[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 05 Jan 2022 12:10:49 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f5be4540 by security tracker role at 2022-01-05T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-22678
+       RESERVED
+CVE-2022-0129
+       RESERVED
+CVE-2022-0128
+       RESERVED
+CVE-2022-0127
+       RESERVED
+CVE-2022-0126
+       RESERVED
+CVE-2022-0125
+       RESERVED
+CVE-2022-0124
+       RESERVED
+CVE-2022-0123
+       RESERVED
+CVE-2021-4200
+       RESERVED
 CVE-2022-22677
        RESERVED
 CVE-2022-22676
@@ -3072,16 +3090,16 @@ CVE-2022-22113
        RESERVED
 CVE-2022-22112
        RESERVED
-CVE-2022-22111
-       RESERVED
-CVE-2022-22110
-       RESERVED
-CVE-2022-22109
-       RESERVED
-CVE-2022-22108
-       RESERVED
-CVE-2022-22107
-       RESERVED
+CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing 
authorization. ...)
+       TODO: check
+CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak 
password requ ...)
+       TODO: check
+CVE-2022-22109 (In Daybyday CRM, version 2.2.0 is vulnerable to Stored 
Cross-Site Scri ...)
+       TODO: check
+CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable 
to Missin ...)
+       TODO: check
+CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable 
to Missin ...)
+       TODO: check
 CVE-2022-22106
        RESERVED
 CVE-2022-22105
@@ -7978,8 +7996,8 @@ CVE-2022-21644 (USOC is an open source CMS with a focus 
on simplicity. In affect
        NOT-FOR-US: USOC
 CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In 
affected ver ...)
        NOT-FOR-US: USOC
-CVE-2022-21642
-       RESERVED
+CVE-2022-21642 (Discourse is an open source platform for community discussion. 
In affe ...)
+       TODO: check
 CVE-2021-43959
        RESERVED
 CVE-2021-43958
@@ -8281,8 +8299,7 @@ CVE-2021-43818 (lxml is a library for processing XML and 
HTML in the Python lang
        NOTE: 
https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 
(lxml-4.6.5)
 CVE-2021-43817 (Collabora Online is a collaborative online office suite based 
on Libre ...)
        NOT-FOR-US: Collabora Online
-CVE-2021-43816
-       RESERVED
+CVE-2021-43816 (containerd is an open source container runtime. On 
installations using ...)
        - containerd 1.5.9~ds1-1
        [bullseye] - containerd <not-affected> (Vulnerable code introduced in 
1.5.0)
        NOTE: 
https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
@@ -8376,8 +8393,8 @@ CVE-2021-43781 (Invenio-Drafts-Resources is a 
submission/deposit module for Inve
        NOT-FOR-US: Invenio-Drafts-Resources
 CVE-2021-43780 (Redash is a package for data visualization and sharing. In 
versions 10 ...)
        NOT-FOR-US: Redash
-CVE-2021-43779
-       RESERVED
+CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking 
system and  ...)
+       TODO: check
 CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. 
GLPI inst ...)
        NOT-FOR-US: GLPI plugin
 CVE-2021-43777 (Redash is a package for data visualization and sharing. In 
Redash vers ...)
@@ -18145,8 +18162,7 @@ CVE-2021-41045
        RESERVED
 CVE-2021-41044
        RESERVED
-CVE-2021-41043 [Fix a use-after-free in extract_slice()]
-       RESERVED
+CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other 
confirm ...)
        - tcpslice <unfixed>
        NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
        NOTE: 
https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a
 (tcpslice-1.5)
@@ -23298,8 +23314,8 @@ CVE-2021-38920
        RESERVED
 CVE-2021-38919
        RESERVED
-CVE-2021-38918
-       RESERVED
+CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, 
through a spec ...)
+       TODO: check
 CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an 
attacker ...)
        NOT-FOR-US: IBM
 CVE-2021-38916
@@ -34721,7 +34737,7 @@ CVE-2021-34143 (The Bluetooth Classic implementation in 
the Zhuhai Jieli AC6366C
        NOT-FOR-US: Zhuhai Jieli
 CVE-2021-34142
        RESERVED
-CVE-2021-34141 (** DISPUTED ** Incomplete string comparison in the numpy.core 
componen ...)
+CVE-2021-34141 (An incomplete string comparison in the numpy.core component in 
NumPy b ...)
        - numpy <unfixed>
        [bullseye] - numpy <no-dsa> (Minor issue)
        NOTE: https://github.com/numpy/numpy/issues/18993
@@ -41320,8 +41336,8 @@ CVE-2021-31591
        RESERVED
 CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect 
JSON Webtok ...)
        NOT-FOR-US: PwnDoc
-CVE-2021-31589
-       RESERVED
+CVE-2021-31589 (BeyondTrust Secure Remote Access Base Software through 6.0.1 
allows an ...)
+       TODO: check
 CVE-2021-31588
        RESERVED
 CVE-2021-31587
@@ -48713,16 +48729,13 @@ CVE-2021-28714
        RESERVED
        - linux <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-392.html
-CVE-2021-28713
-       RESERVED
+CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency 
events T[his ...)
        - linux <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-391.html
-CVE-2021-28712
-       RESERVED
+CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency 
events T[his ...)
        - linux <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-391.html
-CVE-2021-28711
-       RESERVED
+CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency 
events T[his ...)
        - linux <unfixed>
        NOTE: https://xenbits.xen.org/xsa/advisory-391.html
 CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For 
efficie ...)
@@ -63646,8 +63659,8 @@ CVE-2021-22569
        RESERVED
 CVE-2021-22568 (When using the dart pub publish command to publish a package 
to a thir ...)
        TODO: check
-CVE-2021-22567
-       RESERVED
+CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled 
differently ...)
+       TODO: check
 CVE-2021-22566
        RESERVED
 CVE-2021-22565 (An attacker could prematurely expire a verification code, 
making it un ...)
@@ -109056,8 +109069,8 @@ CVE-2020-15935 (A cleartext storage of sensitive 
information in GUI in FortiADC
        NOT-FOR-US: Fortiguard
 CVE-2020-15934
        RESERVED
-CVE-2020-15933
-       RESERVED
+CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor 
in Fortin ...)
+       TODO: check
 CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during 
updates, c ...)
        NOT-FOR-US: Overwolf
 CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote 
attackers to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5be454041c81a24c2044651b23cb315d1911fe2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5be454041c81a24c2044651b23cb315d1911fe2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to