[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 11 08:10:19 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20f03539 by security tracker role at 2022-02-11T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...)
+	TODO: check
+CVE-2022-24960
+	RESERVED
+CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There is a  ...)
+	TODO: check
+CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...)
+	TODO: check
+CVE-2022-24957
+	RESERVED
+CVE-2022-24956
+	RESERVED
+CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
+	TODO: check
+CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
+	TODO: check
+CVE-2022-24953
+	RESERVED
+CVE-2022-24952
+	RESERVED
+CVE-2022-24951
+	RESERVED
+CVE-2022-24950
+	RESERVED
+CVE-2022-24949
+	RESERVED
+CVE-2022-24948
+	RESERVED
+CVE-2022-24947
+	RESERVED
+CVE-2022-24946
+	RESERVED
+CVE-2022-24945
+	RESERVED
+CVE-2022-24944
+	RESERVED
+CVE-2022-24943
+	RESERVED
+CVE-2022-24942
+	RESERVED
+CVE-2022-24941
+	RESERVED
+CVE-2022-24940
+	RESERVED
+CVE-2022-24939
+	RESERVED
+CVE-2022-24938
+	RESERVED
+CVE-2022-24937
+	RESERVED
+CVE-2022-24936
+	RESERVED
+CVE-2022-24935
+	RESERVED
+CVE-2022-24934
+	RESERVED
+CVE-2022-24933
+	RESERVED
+CVE-2022-24932
+	RESERVED
+CVE-2022-24931
+	RESERVED
+CVE-2022-24930
+	RESERVED
+CVE-2022-24929
+	RESERVED
+CVE-2022-24928
+	RESERVED
+CVE-2022-24927
+	RESERVED
+CVE-2022-24926
+	RESERVED
+CVE-2022-24925
+	RESERVED
+CVE-2022-24924
+	RESERVED
+CVE-2022-24923
+	RESERVED
+CVE-2022-24922
+	RESERVED
+CVE-2022-24921
+	RESERVED
+CVE-2022-24920
+	RESERVED
+CVE-2022-24919
+	RESERVED
+CVE-2022-24918
+	RESERVED
+CVE-2022-24917
+	RESERVED
+CVE-2022-24911
+	RESERVED
+CVE-2022-0564
+	RESERVED
 CVE-2022-24916 (Optimism before @eth-optimism/l2geth at 0.5.11 allows economic griefing b ...)
 	TODO: check
 CVE-2022-24908
@@ -440,8 +534,8 @@ CVE-2022-0556
 	RESERVED
 CVE-2022-0555
 	RESERVED
-CVE-2022-0554
-	RESERVED
+CVE-2022-0554 (Use of Out-of-range Pointer Offset in Conda vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-0553
 	RESERVED
 CVE-2022-0552
@@ -662,10 +756,10 @@ CVE-2022-24649
 	RESERVED
 CVE-2022-24648
 	RESERVED
-CVE-2022-24647
-	RESERVED
-CVE-2022-24646
-	RESERVED
+CVE-2022-24647 (Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vu ...)
+	TODO: check
+CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
+	TODO: check
 CVE-2022-24645
 	RESERVED
 CVE-2022-24644
@@ -3668,8 +3762,8 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32
 	NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
 	NOTE: 2FA support is not packaged in Debian
-CVE-2022-23806
-	RESERVED
+CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...)
+	TODO: check
 CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in  ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-23804
@@ -3776,10 +3870,10 @@ CVE-2022-23775
 	RESERVED
 CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...)
 	NOT-FOR-US: Docker Desktop
-CVE-2022-23773
-	RESERVED
-CVE-2022-23772
-	RESERVED
+CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret  ...)
+	TODO: check
+CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...)
+	TODO: check
 CVE-2022-23771
 	RESERVED
 CVE-2022-23770
@@ -4062,8 +4156,8 @@ CVE-2022-23632
 	RESERVED
 CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
 	TODO: check
-CVE-2022-23630
-	RESERVED
+CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...)
+	TODO: check
 CVE-2022-23629
 	RESERVED
 CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...)
@@ -12717,10 +12811,10 @@ CVE-2021-44972
 	RESERVED
 CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as  ...)
 	NOT-FOR-US: Tenda
-CVE-2021-44970
-	RESERVED
-CVE-2021-44969
-	RESERVED
+CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...)
+	TODO: check
+CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
+	TODO: check
 CVE-2021-44968
 	RESERVED
 CVE-2021-44967
@@ -24067,8 +24161,8 @@ CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-42001
 	RESERVED
-CVE-2021-42000
-	RESERVED
+CVE-2021-42000 (When a password reset or password change flow with an authentication p ...)
+	TODO: check
 CVE-2021-41999
 	RESERVED
 CVE-2021-41998



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f03539cbebee13afe67684042c9575efaee8c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f03539cbebee13afe67684042c9575efaee8c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220211/31d8c77f/attachment.htm>

More information about the debian-security-tracker-commits mailing list