[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 22 08:10:31 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2f8c0b6e by security tracker role at 2022-02-22T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,64 @@
-CVE-2022-25636 [netfilter: nf_tables_offload: incorrect flow offload action array size]
+CVE-2022-25643
+	RESERVED
+CVE-2022-25642
+	RESERVED
+CVE-2022-25641
+	RESERVED
+CVE-2022-25640
+	RESERVED
+CVE-2022-25639
+	RESERVED
+CVE-2022-25638
+	RESERVED
+CVE-2022-25637
+	RESERVED
+CVE-2022-25635
+	RESERVED
+CVE-2022-25634
+	RESERVED
+CVE-2022-25633
+	RESERVED
+CVE-2022-25632
+	RESERVED
+CVE-2022-25631
+	RESERVED
+CVE-2022-25630
+	RESERVED
+CVE-2022-25629
+	RESERVED
+CVE-2022-25628
+	RESERVED
+CVE-2022-25627
+	RESERVED
+CVE-2022-25626
+	RESERVED
+CVE-2022-25625
+	RESERVED
+CVE-2022-25624
+	RESERVED
+CVE-2022-25623
+	RESERVED
+CVE-2022-25325
+	RESERVED
+CVE-2022-25234
+	RESERVED
+CVE-2022-25230
+	RESERVED
+CVE-2022-21219
+	RESERVED
+CVE-2022-21124
+	RESERVED
+CVE-2022-0717
+	RESERVED
+CVE-2022-0716
+	RESERVED
+CVE-2022-0715
+	RESERVED
+CVE-2022-0714
+	RESERVED
+CVE-2022-0713
+	RESERVED
+CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -540,8 +600,8 @@ CVE-2022-0698
 	RESERVED
 CVE-2022-0697
 	RESERVED
-CVE-2022-0696
-	RESERVED
+CVE-2022-0696 (NULL Pointer Dereference in Conda vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-0695
 	RESERVED
 CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An  ...)
@@ -720,8 +780,8 @@ CVE-2022-25312
 	RESERVED
 CVE-2022-21132
 	RESERVED
-CVE-2022-0676
-	RESERVED
+CVE-2022-0676 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4. ...)
+	TODO: check
 CVE-2022-0675
 	RESERVED
 CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in  ...)
@@ -2332,8 +2392,7 @@ CVE-2022-23922
 	RESERVED
 CVE-2022-23104
 	RESERVED
-CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline]
-	RESERVED
+CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...)
 	- util-linux <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
 	NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
@@ -2785,8 +2844,8 @@ CVE-2022-24566
 	RESERVED
 CVE-2022-24565
 	RESERVED
-CVE-2022-24564
-	RESERVED
+CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerabil ...)
+	TODO: check
 CVE-2022-24563
 	RESERVED
 CVE-2022-24562
@@ -10523,8 +10582,8 @@ CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.
 	NOT-FOR-US: IBM
 CVE-2022-22309
 	RESERVED
-CVE-2022-22308
-	RESERVED
+CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...)
+	TODO: check
 CVE-2022-22307
 	RESERVED
 CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web  ...)
@@ -14396,8 +14455,7 @@ CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
 	NOT-FOR-US: yetiforcecrm
 CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: yetiforcecrm
-CVE-2021-4115 [file descriptor leak allows an unprivileged user to cause a crash]
-	RESERVED
+CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...)
 	[experimental] - policykit-1 0.120-6
 	- policykit-1 0.105-32 (bug #1005784)
 	[bullseye] - policykit-1 <no-dsa> (Minor issue)
@@ -15964,24 +16022,24 @@ CVE-2021-44579
 	RESERVED
 CVE-2021-44578
 	RESERVED
-CVE-2021-44577
-	RESERVED
-CVE-2021-44576
-	RESERVED
-CVE-2021-44575
-	RESERVED
-CVE-2021-44574
-	RESERVED
-CVE-2021-44573
-	RESERVED
+CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 ...)
+	TODO: check
+CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2 ...)
+	TODO: check
+CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv through 1 ...)
+	TODO: check
+CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv through 13 De ...)
+	TODO: check
+CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13  ...)
+	TODO: check
 CVE-2021-44572
 	RESERVED
-CVE-2021-44571
-	RESERVED
-CVE-2021-44570
-	RESERVED
-CVE-2021-44569
-	RESERVED
+CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv through 13 D ...)
+	TODO: check
+CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 1 ...)
+	TODO: check
+CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solve ...)
+	TODO: check
 CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...)
 	- libsolv <unfixed> (unimportant)
 	NOTE: https://github.com/openSUSE/libsolv/issues/425
@@ -37682,9 +37740,9 @@ CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerabl
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
 	NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoo ...)
+CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...)
 	NOT-FOR-US: ManageEngine
-CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. ...)
+CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...)
 	NOT-FOR-US: ManageEngine
 CVE-2021-37418
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f8c0b6e305b9e232ca3d1e67957e4d76abcbdf8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f8c0b6e305b9e232ca3d1e67957e4d76abcbdf8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220222/2fa8383d/attachment.htm>

More information about the debian-security-tracker-commits mailing list