[Git][security-tracker-team/security-tracker][master] automatic update

Tue Feb 8 08:10:21 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
caf2a263 by security tracker role at 2022-02-08T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-24668
+	RESERVED
+CVE-2022-24667
+	RESERVED
+CVE-2022-24666
+	RESERVED
+CVE-2022-0528
+	RESERVED
+CVE-2022-0527
+	RESERVED
+CVE-2022-0526
+	RESERVED
+CVE-2022-0525
+	RESERVED
+CVE-2022-0524
+	RESERVED
+CVE-2022-0523
+	RESERVED
+CVE-2022-0522
+	RESERVED
+CVE-2022-0521
+	RESERVED
+CVE-2022-0520
+	RESERVED
+CVE-2022-0519
+	RESERVED
+CVE-2022-0518
+	RESERVED
+CVE-2022-0517
+	RESERVED
+CVE-2022-0516
+	RESERVED
 CVE-2022-24665
 	RESERVED
 CVE-2022-24664
@@ -428,8 +460,8 @@ CVE-2022-24452
 	RESERVED
 CVE-2022-24451
 	RESERVED
-CVE-2022-24450
-	RESERVED
+CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...)
+	TODO: check
 CVE-2022-24449
 	RESERVED
 CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...)
@@ -870,96 +902,115 @@ CVE-2022-21173
 	RESERVED
 CVE-2022-0470
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0469
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0468
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0467
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0466
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0465
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0464
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0463
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0462
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0461
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0460
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0459
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0458
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0457
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0456
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0455
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0454
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0453
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0452
 	RESERVED
+	{DSA-5068-1}
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -3369,10 +3420,10 @@ CVE-2022-23626
 	RESERVED
 CVE-2022-23625
 	RESERVED
-CVE-2022-23624
-	RESERVED
-CVE-2022-23623
-	RESERVED
+CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
+	TODO: check
+CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
+	TODO: check
 CVE-2022-23622
 	RESERVED
 CVE-2022-23621
@@ -3391,8 +3442,8 @@ CVE-2022-23615
 	RESERVED
 CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...)
 	TODO: check
-CVE-2022-23613
-	RESERVED
+CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In affect ...)
+	TODO: check
 CVE-2022-23612
 	RESERVED
 CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows  ...)
@@ -8200,7 +8251,7 @@ CVE-2022-0078
 	RESERVED
 CVE-2021-45959
 	REJECTED
-CVE-2021-45958 (** DISPUTED ** UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-b ...)
+CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow  ...)
 	- ujson <unfixed> (bug #1005140)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
 	NOTE: https://github.com/ultrajson/ultrajson/issues/501
@@ -10634,8 +10685,8 @@ CVE-2021-45283
 	RESERVED
 CVE-2021-45282
 	RESERVED
-CVE-2021-45281
-	RESERVED
+CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...)
+	TODO: check
 CVE-2021-45280
 	RESERVED
 CVE-2021-45279
@@ -12447,12 +12498,11 @@ CVE-2022-21818
 	RESERVED
 CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
 	NOT-FOR-US: NVIDIA
-CVE-2022-21816
-	RESERVED
-CVE-2022-21815
-	RESERVED
-CVE-2022-21814
-	RESERVED
+CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+	TODO: check
+CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
 	- nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -12469,8 +12519,7 @@ CVE-2022-21814
 	[bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
 	[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
-CVE-2022-21813
-	RESERVED
+CVE-2022-21813 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
 	- nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -15114,8 +15163,8 @@ CVE-2022-21714
 	RESERVED
 CVE-2022-21713
 	RESERVED
-CVE-2022-21712
-	RESERVED
+CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
+	TODO: check
 CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
 	NOT-FOR-US: elfspirit
 CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
@@ -23248,8 +23297,8 @@ CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Po
 	NOT-FOR-US: Apache Traffic Control
 CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web  ...)
 	NOT-FOR-US: icecoder
-CVE-2021-3861
-	RESERVED
+CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerability. Z ...)
+	TODO: check
 CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
 	NOT-FOR-US: JFrog Artifactory
 CVE-2021-3859
@@ -23897,8 +23946,8 @@ CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runt
 CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...)
 	- dbeaver <itp> (bug #680987)
 	NOTE: https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22
-CVE-2021-3835
-	RESERVED
+CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions >= v2.6.0 cont ...)
+	TODO: check
 CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...)
 	NOT-FOR-US: Integria IMS
 CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...)
@@ -24520,7 +24569,7 @@ CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj function
 	NOTE: https://github.com/numpy/numpy/issues/19000
 	NOTE: https://github.com/numpy/numpy/pull/20630
 	NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2
-CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...)
+CVE-2021-41495 (** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy. ...)
 	- numpy <unfixed>
 	[bullseye] - numpy <no-dsa> (Minor issue)
 	NOTE: https://github.com/numpy/numpy/issues/19038



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf2a2635171e065e10c31477939bf4337bb0cc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf2a2635171e065e10c31477939bf4337bb0cc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220208/e6c2aa76/attachment-0001.htm>
