[Git][security-tracker-team/security-tracker][master] automatic update

Fri Jan 7 08:10:20 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5319a88 by security tracker role at 2022-01-07T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-22732
+	RESERVED
+CVE-2022-22731
+	RESERVED
+CVE-2022-0144
+	RESERVED
+CVE-2022-0143
+	RESERVED
+CVE-2022-0142
+	RESERVED
+CVE-2022-0141
+	RESERVED
+CVE-2022-0140
+	RESERVED
+CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+	TODO: check
+CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+	TODO: check
+CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+	TODO: check
+CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+	TODO: check
+CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+	TODO: check
 CVE-2022-22728
 	RESERVED
 CVE-2022-22727
@@ -1273,18 +1297,18 @@ CVE-2021-46046
 	RESERVED
 CVE-2021-46045
 	RESERVED
-CVE-2021-46044
-	RESERVED
-CVE-2021-46043
-	RESERVED
-CVE-2021-46042
-	RESERVED
-CVE-2021-46041
-	RESERVED
-CVE-2021-46040
-	RESERVED
-CVE-2021-46039
-	RESERVED
+CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
+	TODO: check
+CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
+	TODO: check
+CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
+	TODO: check
+CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
+	TODO: check
+CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
+	TODO: check
+CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
+	TODO: check
 CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/2000
@@ -8155,26 +8179,22 @@ CVE-2022-21666
 	RESERVED
 CVE-2022-21665
 	RESERVED
-CVE-2022-21664
-	RESERVED
+CVE-2022-21664 (WordPress is a free and open-source content management system written  ...)
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
-CVE-2022-21663
-	RESERVED
+CVE-2022-21663 (WordPress is a free and open-source content management system written  ...)
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
 	NOTE: https://hackerone.com/reports/541469
-CVE-2022-21662
-	RESERVED
+CVE-2022-21662 (WordPress is a free and open-source content management system written  ...)
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
 	NOTE: https://hackerone.com/reports/425342
-CVE-2022-21661
-	RESERVED
+CVE-2022-21661 (WordPress is a free and open-source content management system written  ...)
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
@@ -12814,8 +12834,8 @@ CVE-2021-42843
 	RESERVED
 CVE-2021-42842
 	RESERVED
-CVE-2021-42841
-	RESERVED
+CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of improper vali ...)
+	TODO: check
 CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...)
@@ -24082,8 +24102,8 @@ CVE-2021-38676
 	RESERVED
 CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
 	NOT-FOR-US: QNAP
-CVE-2021-38674
-	RESERVED
+CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
 CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...)
 	NOT-FOR-US: adminlte
 CVE-2021-38673
@@ -56529,8 +56549,8 @@ CVE-2021-25745
 	RESERVED
 CVE-2021-25744
 	RESERVED
-CVE-2021-25743
-	RESERVED
+CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...)
+	TODO: check
 CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...)
 	NOT-FOR-US: Kubernetes ingress-nginx component
 CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may be able ...)
@@ -71980,12 +72000,12 @@ CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series le
 	NOT-FOR-US: SonicWall
 CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...)
 	NOT-FOR-US: SonicWall
-CVE-2021-20048
-	RESERVED
+CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP response h ...)
+	TODO: check
 CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and ear ...)
 	NOT-FOR-US: SonicWall
-CVE-2021-20046
-	RESERVED
+CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP Content-Length respo ...)
+	TODO: check
 CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacN ...)
 	NOT-FOR-US: SonicWall
 CVE-2021-20044 (A post-authentication remote command injection vulnerability in SonicW ...)
@@ -76269,8 +76289,7 @@ CVE-2020-29052
 	RESERVED
 CVE-2020-29051
 	RESERVED
-CVE-2020-29050 [arbitrary file reads by scattered file snippets]
-	RESERVED
+CVE-2020-29050 (SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows direct ...)
 	{DSA-5036-1}
 	- sphinxsearch 2.2.11-3
 	NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
@@ -129025,16 +129044,16 @@ CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not au
 	NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...)
 	NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
-CVE-2020-9061
-	RESERVED
-CVE-2020-9060
-	RESERVED
-CVE-2020-9059
-	RESERVED
-CVE-2020-9058
-	RESERVED
-CVE-2020-9057
-	RESERVED
+CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets, includi ...)
+	TODO: check
+CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using S2, inc ...)
+	TODO: check
+CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using S0 auth ...)
+	TODO: check
+CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16  ...)
+	TODO: check
+CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets ...)
+	TODO: check
 CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...)
 	NOT-FOR-US: Periscope BuySpeed
 CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5319a8844eec54b157e9c4487857f6f56861140

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5319a8844eec54b157e9c4487857f6f56861140
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220107/16b4c8bb/attachment.htm>
