Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
43098006 by security tracker role at 2022-08-26T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-38772
+ RESERVED
+CVE-2022-38771
+ RESERVED
+CVE-2022-38770
+ RESERVED
+CVE-2022-38769
+ RESERVED
+CVE-2022-38768
+ RESERVED
+CVE-2022-38767
+ RESERVED
+CVE-2022-38766
+ RESERVED
+CVE-2022-38765
+ RESERVED
+CVE-2022-38764
+ RESERVED
+CVE-2022-38763
+ RESERVED
+CVE-2022-38762
+ RESERVED
+CVE-2022-38761
+ RESERVED
+CVE-2022-38760
+ RESERVED
+CVE-2022-38759
+ RESERVED
+CVE-2022-38758
+ RESERVED
+CVE-2022-38757
+ RESERVED
+CVE-2022-38756
+ RESERVED
+CVE-2022-38755
+ RESERVED
+CVE-2022-38754
+ RESERVED
+CVE-2022-38753
+ RESERVED
+CVE-2022-2999
+ RESERVED
+CVE-2022-2998
+ RESERVED
+CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to
6.0.10. ...)
+ TODO: check
+CVE-2022-2996
+ RESERVED
+CVE-2022-2995
+ RESERVED
+CVE-2022-2994
+ RESERVED
CVE-2022-38752
RESERVED
CVE-2022-38751
@@ -80,12 +132,12 @@ CVE-2022-2984
RESERVED
CVE-2022-2983
RESERVED
-CVE-2022-2982
- RESERVED
+CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0259.
...)
+ TODO: check
CVE-2022-2981
RESERVED
-CVE-2022-2980
- RESERVED
+CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to
9.0.025 ...)
+ TODO: check
CVE-2022-2979
RESERVED
CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was
found ...)
@@ -609,8 +661,8 @@ CVE-2022-38535
RESERVED
CVE-2022-38534
RESERVED
-CVE-2022-38533
- RESERVED
+CVE-2022-38533 (In GNU Binutils before 2.4.0, there is a heap-buffer-overflow
in the e ...)
+ TODO: check
CVE-2022-38532
RESERVED
CVE-2022-38531
@@ -3873,12 +3925,12 @@ CVE-2022-37320
RESERVED
CVE-2022-37319
RESERVED
-CVE-2022-37318
- RESERVED
-CVE-2022-37317
- RESERVED
-CVE-2022-37316
- RESERVED
+CVE-2022-37318 (Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a
reflect ...)
+ TODO: check
+CVE-2022-37317 (Archer Platform 6.x before 6.11 P3 contain an HTML injection
vulnerabi ...)
+ TODO: check
+CVE-2022-37316 (Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an
improper API ...)
+ TODO: check
CVE-2022-37315 (graphql-go (aka GraphQL for Go) through 0.8.0 has infinite
recursion i ...)
NOT-FOR-US: graphql-go
CVE-2022-37314
@@ -5423,20 +5475,20 @@ CVE-2022-36723
RESERVED
CVE-2022-36722 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: Library Management System
-CVE-2022-36721
- RESERVED
-CVE-2022-36720
- RESERVED
-CVE-2022-36719
- RESERVED
+CVE-2022-36721 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-36720 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-36719 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-36718
RESERVED
CVE-2022-36717
RESERVED
-CVE-2022-36716
- RESERVED
-CVE-2022-36715
- RESERVED
+CVE-2022-36716 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-36715 (Library Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
CVE-2022-36714
RESERVED
CVE-2022-36713
@@ -5459,30 +5511,30 @@ CVE-2022-36705
RESERVED
CVE-2022-36704
RESERVED
-CVE-2022-36703
- RESERVED
+CVE-2022-36703 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
CVE-2022-36702
RESERVED
-CVE-2022-36701
- RESERVED
-CVE-2022-36700
- RESERVED
-CVE-2022-36699
- RESERVED
-CVE-2022-36698
- RESERVED
-CVE-2022-36697
- RESERVED
-CVE-2022-36696
- RESERVED
-CVE-2022-36695
- RESERVED
+CVE-2022-36701 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-36700 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-36699 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-36698 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-36697 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-36696 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-36695 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
CVE-2022-36694
RESERVED
-CVE-2022-36693
- RESERVED
-CVE-2022-36692
- RESERVED
+CVE-2022-36693 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
+CVE-2022-36692 (Ingredients Stock Management System v1.0 was discovered to
contain a S ...)
