Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ee4f2b5f by security tracker role at 2022-01-08T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-0156
+ RESERVED
CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3
has an in ...)
- expat <unfixed>
NOTE: https://github.com/libexpat/libexpat/pull/539
@@ -1715,6 +1717,7 @@ CVE-2021-4197 [cgroup: Use open-time creds and namespace
for migration perm chec
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via
an HTML ...)
+ {DSA-5037-1}
- roundcube <unfixed> (bug #1003027)
NOTE:
https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0
(1.5.2)
NOTE:
https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8
(1.4.13)
@@ -1839,6 +1842,7 @@ CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer
overflow in check_bad_addre
CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds
write in ...)
- libredwg <itp> (bug #595191)
CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based
buffer overf ...)
+ {DSA-5038-1}
- ghostscript 9.55.0~dfsg-1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
@@ -1856,6 +1860,7 @@ CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in
CompileBlock (called f
CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write
in std::_ ...)
NOT-FOR-US: uWebSockets
CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free
in sampl ...)
+ {DSA-5038-1}
- ghostscript 9.54.0~dfsg-5
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
@@ -3809,12 +3814,12 @@ CVE-2017-20009
NOT-FOR-US: MODX Revolution
CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the "<object
data='data:text ...)
NOT-FOR-US: PrestaShop
-CVE-2021-45442
- RESERVED
-CVE-2021-45441
- RESERVED
-CVE-2021-45440
- RESERVED
+CVE-2021-45442 (A link following denial-of-service vulnerability in Trend
Micro Worry- ...)
+ TODO: check
+CVE-2021-45441 (A origin validation error vulnerability in Trend Micro Apex
One (on-pr ...)
+ TODO: check
+CVE-2021-45440 (A unnecessary privilege vulnerability in Trend Micro Apex One
and Tren ...)
+ TODO: check
CVE-2021-45439
RESERVED
CVE-2021-45438
@@ -4483,8 +4488,8 @@ CVE-2021-45233
RESERVED
CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses
two fra ...)
NOT-FOR-US: Apache APISIX Dashboard
-CVE-2021-45231
- RESERVED
+CVE-2021-45231 (A link following privilege escalation vulnerability in Trend
Micro Ape ...)
+ TODO: check
CVE-2021-45230
RESERVED
CVE-2021-45229
@@ -8128,8 +8133,8 @@ CVE-2021-44028 (XXE can occur in Quest KACE Desktop
Authority before 11.2 becaus
NOT-FOR-US: Quest KACE Desktop Authority
CVE-2021-44027
RESERVED
-CVE-2021-44024
- RESERVED
+CVE-2021-44024 (A link following denial-of-service vulnerability in Trend
Micro Apex O ...)
+ TODO: check
CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the
Trend Mi ...)
NOT-FOR-US: Trend Micro
CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One
could allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee4f2b5f0696152303de94a4fa0de2ed15f0961c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee4f2b5f0696152303de94a4fa0de2ed15f0961c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
