[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 22 Jan 2022 00:10:29 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
617c0899 by security tracker role at 2022-01-22T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-23848
+       RESERVED
+CVE-2022-23847
+       RESERVED
+CVE-2022-23846
+       RESERVED
+CVE-2022-23845
+       RESERVED
+CVE-2022-23844
+       RESERVED
+CVE-2022-23843
+       RESERVED
+CVE-2022-23842
+       RESERVED
+CVE-2022-23841
+       RESERVED
+CVE-2022-23840
+       RESERVED
+CVE-2022-23839
+       RESERVED
+CVE-2022-23838
+       RESERVED
+CVE-2022-23837 (In api.rb in Sidekiq before 6.4.0, there is no limit on the 
number of  ...)
+       TODO: check
+CVE-2022-23836
+       RESERVED
+CVE-2022-23835
+       RESERVED
+CVE-2022-0337
+       RESERVED
+CVE-2022-0336
+       RESERVED
 CVE-2022-23834
        RESERVED
 CVE-2022-23833
@@ -76,10 +108,10 @@ CVE-2021-4208
        RESERVED
 CVE-2022-23809
        RESERVED
-CVE-2022-23808
-       RESERVED
-CVE-2022-23807
-       RESERVED
+CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An 
attacker ca ...)
+       TODO: check
+CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 
before  ...)
+       TODO: check
 CVE-2022-23806
        RESERVED
 CVE-2022-23805
@@ -1130,14 +1162,14 @@ CVE-2022-23368
        RESERVED
 CVE-2022-23367
        RESERVED
-CVE-2022-23366
-       RESERVED
-CVE-2022-23365
-       RESERVED
-CVE-2022-23364
-       RESERVED
-CVE-2022-23363
-       RESERVED
+CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection 
vulnerability via p ...)
+       TODO: check
+CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection 
vulnerability via d ...)
+       TODO: check
+CVE-2022-23364 (HMS v1.0 was discovered to contain a SQL injection 
vulnerability via a ...)
+       TODO: check
+CVE-2022-23363 (Online Banking System v1.0 was discovered to contain a SQL 
injection v ...)
+       TODO: check
 CVE-2022-23362
        RESERVED
 CVE-2022-23361
@@ -1432,12 +1464,12 @@ CVE-2021-46315
        RESERVED
 CVE-2021-46314
        RESERVED
-CVE-2021-46313
-       RESERVED
+CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a 
segmentat ...)
+       TODO: check
 CVE-2021-46312
        RESERVED
-CVE-2021-46311
-       RESERVED
+CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 
via the ...)
+       TODO: check
 CVE-2021-46310
        RESERVED
 CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester 
Employee and V ...)
@@ -2802,28 +2834,28 @@ CVE-2021-46246
        RESERVED
 CVE-2021-46245
        RESERVED
-CVE-2021-46244
-       RESERVED
-CVE-2021-46243
-       RESERVED
-CVE-2021-46242
-       RESERVED
+CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis 
the functi ...)
+       TODO: check
+CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 
v1.13.1- ...)
+       TODO: check
+CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free 
via the ...)
+       TODO: check
 CVE-2021-46241
        RESERVED
-CVE-2021-46240
-       RESERVED
-CVE-2021-46239
-       RESERVED
-CVE-2021-46238
-       RESERVED
-CVE-2021-46237
-       RESERVED
-CVE-2021-46236
-       RESERVED
+CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 
via the ...)
+       TODO: check
+CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an 
invalid  ...)
+       TODO: check
+CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the 
functio ...)
+       TODO: check
+CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC 
v1.1.0 v ...)
+       TODO: check
+CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 
via the ...)
+       TODO: check
 CVE-2021-46235
        RESERVED
-CVE-2021-46234
-       RESERVED
+CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 
via the ...)
+       TODO: check
 CVE-2021-46233
        RESERVED
 CVE-2021-46232
@@ -3869,12 +3901,12 @@ CVE-2022-22555
        RESERVED
 CVE-2022-22554
        RESERVED
-CVE-2022-22553
-       RESERVED
-CVE-2022-22552
-       RESERVED
-CVE-2022-22551
-       RESERVED
+CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper 
Restriction o ...)
+       TODO: check
+CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking 
vulnerabil ...)
+       TODO: check
+CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method 
with sensi ...)
+       TODO: check
 CVE-2022-22550
        RESERVED
 CVE-2022-22549
@@ -9492,6 +9524,7 @@ CVE-2021-44719
 CVE-2021-44718
        RESERVED
 CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows 
write operat ...)
+       {DLA-2892-1 DLA-2891-1}
        - golang-1.17 1.17.5-1
        - golang-1.15 1.15.15-5
        [bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -9504,6 +9537,7 @@ CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 
1.17.5 on UNIX allows write
        NOTE: 
https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee 
(go1.17.5)
        NOTE: 
https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d 
(go1.16.12)
 CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows 
uncontro ...)
