diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-01-01 08:10:09 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-01 08:10:09 +0000 |
| commit | 2484bf9aeb4c7414899951111c4d15f07058920e (patch) | |
| tree | f789f47f4f36f2fea4fc4597522cd2ac77a09448 | |
| parent | 5f1c8231e611d840eb11eda2ec233a797dd997c7 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2021.list | 90 | ||||
| -rw-r--r-- | data/CVE/2022.list | 4 |
2 files changed, 81 insertions, 13 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 9f5413979d..bd4f8fe1f7 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,71 @@ +CVE-2021-45959 ({fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8 ...) + TODO: check +CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buffer ove ...) + TODO: check +CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...) + TODO: check +CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...) + TODO: check +CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...) + TODO: check +CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) + TODO: check +CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) + TODO: check +CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...) + TODO: check +CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...) + TODO: check +CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...) + TODO: check +CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) + TODO: check +CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...) + TODO: check +CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...) + TODO: check +CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + TODO: check +CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...) + TODO: check +CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) + TODO: check +CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...) + TODO: check +CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...) + TODO: check +CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...) + TODO: check +CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...) + TODO: check +CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...) + TODO: check +CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...) + TODO: check +CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + TODO: check +CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...) + TODO: check +CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...) + TODO: check +CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...) + TODO: check +CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 6.2.1 has an out-of-bounds write in QtPriva ...) + TODO: check +CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + TODO: check +CVE-2021-45928 (libjxl before 0.6, as used in libvips 8.11 through 8.11.2 and other pr ...) + TODO: check +CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + TODO: check +CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + TODO: check CVE-2021-4196 RESERVED CVE-2021-4195 @@ -2615,8 +2683,8 @@ CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ CVE-2021-44853 RESERVED -CVE-2021-44852 - RESERVED +CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...) + TODO: check CVE-2021-44851 RESERVED CVE-2021-44850 @@ -2999,8 +3067,7 @@ CVE-2021-44719 RESERVED CVE-2021-44718 RESERVED -CVE-2021-44717 - RESERVED +CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...) - golang-1.17 1.17.5-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 @@ -3011,8 +3078,7 @@ CVE-2021-44717 NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5) NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12) -CVE-2021-44716 - RESERVED +CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...) - golang-1.17 1.17.5-1 - golang-1.15 1.15.15-5 [bullseye] - golang-1.15 1.15.15-1~deb11u2 @@ -6559,8 +6625,8 @@ CVE-2021-43335 RESERVED CVE-2021-43334 RESERVED -CVE-2021-43333 - RESERVED +CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) + TODO: check CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) - mailman <removed> (bug #1000367) [buster] - mailman <no-dsa> (Minor issue) @@ -10070,8 +10136,7 @@ CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Int NOT-FOR-US: Wazuh CVE-2021-41820 RESERVED -CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse] - RESERVED +CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...) {DLA-2853-1} - ruby3.0 <unfixed> - ruby2.7 2.7.5-1 @@ -10082,8 +10147,7 @@ CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse] NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1) CVE-2021-41818 RESERVED -CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods] - RESERVED +CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...) {DLA-2853-1} - ruby3.0 <unfixed> - ruby2.7 2.7.5-1 @@ -22249,7 +22313,7 @@ CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succ NOTE: https://github.com/389ds/389-ds-base/issues/4817 NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) -CVE-2021-36767 (In Digi RealPort through 4.8.488.0, authentication relies on a challen ...) +CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...) NOT-FOR-US: Digi RealPort CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...) NOT-FOR-US: Concrete5 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 79629dd88d..5b6ebcce16 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1,3 +1,7 @@ +CVE-2022-0079 + RESERVED +CVE-2022-0078 + RESERVED CVE-2022-22292 RESERVED CVE-2022-22291 |