[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 16 Dec 2021 12:10:40 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7be57955 by security tracker role at 2021-12-16T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-21953
+       RESERVED
+CVE-2022-21952
+       RESERVED
+CVE-2022-21951
+       RESERVED
+CVE-2022-21950
+       RESERVED
+CVE-2022-21949
+       RESERVED
+CVE-2022-21948
+       RESERVED
+CVE-2022-21947
+       RESERVED
+CVE-2022-21946
+       RESERVED
+CVE-2022-21945
+       RESERVED
+CVE-2022-21944
+       RESERVED
+CVE-2021-45105
+       RESERVED
+CVE-2021-31566
+       RESERVED
+CVE-2021-23177
+       RESERVED
 CVE-2022-21943
        RESERVED
 CVE-2022-21942
@@ -82,14 +108,14 @@ CVE-2021-XXXX [JNDI vunerability]
        NOTE: https://jira.qos.ch/browse/LOGBACK-1591
 CVE-2021-44771
        RESERVED
-CVE-2021-4124
-       RESERVED
-CVE-2021-4123
-       RESERVED
+CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input 
During ...)
+       TODO: check
+CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery 
(CSRF) ...)
+       TODO: check
 CVE-2021-4122
        RESERVED
-CVE-2021-4121
-       RESERVED
+CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input 
During  ...)
+       TODO: check
 CVE-2021-23151
        RESERVED
 CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel 
through 5. ...)
@@ -155,6 +181,7 @@ CVE-2021-45048
 CVE-2021-45047
        RESERVED
 CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache 
Log4j 2. ...)
+       {DSA-5022-1}
        - apache-log4j2 2.16.0-1 (bug #1001729)
        [stretch] - apache-log4j2 <not-affected> (JndiLookup class has been 
removed)
        NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4
@@ -4886,10 +4913,10 @@ CVE-2022-21136
        RESERVED
 CVE-2022-21131
        RESERVED
-CVE-2021-3960
-       RESERVED
-CVE-2021-3959
-       RESERVED
+CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the 
EPPUpdateSer ...)
+       TODO: check
 CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software 
suffers f ...)
        NOT-FOR-US: iPack SCADA Automation
 CVE-2021-43745
@@ -14154,8 +14181,8 @@ CVE-2021-40837
        RESERVED
 CVE-2021-40836
        RESERVED
-CVE-2021-40835
-       RESERVED
+CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in 
Safe Brows ...)
+       TODO: check
 CVE-2021-40834 (A user interface overlay vulnerability was discovered in 
F-secure SAFE ...)
        NOT-FOR-US: F-secure
 CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was 
discovered whe ...)
@@ -22121,9 +22148,9 @@ CVE-2021-3669 [reading /proc/sysvipc/shm does not scale 
with large shared memory
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery 
by an a ...)
        NOT-FOR-US: Meow hash
-CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a 
possibility of f ...)
+CVE-2021-37605 (In version 6.5 of MiWi software and all previous versions 
including le ...)
        NOT-FOR-US: Microchip MiWi
-CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a 
possibility of f ...)
+CVE-2021-37604 (In version 6.5 of our MiWi software and all previous versions 
includin ...)
        NOT-FOR-US: Microchip MiWi
 CVE-2021-37603
        RESERVED
@@ -42937,7 +42964,7 @@ CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 
7.2.x, and 7.3.x allows XSS. .
        NOT-FOR-US: Cloudera Manager
 CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper 
input vali ...)
        NOT-FOR-US: CODESYS Control Runtime
-CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer 
dereference that  ...)
+CVE-2021-29241 (CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer 
dereference that ...)
        NOT-FOR-US: CODESYS Gateway 3
 CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 
3.5.17.0 do ...)
        NOT-FOR-US: Package Manager of CODESYS Development System 3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be579555b9f37ed844a42ae35d71b62514977ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be579555b9f37ed844a42ae35d71b62514977ce
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to