+ TODO: check
CVE-2022-36691
RESERVED
CVE-2022-36690
@@ -5811,8 +5863,8 @@ CVE-2022-36529
RESERVED
CVE-2022-36528
RESERVED
-CVE-2022-36527
- RESERVED
+CVE-2022-36527 (Jfinal CMS v5.1.0 allows attackers to execute arbitrary web
scripts or ...)
+ TODO: check
CVE-2022-36526 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 &
GO-RT-AC750_revB_FWv20 ...)
NOT-FOR-US: D-Link
CVE-2022-36525 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 &
GO-RT-AC750_revB_FWv20 ...)
@@ -6706,8 +6758,8 @@ CVE-2022-36228
RESERVED
CVE-2022-36227
RESERVED
-CVE-2022-36226
- RESERVED
+CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability
via /Si ...)
+ TODO: check
CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request
Forgery (C ...)
NOT-FOR-US: Eyoucms
CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery
(CSRF). ...)
@@ -6832,8 +6884,8 @@ CVE-2022-36170 (MapGIS 10.5 Pro IGServer has hardcoded
credentials in the front-
NOT-FOR-US: MapGIS IGServer
CVE-2022-36169
RESERVED
-CVE-2022-36168
- RESERVED
+CVE-2022-36168 (A directory traversal vulnerability was discovered in Wuzhicms
4.1.0. ...)
+ TODO: check
CVE-2022-36167
RESERVED
CVE-2022-36166
@@ -6992,20 +7044,20 @@ CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a
certain clear operation
NOTE: https://sick.codes/sick-2022-128
CVE-2022-36122
RESERVED
-CVE-2022-36121
- RESERVED
-CVE-2022-36120
- RESERVED
-CVE-2022-36119
- RESERVED
-CVE-2022-36118
- RESERVED
-CVE-2022-36117
- RESERVED
-CVE-2022-36116
- RESERVED
-CVE-2022-36115
- RESERVED
+CVE-2022-36121 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
+ TODO: check
+CVE-2022-36120 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
+ TODO: check
+CVE-2022-36119 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
+ TODO: check
+CVE-2022-36118 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
+ TODO: check
+CVE-2022-36117 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
+ TODO: check
+CVE-2022-36116 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
+ TODO: check
+CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through
7.01. In ...)
+ TODO: check
CVE-2022-36114
RESERVED
CVE-2022-36113
@@ -9320,8 +9372,8 @@ CVE-2022-35194
RESERVED
CVE-2022-35193
RESERVED
-CVE-2022-35192
- RESERVED
+CVE-2022-35192 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router
DSL-3782 Firmw ...)
+ TODO: check
CVE-2022-35191 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router
DSL-3782 Firmw ...)
NOT-FOR-US: D-Link
CVE-2022-35190
@@ -18129,8 +18181,8 @@ CVE-2022-XXXX [Sanitizing and other XSS protections]
NOTE: https://git.spip.net/spip-team/securite/issues/3733 (not public)
NOTE:
https://git.spip.net/spip/svp/commit/bf0ff95ac535f1aa53e6a946ea739fd71106f182
NOTE:
https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-1-2-SPIP-4-0-7-SPIP-3-2.html?lang=fr
-CVE-2022-31798
- RESERVED
+CVE-2022-31798 (Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable
to /car ...)
+ TODO: check
CVE-2022-31797
RESERVED
CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions
from 12.0 ...)
