[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 6 08:10:23 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d585efc4 by security tracker role at 2022-01-06T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-22708
+	RESERVED
+CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
+	TODO: check
+CVE-2022-22706
+	RESERVED
+CVE-2022-22705
+	RESERVED
+CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
+	TODO: check
+CVE-2022-22703
+	RESERVED
+CVE-2022-22702
+	RESERVED
+CVE-2022-22701
+	RESERVED
+CVE-2022-22700
+	RESERVED
+CVE-2022-22699
+	RESERVED
+CVE-2022-22698
+	RESERVED
+CVE-2022-22697
+	RESERVED
+CVE-2022-22696
+	RESERVED
+CVE-2022-22695
+	RESERVED
+CVE-2022-22694
+	RESERVED
+CVE-2022-22693
+	RESERVED
+CVE-2022-22692
+	RESERVED
+CVE-2022-22691
+	RESERVED
+CVE-2022-22690
+	RESERVED
+CVE-2022-22689
+	RESERVED
+CVE-2022-22688
+	RESERVED
+CVE-2022-22687
+	RESERVED
+CVE-2022-22686
+	RESERVED
+CVE-2022-22685
+	RESERVED
+CVE-2022-22684
+	RESERVED
+CVE-2022-22683
+	RESERVED
+CVE-2022-22682
+	RESERVED
+CVE-2022-22681
+	RESERVED
+CVE-2022-22680
+	RESERVED
+CVE-2022-22679
+	RESERVED
+CVE-2022-22150
+	RESERVED
+CVE-2022-0130
+	RESERVED
+CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
+	TODO: check
+CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
+	TODO: check
+CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+	TODO: check
+CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+	TODO: check
 CVE-2022-22678
 	RESERVED
 CVE-2022-0129
@@ -236,10 +308,10 @@ CVE-2022-22569
 	RESERVED
 CVE-2022-22568
 	RESERVED
-CVE-2022-0122
-	RESERVED
-CVE-2022-0121
-	RESERVED
+CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...)
+	TODO: check
+CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...)
+	TODO: check
 CVE-2022-22567
 	RESERVED
 CVE-2022-22566
@@ -323,77 +395,101 @@ CVE-2022-22528
 CVE-2022-22527
 	RESERVED
 CVE-2022-0120
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0119
 	RESERVED
 CVE-2022-0118
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0117
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0116
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0115
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0114
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0113
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0112
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0111
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0110
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0109
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0108
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0107
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0106
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0105
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0104
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0103
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0102
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0101
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0100
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0099
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0098
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0097
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0096
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0095
@@ -1114,8 +1210,8 @@ CVE-2021-46040
 	RESERVED
 CVE-2021-46039
 	RESERVED
-CVE-2021-46038
-	RESERVED
+CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
+	TODO: check
 CVE-2021-46037
 	RESERVED
 CVE-2021-46036
@@ -1227,7 +1323,7 @@ CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm chec
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
-CVE-2021-46144 [XSS vulnerability via HTML messages with malicious CSS content]
+CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML  ...)
 	- roundcube <unfixed> (bug #1003027)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
@@ -1268,12 +1364,12 @@ CVE-2021-45973
 CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...)
 	- giftrans <unfixed> (bug #1002739; unimportant)
 	NOTE: Negligible security impact; crash in CLI tool
-CVE-2021-45971
-	RESERVED
-CVE-2021-45970
-	RESERVED
-CVE-2021-45969
-	RESERVED
+CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...)
+	TODO: check
+CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...)
+	TODO: check
+CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel  ...)
+	TODO: check
 CVE-2021-45968
 	RESERVED
 CVE-2021-45967
@@ -1929,14 +2025,14 @@ CVE-2021-45835
 	RESERVED
 CVE-2021-45834
 	RESERVED
-CVE-2021-45833
-	RESERVED
-CVE-2021-45832
-	RESERVED
-CVE-2021-45831
-	RESERVED
-CVE-2021-45830
-	RESERVED
+CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
+	TODO: check
+CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...)
+	TODO: check
+CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
+	TODO: check
+CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...)
+	TODO: check
 CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...)
 	TODO: check
 CVE-2021-45828
@@ -7998,12 +8094,12 @@ CVE-2022-21655
 	RESERVED
 CVE-2022-21654
 	RESERVED
-CVE-2022-21653
-	RESERVED
-CVE-2022-21652
-	RESERVED
-CVE-2022-21651
-	RESERVED
+CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...)
+	TODO: check
+CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...)
+	TODO: check
+CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...)
+	TODO: check
 CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...)
 	NOT-FOR-US: Convos
 CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...)
@@ -8048,8 +8144,8 @@ CVE-2021-43949
 	RESERVED
 CVE-2021-43948
 	RESERVED
-CVE-2021-43947
-	RESERVED
+CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+	TODO: check
 CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-43945
@@ -16213,8 +16309,8 @@ CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and
 	NOT-FOR-US: Crocoblock JetEngine
 CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
 	NOT-FOR-US: OpenEMR
-CVE-2021-41842
-	RESERVED
+CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
+	TODO: check
 CVE-2021-41841
 	RESERVED
 CVE-2021-41840
@@ -83511,8 +83607,8 @@ CVE-2020-27430
 	RESERVED
 CVE-2020-27429
 	RESERVED
-CVE-2020-27428
-	RESERVED
+CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...)
+	TODO: check
 CVE-2020-27427
 	RESERVED
 CVE-2020-27426
@@ -91795,8 +91891,8 @@ CVE-2020-23988
 	RESERVED
 CVE-2020-23987
 	RESERVED
-CVE-2020-23986
-	RESERVED
+CVE-2020-23986 (Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 w ...)
+	TODO: check
 CVE-2020-23985
 	RESERVED
 CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
@@ -136955,8 +137051,8 @@ CVE-2019-20358 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and
 	NOT-FOR-US: Trend Micro
 CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in the Tren ...)
 	NOT-FOR-US: Trend Micro
-CVE-2020-5956
-	RESERVED
+CVE-2020-5956 (An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel ...)
+	TODO: check
 CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...)
 	NOT-FOR-US: Int15MicrocodeSmm
 CVE-2020-5954



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d585efc4d52898448e20e21013676a7c0a057491

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d585efc4d52898448e20e21013676a7c0a057491
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220106/c5bf9c69/attachment.htm>


More information about the debian-security-tracker-commits mailing list