[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 5 08:10:20 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
330e76b3 by security tracker role at 2022-01-05T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,227 @@
+CVE-2022-22677
+ RESERVED
+CVE-2022-22676
+ RESERVED
+CVE-2022-22675
+ RESERVED
+CVE-2022-22674
+ RESERVED
+CVE-2022-22673
+ RESERVED
+CVE-2022-22672
+ RESERVED
+CVE-2022-22671
+ RESERVED
+CVE-2022-22670
+ RESERVED
+CVE-2022-22669
+ RESERVED
+CVE-2022-22668
+ RESERVED
+CVE-2022-22667
+ RESERVED
+CVE-2022-22666
+ RESERVED
+CVE-2022-22665
+ RESERVED
+CVE-2022-22664
+ RESERVED
+CVE-2022-22663
+ RESERVED
+CVE-2022-22662
+ RESERVED
+CVE-2022-22661
+ RESERVED
+CVE-2022-22660
+ RESERVED
+CVE-2022-22659
+ RESERVED
+CVE-2022-22658
+ RESERVED
+CVE-2022-22657
+ RESERVED
+CVE-2022-22656
+ RESERVED
+CVE-2022-22655
+ RESERVED
+CVE-2022-22654
+ RESERVED
+CVE-2022-22653
+ RESERVED
+CVE-2022-22652
+ RESERVED
+CVE-2022-22651
+ RESERVED
+CVE-2022-22650
+ RESERVED
+CVE-2022-22649
+ RESERVED
+CVE-2022-22648
+ RESERVED
+CVE-2022-22647
+ RESERVED
+CVE-2022-22646
+ RESERVED
+CVE-2022-22645
+ RESERVED
+CVE-2022-22644
+ RESERVED
+CVE-2022-22643
+ RESERVED
+CVE-2022-22642
+ RESERVED
+CVE-2022-22641
+ RESERVED
+CVE-2022-22640
+ RESERVED
+CVE-2022-22639
+ RESERVED
+CVE-2022-22638
+ RESERVED
+CVE-2022-22637
+ RESERVED
+CVE-2022-22636
+ RESERVED
+CVE-2022-22635
+ RESERVED
+CVE-2022-22634
+ RESERVED
+CVE-2022-22633
+ RESERVED
+CVE-2022-22632
+ RESERVED
+CVE-2022-22631
+ RESERVED
+CVE-2022-22630
+ RESERVED
+CVE-2022-22629
+ RESERVED
+CVE-2022-22628
+ RESERVED
+CVE-2022-22627
+ RESERVED
+CVE-2022-22626
+ RESERVED
+CVE-2022-22625
+ RESERVED
+CVE-2022-22624
+ RESERVED
+CVE-2022-22623
+ RESERVED
+CVE-2022-22622
+ RESERVED
+CVE-2022-22621
+ RESERVED
+CVE-2022-22620
+ RESERVED
+CVE-2022-22619
+ RESERVED
+CVE-2022-22618
+ RESERVED
+CVE-2022-22617
+ RESERVED
+CVE-2022-22616
+ RESERVED
+CVE-2022-22615
+ RESERVED
+CVE-2022-22614
+ RESERVED
+CVE-2022-22613
+ RESERVED
+CVE-2022-22612
+ RESERVED
+CVE-2022-22611
+ RESERVED
+CVE-2022-22610
+ RESERVED
+CVE-2022-22609
+ RESERVED
+CVE-2022-22608
+ RESERVED
+CVE-2022-22607
+ RESERVED
+CVE-2022-22606
+ RESERVED
+CVE-2022-22605
+ RESERVED
+CVE-2022-22604
+ RESERVED
+CVE-2022-22603
+ RESERVED
+CVE-2022-22602
+ RESERVED
+CVE-2022-22601
+ RESERVED
+CVE-2022-22600
+ RESERVED
+CVE-2022-22599
+ RESERVED
+CVE-2022-22598
+ RESERVED
+CVE-2022-22597
+ RESERVED
+CVE-2022-22596
+ RESERVED
+CVE-2022-22595
+ RESERVED
+CVE-2022-22594
+ RESERVED
+CVE-2022-22593
+ RESERVED
+CVE-2022-22592
+ RESERVED
+CVE-2022-22591
+ RESERVED
+CVE-2022-22590
+ RESERVED
+CVE-2022-22589
+ RESERVED
+CVE-2022-22588
+ RESERVED
+CVE-2022-22587
+ RESERVED
+CVE-2022-22586
+ RESERVED
+CVE-2022-22585
+ RESERVED
+CVE-2022-22584
+ RESERVED
+CVE-2022-22583
+ RESERVED
+CVE-2022-22582
+ RESERVED
+CVE-2022-22581
+ RESERVED
+CVE-2022-22580
+ RESERVED
+CVE-2022-22579
+ RESERVED
+CVE-2022-22578
+ RESERVED
+CVE-2022-22577
+ RESERVED
+CVE-2022-22576
+ RESERVED
+CVE-2022-22575
+ RESERVED
+CVE-2022-22574
+ RESERVED
+CVE-2022-22573
+ RESERVED
+CVE-2022-22572
+ RESERVED
+CVE-2022-22571
+ RESERVED
+CVE-2022-22570
+ RESERVED
+CVE-2022-22569
+ RESERVED
+CVE-2022-22568
+ RESERVED
+CVE-2022-0122
+ RESERVED
+CVE-2022-0121
+ RESERVED
CVE-2022-22567
RESERVED
CVE-2022-22566
@@ -2973,8 +3197,7 @@ CVE-2021-45454
RESERVED
CVE-2021-45453
RESERVED
-CVE-2021-45452 [Potential directory-traversal via Storage.save()]
- RESERVED
+CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
- python-django 2:3.2.11-1 (bug #1003113)
NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11)
@@ -3953,14 +4176,12 @@ CVE-2021-45118
RESERVED
CVE-2021-45117
RESERVED
-CVE-2021-45116 [Potential information disclosure in dictsort template filter]
- RESERVED
+CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
- python-django 2:3.2.11-1 (bug #1003113)
NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11)
NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26)
-CVE-2021-45115 [Denial-of-service possibility in UserAttributeSimilarityValidator]
- RESERVED
+CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
- python-django 2:3.2.11-1 (bug #1003113)
NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
@@ -7736,22 +7957,22 @@ CVE-2022-21652
RESERVED
CVE-2022-21651
RESERVED
-CVE-2022-21650
- RESERVED
-CVE-2022-21649
- RESERVED
-CVE-2022-21648
- RESERVED
-CVE-2022-21647
- RESERVED
+CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...)
+ TODO: check
+CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...)
+ TODO: check
+CVE-2022-21648 (Latte is an open source template engine for PHP. Versions since 2.8.0 ...)
+ TODO: check
+CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework. Deserializ ...)
+ TODO: check
CVE-2022-21646
RESERVED
CVE-2022-21645
RESERVED
-CVE-2022-21644
- RESERVED
-CVE-2022-21643
- RESERVED
+CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+ TODO: check
+CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+ TODO: check
CVE-2022-21642
RESERVED
CVE-2021-43959
@@ -7780,8 +8001,8 @@ CVE-2021-43948
RESERVED
CVE-2021-43947
RESERVED
-CVE-2021-43946
- RESERVED
+CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ TODO: check
CVE-2021-43945
RESERVED
CVE-2021-43944
@@ -7977,12 +8198,12 @@ CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python
NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6)
CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...)
NOT-FOR-US: Ajax.NET Professional
-CVE-2021-43852
- RESERVED
+CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ TODO: check
CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
NOT-FOR-US: Anuko Time Tracker
-CVE-2021-43850
- RESERVED
+CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...)
+ TODO: check
CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...)
NOT-FOR-US: cordova-plugin-fingerprint-aio
CVE-2021-43848
@@ -8017,8 +8238,8 @@ CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams
NOT-FOR-US: eLabFTW
CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
NOT-FOR-US: eLabFTW
-CVE-2021-43832
- RESERVED
+CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ TODO: check
CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
NOT-FOR-US: gradio
CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
@@ -9192,8 +9413,8 @@ CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in sh
NOT-FOR-US: ecshop
CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
NOT-FOR-US: Wechat-php-sdk
-CVE-2021-43677
- RESERVED
+CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ TODO: check
CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
NOT-FOR-US: matyhtf framework
CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
@@ -16529,7 +16750,7 @@ CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2.
CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: openwhyd
CVE-2021-41610
- RESERVED
+ REJECTED
CVE-2021-41609
RESERVED
CVE-2021-41608
@@ -17044,8 +17265,8 @@ CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provi
NOT-FOR-US: Ericsson ECM
CVE-2021-41389
RESERVED
-CVE-2021-41388
- RESERVED
+CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...)
+ TODO: check
CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...)
- seatd <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
@@ -34487,7 +34708,7 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C
NOT-FOR-US: Zhuhai Jieli
CVE-2021-34142
RESERVED
-CVE-2021-34141 (Incomplete string comparison in the numpy.core component in NumPy1.9.x ...)
+CVE-2021-34141 (** DISPUTED ** Incomplete string comparison in the numpy.core componen ...)
- numpy <unfixed>
[bullseye] - numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/18993
@@ -64554,8 +64775,8 @@ CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and
NOT-FOR-US: Spring Data REST
CVE-2021-22046
RESERVED
-CVE-2021-22045
- RESERVED
+CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi6 ...)
+ TODO: check
CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
NOT-FOR-US: Spring Cloud OpenFeign
CVE-2021-22043
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330e76b364018ac516831b0d8e449c5e77d312ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330e76b364018ac516831b0d8e449c5e77d312ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220105/5150637c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list