[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 16 08:10:30 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89994e6b by security tracker role at 2022-02-16T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2022-25245
+	RESERVED
+CVE-2022-25244
+	RESERVED
+CVE-2022-25243
+	RESERVED
+CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...)
+	TODO: check
+CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...)
+	TODO: check
+CVE-2022-25240
+	RESERVED
+CVE-2022-25239
+	RESERVED
+CVE-2022-25238
+	RESERVED
+CVE-2022-25237
+	RESERVED
+CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
+	TODO: check
+CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...)
+	TODO: check
+CVE-2022-25229
+	RESERVED
+CVE-2022-25228
+	RESERVED
+CVE-2022-25227
+	RESERVED
+CVE-2022-25226
+	RESERVED
+CVE-2022-25225
+	RESERVED
+CVE-2022-25224
+	RESERVED
+CVE-2022-25223
+	RESERVED
+CVE-2022-25222
+	RESERVED
+CVE-2022-25221
+	RESERVED
+CVE-2022-25220
+	RESERVED
+CVE-2022-25219
+	RESERVED
+CVE-2022-25218
+	RESERVED
+CVE-2022-25217
+	RESERVED
+CVE-2022-25216
+	RESERVED
+CVE-2022-25215
+	RESERVED
+CVE-2022-25214
+	RESERVED
+CVE-2022-25213
+	RESERVED
+CVE-2022-24915
+	RESERVED
+CVE-2022-24432
+	RESERVED
+CVE-2022-22985
+	RESERVED
+CVE-2022-21146
+	RESERVED
+CVE-2022-0623
+	RESERVED
+CVE-2022-0622
+	RESERVED
+CVE-2022-0621
+	RESERVED
+CVE-2022-0620
+	RESERVED
+CVE-2022-0619
+	RESERVED
 CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
 	NOT-FOR-US: Jenkins Chef Sinatra Plugin
 CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
@@ -147,10 +221,10 @@ CVE-2022-25149
 	RESERVED
 CVE-2022-25148
 	RESERVED
-CVE-2022-0612
-	RESERVED
-CVE-2022-0611
-	RESERVED
+CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+	TODO: check
+CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
+	TODO: check
 CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...)
 	NOT-FOR-US: Corda
 CVE-2022-25147
@@ -4928,12 +5002,12 @@ CVE-2022-23645
 	RESERVED
 CVE-2022-23644
 	RESERVED
-CVE-2022-23643
-	RESERVED
+CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
+	TODO: check
 CVE-2022-23642
 	RESERVED
-CVE-2022-23641
-	RESERVED
+CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to  ...)
+	TODO: check
 CVE-2022-23640
 	RESERVED
 CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
@@ -6001,8 +6075,8 @@ CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability
 	NOT-FOR-US: Espruino
 CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...)
 	NOT-FOR-US: Duktape
-CVE-2021-46321
-	RESERVED
+CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+	TODO: check
 CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked se ...)
 	NOT-FOR-US: OpenZeppelin
 CVE-2021-46319
@@ -7467,14 +7541,14 @@ CVE-2021-46267
 	RESERVED
 CVE-2021-46266
 	RESERVED
-CVE-2021-46265
-	RESERVED
-CVE-2021-46264
-	RESERVED
-CVE-2021-46263
-	RESERVED
-CVE-2021-46262
-	RESERVED
+CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+	TODO: check
+CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+	TODO: check
+CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+	TODO: check
+CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+	TODO: check
 CVE-2021-46261
 	RESERVED
 CVE-2021-46260
@@ -7493,14 +7567,14 @@ CVE-2021-46254
 	RESERVED
 CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...)
 	NOT-FOR-US: Anchor CMS
-CVE-2021-46252
-	RESERVED
-CVE-2021-46251
-	RESERVED
-CVE-2021-46250
-	RESERVED
-CVE-2021-46249
-	RESERVED
+CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...)
+	TODO: check
+CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit  ...)
+	TODO: check
+CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...)
+	TODO: check
+CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...)
+	TODO: check
 CVE-2021-46248
 	RESERVED
 CVE-2021-46247
@@ -17252,6 +17326,7 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame
 	NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
 	NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
 CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...)
+	{DLA-2924-1}
 	- libxstream-java <unfixed>
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
 	NOTE: https://x-stream.github.io/CVE-2021-43859.html
@@ -36626,8 +36701,8 @@ CVE-2021-37356
 	RESERVED
 CVE-2021-37355
 	RESERVED
-CVE-2021-37354
-	RESERVED
+CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...)
+	TODO: check
 CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...)
 	NOT-FOR-US: Nagios XI
 CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...)
@@ -41367,8 +41442,8 @@ CVE-2021-35382
 	RESERVED
 CVE-2021-35381
 	RESERVED
-CVE-2021-35380
-	RESERVED
+CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...)
+	TODO: check
 CVE-2021-35379
 	RESERVED
 CVE-2021-35378
@@ -44595,8 +44670,8 @@ CVE-2021-33947
 	RESERVED
 CVE-2021-33946
 	RESERVED
-CVE-2021-33945
-	RESERVED
+CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...)
+	TODO: check
 CVE-2021-33944
 	RESERVED
 CVE-2021-33943



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994e6b919893de168cf1470d8c75f2662d77be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994e6b919893de168cf1470d8c75f2662d77be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220216/c3d9edd1/attachment.htm>

More information about the debian-security-tracker-commits mailing list