@@ -19313,8 +19365,8 @@ CVE-2022-31501 (The ChaoticOnyx/OnyxForum repository
before 2022-05-04 on GitHub
NOT-FOR-US: ChaoticOnyx/OnyxForum
CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer
sets im ...)
NOT-FOR-US: KNIME Analytics Platform
-CVE-2022-31499
- RESERVED
+CVE-2022-31499 (Nortek Linear eMerge E3-Series devices before 0.32-08f allow
an unauth ...)
+ TODO: check
CVE-2022-31498 (LibreHealth EHR Base 2.0.0 allows
interface/orders/patient_match_dialo ...)
NOT-FOR-US: LibreHealth EHR Base
CVE-2022-31497 (LibreHealth EHR Base 2.0.0 allows
interface/main/finder/finder_navigat ...)
@@ -19846,8 +19898,8 @@ CVE-2022-1811 (Unrestricted Upload of File with
Dangerous Type in GitHub reposit
NOT-FOR-US: Publify
CVE-2022-1810 (Improper Access Control in GitHub repository publify/publify
prior to ...)
NOT-FOR-US: Publify
-CVE-2022-31269
- RESERVED
+CVE-2022-31269 (Nortek Linear eMerge E3-Series devices through 0.32-09c place
admin cr ...)
+ TODO: check
CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to
reading we ...)
NOT-FOR-US: Gitblit
CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User
Service: ...)
@@ -20576,8 +20628,8 @@ CVE-2022-30986
RESERVED
CVE-2022-30985
RESERVED
-CVE-2022-30984
- RESERVED
+CVE-2022-30984 (A buffer overflow vulnerability in the Rubrik Backup Service
(RBS) Age ...)
+ TODO: check
CVE-2022-30983
RESERVED
CVE-2022-30982 (An issue was discovered in Gentics CMS before 5.43.1. There is
stored ...)
@@ -24078,8 +24130,8 @@ CVE-2022-29852
RESERVED
CVE-2022-29851
RESERVED
-CVE-2022-29850
- RESERVED
+CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow External
Control of ...)
+ TODO: check
CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9,
certain SU ...)
NOT-FOR-US: Progress OpenEdge
CVE-2022-29848 (In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and
22.0.0, i ...)
@@ -27244,8 +27296,8 @@ CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR
before version 4.8.113.20
NOT-FOR-US: Zoom
CVE-2022-28748
RESERVED
-CVE-2022-28747
- RESERVED
+CVE-2022-28747 (Key reuse in GoSecure Titan Inbox Detection & Response
(IDR) throu ...)
+ TODO: check
CVE-2022-28746
RESERVED
CVE-2022-28745
@@ -40353,8 +40405,8 @@ CVE-2022-24306 (Zoho ManageEngine SharePoint Manager
Plus before 4329 allows acc
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is
vulnerable to ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-24304
- RESERVED
+CVE-2022-24304 (Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable
to prot ...)
+ TODO: check
CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because
spaces in ...)
- pillow 9.0.1-1
[bullseye] - pillow <ignored> (Minor issue)
@@ -51787,8 +51839,7 @@ CVE-2021-4114
REJECTED
CVE-2021-4113
REJECTED
-CVE-2021-4112
- RESERVED
+CVE-2021-4112 (A flaw was found in ansible-tower where the default
installation is vu ...)
NOT-FOR-US: Ansible Tower
CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
NOT-FOR-US: yetiforcecrm
@@ -55243,8 +55294,7 @@ CVE-2021-3981 (A flaw in grub2 was found where its
configuration file, known as
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html
CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information
to an U ...)
- elgg <itp> (bug #526197)
-CVE-2021-3979 [ceph: Ceph volume does not honour osd_dmcrypt_key_size]
- RESERVED
+CVE-2021-3979 (A key length flaw was found in Red Hat Ceph Storage. An
attacker can e ...)
- ceph 16.2.9+ds-1
[bullseye] - ceph <no-dsa> (Minor issue)
[buster] - ceph <no-dsa> (Minor issue)
@@ -58226,8 +58276,7 @@ CVE-2021-3930 (An off-by-one error was found in the
SCSI device emulation in QEM
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8
(v6.2.0-rc0)
-CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free]
- RESERVED
+CVE-2021-3929 (A DMA reentrancy issue was found in the NVM Express Controller
(NVME) ...)
