[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 02 Feb 2022 12:10:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
26967b6d by security tracker role at 2022-02-02T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-24324
+       RESERVED
+CVE-2022-24323
+       RESERVED
+CVE-2022-24322
+       RESERVED
+CVE-2022-24321
+       RESERVED
+CVE-2022-24320
+       RESERVED
+CVE-2022-24319
+       RESERVED
+CVE-2022-24318
+       RESERVED
+CVE-2022-24317
+       RESERVED
+CVE-2022-24316
+       RESERVED
+CVE-2022-24315
+       RESERVED
+CVE-2022-24314
+       RESERVED
+CVE-2022-24313
+       RESERVED
+CVE-2022-24312
+       RESERVED
+CVE-2022-24311
+       RESERVED
+CVE-2022-24310
+       RESERVED
+CVE-2022-24309
+       RESERVED
+CVE-2022-0480
+       RESERVED
+CVE-2022-0479
+       RESERVED
+CVE-2022-0478
+       RESERVED
+CVE-2022-0477
+       RESERVED
+CVE-2022-0476
+       RESERVED
+CVE-2022-0475
+       RESERVED
+CVE-2022-0474
+       RESERVED
+CVE-2022-0473
+       RESERVED
 CVE-2022-24308
        RESERVED
 CVE-2022-24307
@@ -573,7 +621,7 @@ CVE-2022-24131
        RESERVED
 CVE-2022-21170
        RESERVED
-CVE-2022-0419 (NULL Pointer Dereference in NPM radare2.js prior to 6.0.0. ...)
+CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 
prior  ...)
        TODO: check
 CVE-2022-0418
        RESERVED
@@ -1371,8 +1419,8 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository 
vim/vim prior to 8.2. ...
        NOTE: 
https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa 
(v8.2.4217)
 CVE-2022-0367
        RESERVED
-CVE-2022-0366
-       RESERVED
+CVE-2022-0366 (An authenticated and authorized agent user could potentially 
gain admi ...)
+       TODO: check
 CVE-2022-0365
        RESERVED
 CVE-2022-0364
@@ -6433,10 +6481,10 @@ CVE-2022-22512
        RESERVED
 CVE-2022-22511
        RESERVED
-CVE-2022-22510
-       RESERVED
-CVE-2022-22509
-       RESERVED
+CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer 
derefere ...)
+       TODO: check
+CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an 
incorrect  ...)
+       TODO: check
 CVE-2022-22508
        RESERVED
 CVE-2022-22507
@@ -9149,7 +9197,8 @@ CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 
(latest) are vulnerable to S
        NOT-FOR-US: Halo
 CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to 
Stored  ...)
        NOT-FOR-US: Halo
-CVE-2022-22122 (In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, 
v0.9.5, v0 ...)
+CVE-2022-22122
+       REJECTED
        NOT-FOR-US: Mattermost Focalboard
 CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV 
Injectio ...)
        NOT-FOR-US: NocoDB
@@ -11542,8 +11591,8 @@ CVE-2022-21819
        RESERVED
 CVE-2022-21818
        RESERVED
-CVE-2022-21817
-       RESERVED
+CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource 
Sharing (CO ...)
+       TODO: check
 CVE-2022-21816
        RESERVED
 CVE-2022-21815
@@ -14167,8 +14216,8 @@ CVE-2022-21726
        RESERVED
 CVE-2022-21725
        RESERVED
-CVE-2022-21724
-       RESERVED
+CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole 
was foun ...)
+       TODO: check
 CVE-2022-21723 (PJSIP is a free and open source multimedia communication 
library writt ...)
        TODO: check
 CVE-2022-21722 (PJSIP is a free and open source multimedia communication 
library writt ...)
@@ -18486,8 +18535,8 @@ CVE-2021-43075
        RESERVED
 CVE-2021-43074
        RESERVED
-CVE-2021-43073
-       RESERVED
+CVE-2021-43073 (A improper neutralization of special elements used in an os 
command (' ...)
+       TODO: check
 CVE-2021-43072
        RESERVED
 CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 
6.4.1 and 6. ...)
@@ -18508,8 +18557,8 @@ CVE-2021-43064 (A url redirection to untrusted site 
('open redirect') in Fortine
        NOT-FOR-US: FortiGuard
 CVE-2021-43063 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
-CVE-2021-43062
-       RESERVED
+CVE-2021-43062 (A improper neutralization of input during web page generation 
('cross- ...)
+       TODO: check
 CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access 
key unencr ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and 
earlier ...)
@@ -19249,8 +19298,8 @@ CVE-2021-42755
        RESERVED
 CVE-2021-42754 (An improper control of generation of code vulnerability 
[CWE-94] in Fo ...)
        NOT-FOR-US: Fortiguard
-CVE-2021-42753
-       RESERVED
+CVE-2021-42753 (An improper limitation of a pathname to a restricted directory 
('Path  ...)
+       TODO: check
 CVE-2021-42752 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-42751
@@ -19532,26 +19581,26 @@ CVE-2021-42644
        RESERVED
 CVE-2021-42643
        RESERVED
-CVE-2021-42642
-       RESERVED
-CVE-2021-42641
-       RESERVED
-CVE-2021-42640
-       RESERVED
-CVE-2021-42639
-       RESERVED
+CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
+       TODO: check
+CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
+       TODO: check
+CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
+       TODO: check
+CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
+       TODO: check
 CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not 
sanitiz ...)
