Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cca4437f by security tracker role at 2022-01-20T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2022-23792
+ RESERVED
+CVE-2022-23791
+ RESERVED
+CVE-2022-23790
+ RESERVED
+CVE-2022-23789
+ RESERVED
+CVE-2022-23788
+ RESERVED
+CVE-2022-23787
+ RESERVED
+CVE-2022-23786
+ RESERVED
+CVE-2022-23785
+ RESERVED
+CVE-2022-23784
+ RESERVED
+CVE-2022-23783
+ RESERVED
+CVE-2022-23782
+ RESERVED
+CVE-2022-23781
+ RESERVED
+CVE-2022-23780
+ RESERVED
+CVE-2022-21147
+ RESERVED
+CVE-2022-0323
+ RESERVED
+CVE-2022-0322
+ RESERVED
+CVE-2022-0321
+ RESERVED
+CVE-2022-0320
+ RESERVED
+CVE-2022-0319
+ RESERVED
+CVE-2022-0318
+ RESERVED
+CVE-2022-0317
+ RESERVED
+CVE-2022-0316
+ RESERVED
+CVE-2022-0315
+ RESERVED
CVE-2022-23779
RESERVED
CVE-2022-23778
@@ -808,24 +854,24 @@ CVE-2022-0287
RESERVED
CVE-2022-0286
RESERVED
-CVE-2022-0285
- RESERVED
+CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist
pimcore/pimcore prior ...)
+ TODO: check
CVE-2022-0284
RESERVED
CVE-2022-0283
RESERVED
-CVE-2022-0282
- RESERVED
-CVE-2022-0281
- RESERVED
+CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to
1.2.11. ...)
+ TODO: check
+CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in
Packagis ...)
+ TODO: check
CVE-2022-0280
RESERVED
CVE-2022-0279
RESERVED
-CVE-2022-0278
- RESERVED
-CVE-2022-0277
- RESERVED
+CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist
microweber/microweber ...)
+ TODO: check
+CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber
prior to 1. ...)
+ TODO: check
CVE-2021-46401
RESERVED
CVE-2021-46400
@@ -1571,6 +1617,7 @@ CVE-2022-0228
CVE-2021-46304
RESERVED
CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14
allows local ...)
+ {DSA-5050-1}
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1666,8 +1713,8 @@ CVE-2022-0221
RESERVED
CVE-2022-0220
RESERVED
-CVE-2022-0219
- RESERVED
+CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub
reposi ...)
+ TODO: check
CVE-2022-0218
RESERVED
CVE-2022-0216
@@ -1941,10 +1988,10 @@ CVE-2022-23122
RESERVED
CVE-2022-23121
RESERVED
-CVE-2022-23120
- RESERVED
-CVE-2022-23119
- RESERVED
+CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security
and Cloud ...)
+ TODO: check
+CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep
Security and C ...)
+ TODO: check
CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier
implements fu ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements
functionali ...)
@@ -2001,6 +2048,7 @@ CVE-2022-0186
RESERVED
CVE-2022-0185 [vfs: fs_context: fix up param length parsing in
legacy_parse_param]
RESERVED
+ {DSA-5050-1}
- linux 5.15.15-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -2907,8 +2955,8 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka
libexpat) before 2.4.3 ha
NOTE:
https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR
WebApp, in wh ...)
NOT-FOR-US: NVIDIA NeMo
-CVE-2022-22820
- RESERVED
+CVE-2022-22820 (Due to the lack of media file checks before rendering, it was
possible ...)
+ TODO: check
CVE-2022-22819
RESERVED
CVE-2022-22818
@@ -3193,8 +3241,7 @@ CVE-2022-22735
RESERVED
CVE-2022-22734
RESERVED
-CVE-2022-22733
- RESERVED
+CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
@@ -6268,21 +6315,22 @@ CVE-2021-45485 (In the IPv6 implementation in the Linux
kernel before 5.13.3, ne
CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation
algorithm emplo ...)
NOT-FOR-US: NetBSD
CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in
WebCore::Fram ...)
- {DSA-4995-1 DSA-4996-1}
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in
WebCore::Cont ...)
- {DSA-4975-1 DSA-4976-1}
+ {DSA-4976-1 DSA-4975-1}
- webkit2gtk 2.32.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.32.4-1
CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory
allocation in We ...)
- {DSA-4995-1 DSA-4996-1}
+ {DSA-4996-1 DSA-4995-1}
- webkit2gtk 2.34.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.34.1-1
CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11.
There is a ...)
+ {DSA-5050-1}
- linux 5.15.15-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
@@ -6334,6 +6382,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before
4.1.0 allows regular e
CVE-2021-4161 (The affected products contain vulnerable firmware, which could
allow a ...)
NOT-FOR-US: Moxa
CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel
through 5.15 ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23
allows remote ...)
@@ -6390,6 +6439,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in
flac_buffer_copy]
NOTE:
https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc
(1.1.0beta1)
CVE-2021-4155
RESERVED
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
NOTE:
https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
@@ -6947,8 +6997,8 @@ CVE-2021-45419 (Certain Starcharge products are affected
by Improper Input Valid
NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory
Traversal via ...)
NOT-FOR-US: Nova 360 Cabinet
-CVE-2021-45417
- RESERVED
+CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root
privileges via cr ...)
+ {DSA-5051-1}
- aide 0.17.4-1
NOTE:
https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc
(v0.17.4)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
@@ -7584,8 +7634,7 @@ CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1,
the Manager API uses t
NOT-FOR-US: Apache APISIX Dashboard
CVE-2021-45231 (A link following privilege escalation vulnerability in Trend
Micro Ape ...)
NOT-FOR-US: Trend Micro
-CVE-2021-45230
- RESERVED
+CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a
specific case ...)
