[Git][security-tracker-team/security-tracker][master] automatic update

Thu Dec 16 20:10:29 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7be57955 by security tracker role at 2021-12-16T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-21953
+	RESERVED
+CVE-2022-21952
+	RESERVED
+CVE-2022-21951
+	RESERVED
+CVE-2022-21950
+	RESERVED
+CVE-2022-21949
+	RESERVED
+CVE-2022-21948
+	RESERVED
+CVE-2022-21947
+	RESERVED
+CVE-2022-21946
+	RESERVED
+CVE-2022-21945
+	RESERVED
+CVE-2022-21944
+	RESERVED
+CVE-2021-45105
+	RESERVED
+CVE-2021-31566
+	RESERVED
+CVE-2021-23177
+	RESERVED
 CVE-2022-21943
 	RESERVED
 CVE-2022-21942
@@ -82,14 +108,14 @@ CVE-2021-XXXX [JNDI vunerability]
 	NOTE: https://jira.qos.ch/browse/LOGBACK-1591
 CVE-2021-44771
 	RESERVED
-CVE-2021-4124
-	RESERVED
-CVE-2021-4123
-	RESERVED
+CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
+	TODO: check
+CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2021-4122
 	RESERVED
-CVE-2021-4121
-	RESERVED
+CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
+	TODO: check
 CVE-2021-23151
 	RESERVED
 CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
@@ -155,6 +181,7 @@ CVE-2021-45048
 CVE-2021-45047
 	RESERVED
 CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...)
+	{DSA-5022-1}
 	- apache-log4j2 2.16.0-1 (bug #1001729)
 	[stretch] - apache-log4j2 <not-affected> (JndiLookup class has been removed)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4
@@ -4886,10 +4913,10 @@ CVE-2022-21136
 	RESERVED
 CVE-2022-21131
 	RESERVED
-CVE-2021-3960
-	RESERVED
-CVE-2021-3959
-	RESERVED
+CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+	TODO: check
 CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
 	NOT-FOR-US: iPack SCADA Automation
 CVE-2021-43745
@@ -14154,8 +14181,8 @@ CVE-2021-40837
 	RESERVED
 CVE-2021-40836
 	RESERVED
-CVE-2021-40835
-	RESERVED
+CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
+	TODO: check
 CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
 	NOT-FOR-US: F-secure
 CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
@@ -22121,9 +22148,9 @@ CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
 CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
 	NOT-FOR-US: Meow hash
-CVE-2021-37605 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
+CVE-2021-37605 (In version 6.5 of MiWi software and all previous versions including le ...)
 	NOT-FOR-US: Microchip MiWi
-CVE-2021-37604 (In the Microchip MiWi v6.5 software stack, there is a possibility of f ...)
+CVE-2021-37604 (In version 6.5 of our MiWi software and all previous versions includin ...)
 	NOT-FOR-US: Microchip MiWi
 CVE-2021-37603
 	RESERVED
@@ -42937,7 +42964,7 @@ CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. .
 	NOT-FOR-US: Cloudera Manager
 CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...)
 	NOT-FOR-US: CODESYS Control Runtime
-CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that  ...)
+CVE-2021-29241 (CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that ...)
 	NOT-FOR-US: CODESYS Gateway 3
 CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...)
 	NOT-FOR-US: Package Manager of CODESYS Development System 3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be579555b9f37ed844a42ae35d71b62514977ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7be579555b9f37ed844a42ae35d71b62514977ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211216/b22c29ce/attachment.htm>
