diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-02 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-02 20:10:27 +0000 |
commit | 1f1bc5253a8b7d39c874d2db748bb4b8a3f2a6a3 (patch) | |
tree | 9b7278d84a257aac62eb7ccada95fdcb9ccedf56 | |
parent | 62ac69e93b2774d8a3b33bba24c61ebffe9bd58e (diff) |
automatic update
-rw-r--r-- | data/CVE/2021.list | 51 | ||||
-rw-r--r-- | data/CVE/2022.list | 4 |
2 files changed, 30 insertions, 25 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 3a1c5305ab..8120e1036d 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -53,7 +53,7 @@ CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or mor [buster] - expat <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://github.com/libexpat/libexpat/issues/531 NOTE: https://github.com/libexpat/libexpat/pull/534 -CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8 ...) +CVE-2021-45959 (** DISPUTED ** {fmt} 7.1.0 through 8.0.1 has a stack-based buffer over ...) - fmtlib <unfixed> (unimportant) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36110 NOTE: https://github.com/fmtlib/fmt/issues/2685 @@ -2127,6 +2127,7 @@ CVE-2021-4127 RESERVED CVE-2021-4126 RESERVED + {DSA-5034-1} - thunderbird 1:91.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 CVE-2021-26264 @@ -3692,6 +3693,7 @@ CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) CVE-2021-44539 RESERVED CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...) + {DSA-5034-1} - element-web <itp> (bug #866502) - olm 3.2.8~dfsg-1 (bug #1001664) [buster] - olm <not-affected> (Vulnerable code introduced later) @@ -6154,7 +6156,7 @@ CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 re CVE-2021-43547 RESERVED CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6162,7 +6164,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546 CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6173,7 +6175,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s - firefox <not-affected> (Only affects Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6181,7 +6183,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6189,7 +6191,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542 CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6200,7 +6202,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a - firefox 95.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540 CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6208,7 +6210,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539 CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6216,7 +6218,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6224,7 +6226,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 95.0-1 - firefox-esr 91.4.0esr-1 - thunderbird 1:91.4.0-1 @@ -6232,7 +6234,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536 CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 93.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -6240,7 +6242,7 @@ CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535 CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -6261,10 +6263,12 @@ CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530 CVE-2021-43529 RESERVED + {DSA-5034-1} - thunderbird 1:91.3.0-1 NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501 CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...) + {DSA-5034-1} - thunderbird 1:91.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528 CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...) @@ -18238,7 +18242,7 @@ CVE-2021-38510 (The executable file warning was not presented when downloading . NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510 CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18246,7 +18250,7 @@ CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Java NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509 CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18254,7 +18258,7 @@ CVE-2021-38508 (By displaying a form validity message in the correct location at NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508 CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18262,7 +18266,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507 CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18277,7 +18281,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505 CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18285,7 +18289,7 @@ CVE-2021-38504 (When interacting with an HTML input element's file picker dialog NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504 CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...) - {DSA-5026-1 DLA-2863-1} + {DSA-5034-1 DSA-5026-1 DLA-2863-1} - firefox 94.0-1 - firefox-esr 91.3.0esr-1 - thunderbird 1:91.3.0-1 @@ -18293,6 +18297,7 @@ CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT styl NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503 CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...) + {DSA-5034-1} [experimental] - thunderbird 1:91.2.0-1 - thunderbird 1:91.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502 @@ -18304,7 +18309,7 @@ CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefo NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501 CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) - {DSA-4981-1 DLA-2782-1} + {DSA-5034-1 DSA-4981-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 [experimental] - thunderbird 1:91.2.0-1 @@ -18332,7 +18337,7 @@ CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497 CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...) - {DSA-4981-1 DLA-2782-1} + {DSA-5034-1 DSA-4981-1 DLA-2782-1} - firefox 93.0-1 - firefox-esr 91.2.0esr-1 [experimental] - thunderbird 1:91.2.0-1 @@ -22485,9 +22490,9 @@ CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current wor NOT-FOR-US: sharkdp BAT CVE-2021-36752 RESERVED -CVE-2021-36751 - RESERVED -CVE-2021-36750 (ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used i ...) +CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such ...) + TODO: check +CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...) NOT-FOR-US: ENC CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...) - druid <itp> (bug #825797) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index a5e292adef..2bdd67eec1 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -2,8 +2,8 @@ CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as dem TODO: check CVE-2022-0081 RESERVED -CVE-2022-0080 - RESERVED +CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...) + TODO: check CVE-2022-0079 RESERVED CVE-2022-0078 |