- qemu 1:7.0+dfsg-1
[bullseye] - qemu <no-dsa> (Minor issue; nvme support preliminary
supported)
[buster] - qemu <no-dsa> (Minor issue; nvme support preliminary
supported)
@@ -58424,8 +58473,8 @@ CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted
URL to the Cgi/options.p
NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1875 (2.1.36)
CVE-2021-43330
RESERVED
-CVE-2021-43329
- RESERVED
+CVE-2021-43329 (A SQL injection vulnerability in license_update.php in Mumara
Classic ...)
+ TODO: check
CVE-2021-43328
RESERVED
CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices.
With a VCC ...)
@@ -59034,8 +59083,8 @@ CVE-2022-20923
RESERVED
CVE-2022-20922
RESERVED
-CVE-2022-20921
- RESERVED
+CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI
Multi-Site Orch ...)
+ TODO: check
CVE-2022-20920
RESERVED
CVE-2022-20919
@@ -59146,8 +59195,8 @@ CVE-2022-20867
RESERVED
CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running
Cisco A ...)
NOT-FOR-US: Cisco
-CVE-2022-20865
- RESERVED
+CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow
an authe ...)
+ TODO: check
CVE-2022-20864
RESERVED
CVE-2022-20863
@@ -59228,10 +59277,10 @@ CVE-2022-20826
RESERVED
CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
-CVE-2022-20824
- RESERVED
-CVE-2022-20823
- RESERVED
+CVE-2022-20824 (A vulnerability in the Cisco Discovery Protocol feature of
Cisco FXOS ...)
+ TODO: check
+CVE-2022-20823 (A vulnerability in the OSPF version 3 (OSPFv3) feature of
Cisco NX-OS ...)
+ TODO: check
CVE-2022-20822
RESERVED
CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR
Software could ...)
@@ -60135,8 +60184,8 @@ CVE-2021-43059
RESERVED
CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic
versions p ...)
NOT-FOR-US: Replicated
-CVE-2021-3914
- RESERVED
+CVE-2021-3914 (It was found that the smallrye health metrics UI component did
not pro ...)
+ TODO: check
CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A
use-after ...)
- linux 5.14.9-1
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
@@ -79542,15 +79591,13 @@ CVE-2021-35939 [checks for unsafe symlinks are not
performed for intermediary di
[buster] - rpm <ignored> (Minor issue)
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129
-CVE-2021-35938 [races with chown/chmod/capabilities calls during installation]
- RESERVED
+CVE-2021-35938 (A symbolic link issue was found in rpm. It occurs when rpm
sets the de ...)
- rpm <unfixed> (bug #990543)
[bullseye] - rpm <ignored> (Minor issue)
[buster] - rpm <ignored> (Minor issue)
[stretch] - rpm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114
-CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
- RESERVED
+CVE-2021-35937 (A race condition vulnerability was found in rpm. A local
unprivileged ...)
- rpm <unfixed> (bug #990543)
[bullseye] - rpm <ignored> (Minor issue)
[buster] - rpm <ignored> (Minor issue)
@@ -84348,24 +84395,23 @@ CVE-2021-3580 (A flaw was found in the way nettle's
RSA decryption functions han
NOTE:
https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
NOTE:
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
NOTE:
https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
-CVE-2021-33844
- RESERVED
+CVE-2021-33844 (A floating point exception (divide-by-zero) issue was
discovered in So ...)
+ TODO: check
CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter
of Circu ...)
NOT-FOR-US: Circutor SGE-PLC1000 firmware
CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not
handle so ...)
NOT-FOR-US: SGE-PLC1000 device
-CVE-2021-23210 [divide by zero in voc.c]
- RESERVED
+CVE-2021-23210 (A floating point exception (divide-by-zero) issue was
discovered in So ...)