+       {DLA-2892-1 DLA-2891-1}
        - golang-1.17 1.17.5-1
        - golang-1.15 1.15.15-5
        [bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -11785,10 +11819,10 @@ CVE-2022-21710
        RESERVED
 CVE-2022-21709
        RESERVED
-CVE-2022-21708
-       RESERVED
-CVE-2022-21707
-       RESERVED
+CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In 
version ...)
+       TODO: check
+CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts 
and pro ...)
+       TODO: check
 CVE-2022-21706
        RESERVED
 CVE-2022-21705
@@ -20445,6 +20479,7 @@ CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 
1.17.3 allows an archive/zip
        NOTE: 
https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf 
(go1.17.3)
        NOTE: 
https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 
(go1.16.10)
 CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go 
before 1.16 ...)
+       {DLA-2892-1 DLA-2891-1}
        - golang-1.17 1.17.3-1
        - golang-1.16 1.16.10-1
        - golang-1.15 1.15.15-5
@@ -25958,8 +25993,8 @@ CVE-2021-39482
        RESERVED
 CVE-2021-39481
        RESERVED
-CVE-2021-39480
-       RESERVED
+CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation 
failure w ...)
+       TODO: check
 CVE-2021-39479
        RESERVED
 CVE-2021-39478
@@ -26409,6 +26444,7 @@ CVE-2021-39294
        RESERVED
 CVE-2021-39293
        RESERVED
+       {DLA-2892-1 DLA-2891-1}
        - golang-1.17 1.17.1-1
        - golang-1.16 1.16.8-1
        - golang-1.15 1.15.15-2
@@ -33785,10 +33821,10 @@ CVE-2021-36341 (Dell Wyse Device Agent version 
14.5.4.1 and below contain a sens
        NOT-FOR-US: Dell
 CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive 
information d ...)
        NOT-FOR-US: EMC
-CVE-2021-36339
-       RESERVED
-CVE-2021-36338
-       RESERVED
+CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain 
undocumented us ...)
+       TODO: check
+CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a 
privilege  ...)
+       TODO: check
 CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support 
insecure Tr ...)
        NOT-FOR-US: Dell
 CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a 
deserializati ...)
@@ -34038,6 +34074,7 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in 
the Key Distribution Center
        NOTE: 
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
        NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
 CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race 
condition that c ...)
+       {DLA-2892-1 DLA-2891-1}
        - golang-1.16 1.16.7-1
        - golang-1.15 1.15.15-1 (bug #991961)
        [bullseye] - golang-1.15 1.15.15-1~deb11u1
@@ -41266,6 +41303,7 @@ CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 
1.16.5, some configuratio
        NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
        NOTE: 
https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 
(1.15)
 CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, 
a crafte ...)
+       {DLA-2892-1 DLA-2891-1}
        - golang-1.16 1.16.5-1 (bug #989492)
        - golang-1.15 1.15.9-4
        - golang-1.11 <removed>
@@ -65452,8 +65490,8 @@ CVE-2021-23666
        RESERVED
 CVE-2021-23665
        RESERVED
-CVE-2021-23664
-       RESERVED
+CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are 
vulnerable to  ...)
+       TODO: check
 CVE-2021-23663 (All versions of package sey are vulnerable to Prototype 
Pollution via  ...)
        TODO: check
 CVE-2021-23662
@@ -65518,8 +65556,8 @@ CVE-2021-23633
        RESERVED
 CVE-2021-23632
        RESERVED
-CVE-2021-23631
-       RESERVED
+CVE-2021-23631 (This affects all versions of package convert-svg-core; all 
versions of ...)
+       TODO: check
 CVE-2021-23630
        RESERVED
 CVE-2021-23629
@@ -65744,8 +65782,8 @@ CVE-2021-23520
        RESERVED
 CVE-2021-23519
        RESERVED
-CVE-2021-23518
-       RESERVED
+CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable 
to Protot ...)
+       TODO: check
 CVE-2021-23517
        RESERVED
 CVE-2021-23516
@@ -65861,8 +65899,8 @@ CVE-2021-23462
        RESERVED
 CVE-2021-23461
        RESERVED
-CVE-2021-23460
-       RESERVED
+CVE-2021-23460 (The package min-dash before 3.8.1 are vulnerable to Prototype 
Pollutio ...)
+       TODO: check
 CVE-2021-23459
        RESERVED
 CVE-2021-23458



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/617c0899f39fd772b12257f1f3e584e3bf353aa2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/617c0899f39fd772b12257f1f3e584e3bf353aa2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to