automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-10-13 08:10:14 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-10-13 08:10:14 +0000
commit: 31a21f14a41551587c368cd0babf001d2c369458 (patch)
tree: b3b2041ee265bb585ffc304c18763bf5ffa6aa63 /data
parent: 233a537f915231a89fe153b1ed76fbd6d9149563 (diff)
2 files changed, 214 insertions, 176 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 33988467d6..165e049ee5 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -19741,20 +19741,20 @@ CVE-2020-22681
 	RESERVED
 CVE-2020-22680
 	RESERVED
-CVE-2020-22679
-	RESERVED
-CVE-2020-22678
-	RESERVED
-CVE-2020-22677
-	RESERVED
+CVE-2020-22679 (Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 a ...)
+	TODO: check
+CVE-2020-22678 (An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulat ...)
+	TODO: check
+CVE-2020-22677 (An issue was discovered in gpac 0.8.0. The dump_data_hex function in b ...)
+	TODO: check
 CVE-2020-22676
 	RESERVED
-CVE-2020-22675
-	RESERVED
-CVE-2020-22674
-	RESERVED
-CVE-2020-22673
-	RESERVED
+CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function in stb ...)
+	TODO: check
+CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...)
+	TODO: check
+CVE-2020-22673 (Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows  ...)
+	TODO: check
 CVE-2020-22672
 	RESERVED
 CVE-2020-22671
@@ -33642,7 +33642,7 @@ CVE-2020-16120 (Overlayfs did not properly perform permission checking when copy
 	[stretch] - linux <not-affected> (Vulnerable configuration combination not possible)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
 CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
@@ -64236,7 +64236,7 @@ CVE-2020-3704 (u'While processing invalid connection request PDU which is nonsta
 CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index b6f3c359c4..6f0c55574e 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,25 @@
+CVE-2021-42339
+	RESERVED
+CVE-2021-42338
+	RESERVED
+CVE-2021-42337
+	RESERVED
+CVE-2021-42336
+	RESERVED
+CVE-2021-42335
+	RESERVED
+CVE-2021-42334
+	RESERVED
+CVE-2021-42333
+	RESERVED
+CVE-2021-42332
+	RESERVED
+CVE-2021-42331
+	RESERVED
+CVE-2021-42330
+	RESERVED
+CVE-2021-42329
+	RESERVED
 CVE-2021-42328
 	RESERVED
 CVE-2021-42327
@@ -165,6 +187,7 @@ CVE-2021-42254
 CVE-2021-42253
 	RESERVED
 CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...)
+	{DLA-2785-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
@@ -489,6 +512,7 @@ CVE-2021-3871
 CVE-2021-3870
 	RESERVED
 CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed  ...)
+	{DSA-4984-1}
 	- flatpak 1.12.1-1 (bug #995935)
 	[buster] - flatpak <ignored> (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
@@ -718,6 +742,7 @@ CVE-2021-3860
 CVE-2021-3859
 	RESERVED
 CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux  ...)
+	{DLA-2785-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
@@ -2168,74 +2193,74 @@ CVE-2021-41365
 	RESERVED
 CVE-2021-41364
 	RESERVED
-CVE-2021-41363
-	RESERVED
+CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...)
+	TODO: check
 CVE-2021-41362
 	RESERVED
-CVE-2021-41361
-	RESERVED
+CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...)
+	TODO: check
 CVE-2021-41360
 	RESERVED
 CVE-2021-41359
 	RESERVED
 CVE-2021-41358
 	RESERVED
-CVE-2021-41357
-	RESERVED
+CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+	TODO: check
 CVE-2021-41356
 	RESERVED
-CVE-2021-41355
-	RESERVED
-CVE-2021-41354
-	RESERVED
-CVE-2021-41353
-	RESERVED
-CVE-2021-41352
-	RESERVED
+CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+	TODO: check
+CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+	TODO: check
+CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...)
+	TODO: check
+CVE-2021-41352 (SCOM Information Disclosure Vulnerability ...)
+	TODO: check
 CVE-2021-41351
 	RESERVED
-CVE-2021-41350
-	RESERVED
+CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability ...)
