[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 6 08:10:23 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d585efc4 by security tracker role at 2022-01-06T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2022-22708
+ RESERVED
+CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
+ TODO: check
+CVE-2022-22706
+ RESERVED
+CVE-2022-22705
+ RESERVED
+CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
+ TODO: check
+CVE-2022-22703
+ RESERVED
+CVE-2022-22702
+ RESERVED
+CVE-2022-22701
+ RESERVED
+CVE-2022-22700
+ RESERVED
+CVE-2022-22699
+ RESERVED
+CVE-2022-22698
+ RESERVED
+CVE-2022-22697
+ RESERVED
+CVE-2022-22696
+ RESERVED
+CVE-2022-22695
+ RESERVED
+CVE-2022-22694
+ RESERVED
+CVE-2022-22693
+ RESERVED
+CVE-2022-22692
+ RESERVED
+CVE-2022-22691
+ RESERVED
+CVE-2022-22690
+ RESERVED
+CVE-2022-22689
+ RESERVED
+CVE-2022-22688
+ RESERVED
+CVE-2022-22687
+ RESERVED
+CVE-2022-22686
+ RESERVED
+CVE-2022-22685
+ RESERVED
+CVE-2022-22684
+ RESERVED
+CVE-2022-22683
+ RESERVED
+CVE-2022-22682
+ RESERVED
+CVE-2022-22681
+ RESERVED
+CVE-2022-22680
+ RESERVED
+CVE-2022-22679
+ RESERVED
+CVE-2022-22150
+ RESERVED
+CVE-2022-0130
+ RESERVED
+CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
+ TODO: check
+CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
+ TODO: check
+CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ TODO: check
+CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ TODO: check
CVE-2022-22678
RESERVED
CVE-2022-0129
@@ -236,10 +308,10 @@ CVE-2022-22569
RESERVED
CVE-2022-22568
RESERVED
-CVE-2022-0122
- RESERVED
-CVE-2022-0121
- RESERVED
+CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...)
+ TODO: check
+CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...)
+ TODO: check
CVE-2022-22567
RESERVED
CVE-2022-22566
@@ -323,77 +395,101 @@ CVE-2022-22528
CVE-2022-22527
RESERVED
CVE-2022-0120
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0119
RESERVED
CVE-2022-0118
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0117
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0116
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0115
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0114
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0113
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0112
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0111
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0110
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0109
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0108
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0107
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0106
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0105
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0104
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0103
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0102
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0101
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0100
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0099
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0098
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0097
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0096
+ RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0095
@@ -1114,8 +1210,8 @@ CVE-2021-46040
RESERVED
CVE-2021-46039
RESERVED
-CVE-2021-46038
- RESERVED
+CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
+ TODO: check
CVE-2021-46037
RESERVED
CVE-2021-46036
@@ -1227,7 +1323,7 @@ CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm chec
- linux <unfixed>
NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
-CVE-2021-46144 [XSS vulnerability via HTML messages with malicious CSS content]
+CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...)
- roundcube <unfixed> (bug #1003027)
NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
@@ -1268,12 +1364,12 @@ CVE-2021-45973
CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...)
- giftrans <unfixed> (bug #1002739; unimportant)
NOTE: Negligible security impact; crash in CLI tool
-CVE-2021-45971
- RESERVED
-CVE-2021-45970
- RESERVED
-CVE-2021-45969
- RESERVED
+CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...)
+ TODO: check
+CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...)
+ TODO: check
+CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ TODO: check
CVE-2021-45968
RESERVED
CVE-2021-45967
@@ -1929,14 +2025,14 @@ CVE-2021-45835
RESERVED
CVE-2021-45834
RESERVED
-CVE-2021-45833
- RESERVED
-CVE-2021-45832
- RESERVED
-CVE-2021-45831
- RESERVED
-CVE-2021-45830
- RESERVED
+CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
+ TODO: check
+CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...)
+ TODO: check
+CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
+ TODO: check
+CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...)
+ TODO: check
CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...)
TODO: check
CVE-2021-45828
@@ -7998,12 +8094,12 @@ CVE-2022-21655
RESERVED
CVE-2022-21654
RESERVED
-CVE-2022-21653
- RESERVED
-CVE-2022-21652
- RESERVED
-CVE-2022-21651
- RESERVED
+CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...)
+ TODO: check
+CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...)
+ TODO: check
+CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...)
+ TODO: check
CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...)
NOT-FOR-US: Convos
CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...)
@@ -8048,8 +8144,8 @@ CVE-2021-43949
RESERVED
CVE-2021-43948
RESERVED
-CVE-2021-43947
- RESERVED
+CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
NOT-FOR-US: Atlassian
CVE-2021-43945
@@ -16213,8 +16309,8 @@ CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and
NOT-FOR-US: Crocoblock JetEngine
CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
NOT-FOR-US: OpenEMR
-CVE-2021-41842
- RESERVED
+CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
+ TODO: check
CVE-2021-41841
RESERVED
CVE-2021-41840
@@ -83511,8 +83607,8 @@ CVE-2020-27430
RESERVED
CVE-2020-27429
RESERVED
-CVE-2020-27428
- RESERVED
+CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...)
+ TODO: check
CVE-2020-27427
RESERVED
CVE-2020-27426
@@ -91795,8 +91891,8 @@ CVE-2020-23988
RESERVED
CVE-2020-23987
RESERVED
-CVE-2020-23986
- RESERVED
+CVE-2020-23986 (Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 w ...)
+ TODO: check
CVE-2020-23985
RESERVED
CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
@@ -136955,8 +137051,8 @@ CVE-2019-20358 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and
NOT-FOR-US: Trend Micro
CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in the Tren ...)
NOT-FOR-US: Trend Micro
-CVE-2020-5956
- RESERVED
+CVE-2020-5956 (An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel ...)
+ TODO: check
CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...)
NOT-FOR-US: Int15MicrocodeSmm
CVE-2020-5954
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d585efc4d52898448e20e21013676a7c0a057491
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d585efc4d52898448e20e21013676a7c0a057491
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220106/c5bf9c69/attachment.htm>
More information about the debian-security-tracker-commits
mailing list