[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 3 08:10:22 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f00cf3f9 by security tracker role at 2022-02-03T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2022-24372
+ RESERVED
+CVE-2022-24371
+ RESERVED
+CVE-2022-24370
+ RESERVED
+CVE-2022-24369
+ RESERVED
+CVE-2022-24368
+ RESERVED
+CVE-2022-24367
+ RESERVED
+CVE-2022-24366
+ RESERVED
+CVE-2022-24365
+ RESERVED
+CVE-2022-24364
+ RESERVED
+CVE-2022-24363
+ RESERVED
+CVE-2022-24362
+ RESERVED
+CVE-2022-24361
+ RESERVED
+CVE-2022-24360
+ RESERVED
+CVE-2022-24359
+ RESERVED
+CVE-2022-24358
+ RESERVED
+CVE-2022-24357
+ RESERVED
+CVE-2022-24356
+ RESERVED
+CVE-2022-24355
+ RESERVED
+CVE-2022-24354
+ RESERVED
+CVE-2022-24353
+ RESERVED
+CVE-2022-24352
+ RESERVED
+CVE-2022-24351
+ RESERVED
+CVE-2022-24350
+ RESERVED
+CVE-2022-24349
+ RESERVED
+CVE-2022-24348
+ RESERVED
+CVE-2022-24347
+ RESERVED
+CVE-2022-24346
+ RESERVED
+CVE-2022-24345
+ RESERVED
+CVE-2022-24344
+ RESERVED
+CVE-2022-24343
+ RESERVED
+CVE-2022-24342
+ RESERVED
+CVE-2022-24341
+ RESERVED
+CVE-2022-24340
+ RESERVED
+CVE-2022-24339
+ RESERVED
+CVE-2022-24338
+ RESERVED
+CVE-2022-24337
+ RESERVED
+CVE-2022-24336
+ RESERVED
+CVE-2022-24335
+ RESERVED
+CVE-2022-24334
+ RESERVED
+CVE-2022-24333
+ RESERVED
+CVE-2022-24332
+ RESERVED
+CVE-2022-24331
+ RESERVED
+CVE-2022-24330
+ RESERVED
+CVE-2022-24329
+ RESERVED
+CVE-2022-24328
+ RESERVED
+CVE-2022-24327
+ RESERVED
+CVE-2022-24326
+ RESERVED
+CVE-2022-24325
+ RESERVED
+CVE-2022-23402
+ RESERVED
+CVE-2022-23401
+ RESERVED
+CVE-2022-22729
+ RESERVED
+CVE-2022-22151
+ RESERVED
+CVE-2022-22148
+ RESERVED
+CVE-2022-22145
+ RESERVED
+CVE-2022-22141
+ RESERVED
+CVE-2022-21808
+ RESERVED
+CVE-2022-21194
+ RESERVED
+CVE-2022-21177
+ RESERVED
+CVE-2022-0481
+ RESERVED
CVE-2022-24324
RESERVED
CVE-2022-24323
@@ -201,8 +319,8 @@ CVE-2022-0445
RESERVED
CVE-2022-0444
RESERVED
-CVE-2022-0443
- RESERVED
+CVE-2022-0443 (Use After Free in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0442
RESERVED
CVE-2022-0441
@@ -311,8 +429,8 @@ CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_fi
- linux <not-affected> (Vulnerable code newer in a supported Debian release; only affected experimental)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259
NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1)
-CVE-2022-0432
- RESERVED
+CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...)
+ TODO: check
CVE-2022-0431
RESERVED
CVE-2022-0430
@@ -656,8 +774,8 @@ CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulne
NOT-FOR-US: Casdoor
CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...)
TODO: check
-CVE-2022-24121
- RESERVED
+CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...)
+ TODO: check
CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...)
NOT-FOR-US: Signiant Manager+Agents
CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not ...)
@@ -880,8 +998,8 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba
NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233)
-CVE-2022-24069
- RESERVED
+CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ TODO: check
CVE-2022-24064
RESERVED
CVE-2022-24063
@@ -987,10 +1105,10 @@ CVE-2022-24033
RESERVED
CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...)
NOT-FOR-US: Adenza AxiomSL ControllerView
-CVE-2022-24031
- RESERVED
-CVE-2022-24030
- RESERVED
+CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...)
+ TODO: check
+CVE-2022-24030 (SMM memory corruption vulnerability allowing a possible attacker to wr ...)
+ TODO: check
CVE-2022-24029
RESERVED
CVE-2022-24028
@@ -1612,12 +1730,12 @@ CVE-2022-23875
RESERVED
CVE-2022-23874
RESERVED
-CVE-2022-23873
- RESERVED
+CVE-2022-23873 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...)
NOT-FOR-US: Emlog pro
-CVE-2022-23871
- RESERVED
+CVE-2022-23871 (Multiple cross-site scripting (XSS) vulnerabilities in the component o ...)
+ TODO: check
CVE-2022-23870
RESERVED
CVE-2022-23869
@@ -2064,8 +2182,7 @@ CVE-2022-0336 [Samba AD users with permission to write to an account can imperso
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14950
CVE-2022-23834
RESERVED
-CVE-2022-23833
- RESERVED
+CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...)
{DLA-2906-1}
- python-django 2:3.2.12-1 (bug #1004752)
[bullseye] - python-django <no-dsa> (Minor issue)
@@ -2140,7 +2257,8 @@ CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
- linux 5.15.15-2
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12
NOTE: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c
-CVE-2022-0329 (Code Injection in PyPi loguru prior to and including 0.5.3. ...)
+CVE-2022-0329
+ REJECTED
- loguru 0.5.3-5 (bug #1004194)
NOTE: https://github.com/Delgan/loguru/issues/563
NOTE: https://github.com/delgan/loguru/commit/4b0070a4f30cbf6d5e12e6274b242b62ea11c81b
@@ -3285,8 +3403,8 @@ CVE-2022-23359
RESERVED
CVE-2022-23358
RESERVED
-CVE-2022-23357
- RESERVED
+CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...)
+ TODO: check
CVE-2022-23356
RESERVED
CVE-2022-23355
@@ -5387,8 +5505,7 @@ CVE-2022-22820 (Due to the lack of media file checks before rendering, it was po
NOT-FOR-US: LINE
CVE-2022-22819
RESERVED
-CVE-2022-22818
- RESERVED
+CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...)
{DLA-2906-1}
- python-django 2:3.2.12-1 (bug #1004752)
[bullseye] - python-django <no-dsa> (Minor issue)
@@ -16082,8 +16199,8 @@ CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds wit
[bullseye] - npm <no-dsa> (Minor issue)
[buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/cli/issues/2701
-CVE-2021-43615
- RESERVED
+CVE-2021-43615 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
+ TODO: check
CVE-2021-43614
RESERVED
CVE-2021-43613
@@ -16454,8 +16571,8 @@ CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of spe
- uclibc-ng <itp> (bug #811275)
NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1
NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174
-CVE-2021-43522
- RESERVED
+CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...)
+ TODO: check
CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...)
- accountsservice <not-affected> (Ubuntu specific patch)
NOTE: https://ubuntu.com/security/CVE-2021-3939
@@ -16961,8 +17078,8 @@ CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a te
NOT-FOR-US: Automox Agent
CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
NOT-FOR-US: LibreNMS
-CVE-2021-43323
- RESERVED
+CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel ...)
+ TODO: check
CVE-2021-43322
RESERVED
CVE-2021-43321
@@ -19774,8 +19891,8 @@ CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive e
NOT-FOR-US: Rasa X
CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...)
NOT-FOR-US: Pexip Infinity
-CVE-2021-42554
- RESERVED
+CVE-2021-42554 (SMM memory corruption vulnerability allowing a possible attacker to wr ...)
+ TODO: check
CVE-2021-3892
REJECTED
CVE-2021-26247 (As an unauthenticated remote user, visit "http://<CACTI_SERVER>/ ...)
@@ -22036,8 +22153,8 @@ CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnera
NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
NOTE: https://comsec.ethz.ch/research/dram/blacksmith/
-CVE-2021-42113
- RESERVED
+CVE-2021-42113 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
+ TODO: check
CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
- limesurvey <itp> (bug #472802)
CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
@@ -22197,10 +22314,10 @@ CVE-2021-3867
CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...)
- zulip-server <itp> (bug #800052)
NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
-CVE-2021-42060
- RESERVED
-CVE-2021-42059
- RESERVED
+CVE-2021-42060 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
+ TODO: check
+CVE-2021-42059 (Stack overflow vulnerability that allows a local root user to access U ...)
+ TODO: check
CVE-2021-42058
RESERVED
CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...)
@@ -22728,16 +22845,16 @@ CVE-2021-41843 (An authenticated SQL injection issue in the calendar search func
NOT-FOR-US: OpenEMR
CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
NOT-FOR-US: Insyde
-CVE-2021-41841
- RESERVED
-CVE-2021-41840
- RESERVED
-CVE-2021-41839
- RESERVED
-CVE-2021-41838
- RESERVED
-CVE-2021-41837
- RESERVED
+CVE-2021-41841 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+ TODO: check
+CVE-2021-41840 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+ TODO: check
+CVE-2021-41839 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+ TODO: check
+CVE-2021-41838 (An unsafe pointer vulnerability exists in SMM (System Management Mode) ...)
+ TODO: check
+CVE-2021-41837 (An unsafe pointer vulnerability exists in SMM (System Management Mode) ...)
+ TODO: check
CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...)
@@ -42762,12 +42879,12 @@ CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when build
NOT-FOR-US: isula-build
CVE-2021-33628
RESERVED
-CVE-2021-33627
- RESERVED
-CVE-2021-33626 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not cor ...)
+CVE-2021-33627 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+ TODO: check
+CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
NOT-FOR-US: Insyde
-CVE-2021-33625
- RESERVED
+CVE-2021-33625 (An issue was discovered in Kernel 5.x (starting from 5.1) in Insyde In ...)
+ TODO: check
CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
{DLA-2785-1}
- linux 5.10.46-1
@@ -143960,8 +144077,8 @@ CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O
NOT-FOR-US: Int15MicrocodeSmm
CVE-2020-5954
RESERVED
-CVE-2020-5953
- RESERVED
+CVE-2020-5953 (A vulnerability exists in System Management Interrupt (SWSMI) handler ...)
+ TODO: check
CVE-2020-5952
RESERVED
CVE-2020-5951
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00cf3f9cd299d2dc13ace81a87d068c0a6016fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f00cf3f9cd299d2dc13ace81a87d068c0a6016fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220203/b4f52fa7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list