Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
330e76b3 by security tracker role at 2022-01-05T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2022-22677
+ RESERVED
+CVE-2022-22676
+ RESERVED
+CVE-2022-22675
+ RESERVED
+CVE-2022-22674
+ RESERVED
+CVE-2022-22673
+ RESERVED
+CVE-2022-22672
+ RESERVED
+CVE-2022-22671
+ RESERVED
+CVE-2022-22670
+ RESERVED
+CVE-2022-22669
+ RESERVED
+CVE-2022-22668
+ RESERVED
+CVE-2022-22667
+ RESERVED
+CVE-2022-22666
+ RESERVED
+CVE-2022-22665
+ RESERVED
+CVE-2022-22664
+ RESERVED
+CVE-2022-22663
+ RESERVED
+CVE-2022-22662
+ RESERVED
+CVE-2022-22661
+ RESERVED
+CVE-2022-22660
+ RESERVED
+CVE-2022-22659
+ RESERVED
+CVE-2022-22658
+ RESERVED
+CVE-2022-22657
+ RESERVED
+CVE-2022-22656
+ RESERVED
+CVE-2022-22655
+ RESERVED
+CVE-2022-22654
+ RESERVED
+CVE-2022-22653
+ RESERVED
+CVE-2022-22652
+ RESERVED
+CVE-2022-22651
+ RESERVED
+CVE-2022-22650
+ RESERVED
+CVE-2022-22649
+ RESERVED
+CVE-2022-22648
+ RESERVED
+CVE-2022-22647
+ RESERVED
+CVE-2022-22646
+ RESERVED
+CVE-2022-22645
+ RESERVED
+CVE-2022-22644
+ RESERVED
+CVE-2022-22643
+ RESERVED
+CVE-2022-22642
+ RESERVED
+CVE-2022-22641
+ RESERVED
+CVE-2022-22640
+ RESERVED
+CVE-2022-22639
+ RESERVED
+CVE-2022-22638
+ RESERVED
+CVE-2022-22637
+ RESERVED
+CVE-2022-22636
+ RESERVED
+CVE-2022-22635
+ RESERVED
+CVE-2022-22634
+ RESERVED
+CVE-2022-22633
+ RESERVED
+CVE-2022-22632
+ RESERVED
+CVE-2022-22631
+ RESERVED
+CVE-2022-22630
+ RESERVED
+CVE-2022-22629
+ RESERVED
+CVE-2022-22628
+ RESERVED
+CVE-2022-22627
+ RESERVED
+CVE-2022-22626
+ RESERVED
+CVE-2022-22625
+ RESERVED
+CVE-2022-22624
+ RESERVED
+CVE-2022-22623
+ RESERVED
+CVE-2022-22622
+ RESERVED
+CVE-2022-22621
+ RESERVED
+CVE-2022-22620
+ RESERVED
+CVE-2022-22619
+ RESERVED
+CVE-2022-22618
+ RESERVED
+CVE-2022-22617
+ RESERVED
+CVE-2022-22616
+ RESERVED
+CVE-2022-22615
+ RESERVED
+CVE-2022-22614
+ RESERVED
+CVE-2022-22613
+ RESERVED
+CVE-2022-22612
+ RESERVED
+CVE-2022-22611
+ RESERVED
+CVE-2022-22610
+ RESERVED
+CVE-2022-22609
+ RESERVED
+CVE-2022-22608
+ RESERVED
+CVE-2022-22607
+ RESERVED
+CVE-2022-22606
+ RESERVED
+CVE-2022-22605
+ RESERVED
+CVE-2022-22604
+ RESERVED
+CVE-2022-22603
+ RESERVED
+CVE-2022-22602
+ RESERVED
+CVE-2022-22601
+ RESERVED
+CVE-2022-22600
+ RESERVED
+CVE-2022-22599
+ RESERVED
+CVE-2022-22598
+ RESERVED
+CVE-2022-22597
+ RESERVED
+CVE-2022-22596
+ RESERVED
+CVE-2022-22595
+ RESERVED
+CVE-2022-22594
+ RESERVED
+CVE-2022-22593
+ RESERVED
+CVE-2022-22592
+ RESERVED
+CVE-2022-22591
+ RESERVED
+CVE-2022-22590
+ RESERVED
+CVE-2022-22589
+ RESERVED
+CVE-2022-22588
+ RESERVED
+CVE-2022-22587
+ RESERVED
+CVE-2022-22586
+ RESERVED
+CVE-2022-22585
+ RESERVED
+CVE-2022-22584
+ RESERVED
+CVE-2022-22583
+ RESERVED
+CVE-2022-22582
+ RESERVED
+CVE-2022-22581
+ RESERVED
+CVE-2022-22580
+ RESERVED
+CVE-2022-22579
+ RESERVED
+CVE-2022-22578
+ RESERVED
+CVE-2022-22577
+ RESERVED
+CVE-2022-22576
+ RESERVED
+CVE-2022-22575
+ RESERVED
+CVE-2022-22574
+ RESERVED
+CVE-2022-22573
+ RESERVED
+CVE-2022-22572
+ RESERVED
+CVE-2022-22571
+ RESERVED
+CVE-2022-22570
+ RESERVED
+CVE-2022-22569
+ RESERVED
+CVE-2022-22568
+ RESERVED
+CVE-2022-0122
+ RESERVED
+CVE-2022-0121
+ RESERVED
CVE-2022-22567
RESERVED
CVE-2022-22566
@@ -2973,8 +3197,7 @@ CVE-2021-45454
RESERVED
CVE-2021-45453
RESERVED
-CVE-2021-45452 [Potential directory-traversal via Storage.save()]
- RESERVED
+CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11,
and 4.0 b ...)