+	TODO: check
 CVE-2021-41349
 	RESERVED
-CVE-2021-41348
-	RESERVED
-CVE-2021-41347
-	RESERVED
-CVE-2021-41346
-	RESERVED
-CVE-2021-41345
-	RESERVED
-CVE-2021-41344
-	RESERVED
-CVE-2021-41343
-	RESERVED
-CVE-2021-41342
-	RESERVED
+CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability ...)
+	TODO: check
+CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+	TODO: check
+CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+	TODO: check
+CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+	TODO: check
+CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+	TODO: check
 CVE-2021-41341
 	RESERVED
-CVE-2021-41340
-	RESERVED
-CVE-2021-41339
-	RESERVED
-CVE-2021-41338
-	RESERVED
-CVE-2021-41337
-	RESERVED
-CVE-2021-41336
-	RESERVED
-CVE-2021-41335
-	RESERVED
-CVE-2021-41334
-	RESERVED
+CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+	TODO: check
+CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...)
+	TODO: check
+CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability ...)
+	TODO: check
+CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability ...)
+	TODO: check
+CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+	TODO: check
 CVE-2021-41333
 	RESERVED
-CVE-2021-41332
-	RESERVED
-CVE-2021-41331
-	RESERVED
-CVE-2021-41330
-	RESERVED
+CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...)
+	TODO: check
+CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...)
+	TODO: check
+CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+	TODO: check
 CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...)
 	NOT-FOR-US: Datalust Seq
 CVE-2021-41328
@@ -4186,88 +4211,88 @@ CVE-2021-40493
 	RESERVED
 CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...)
 	NOT-FOR-US: Gibbon application
-CVE-2021-40489
-	RESERVED
-CVE-2021-40488
-	RESERVED
-CVE-2021-40487
-	RESERVED
-CVE-2021-40486
-	RESERVED
-CVE-2021-40485
-	RESERVED
-CVE-2021-40484
-	RESERVED
-CVE-2021-40483
-	RESERVED
-CVE-2021-40482
-	RESERVED
-CVE-2021-40481
-	RESERVED
-CVE-2021-40480
-	RESERVED
-CVE-2021-40479
-	RESERVED
-CVE-2021-40478
-	RESERVED
-CVE-2021-40477
-	RESERVED
-CVE-2021-40476
-	RESERVED
-CVE-2021-40475
-	RESERVED
-CVE-2021-40474
-	RESERVED
-CVE-2021-40473
-	RESERVED
-CVE-2021-40472
-	RESERVED
-CVE-2021-40471
-	RESERVED
-CVE-2021-40470
-	RESERVED
-CVE-2021-40469
-	RESERVED
-CVE-2021-40468
-	RESERVED
-CVE-2021-40467
-	RESERVED
-CVE-2021-40466
-	RESERVED
-CVE-2021-40465
-	RESERVED
-CVE-2021-40464
-	RESERVED
-CVE-2021-40463
-	RESERVED
-CVE-2021-40462
-	RESERVED
-CVE-2021-40461
-	RESERVED
-CVE-2021-40460
-	RESERVED
+CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+	TODO: check
+CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+	TODO: check
+CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+	TODO: check
+CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability ...)
+	TODO: check
+CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+	TODO: check
+CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+	TODO: check
+CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+	TODO: check
+CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+	TODO: check
+CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+	TODO: check
+CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+	TODO: check
+CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+	TODO: check
+CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+	TODO: check
+CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...)
+	TODO: check
+CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+	TODO: check
+CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+	TODO: check
+CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability ...)
+	TODO: check
+CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+	TODO: check
+CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability ...)
+	TODO: check
+CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
+	TODO: check
+CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
+CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
+CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability ...)
+	TODO: check
+CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-40463 (Windows NAT Denial of Service Vulnerability ...)
+	TODO: check
+CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...)
+	TODO: check
+CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+	TODO: check
+CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...)
