[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 1 08:10:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63bc46fb by security tracker role at 2022-02-01T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-24286
+	RESERVED
+CVE-2022-24285
+	RESERVED
+CVE-2022-24284
+	RESERVED
+CVE-2022-24283
+	RESERVED
+CVE-2022-0437
+	RESERVED
+CVE-2022-0436
+	RESERVED
+CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
+	TODO: check
+CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...)
+	TODO: check
+CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an ...)
+	TODO: check
+CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of mishandli ...)
+	TODO: check
+CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash because ...)
+	TODO: check
+CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in sub_select_postj ...)
+	TODO: check
+CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application crash via ...)
+	TODO: check
+CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash via certa ...)
+	TODO: check
+CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field_in_ta ...)
+	TODO: check
+CVE-2021-4218
+	RESERVED
 CVE-2022-24282
 	RESERVED
 CVE-2022-24281
@@ -63,14 +95,14 @@ CVE-2022-24268
 	RESERVED
 CVE-2022-24267
 	RESERVED
-CVE-2022-24266
-	RESERVED
-CVE-2022-24265
-	RESERVED
-CVE-2022-24264
-	RESERVED
-CVE-2022-24263
-	RESERVED
+CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
+	TODO: check
 CVE-2022-24262
 	RESERVED
 CVE-2022-24261
@@ -1323,8 +1355,8 @@ CVE-2022-23874
 	RESERVED
 CVE-2022-23873
 	RESERVED
-CVE-2022-23872
-	RESERVED
+CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...)
+	TODO: check
 CVE-2022-23871
 	RESERVED
 CVE-2022-23870
@@ -1972,8 +2004,8 @@ CVE-2022-23776
 	RESERVED
 CVE-2022-23775
 	RESERVED
-CVE-2022-23774
-	RESERVED
+CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...)
+	TODO: check
 CVE-2022-23773
 	RESERVED
 CVE-2022-23772
@@ -5773,6 +5805,7 @@ CVE-2022-22596
 CVE-2022-22595
 	RESERVED
 CVE-2022-22594 [A cross-origin issue in the IndexDB API was addressed with improved input validation]
+	RESERVED
 	{DSA-5061-1 DSA-5060-1}
 	- webkit2gtk 2.34.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -14030,8 +14063,8 @@ CVE-2022-21661 (WordPress is a free and open-source content management system wr
 	NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
 CVE-2022-21660
 	RESERVED
-CVE-2022-21659
-	RESERVED
+CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...)
+	TODO: check
 CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...)
 	- rustc <unfixed>
 	NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
@@ -46527,7 +46560,7 @@ CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitial
 	- libwebp 0.6.1-2.1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
 CVE-2021-3534
-	RESERVED
+	REJECTED
 CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR  ...)
 	- ansible <unfixed>
 	[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bc46fb702799e19f85fae65633b0c1604f4ae5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bc46fb702799e19f85fae65633b0c1604f4ae5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220201/8f120395/attachment.htm>

More information about the debian-security-tracker-commits mailing list