[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jan 8 20:10:37 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee4f2b5f by security tracker role at 2022-01-08T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-0156
+	RESERVED
 CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...)
 	- expat <unfixed>
 	NOTE: https://github.com/libexpat/libexpat/pull/539
@@ -1715,6 +1717,7 @@ CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm chec
 	NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
 CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML  ...)
+	{DSA-5037-1}
 	- roundcube <unfixed> (bug #1003027)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
@@ -1839,6 +1842,7 @@ CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_addre
 CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
 	- libredwg <itp> (bug #595191)
 CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)
+	{DSA-5038-1}
 	- ghostscript 9.55.0~dfsg-1
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
@@ -1856,6 +1860,7 @@ CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called f
 CVE-2021-45945 (uWebSockets 19.0.0 through 20.8.0 has an out-of-bounds write in std::_ ...)
 	NOT-FOR-US: uWebSockets
 CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
+	{DSA-5038-1}
 	- ghostscript 9.54.0~dfsg-5
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
@@ -3809,12 +3814,12 @@ CVE-2017-20009
 	NOT-FOR-US: MODX Revolution
 CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the "<object data='data:text ...)
 	NOT-FOR-US: PrestaShop
-CVE-2021-45442
-	RESERVED
-CVE-2021-45441
-	RESERVED
-CVE-2021-45440
-	RESERVED
+CVE-2021-45442 (A link following denial-of-service vulnerability in Trend Micro Worry- ...)
+	TODO: check
+CVE-2021-45441 (A origin validation error vulnerability in Trend Micro Apex One (on-pr ...)
+	TODO: check
+CVE-2021-45440 (A unnecessary privilege vulnerability in Trend Micro Apex One and Tren ...)
+	TODO: check
 CVE-2021-45439
 	RESERVED
 CVE-2021-45438
@@ -4483,8 +4488,8 @@ CVE-2021-45233
 	RESERVED
 CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...)
 	NOT-FOR-US: Apache APISIX Dashboard
-CVE-2021-45231
-	RESERVED
+CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...)
+	TODO: check
 CVE-2021-45230
 	RESERVED
 CVE-2021-45229
@@ -8128,8 +8133,8 @@ CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 becaus
 	NOT-FOR-US: Quest KACE Desktop Authority
 CVE-2021-44027
 	RESERVED
-CVE-2021-44024
-	RESERVED
+CVE-2021-44024 (A link following denial-of-service vulnerability in Trend Micro Apex O ...)
+	TODO: check
 CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...)
 	NOT-FOR-US: Trend Micro
 CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee4f2b5f0696152303de94a4fa0de2ed15f0961c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee4f2b5f0696152303de94a4fa0de2ed15f0961c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220108/84a19ba3/attachment-0001.htm>
