[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 6 20:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13608fba by security tracker role at 2022-01-06T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2022-22728
+ RESERVED
+CVE-2022-22727
+ RESERVED
+CVE-2022-22726
+ RESERVED
+CVE-2022-22725
+ RESERVED
+CVE-2022-22724
+ RESERVED
+CVE-2022-22723
+ RESERVED
+CVE-2022-22722
+ RESERVED
+CVE-2022-22721
+ RESERVED
+CVE-2022-22720
+ RESERVED
+CVE-2022-22719
+ RESERVED
+CVE-2022-22718
+ RESERVED
+CVE-2022-22717
+ RESERVED
+CVE-2022-22716
+ RESERVED
+CVE-2022-22715
+ RESERVED
+CVE-2022-22714
+ RESERVED
+CVE-2022-22713
+ RESERVED
+CVE-2022-22712
+ RESERVED
+CVE-2022-22711
+ RESERVED
+CVE-2022-22710
+ RESERVED
+CVE-2022-22709
+ RESERVED
+CVE-2022-21806
+ RESERVED
+CVE-2022-0139
+ RESERVED
+CVE-2022-0138
+ RESERVED
+CVE-2022-0137
+ RESERVED
+CVE-2022-0136
+ RESERVED
+CVE-2022-0135
+ RESERVED
+CVE-2022-0134
+ RESERVED
+CVE-2022-0133
+ RESERVED
+CVE-2022-0132
+ RESERVED
+CVE-2022-0131
+ RESERVED
+CVE-2021-4201
+ RESERVED
CVE-2022-22708
RESERVED
CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
@@ -81,8 +143,8 @@ CVE-2022-22678
RESERVED
CVE-2022-0129
RESERVED
-CVE-2022-0128
- RESERVED
+CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...)
+ TODO: check
CVE-2022-0127
RESERVED
CVE-2022-0126
@@ -1133,34 +1195,34 @@ CVE-2021-46082
RESERVED
CVE-2021-46081
RESERVED
-CVE-2021-46080
- RESERVED
-CVE-2021-46079
- RESERVED
-CVE-2021-46078
- RESERVED
+CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...)
+ TODO: check
+CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ TODO: check
+CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ TODO: check
CVE-2021-46077
RESERVED
-CVE-2021-46076
- RESERVED
-CVE-2021-46075
- RESERVED
-CVE-2021-46074
- RESERVED
-CVE-2021-46073
- RESERVED
-CVE-2021-46072
- RESERVED
-CVE-2021-46071
- RESERVED
-CVE-2021-46070
- RESERVED
-CVE-2021-46069
- RESERVED
-CVE-2021-46068
- RESERVED
-CVE-2021-46067
- RESERVED
+CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...)
+ TODO: check
+CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...)
+ TODO: check
+CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ TODO: check
+CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ TODO: check
+CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ TODO: check
+CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ TODO: check
+CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ TODO: check
+CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ TODO: check
+CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ TODO: check
+CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...)
+ TODO: check
CVE-2021-46066
RESERVED
CVE-2021-46065
@@ -1580,8 +1642,8 @@ CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive infor
NOT-FOR-US: Netgear
CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
NOT-FOR-US: Bitmask Riseup VPN
-CVE-2021-4194
- RESERVED
+CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
+ TODO: check
CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -2208,10 +2270,10 @@ CVE-2021-45747
RESERVED
CVE-2021-45746
RESERVED
-CVE-2021-45745
- RESERVED
-CVE-2021-45744
- RESERVED
+CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...)
+ TODO: check
+CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...)
+ TODO: check
CVE-2021-45743
RESERVED
CVE-2021-45742
@@ -3333,14 +3395,11 @@ CVE-2022-22055
RESERVED
CVE-2022-22054
RESERVED
-CVE-2021-45458
- RESERVED
+CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2021-45457
- RESERVED
+CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2021-45456
- RESERVED
+CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-45455
RESERVED
@@ -5237,8 +5296,8 @@ CVE-2021-44880
RESERVED
CVE-2021-44879
RESERVED
-CVE-2021-44878
- RESERVED
+CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
+ TODO: check
CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
@@ -6097,10 +6156,10 @@ CVE-2021-44593
RESERVED
CVE-2021-44592
RESERVED
-CVE-2021-44591
- RESERVED
-CVE-2021-44590
- RESERVED
+CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
+ TODO: check
+CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...)
+ TODO: check
CVE-2021-44589
RESERVED
CVE-2021-44588
@@ -6111,8 +6170,8 @@ CVE-2021-44586
RESERVED
CVE-2021-44585
RESERVED
-CVE-2021-44584
- RESERVED
+CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
+ TODO: check
CVE-2021-44583
RESERVED
CVE-2021-44582
@@ -6151,8 +6210,8 @@ CVE-2021-44566
RESERVED
CVE-2021-44565
RESERVED
-CVE-2021-44564
- RESERVED
+CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...)
+ TODO: check
CVE-2021-44563
RESERVED
CVE-2021-44562
@@ -6765,8 +6824,8 @@ CVE-2021-44353
RESERVED
CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
NOT-FOR-US: Tenda
-CVE-2021-44351
- RESERVED
+CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...)
+ TODO: check
CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via ...)
NOT-FOR-US: ThinkPHP5
CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
@@ -12242,8 +12301,7 @@ CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6)
-CVE-2021-43045
- RESERVED
+CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...)
NOT-FOR-US: Apache Avro
CVE-2021-3913
RESERVED
@@ -28723,8 +28781,7 @@ CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because o
[buster] - mbedtls <no-dsa> (Minor issue)
[stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/issues/3394
-CVE-2021-36774
- RESERVED
+CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
- ublock-origin 1.37.0+dfsg-1 (bug #991386)
@@ -28852,14 +28909,11 @@ CVE-2021-3644
- wildfly <itp> (bug #752018)
CVE-2020-36419
RESERVED
-CVE-2021-36739
- RESERVED
+CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...)
NOT-FOR-US: Apache Pluto MVCBean JSP portlet
-CVE-2021-36738
- RESERVED
+CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...)
NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet
-CVE-2021-36737
- RESERVED
+CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...)
NOT-FOR-US: Apache Pluto UrlTestPortlet
CVE-2021-36736
RESERVED
@@ -41666,8 +41720,7 @@ CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows R
NOT-FOR-US: Wikimedia Quarry
CVE-2021-31524
RESERVED
-CVE-2021-31522
- RESERVED
+CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...)
NOT-FOR-US: Zephyr, different from src:zephyr
@@ -48873,12 +48926,10 @@ CVE-2021-28717
RESERVED
CVE-2021-28716
RESERVED
-CVE-2021-28715
- RESERVED
+CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
-CVE-2021-28714
- RESERVED
+CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-392.html
CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
@@ -51381,8 +51432,7 @@ CVE-2021-27739
RESERVED
CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
NOT-FOR-US: JetBrains Ktor
-CVE-2021-27738
- RESERVED
+CVE-2021-27738 (All request mappings in `StreamingCoordinatorController.java` handling ...)
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...)
- trafficserver <not-affected> (Only affects 9.x)
@@ -76190,6 +76240,7 @@ CVE-2020-29051
RESERVED
CVE-2020-29050 [arbitrary file reads by scattered file snippets]
RESERVED
+ {DSA-5036-1}
- sphinxsearch 2.2.11-3
NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
NOTE: and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13608fbab84d64b0fb21235b4f1617c39fe20901
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13608fbab84d64b0fb21235b4f1617c39fe20901
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220106/12ff14a6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list