- sox <unfixed> (bug #1010374)
[bullseye] - sox <no-dsa> (Minor issue)
[buster] - sox <no-dsa> (Minor issue)
[stretch] - sox <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670
NOTE: https://sourceforge.net/p/sox/bugs/351/
-CVE-2021-23172
- RESERVED
-CVE-2021-23159
- RESERVED
+CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow
occurs ...)
+ TODO: check
+CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow
occurs ...)
+ TODO: check
CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to
cause a d ...)
NOT-FOR-US: Luca
CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to
obtain sensit ...)
@@ -87751,8 +87797,8 @@ CVE-2021-32572 (Speco Web Viewer through 2021-05-12
allows Directory Traversal v
NOT-FOR-US: Speco Web Viewer
CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the
release 18B a ...)
NOT-FOR-US: OSS-RC
-CVE-2021-32570
- RESERVED
+CVE-2021-32570 (In Ericsson Network Manager (ENM) releases before 21.2, users
belongin ...)
+ TODO: check
CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the
release 18B a ...)
NOT-FOR-US: OSS-RC
CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
@@ -112768,8 +112814,8 @@ CVE-2021-3022 (An issue was discovered on LG mobile
devices with Android OS 10 s
NOT-FOR-US: LG mobile devices
CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...)
NOT-FOR-US: ISPConfig
-CVE-2021-3020
- RESERVED
+CVE-2021-3020 (An issue was discovered in ClusterLabs Hawk (aka HA Web
Konsole) throu ...)
+ TODO: check
CVE-2021-22685
RESERVED
CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer
wrap-around in ...)
@@ -120392,10 +120438,10 @@ CVE-2021-20225 (A flaw was found in grub2 in
versions prior to 2.06. The option
{DSA-4867-1}
- grub2 2.04-16
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
-CVE-2021-20224
- RESERVED
-CVE-2021-20223
- RESERVED
+CVE-2021-20224 (An integer overflow issue was discovered in ImageMagick's
ExportIndexQ ...)
+ TODO: check
+CVE-2021-20223 (An issue was found in fts5UnicodeTokenize() in
ext/fts5/fts5_tokenize. ...)
+ TODO: check
CVE-2021-20222 (A flaw was found in keycloak. The new account console in
keycloak can ...)
NOT-FOR-US: Keycloak
CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM
Generic ...)
@@ -131532,20 +131578,20 @@ CVE-2020-27804
RESERVED
CVE-2020-27803
RESERVED
-CVE-2020-27802
- RESERVED
-CVE-2020-27801
- RESERVED
-CVE-2020-27800
- RESERVED
-CVE-2020-27799
- RESERVED
-CVE-2020-27798
- RESERVED
-CVE-2020-27797
- RESERVED
-CVE-2020-27796
- RESERVED
+CVE-2020-27802 (An floating point exception was discovered in the elf_lookup
function ...)
+ TODO: check
+CVE-2020-27801 (A heap-based buffer over-read was discovered in the get_le64
function ...)
+ TODO: check
+CVE-2020-27800 (A heap-based buffer over-read was discovered in the get_le32
function ...)
+ TODO: check
+CVE-2020-27799 (A heap-based buffer over-read was discovered in the
acc_ua_get_be32 fu ...)
+ TODO: check
+CVE-2020-27798 (An invalid memory address reference was discovered in the
adjABS funct ...)
+ TODO: check
+CVE-2020-27797 (An invalid memory address reference was discovered in the
elf_lookup f ...)
+ TODO: check
+CVE-2020-27796 (A heap-based buffer over-read was discovered in the
invert_pt_dynamic ...)
+ TODO: check
CVE-2020-27795 (A segmentation fault was discovered in radare2 with adf
command. In li ...)
- radare2 5.0.0+dfsg-1
NOTE:
https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22
(4.4.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/430980069bc67c0868b54b8684638ad2c6f40344
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/430980069bc67c0868b54b8684638ad2c6f40344
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