+	TODO: check
 CVE-2021-40459
 	RESERVED
 CVE-2021-40458
 	RESERVED
-CVE-2021-40457
-	RESERVED
-CVE-2021-40456
-	RESERVED
-CVE-2021-40455
-	RESERVED
-CVE-2021-40454
-	RESERVED
+CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
+	TODO: check
+CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability ...)
+	TODO: check
+CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...)
+	TODO: check
+CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...)
+	TODO: check
 CVE-2021-40453
 	RESERVED
 CVE-2021-40452
 	RESERVED
 CVE-2021-40451
 	RESERVED
-CVE-2021-40450
-	RESERVED
-CVE-2021-40449
-	RESERVED
+CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+	TODO: check
+CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+	TODO: check
 CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
@@ -4278,8 +4303,8 @@ CVE-2021-40445
 	RESERVED
 CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
-CVE-2021-40443
-	RESERVED
+CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+	TODO: check
 CVE-2021-40442
 	RESERVED
 CVE-2021-40441
@@ -4315,7 +4340,7 @@ CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate add
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
 	NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
 CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
@@ -4564,7 +4589,7 @@ CVE-2021-3754
 	RESERVED
 CVE-2021-3753
 	RESERVED
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
@@ -4984,7 +5009,7 @@ CVE-2021-40148
 	RESERVED
 CVE-2021-3743
 	RESERVED
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -6134,7 +6159,7 @@ CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
 	NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
 CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files]
 	RESERVED
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
@@ -8420,8 +8445,8 @@ CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Fla
 	NOT-FOR-US: adminlte
 CVE-2021-38673
 	RESERVED
-CVE-2021-38672
-	RESERVED
+CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+	TODO: check
 CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-38670
@@ -8438,10 +8463,10 @@ CVE-2021-38665
 	RESERVED
 CVE-2021-38664
 	RESERVED
-CVE-2021-38663
-	RESERVED
-CVE-2021-38662
-	RESERVED
+CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability ...)
+	TODO: check
+CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+	TODO: check
 CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
@@ -9567,11 +9592,13 @@ CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48
 CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...)
+	{DLA-2785-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37
 CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...)
+	{DLA-2785-1}
 	- linux 5.14.6-1 (unimportant)
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
@@ -9592,11 +9619,12 @@ CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
 CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
 CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...)
+	{DLA-2785-1}
 	- linux 5.10.46-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7
@@ -9717,7 +9745,7 @@ CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI
 	NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
 	NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
 CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
@@ -10249,7 +10277,7 @@ CVE-2021-3681
 CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
 	NOT-FOR-US: showdoc
 CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
@@ -11161,7 +11189,7 @@ CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to un
 CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
 	NOT-FOR-US: Node body-parser-xml
 CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	[stretch] - linux <ignored> (powerpc architectures not included in LTS)
@@ -12002,6 +12030,7 @@ CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authenticat
 CVE-2021-3657
 	RESERVED
 CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...)
+	{DLA-2785-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
@@ -12040,7 +12069,7 @@ CVE-2021-37140
 	RESERVED
 CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
 	RESERVED
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -12370,6 +12399,7 @@ CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl
 CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...)
 	NOT-FOR-US: SerNet verinice
 CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
+	{DLA-2785-1}
 	- linux 5.10.46-3
 	[buster] - linux 4.19.208-1
 CVE-2021-3654 [novnc allows open redirection]
@@ -12430,8 +12460,8 @@ CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is
 	NOT-FOR-US: Microsoft
 CVE-2021-36971
 	RESERVED
-CVE-2021-36970
-	RESERVED
+CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability ...)
+	TODO: check
 CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...)
@@ -12464,8 +12494,8 @@ CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vul
 	NOT-FOR-US: Microsoft
 CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...)
 	NOT-FOR-US: Microsoft
-CVE-2021-36953
-	RESERVED
+CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability ...)
+	TODO: check
 CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-36951
@@ -12823,7 +12853,7 @@ CVE-2021-36776
 CVE-2021-36775
 	RESERVED
 CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
-	{DSA-4978-1}
+	{DSA-4978-1 DLA-2785-1}
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
@@ -15787,6 +15817,7 @@ CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom
 CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown  ...)