- airflow <itp> (bug #819700)
CVE-2021-45229
RESERVED
@@ -8076,6 +8125,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used
in the Linux kernel thro
NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel
through 5.15.8 ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE:
https://lore.kernel.org/all/[email protected]/
CVE-2021-45070
@@ -8932,8 +8982,8 @@ CVE-2021-44831
RESERVED
CVE-2021-44830
RESERVED
-CVE-2021-44829
- RESERVED
+CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html
in AFI W ...)
+ TODO: check
CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0,
Bifrost r0p0 ...)
NOT-FOR-US: ARM
CVE-2021-44827
@@ -9265,16 +9315,16 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext
in logfile]
- rainloop 1.14.0-1 (bug #962629)
[buster] - rainloop <no-dsa> (Minor issue)
NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
-CVE-2021-44738
- RESERVED
-CVE-2021-44737
- RESERVED
-CVE-2021-44736
- RESERVED
-CVE-2021-44735
- RESERVED
-CVE-2021-44734
- RESERVED
+CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark
devices t ...)
+ TODO: check
+CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices
through 2021- ...)
+ TODO: check
+CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices
allow unauth ...)
+ TODO: check
+CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark
devices ...)
+ TODO: check
+CVE-2021-44734 (Embedded web server input sanitization vulnerability in
Lexmark device ...)
+ TODO: check
CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE
subsystem ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -10568,10 +10618,10 @@ CVE-2021-44247
RESERVED
CVE-2021-44246
RESERVED
-CVE-2021-44245
- RESERVED
-CVE-2021-44244
- RESERVED
+CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID
19 Testi ...)
+ TODO: check
+CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester
Logistic Hub Pa ...)
+ TODO: check
CVE-2021-44243
RESERVED
CVE-2021-44242
@@ -11124,12 +11174,12 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command
execution vulnerability at plug
NOT-FOR-US: zrlog
CVE-2021-44093 (A Remote Command Execution vulnerability on the background in
zrlog 2. ...)
NOT-FOR-US: zrlog
-CVE-2021-44092
- RESERVED
-CVE-2021-44091
- RESERVED
-CVE-2021-44090
- RESERVED
+CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects
Pharmacy Manage ...)
+ TODO: check
+CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in
Courcecodester Mu ...)
+ TODO: check
+CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online
Reviewe ...)
+ TODO: check
CVE-2021-44089
RESERVED
CVE-2021-44088
@@ -11671,6 +11721,7 @@ CVE-2022-21684 (Discourse is an open source discussion
platform. Versions prior
CVE-2022-21683 (Wagtail is a Django based content management system focused on
flexibi ...)
NOT-FOR-US: Wagtail
CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution
framework. ...)
+ {DSA-5049-1}
- flatpak 1.12.3-1
NOTE:
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
NOTE:
https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
@@ -11743,8 +11794,7 @@ CVE-2022-21660
RESERVED
CVE-2022-21659
RESERVED
-CVE-2022-21658 [Race condition in the Rust standard library]
- RESERVED
+CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language
designe ...)
- rustc <unfixed>
NOTE:
https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1
@@ -11985,6 +12035,7 @@ CVE-2021-43861 (Mermaid is a Javascript based
diagramming and charting tool that
NOTE:
https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
NOTE:
https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution
framework. ...)
+ {DSA-5049-1}
- flatpak 1.12.3-1
NOTE:
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
NOTE:
https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
@@ -19510,8 +19561,8 @@ CVE-2021-3868
RESERVED
CVE-2021-3867
RESERVED
-CVE-2021-3866
- RESERVED
+CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository
zulip/zulip p ...)
+ TODO: check
CVE-2021-42060
RESERVED
CVE-2021-42059
@@ -25240,6 +25291,7 @@ CVE-2021-39686
RESERVED
CVE-2021-39685
RESERVED
+ {DSA-5050-1}
- linux 5.15.5-2
NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a
possibl ...)
@@ -37702,8 +37754,8 @@ CVE-2021-34602
RESERVED
CVE-2021-34601
RESERVED
-CVE-2021-34600
- RESERVED
+CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for
random numb ...)
+ TODO: check
CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0
lack ce ...)
NOT-FOR-US: CODESYS
CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0,
1.4.1 an ...)
@@ -44024,8 +44076,8 @@ CVE-2021-32041
RESERVED
CVE-2021-32040
RESERVED
-CVE-2021-32039
- RESERVED
+CVE-2021-32039 (Users with appropriate file access may be able to access
unencrypted u ...)
+ TODO: check
CVE-2021-32038
RESERVED
CVE-2021-32037 (An authorized user may trigger an invariant which may result
in denial ...)
@@ -52873,18 +52925,23 @@ CVE-2021-28717
CVE-2021-28716
RESERVED
CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of
kernel me ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of
kernel me ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency
events T[his ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency
events T[his ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency
events T[his ...)
+ {DSA-5050-1}
- linux 5.15.15-1
NOTE: https://xenbits.xen.org/xsa/advisory-391.html
CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For
efficie ...)
@@ -141659,7 +141716,7 @@ CVE-2020-5677 (Reflected cross-site scripting
vulnerability in GROWI v4.0.0 and
NOT-FOR-US: GROWI
CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain
information ...)
NOT-FOR-US: GROWI
-CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series
(GT2107-WTBD ...)
+CVE-2020-5675 (Out-of-bounds read vulnerability in GT21 model of GOT2000
series (GT21 ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5674 (Untrusted search path vulnerability in the installers of
multiple SEIK ...)
NOT-FOR-US: SEIKO EPSON products
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cca4437fd41043d13aa2e3baa0b645a392f393a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cca4437fd41043d13aa2e3baa0b645a392f393a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
