[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 8 20:10:33 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a4c79b5 by security tracker role at 2022-02-08T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-24671
+	RESERVED
+CVE-2022-24670
+	RESERVED
+CVE-2022-24669
+	RESERVED
+CVE-2022-0547
+	RESERVED
+CVE-2022-0546
+	RESERVED
+CVE-2022-0545
+	RESERVED
+CVE-2022-0544
+	RESERVED
+CVE-2022-0543
+	RESERVED
+CVE-2022-0542
+	RESERVED
+CVE-2022-0541
+	RESERVED
+CVE-2022-0540
+	RESERVED
+CVE-2022-0539
+	RESERVED
+CVE-2022-0538
+	RESERVED
+CVE-2022-0537
+	RESERVED
+CVE-2022-0536
+	RESERVED
+CVE-2022-0535
+	RESERVED
+CVE-2022-0534
+	RESERVED
+CVE-2022-0533
+	RESERVED
+CVE-2022-0532
+	RESERVED
+CVE-2022-0531
+	RESERVED
+CVE-2022-0530
+	RESERVED
+CVE-2022-0529
+	RESERVED
+CVE-2021-46681
+	RESERVED
+CVE-2021-46680
+	RESERVED
+CVE-2021-46679
+	RESERVED
+CVE-2021-46678
+	RESERVED
+CVE-2021-46677
+	RESERVED
+CVE-2021-46676
+	RESERVED
 CVE-2022-24668
 	RESERVED
 CVE-2022-24667
@@ -537,20 +593,20 @@ CVE-2022-0511
 	RESERVED
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511
-CVE-2022-0510
-	RESERVED
-CVE-2022-0509
-	RESERVED
-CVE-2022-0508
-	RESERVED
+CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore pr ...)
+	TODO: check
+CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+	TODO: check
+CVE-2022-0508 (Server-Side Request Forgery (SSRF) in NPM @peertube/embed-api prior to ...)
+	TODO: check
 CVE-2022-0507
 	RESERVED
-CVE-2022-0506
-	RESERVED
-CVE-2022-0505
-	RESERVED
-CVE-2022-0504
-	RESERVED
+CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+	TODO: check
+CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+	TODO: check
+CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...)
+	TODO: check
 CVE-2022-0503
 	RESERVED
 CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
@@ -674,8 +730,8 @@ CVE-2022-24385
 	RESERVED
 CVE-2022-24384
 	RESERVED
-CVE-2022-21241
-	RESERVED
+CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
+	TODO: check
 CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in  ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
@@ -899,10 +955,10 @@ CVE-2022-24288
 	RESERVED
 CVE-2022-24287
 	RESERVED
-CVE-2022-21799
-	RESERVED
-CVE-2022-21173
-	RESERVED
+CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R  ...)
+	TODO: check
+CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...)
+	TODO: check
 CVE-2022-0470
 	RESERVED
 	{DSA-5068-1}
@@ -2969,10 +3025,10 @@ CVE-2022-23814
 	RESERVED
 CVE-2022-23813
 	RESERVED
-CVE-2022-22146
-	RESERVED
-CVE-2022-21193
-	RESERVED
+CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...)
+	TODO: check
+CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
+	TODO: check
 CVE-2022-21176
 	RESERVED
 CVE-2022-21143
@@ -4189,8 +4245,8 @@ CVE-2022-23342
 	RESERVED
 CVE-2022-23341
 	RESERVED
-CVE-2022-23340
-	RESERVED
+CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
+	TODO: check
 CVE-2022-23339
 	RESERVED
 CVE-2022-23338
@@ -4207,8 +4263,8 @@ CVE-2022-23333
 	RESERVED
 CVE-2022-23332
 	RESERVED
-CVE-2022-23331
-	RESERVED
+CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...)
+	TODO: check
 CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
 	NOT-FOR-US: jpress
 CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
@@ -4605,10 +4661,10 @@ CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserializ
 	[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
 	[buster] - apache-log4j1.2 <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
-CVE-2022-22142
-	RESERVED
-CVE-2022-21805
-	RESERVED
+CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...)
+	TODO: check
+CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...)
+	TODO: check
 CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
 	NOT-FOR-US: Crater
 CVE-2022-0241
@@ -5150,6 +5206,7 @@ CVE-2022-23136
 CVE-2022-23135
 	RESERVED
 CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
+	{DLA-2914-1}
 	- zabbix <unfixed>
 	NOTE: https://support.zabbix.com/browse/ZBX-20384
 	NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2)
@@ -6733,8 +6790,8 @@ CVE-2022-22709
 	RESERVED
 CVE-2022-21806
 	RESERVED
-CVE-2022-0139
-	RESERVED
+CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
+	TODO: check
 CVE-2022-0138
 	RESERVED
 CVE-2022-0137
@@ -10624,14 +10681,14 @@ CVE-2021-45330
 	RESERVED
 CVE-2021-45329
 	RESERVED
-CVE-2021-45328
-	RESERVED
-CVE-2021-45327
-	RESERVED
-CVE-2021-45326
-	RESERVED
-CVE-2021-45325
-	RESERVED
+CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
+	TODO: check
+CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...)
+	TODO: check
+CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...)
+	TODO: check
+CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...)
+	TODO: check
 CVE-2021-45324
 	RESERVED
 CVE-2021-45323
@@ -12064,10 +12121,10 @@ CVE-2021-44959
 	RESERVED
 CVE-2021-44958
 	RESERVED
-CVE-2021-44957
-	RESERVED
-CVE-2021-44956
-	RESERVED
+CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...)
+	TODO: check
+CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...)
+	TODO: check
 CVE-2021-44955
 	RESERVED
 CVE-2021-44954
@@ -12279,8 +12336,8 @@ CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.
 	NOT-FOR-US: Online-Movie-Ticket-Booking-System
 CVE-2021-44865
 	RESERVED
-CVE-2021-44864
-	RESERVED
+CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...)
+	TODO: check
 CVE-2021-44863
 	RESERVED
 CVE-2021-44862
@@ -43810,7 +43867,7 @@ CVE-2021-33627 (A vulnerability exists in SMM (System Management Mode) branch th
 	NOT-FOR-US: Insyde
 CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
 	NOT-FOR-US: Insyde
-CVE-2021-33625 (An issue was discovered in Kernel 5.x (starting from 5.1) in Insyde In ...)
+CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...)
 	NOT-FOR-US: Insyde
 CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch  ...)
 	{DLA-2785-1}
@@ -77413,8 +77470,8 @@ CVE-2021-20879
 	RESERVED
 CVE-2021-20878
 	RESERVED
-CVE-2021-20877
-	RESERVED
+CVE-2021-20877 (Cross-site scripting vulnerability in Canon laser printers and small o ...)
+	TODO: check
 CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...)
 	NOT-FOR-US: GroupSession
 CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c79b5efb82cf86c29202705538733d8be803d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c79b5efb82cf86c29202705538733d8be803d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220208/8e07cb9e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list