- python-django 2:3.2.11-1 (bug #1003113)
NOTE:
https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE:
https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b
(3.2.11)
@@ -3953,14 +4176,12 @@ CVE-2021-45118
RESERVED
CVE-2021-45117
RESERVED
-CVE-2021-45116 [Potential information disclosure in dictsort template filter]
- RESERVED
+CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2
before 3.2.11 ...)
- python-django 2:3.2.11-1 (bug #1003113)
NOTE:
https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE:
https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16
(3.2.11)
NOTE:
https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a
(2.2.26)
-CVE-2021-45115 [Denial-of-service possibility in
UserAttributeSimilarityValidator]
- RESERVED
+CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2
before 3.2.11 ...)
- python-django 2:3.2.11-1 (bug #1003113)
NOTE:
https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE:
https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20
(3.2.11)
@@ -7736,22 +7957,22 @@ CVE-2022-21652
RESERVED
CVE-2022-21651
RESERVED
-CVE-2022-21650
- RESERVED
-CVE-2022-21649
- RESERVED
-CVE-2022-21648
- RESERVED
-CVE-2022-21647
- RESERVED
+CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web
browser. Y ...)
+ TODO: check
+CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web
browser. C ...)
+ TODO: check
+CVE-2022-21648 (Latte is an open source template engine for PHP. Versions
since 2.8.0 ...)
+ TODO: check
+CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework.
Deserializ ...)
+ TODO: check
CVE-2022-21646
RESERVED
CVE-2022-21645
RESERVED
-CVE-2022-21644
- RESERVED
-CVE-2022-21643
- RESERVED
+CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In
affected ver ...)
+ TODO: check
+CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In
affected ver ...)
+ TODO: check
CVE-2022-21642
RESERVED
CVE-2021-43959
@@ -7780,8 +8001,8 @@ CVE-2021-43948
RESERVED
CVE-2021-43947
RESERVED
-CVE-2021-43946
- RESERVED
+CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center
allow authe ...)
+ TODO: check
CVE-2021-43945
RESERVED
CVE-2021-43944
@@ -7977,12 +8198,12 @@ CVE-2021-43854 (NLTK (Natural Language Toolkit) is a
suite of open source Python
NOTE:
https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341
(3.6.6)
CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available
for Mic ...)
NOT-FOR-US: Ajax.NET Professional
-CVE-2021-43852
- RESERVED
+CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In
affected versio ...)
+ TODO: check
CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
NOT-FOR-US: Anuko Time Tracker
-CVE-2021-43850
- RESERVED
+CVE-2021-43850 (Discourse is an open source platform for community discussion.
In affe ...)
+ TODO: check
CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single
and simpl ...)
NOT-FOR-US: cordova-plugin-fingerprint-aio
CVE-2021-43848
@@ -8017,8 +8238,8 @@ CVE-2021-43834 (eLabFTW is an electronic lab notebook
manager for research teams
NOT-FOR-US: eLabFTW
CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research
teams. In v ...)
NOT-FOR-US: eLabFTW
-CVE-2021-43832
- RESERVED
+CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery
platform. ...)
+ TODO: check
CVE-2021-43831 (Gradio is an open source framework for building interactive
machine le ...)
NOT-FOR-US: gradio
CVE-2021-43830 (OpenProject is a web-based project management software.
OpenProject ve ...)
@@ -9192,8 +9413,8 @@ CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL
injection vulnerability in sh
NOT-FOR-US: ecshop
CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting
(XSS) vul ...)
NOT-FOR-US: Wechat-php-sdk
-CVE-2021-43677
- RESERVED
+CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS)
vulnerabili ...)
+ TODO: check
CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation
vulnerabil ...)
NOT-FOR-US: matyhtf framework
CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS)
vulnerabi ...)
@@ -16529,7 +16750,7 @@ CVE-2021-41611 (An issue was discovered in Squid 5.0.6
through 5.1.x before 5.2.
CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: openwhyd
CVE-2021-41610
- RESERVED
+ REJECTED
CVE-2021-41609
RESERVED
CVE-2021-41608
@@ -17044,8 +17265,8 @@ CVE-2021-41390 (In Ericsson ECM before 18.0, it was
observed that Security Provi
NOT-FOR-US: Ericsson ECM
CVE-2021-41389
RESERVED
-CVE-2021-41388
- RESERVED
+CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local
privileg ...)
+ TODO: check
CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege
escalation b ...)
- seatd <not-affected> (Vulnerable code introduced later)
NOTE:
https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
@@ -34487,7 +34708,7 @@ CVE-2021-34143 (The Bluetooth Classic implementation in
the Zhuhai Jieli AC6366C
NOT-FOR-US: Zhuhai Jieli
CVE-2021-34142
RESERVED
-CVE-2021-34141 (Incomplete string comparison in the numpy.core component in
NumPy1.9.x ...)
+CVE-2021-34141 (** DISPUTED ** Incomplete string comparison in the numpy.core
componen ...)
- numpy <unfixed>
[bullseye] - numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/18993
@@ -64554,8 +64775,8 @@ CVE-2021-22047 (In Spring Data REST versions 3.4.0 -
3.4.13, 3.5.0 - 3.5.5, and
NOT-FOR-US: Spring Data REST
CVE-2021-22046
RESERVED
-CVE-2021-22045
- RESERVED
+CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5
before ESXi6 ...)
+ TODO: check
CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to
2.2.9.RELEA ...)
NOT-FOR-US: Spring Cloud OpenFeign
CVE-2021-22043
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330e76b364018ac516831b0d8e449c5e77d312ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330e76b364018ac516831b0d8e449c5e77d312ba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