 	NOT-FOR-US: Nagios Log Server
 CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+	{DLA-2785-1}
 	- linux 5.10.46-4
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
@@ -16695,6 +16726,7 @@ CVE-2021-35068
 CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...)
 	NOT-FOR-US: Meross MSG100 devices
 CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
+	{DLA-2785-1}
 	- linux 5.10.46-3
 	[buster] - linux 4.19.208-1
 	NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
@@ -16777,6 +16809,7 @@ CVE-2021-3609
 CVE-2021-35040
 	RESERVED
 CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...)
+	{DLA-2785-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
@@ -17564,6 +17597,7 @@ CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack
 	NOT-FOR-US: Receita Federal IRPF 2021 1.7
 CVE-2021-3600
 	RESERVED
+	{DLA-2785-1}
 	- linux 5.10.19-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90
@@ -17883,6 +17917,7 @@ CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly as
 	NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x)
 	NOTE: key_agreement.go also bundled in various other packages
 CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+	{DLA-2785-1}
 	- linux 5.10.46-4
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
@@ -18109,8 +18144,8 @@ CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerabilit
 	NOT-FOR-US: Microsoft
 CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
 	NOT-FOR-US: Microsoft
-CVE-2021-34453
-	RESERVED
+CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability ...)
+	TODO: check
 CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability ...)
@@ -19973,6 +20008,7 @@ CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did n
 CVE-2021-33625
 	RESERVED
 CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch  ...)
+	{DLA-2785-1}
 	- linux 5.10.46-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
@@ -32839,6 +32875,7 @@ CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is su
 CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
 	NOT-FOR-US: Arista
 CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...)
+	{DLA-2785-1}
 	- linux 5.10.19-1
 	[buster] - linux 4.19.208-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -37624,10 +37661,10 @@ CVE-2021-26444
 	RESERVED
 CVE-2021-26443
 	RESERVED
-CVE-2021-26442
-	RESERVED
-CVE-2021-26441
-	RESERVED
+CVE-2021-26442 (Windows HTTP.sys Elevation of Privilege Vulnerability ...)
+	TODO: check
+CVE-2021-26441 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+	TODO: check
 CVE-2021-26440
 	RESERVED
 CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
@@ -37654,8 +37691,8 @@ CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...)
 	NOT-FOR-US: Microsoft
-CVE-2021-26427
-	RESERVED
+CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+	TODO: check
 CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...)
 	NOT-FOR-US: Microsoft
 CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
@@ -37976,8 +38013,8 @@ CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protecti
 	NOT-FOR-US: WPS Hide Logi
 CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
 	NOT-FOR-US: WinSCP
-CVE-2021-3330
-	RESERVED
+CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...)
+	TODO: check
 CVE-2021-3329
 	RESERVED
 CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
@@ -38035,12 +38072,12 @@ CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenti
 	NOT-FOR-US: Monitorix
 CVE-2021-3324
 	RESERVED
-CVE-2021-3323
-	RESERVED
-CVE-2021-3322
-	RESERVED
-CVE-2021-3321
-	RESERVED
+CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...)
+	TODO: check
+CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...)
+	TODO: check
+CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header  ...)
+	TODO: check
 CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions &gt;= v2 ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...)
@@ -46658,6 +46695,7 @@ CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cau
 CVE-2021-22544
 	RESERVED
 CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...)
+	{DLA-2785-1}
 	- linux 5.10.46-2
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3
@@ -52926,8 +52964,8 @@ CVE-2021-20033
 	RESERVED
 CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...)
 	NOT-FOR-US: SonicWall
-CVE-2021-20031
-	RESERVED
+CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows  ...)
+	TODO: check
 CVE-2021-20030
 	RESERVED
 CVE-2021-20029
author	security tracker role <sectracker@soriano.debian.org>	2021-10-13 08:10:14 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-10-13 08:10:14 +0000
commit	31a21f14a41551587c368cd0babf001d2c369458 (patch)
tree	b3b2041ee265bb585ffc304c18763bf5ffa6aa63 /data
parent	233a537f915231a89fe153b1ed76fbd6d9149563 (diff)