[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 2 20:10:31 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26967b6d by security tracker role at 2022-02-02T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-24324
+ RESERVED
+CVE-2022-24323
+ RESERVED
+CVE-2022-24322
+ RESERVED
+CVE-2022-24321
+ RESERVED
+CVE-2022-24320
+ RESERVED
+CVE-2022-24319
+ RESERVED
+CVE-2022-24318
+ RESERVED
+CVE-2022-24317
+ RESERVED
+CVE-2022-24316
+ RESERVED
+CVE-2022-24315
+ RESERVED
+CVE-2022-24314
+ RESERVED
+CVE-2022-24313
+ RESERVED
+CVE-2022-24312
+ RESERVED
+CVE-2022-24311
+ RESERVED
+CVE-2022-24310
+ RESERVED
+CVE-2022-24309
+ RESERVED
+CVE-2022-0480
+ RESERVED
+CVE-2022-0479
+ RESERVED
+CVE-2022-0478
+ RESERVED
+CVE-2022-0477
+ RESERVED
+CVE-2022-0476
+ RESERVED
+CVE-2022-0475
+ RESERVED
+CVE-2022-0474
+ RESERVED
+CVE-2022-0473
+ RESERVED
CVE-2022-24308
RESERVED
CVE-2022-24307
@@ -573,7 +621,7 @@ CVE-2022-24131
RESERVED
CVE-2022-21170
RESERVED
-CVE-2022-0419 (NULL Pointer Dereference in NPM radare2.js prior to 6.0.0. ...)
+CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...)
TODO: check
CVE-2022-0418
RESERVED
@@ -1371,8 +1419,8 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
CVE-2022-0367
RESERVED
-CVE-2022-0366
- RESERVED
+CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...)
+ TODO: check
CVE-2022-0365
RESERVED
CVE-2022-0364
@@ -6433,10 +6481,10 @@ CVE-2022-22512
RESERVED
CVE-2022-22511
RESERVED
-CVE-2022-22510
- RESERVED
-CVE-2022-22509
- RESERVED
+CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
+ TODO: check
+CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...)
+ TODO: check
CVE-2022-22508
RESERVED
CVE-2022-22507
@@ -9149,7 +9197,8 @@ CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to S
NOT-FOR-US: Halo
CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
NOT-FOR-US: Halo
-CVE-2022-22122 (In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0 ...)
+CVE-2022-22122
+ REJECTED
NOT-FOR-US: Mattermost Focalboard
CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...)
NOT-FOR-US: NocoDB
@@ -11542,8 +11591,8 @@ CVE-2022-21819
RESERVED
CVE-2022-21818
RESERVED
-CVE-2022-21817
- RESERVED
+CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
+ TODO: check
CVE-2022-21816
RESERVED
CVE-2022-21815
@@ -14167,8 +14216,8 @@ CVE-2022-21726
RESERVED
CVE-2022-21725
RESERVED
-CVE-2022-21724
- RESERVED
+CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...)
+ TODO: check
CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -18486,8 +18535,8 @@ CVE-2021-43075
RESERVED
CVE-2021-43074
RESERVED
-CVE-2021-43073
- RESERVED
+CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2021-43072
RESERVED
CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
@@ -18508,8 +18557,8 @@ CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortine
NOT-FOR-US: FortiGuard
CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
-CVE-2021-43062
- RESERVED
+CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...)
+ TODO: check
CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...)
@@ -19249,8 +19298,8 @@ CVE-2021-42755
RESERVED
CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
NOT-FOR-US: Fortiguard
-CVE-2021-42753
- RESERVED
+CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...)
+ TODO: check
CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-42751
@@ -19532,26 +19581,26 @@ CVE-2021-42644
RESERVED
CVE-2021-42643
RESERVED
-CVE-2021-42642
- RESERVED
-CVE-2021-42641
- RESERVED
-CVE-2021-42640
- RESERVED
-CVE-2021-42639
- RESERVED
+CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ TODO: check
+CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ TODO: check
+CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ TODO: check
+CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ TODO: check
CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...)
TODO: check
-CVE-2021-42637
- RESERVED
+CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...)
+ TODO: check
CVE-2021-42636
RESERVED
CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
NOT-FOR-US: PrinterLogic Web Stack
CVE-2021-42634
RESERVED
-CVE-2021-42633
- RESERVED
+CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ TODO: check
CVE-2021-42632
RESERVED
CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
@@ -24724,12 +24773,12 @@ CVE-2021-41020
RESERVED
CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...)
NOT-FOR-US: Fortiguard
-CVE-2021-41018
- RESERVED
+CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...)
NOT-FOR-US: FortiGuard
-CVE-2021-41016
- RESERVED
+CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...)
+ TODO: check
CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...)
@@ -29568,16 +29617,16 @@ CVE-2021-39072
RESERVED
CVE-2021-39071
RESERVED
-CVE-2021-39070
- RESERVED
+CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...)
+ TODO: check
CVE-2021-39069
RESERVED
CVE-2021-39068
RESERVED
CVE-2021-39067
RESERVED
-CVE-2021-39066
- RESERVED
+CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...)
+ TODO: check
CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
NOT-FOR-US: IBM
CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authenti ...)
@@ -29620,8 +29669,8 @@ CVE-2021-39046
RESERVED
CVE-2021-39045
RESERVED
-CVE-2021-39044
- RESERVED
+CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...)
+ TODO: check
CVE-2021-39043
RESERVED
CVE-2021-39042
@@ -36612,8 +36661,8 @@ CVE-2021-36195 (Multiple command injection vulnerabilities in the command line i
NOT-FOR-US: FortiGuard
CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...)
NOT-FOR-US: FortiGuard
-CVE-2021-36193
- RESERVED
+CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...)
+ TODO: check
CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
NOT-FOR-US: Fortiguard
CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
@@ -36644,8 +36693,8 @@ CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.1
NOT-FOR-US: FortiGuard
CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...)
NOT-FOR-US: Fortiguard
-CVE-2021-36177
- RESERVED
+CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...)
+ TODO: check
CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...)
NOT-FOR-US: Fortiguard
CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...)
@@ -66989,8 +67038,8 @@ CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving
NOT-FOR-US: Facebook Hermes
CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...)
NOT-FOR-US: Facebook Hermes
-CVE-2021-24043
- RESERVED
+CVE-2021-24043 (A missing bound check in RTCP flag parsing code prior to WhatsApp for ...)
+ TODO: check
CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
NOT-FOR-US: Whatsapp
CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
@@ -68201,7 +68250,7 @@ CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Servi
- colors.js <not-affected> (Vulnerable code never in a released Debian version)
NOTE: https://github.com/Marak/colors.js/issues/285
NOTE: Introduced with: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
-CVE-2021-23566 (The package nanoid before 3.1.31 are vulnerable to Information Exposur ...)
+CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...)
NOT-FOR-US: Node nanoid (NaN0-1D)
CVE-2021-23565
RESERVED
@@ -93251,8 +93300,8 @@ CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to e
NOT-FOR-US: BookStack app
CVE-2020-26209
RESERVED
-CVE-2020-26208
- RESERVED
+CVE-2020-26208 (JHEAD is a simple command line tool for displaying and some manipulati ...)
+ TODO: check
CVE-2020-26207 (DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary ...)
NOT-FOR-US: DatabaseSchemaViewer
CVE-2020-26206
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26967b6d3ad8ecb8d685fe85ffc0d21df6984eef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26967b6d3ad8ecb8d685fe85ffc0d21df6984eef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220202/66250278/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list