[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 9 08:10:28 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a4f8ff8 by security tracker role at 2022-02-09T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2022-24696
+ RESERVED
+CVE-2022-24695
+ RESERVED
+CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...)
+ TODO: check
+CVE-2022-24693
+ RESERVED
+CVE-2022-24692
+ RESERVED
+CVE-2022-24691
+ RESERVED
+CVE-2022-24690
+ RESERVED
+CVE-2022-24689
+ RESERVED
+CVE-2022-24688
+ RESERVED
+CVE-2022-24687
+ RESERVED
+CVE-2022-24686
+ RESERVED
+CVE-2022-24685
+ RESERVED
+CVE-2022-24684
+ RESERVED
+CVE-2022-24683
+ RESERVED
+CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
+ TODO: check
+CVE-2022-24681
+ RESERVED
+CVE-2022-24680
+ RESERVED
+CVE-2022-24679
+ RESERVED
+CVE-2022-24678
+ RESERVED
+CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...)
+ TODO: check
+CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...)
+ TODO: check
+CVE-2022-24675
+ RESERVED
+CVE-2022-24674
+ RESERVED
+CVE-2022-24673
+ RESERVED
+CVE-2022-24672
+ RESERVED
+CVE-2022-24383
+ RESERVED
+CVE-2022-21228
+ RESERVED
+CVE-2022-21214
+ RESERVED
+CVE-2022-21202
+ RESERVED
+CVE-2022-21168
+ RESERVED
CVE-2022-24671
RESERVED
CVE-2022-24670
@@ -62,26 +122,26 @@ CVE-2022-24666
RESERVED
CVE-2022-0528
RESERVED
-CVE-2022-0527
- RESERVED
-CVE-2022-0526
- RESERVED
-CVE-2022-0525
- RESERVED
-CVE-2022-0524
- RESERVED
-CVE-2022-0523
- RESERVED
-CVE-2022-0522
- RESERVED
-CVE-2022-0521
- RESERVED
-CVE-2022-0520
- RESERVED
-CVE-2022-0519
- RESERVED
-CVE-2022-0518
- RESERVED
+CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...)
+ TODO: check
+CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...)
+ TODO: check
+CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ TODO: check
+CVE-2022-0524 (Business Logic Errors in Rubygems typo prior to 9.2.7. ...)
+ TODO: check
+CVE-2022-0523 (Expired Pointer Dereference in NPM radare2.js prior to 5.6.2. ...)
+ TODO: check
+CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...)
+ TODO: check
+CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...)
+ TODO: check
+CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...)
+ TODO: check
+CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...)
+ TODO: check
+CVE-2022-0518 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.2. ...)
+ TODO: check
CVE-2022-0517
RESERVED
CVE-2022-0516
@@ -1893,7 +1953,7 @@ CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to us
NOT-FOR-US: Adenza AxiomSL ControllerView
CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...)
NOT-FOR-US: Insyde
-CVE-2022-24030 (SMM memory corruption vulnerability allowing a possible attacker to wr ...)
+CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
NOT-FOR-US: Insyde
CVE-2022-24029
RESERVED
@@ -3474,10 +3534,10 @@ CVE-2022-23629
RESERVED
CVE-2022-23628
RESERVED
-CVE-2022-23627
- RESERVED
-CVE-2022-23626
- RESERVED
+CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...)
+ TODO: check
+CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
+ TODO: check
CVE-2022-23625
RESERVED
CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
@@ -8603,8 +8663,8 @@ CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to S
NOT-FOR-US: Samsung
CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...)
NOT-FOR-US: Samsung
-CVE-2021-45919
- RESERVED
+CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. ...)
+ TODO: check
CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
- wireshark <unfixed>
[bullseye] - wireshark <no-dsa> (Minor issue)
@@ -10686,8 +10746,8 @@ CVE-2021-45331
RESERVED
CVE-2021-45330
RESERVED
-CVE-2021-45329
- RESERVED
+CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...)
