[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 5 20:10:40 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5be4540 by security tracker role at 2022-01-05T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-22678
+	RESERVED
+CVE-2022-0129
+	RESERVED
+CVE-2022-0128
+	RESERVED
+CVE-2022-0127
+	RESERVED
+CVE-2022-0126
+	RESERVED
+CVE-2022-0125
+	RESERVED
+CVE-2022-0124
+	RESERVED
+CVE-2022-0123
+	RESERVED
+CVE-2021-4200
+	RESERVED
 CVE-2022-22677
 	RESERVED
 CVE-2022-22676
@@ -3072,16 +3090,16 @@ CVE-2022-22113
 	RESERVED
 CVE-2022-22112
 	RESERVED
-CVE-2022-22111
-	RESERVED
-CVE-2022-22110
-	RESERVED
-CVE-2022-22109
-	RESERVED
-CVE-2022-22108
-	RESERVED
-CVE-2022-22107
-	RESERVED
+CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...)
+	TODO: check
+CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...)
+	TODO: check
+CVE-2022-22109 (In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scri ...)
+	TODO: check
+CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...)
+	TODO: check
+CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...)
+	TODO: check
 CVE-2022-22106
 	RESERVED
 CVE-2022-22105
@@ -7978,8 +7996,8 @@ CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affect
 	NOT-FOR-US: USOC
 CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
 	NOT-FOR-US: USOC
-CVE-2022-21642
-	RESERVED
+CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...)
+	TODO: check
 CVE-2021-43959
 	RESERVED
 CVE-2021-43958
@@ -8281,8 +8299,7 @@ CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python lang
 	NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)
 CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...)
 	NOT-FOR-US: Collabora Online
-CVE-2021-43816
-	RESERVED
+CVE-2021-43816 (containerd is an open source container runtime. On installations using ...)
 	- containerd 1.5.9~ds1-1
 	[bullseye] - containerd <not-affected> (Vulnerable code introduced in 1.5.0)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
@@ -8376,8 +8393,8 @@ CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Inve
 	NOT-FOR-US: Invenio-Drafts-Resources
 CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
 	NOT-FOR-US: Redash
-CVE-2021-43779
-	RESERVED
+CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking system and  ...)
+	TODO: check
 CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
@@ -18145,8 +18162,7 @@ CVE-2021-41045
 	RESERVED
 CVE-2021-41044
 	RESERVED
-CVE-2021-41043 [Fix a use-after-free in extract_slice()]
-	RESERVED
+CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...)
 	- tcpslice <unfixed>
 	NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
 	NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5)
@@ -23298,8 +23314,8 @@ CVE-2021-38920
 	RESERVED
 CVE-2021-38919
 	RESERVED
-CVE-2021-38918
-	RESERVED
+CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a spec ...)
+	TODO: check
 CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...)
 	NOT-FOR-US: IBM
 CVE-2021-38916
@@ -34721,7 +34737,7 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C
 	NOT-FOR-US: Zhuhai Jieli
 CVE-2021-34142
 	RESERVED
-CVE-2021-34141 (** DISPUTED ** Incomplete string comparison in the numpy.core componen ...)
+CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...)
 	- numpy <unfixed>
 	[bullseye] - numpy <no-dsa> (Minor issue)
 	NOTE: https://github.com/numpy/numpy/issues/18993
@@ -41320,8 +41336,8 @@ CVE-2021-31591
 	RESERVED
 CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...)
 	NOT-FOR-US: PwnDoc
-CVE-2021-31589
-	RESERVED
+CVE-2021-31589 (BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an ...)
+	TODO: check
 CVE-2021-31588
 	RESERVED
 CVE-2021-31587
@@ -48713,16 +48729,13 @@ CVE-2021-28714
 	RESERVED
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-392.html
-CVE-2021-28713
-	RESERVED
+CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-391.html
-CVE-2021-28712
-	RESERVED
+CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-391.html
-CVE-2021-28711
-	RESERVED
+CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-391.html
 CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
@@ -63646,8 +63659,8 @@ CVE-2021-22569
 	RESERVED
 CVE-2021-22568 (When using the dart pub publish command to publish a package to a thir ...)
 	TODO: check
-CVE-2021-22567
-	RESERVED
+CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...)
+	TODO: check
 CVE-2021-22566
 	RESERVED
 CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...)
@@ -109056,8 +109069,8 @@ CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC
 	NOT-FOR-US: Fortiguard
 CVE-2020-15934
 	RESERVED
-CVE-2020-15933
-	RESERVED
+CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+	TODO: check
 CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
 	NOT-FOR-US: Overwolf
 CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5be454041c81a24c2044651b23cb315d1911fe2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5be454041c81a24c2044651b23cb315d1911fe2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220105/a7439be3/attachment.htm>

More information about the debian-security-tracker-commits mailing list