        TODO: check
-CVE-2021-42637
-       RESERVED
+CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use 
user-contr ...)
+       TODO: check
 CVE-2021-42636
        RESERVED
 CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a 
hardcode ...)
        NOT-FOR-US: PrinterLogic Web Stack
 CVE-2021-42634
        RESERVED
-CVE-2021-42633
-       RESERVED
+CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are 
vulnerable ...)
+       TODO: check
 CVE-2021-42632
        RESERVED
 CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below 
deserializes a ...)
@@ -24724,12 +24773,12 @@ CVE-2021-41020
        RESERVED
 CVE-2021-41019 (An improper validation of certificate with host mismatch 
[CWE-297] vul ...)
        NOT-FOR-US: Fortiguard
-CVE-2021-41018
-       RESERVED
+CVE-2021-41018 (A improper neutralization of special elements used in an os 
command (' ...)
+       TODO: check
 CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some 
web API co ...)
        NOT-FOR-US: FortiGuard
-CVE-2021-41016
-       RESERVED
+CVE-2021-41016 (A improper neutralization of special elements used in a 
command ('comm ...)
+       TODO: check
 CVE-2021-41015 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
 CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb 
version 6.4.1 ...)
@@ -29568,16 +29617,16 @@ CVE-2021-39072
        RESERVED
 CVE-2021-39071
        RESERVED
-CVE-2021-39070
-       RESERVED
+CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 
with the ad ...)
+       TODO: check
 CVE-2021-39069
        RESERVED
 CVE-2021-39068
        RESERVED
 CVE-2021-39067
        RESERVED
-CVE-2021-39066
-       RESERVED
+CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate 
session an ...)
+       TODO: check
 CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could 
allow a rem ...)
        NOT-FOR-US: IBM
 CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak 
authenti ...)
@@ -29620,8 +29669,8 @@ CVE-2021-39046
        RESERVED
 CVE-2021-39045
        RESERVED
-CVE-2021-39044
-       RESERVED
+CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to 
cross-site re ...)
+       TODO: check
 CVE-2021-39043
        RESERVED
 CVE-2021-39042
@@ -36612,8 +36661,8 @@ CVE-2021-36195 (Multiple command injection 
vulnerabilities in the command line i
        NOT-FOR-US: FortiGuard
 CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers 
of FortiW ...)
        NOT-FOR-US: FortiGuard
-CVE-2021-36193
-       RESERVED
+CVE-2021-36193 (Multiple stack-based buffer overflows in the command line 
interpreter  ...)
+       TODO: check
 CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor 
[CWE-200 ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in 
Fortinet Fort ...)
@@ -36644,8 +36693,8 @@ CVE-2021-36179 (A stack-based buffer overflow in 
Fortinet FortiWeb version 6.3.1
        NOT-FOR-US: FortiGuard
 CVE-2021-36178 (A insufficiently protected credentials in Fortinet 
FortiSDNConnector v ...)
        NOT-FOR-US: Fortiguard
-CVE-2021-36177
-       RESERVED
+CVE-2021-36177 (An improper access control vulnerability [CWE-284] in 
FortiAuthenticat ...)
+       TODO: check
 CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in 
the web  ...)
        NOT-FOR-US: Fortiguard
 CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in 
FortiWeb ...)
@@ -66989,8 +67038,8 @@ CVE-2021-24045 (A type confusion vulnerability could be 
triggered when resolving
        NOT-FOR-US: Facebook Hermes
 CVE-2021-24044 (By passing invalid javascript code where await and yield were 
called u ...)
        NOT-FOR-US: Facebook Hermes
-CVE-2021-24043
-       RESERVED
+CVE-2021-24043 (A missing bound check in RTCP flag parsing code prior to 
WhatsApp for  ...)
+       TODO: check
 CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, 
WhatsApp ...)
        NOT-FOR-US: Whatsapp
 CVE-2021-24041 (A missing bounds check in image blurring code prior to 
WhatsApp for An ...)
@@ -68201,7 +68250,7 @@ CVE-2021-23567 (The package colors after 1.4.0 are 
vulnerable to Denial of Servi
        - colors.js <not-affected> (Vulnerable code never in a released Debian 
version)
        NOTE: https://github.com/Marak/colors.js/issues/285
        NOTE: Introduced with: 
https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
-CVE-2021-23566 (The package nanoid before 3.1.31 are vulnerable to Information 
Exposur ...)
+CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable 
to Info ...)
        NOT-FOR-US: Node nanoid (NaN0-1D)
 CVE-2021-23565
        RESERVED
@@ -93251,8 +93300,8 @@ CVE-2020-26210 (In BookStack before version 0.30.4, a 
user with permissions to e
        NOT-FOR-US: BookStack app
 CVE-2020-26209
        RESERVED
-CVE-2020-26208
-       RESERVED
+CVE-2020-26208 (JHEAD is a simple command line tool for displaying and some 
manipulati ...)
+       TODO: check
 CVE-2020-26207 (DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to 
arbitrary ...)
        NOT-FOR-US: DatabaseSchemaViewer
 CVE-2020-26206



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26967b6d3ad8ecb8d685fe85ffc0d21df6984eef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26967b6d3ad8ecb8d685fe85ffc0d21df6984eef
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to