+ TODO: check
CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
- gitea <removed>
CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...)
@@ -15276,8 +15336,8 @@ CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack
- codeigniter <itp> (bug #471583)
CVE-2022-21714
RESERVED
-CVE-2022-21713
- RESERVED
+CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...)
+ TODO: check
CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
- twisted <unfixed>
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
@@ -15308,10 +15368,10 @@ CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions
NOTE: https://github.com/log4js-node/streamroller/pull/87
NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q
NOTE: https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640
-CVE-2022-21703
- RESERVED
-CVE-2022-21702
- RESERVED
+CVE-2022-21703 (Grafana is an open-source platform for monitoring and observability. A ...)
+ TODO: check
+CVE-2022-21702 (Grafana is an open-source platform for monitoring and observability. I ...)
+ TODO: check
CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...)
NOT-FOR-US: Istio
CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
@@ -17155,7 +17215,7 @@ CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds wit
[bullseye] - npm <no-dsa> (Minor issue)
[buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/cli/issues/2701
-CVE-2021-43615 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
+CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...)
NOT-FOR-US: Insyde
CVE-2021-43614
RESERVED
@@ -20854,7 +20914,7 @@ CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive e
NOT-FOR-US: Rasa X
CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...)
NOT-FOR-US: Pexip Infinity
-CVE-2021-42554 (SMM memory corruption vulnerability allowing a possible attacker to wr ...)
+CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...)
NOT-FOR-US: Insyde
CVE-2021-3892
REJECTED
@@ -23116,7 +23176,7 @@ CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnera
NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
NOTE: https://comsec.ethz.ch/research/dram/blacksmith/
-CVE-2021-42113 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
+CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...)
NOT-FOR-US: Insyde
CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
- limesurvey <itp> (bug #472802)
@@ -23277,9 +23337,9 @@ CVE-2021-3867
CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...)
- zulip-server <itp> (bug #800052)
NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
-CVE-2021-42060 (SMM callout vulnerability allowing a possible attacker to hijack execu ...)
+CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...)
NOT-FOR-US: Insyde
-CVE-2021-42059 (Stack overflow vulnerability that allows a local root user to access U ...)
+CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...)
NOT-FOR-US: Insyde
CVE-2021-42058
RESERVED
@@ -23809,15 +23869,15 @@ CVE-2021-41843 (An authenticated SQL injection issue in the calendar search func
NOT-FOR-US: OpenEMR
CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
NOT-FOR-US: Insyde
-CVE-2021-41841 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
NOT-FOR-US: Insyde
-CVE-2021-41840 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
NOT-FOR-US: Insyde
-CVE-2021-41839 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
NOT-FOR-US: Insyde
-CVE-2021-41838 (An unsafe pointer vulnerability exists in SMM (System Management Mode) ...)
+CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...)
NOT-FOR-US: Insyde
-CVE-2021-41837 (An unsafe pointer vulnerability exists in SMM (System Management Mode) ...)
+CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
NOT-FOR-US: Insyde
CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...)
NOT-FOR-US: Zoho ManageEngine
@@ -33868,8 +33928,8 @@ CVE-2021-37854
RESERVED
CVE-2021-37853
RESERVED
-CVE-2021-37852
- RESERVED
+CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...)
+ TODO: check
CVE-2021-37851
RESERVED
CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...)
@@ -43872,7 +43932,7 @@ CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when build
NOT-FOR-US: isula-build
CVE-2021-33628
RESERVED
-CVE-2021-33627 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...)
NOT-FOR-US: Insyde
CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
NOT-FOR-US: Insyde
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4f8ff8e53f4e2ef56daea971ec17e0ed84ebaa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4f8ff8e53f4e2ef56daea971ec17e0ed84ebaa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220209/48eb9234/attachment.htm>
More information about the debian-security-tracker-commits
mailing list