVED -CVE-2021-26620 - RESERVED +CVE-2021-26622 (An remote code execution vulnerability due to SSTI vulnerability and i ...) + TODO: check +CVE-2021-26621 (An Buffer Overflow vulnerability leading to remote code execution was ...) + TODO: check +CVE-2021-26620 (An improper authentication vulnerability leading to information leakag ...) + TODO: check CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...) NOT-FOR-US: BigFileAgent CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...) @@ -82011,8 +82090,8 @@ CVE-2021-22102 RESERVED CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...) NOT-FOR-US: Cloud Foundry Cloud Controller -CVE-2021-22100 - RESERVED +CVE-2021-22100 (In cloud foundry CAPI versions prior to 1.122, a denial-of-service att ...) + TODO: check CVE-2021-22099 RESERVED CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...) @@ -87821,8 +87900,7 @@ CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versi CVE-2021-20324 RESERVED NOT-FOR-US: WildFly Elytron -CVE-2021-20323 - RESERVED +CVE-2021-20323 (A POST based reflected Cross Site Scripting vulnerability on has been ...) NOT-FOR-US: Keycloak CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...) {DSA-5096-1 DLA-2941-1 DLA-2843-1} @@ -88004,8 +88082,7 @@ CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/sto NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1 NOTE: golang-github-containers-buildah uses golang-github-containers-storage compression support. NOTE: docker.io already uses the same library as the fix for golang-github-containers-storage. -CVE-2021-20290 - RESERVED +CVE-2021-20290 (An improper authorization handling flaw was found in Foreman. The Open ...) - foreman <itp> (bug #663101) CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...) NOT-FOR-US: Keycloak @@ -114505,8 +114582,8 @@ CVE-2020-21556 RESERVED CVE-2020-21555 RESERVED -CVE-2020-21554 - RESERVED +CVE-2020-21554 (A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_lis ...) + TODO: check CVE-2020-21553 RESERVED CVE-2020-21552 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4c2d2c03e5ae7864dcac7e933c4a400a53f18cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4c2d2c03e5ae7864dcac7e933c4a400a53f18cb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits