[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 4 20:10:26 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e4dd0a1 by security tracker role at 2022-02-04T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-24408
+	RESERVED
+CVE-2022-0501
+	RESERVED
+CVE-2022-0500
+	RESERVED
+CVE-2022-0499
+	RESERVED
+CVE-2022-0498
+	RESERVED
+CVE-2022-0497
+	RESERVED
+CVE-2022-0496
+	RESERVED
+CVE-2022-0495
+	RESERVED
+CVE-2022-0494
+	RESERVED
+CVE-2022-0493
+	RESERVED
 CVE-2022-XXXX [information leak]
 	- atftp 0.7.git20210915-1 (bug #1004974)
 	NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
@@ -3599,8 +3619,8 @@ CVE-2022-23318
 	RESERVED
 CVE-2022-23317
 	RESERVED
-CVE-2022-23316
-	RESERVED
+CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
+	TODO: check
 CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
 	NOT-FOR-US: MCMS
 CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...)
@@ -3631,8 +3651,8 @@ CVE-2022-0267
 	RESERVED
 CVE-2021-46399
 	RESERVED
-CVE-2021-46398
-	RESERVED
+CVE-2021-46398 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowse ...)
+	TODO: check
 CVE-2021-46397
 	RESERVED
 CVE-2021-46396
@@ -3827,8 +3847,8 @@ CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability
 	NOT-FOR-US: Duktape
 CVE-2021-46321
 	RESERVED
-CVE-2021-46320
-	RESERVED
+CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked se ...)
+	TODO: check
 CVE-2021-46319
 	RESERVED
 CVE-2021-46318
@@ -11312,8 +11332,8 @@ CVE-2021-44985
 	RESERVED
 CVE-2021-44984
 	RESERVED
-CVE-2021-44983
-	RESERVED
+CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...)
+	TODO: check
 CVE-2021-44982
 	RESERVED
 CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...)
@@ -11322,10 +11342,10 @@ CVE-2021-44980
 	RESERVED
 CVE-2021-44979
 	RESERVED
-CVE-2021-44978
-	RESERVED
-CVE-2021-44977
-	RESERVED
+CVE-2021-44978 (iCMS <= 8.0.0 allows users to add and render a comtom template, whi ...)
+	TODO: check
+CVE-2021-44977 (In iCMS <=8.0.0, a directory traversal vulnerability allows an atta ...)
+	TODO: check
 CVE-2021-44976
 	RESERVED
 CVE-2021-44975
@@ -11501,16 +11521,16 @@ CVE-2021-44905
 	RESERVED
 CVE-2021-44904
 	RESERVED
-CVE-2021-44903
-	RESERVED
+CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable ...)
+	TODO: check
 CVE-2021-44902
 	RESERVED
-CVE-2021-44901
-	RESERVED
-CVE-2021-44900
-	RESERVED
-CVE-2021-44899
-	RESERVED
+CVE-2021-44901 (Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulner ...)
+	TODO: check
+CVE-2021-44900 (Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulner ...)
+	TODO: check
+CVE-2021-44899 (Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to  ...)
+	TODO: check
 CVE-2021-44898
 	RESERVED
 CVE-2021-44897
@@ -11535,8 +11555,8 @@ CVE-2021-44888
 	RESERVED
 CVE-2021-44887
 	RESERVED
-CVE-2021-44886
-	RESERVED
+CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...)
+	TODO: check
 CVE-2021-44885
 	RESERVED
 CVE-2021-44884
@@ -18679,8 +18699,8 @@ CVE-2021-43147
 	RESERVED
 CVE-2021-43146
 	RESERVED
-CVE-2021-43145
-	RESERVED
+CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...)
+	TODO: check
 CVE-2021-43144
 	RESERVED
 CVE-2021-43143
@@ -302856,15 +302876,17 @@ CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and
 CVE-2017-6963
 	RESERVED
 CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow  ...)
+	{DLA-2911-1}
 	- apng2gif 1.8-0.1 (bug #854447)
 	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...)
+	{DLA-2911-1}
 	- apng2gif 1.8-0.1 (bug #854441)
 	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow  ...)
-	{DLA-2165-1 DLA-981-1}
+	{DLA-2911-1 DLA-2165-1 DLA-981-1}
 	- apng2gif 1.8-0.1 (bug #854367)
 CVE-2017-6959
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e4dd0a183e4b3324da121acb8911e2e06a19f6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e4dd0a183e4b3324da121acb8911e2e06a19f6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220204/858b86bd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list