[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 11 20:10:23 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
504e4d73 by security tracker role at 2022-01-11T20:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2022-23125
+	RESERVED
+CVE-2022-23124
+	RESERVED
+CVE-2022-23123
+	RESERVED
+CVE-2022-23122
+	RESERVED
+CVE-2022-23121
+	RESERVED
+CVE-2022-23120
+	RESERVED
+CVE-2022-23119
+	RESERVED
+CVE-2022-23118
+	RESERVED
+CVE-2022-23117
+	RESERVED
+CVE-2022-23116
+	RESERVED
+CVE-2022-23115
+	RESERVED
+CVE-2022-23114
+	RESERVED
+CVE-2022-23113
+	RESERVED
+CVE-2022-23112
+	RESERVED
+CVE-2022-23111
+	RESERVED
+CVE-2022-23110
+	RESERVED
+CVE-2022-23109
+	RESERVED
+CVE-2022-23108
+	RESERVED
+CVE-2022-23107
+	RESERVED
+CVE-2022-23106
+	RESERVED
+CVE-2022-23105
+	RESERVED
+CVE-2022-23102
+	RESERVED
+CVE-2022-21236
+	RESERVED
+CVE-2022-21217
+	RESERVED
+CVE-2022-21134
+	RESERVED
+CVE-2022-0194
+	RESERVED
+CVE-2022-0193
+	RESERVED
+CVE-2022-0192
+	RESERVED
+CVE-2022-0191
+	RESERVED
+CVE-2022-0190
+	RESERVED
+CVE-2022-0189
+	RESERVED
+CVE-2022-0188
+	RESERVED
+CVE-2022-0187
+	RESERVED
+CVE-2022-0186
+	RESERVED
+CVE-2022-0185
+	RESERVED
+CVE-2022-0184
+	RESERVED
+CVE-2022-0183
+	RESERVED
+CVE-2020-36515
+	RESERVED
 CVE-2022-23101
 	RESERVED
 CVE-2022-23100
@@ -528,14 +604,14 @@ CVE-2022-0175
 	RESERVED
 CVE-2022-0174 (dolibarr is vulnerable to Business Logic Errors ...)
 	- dolibarr <removed>
-CVE-2022-0173
-	RESERVED
+CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
+	TODO: check
 CVE-2022-0172
 	RESERVED
 CVE-2022-0171
 	RESERVED
-CVE-2022-0170
-	RESERVED
+CVE-2022-0170 (peertube is vulnerable to Improper Access Control ...)
+	TODO: check
 CVE-2022-0169
 	RESERVED
 CVE-2022-0168
@@ -1284,6 +1360,7 @@ CVE-2021-4201
 CVE-2022-22708
 	RESERVED
 CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
+	{DSA-5040-1}
 	- lighttpd <unfixed>
 	NOTE: https://redmine.lighttpd.net/issues/3134
 	NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
@@ -1366,8 +1443,8 @@ CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs i
 	NOTE: https://github.com/uriparser/uriparser/pull/124
 CVE-2022-22678
 	RESERVED
-CVE-2022-0129
-	RESERVED
+CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee TechCheck pri ...)
+	TODO: check
 CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...)
 	- vim <unfixed>
 	[bullseye] - vim <not-affected> (Vulnerable code introduced later)
@@ -4252,8 +4329,8 @@ CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c]
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html
 CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
 	NOT-FOR-US: FreePBX
-CVE-2021-45460
-	RESERVED
+CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...)
+	TODO: check
 CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
 	RESERVED
 	- linux 5.10.38-1
@@ -6253,10 +6330,10 @@ CVE-2021-45036
 	RESERVED
 CVE-2021-45035
 	RESERVED
-CVE-2021-45034
-	RESERVED
-CVE-2021-45033
-	RESERVED
+CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O  ...)
+	TODO: check
+CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O  ...)
+	TODO: check
 CVE-2021-45032
 	RESERVED
 CVE-2021-45031
@@ -7342,8 +7419,8 @@ CVE-2021-44649
 	RESERVED
 CVE-2021-44648
 	RESERVED
-CVE-2021-44647
-	RESERVED
+CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...)
+	TODO: check
 CVE-2021-44646
 	RESERVED
 CVE-2021-44645
@@ -9454,14 +9531,14 @@ CVE-2022-21673
 	RESERVED
 CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI configuratio ...)
 	TODO: check
-CVE-2022-21671
-	RESERVED
+CVE-2022-21671 (@replit/crosis is a JavaScript client that speaks Replit's container p ...)
+	TODO: check
 CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...)
 	- node-markdown-it <unfixed>
 	NOTE: https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
 	NOTE: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101 (12.3.2)
-CVE-2022-21669
-	RESERVED
+CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652 and pri ...)
+	TODO: check
 CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...)
 	TODO: check
 CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...)
@@ -9471,21 +9548,25 @@ CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management sys
 CVE-2022-21665
 	RESERVED
 CVE-2022-21664 (WordPress is a free and open-source content management system written  ...)
+	{DSA-5039-1}
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
 CVE-2022-21663 (WordPress is a free and open-source content management system written  ...)
+	{DSA-5039-1}
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
 	NOTE: https://hackerone.com/reports/541469
 CVE-2022-21662 (WordPress is a free and open-source content management system written  ...)
+	{DSA-5039-1}
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
 	NOTE: https://hackerone.com/reports/425342
 CVE-2022-21661 (WordPress is a free and open-source content management system written  ...)
+	{DSA-5039-1}
 	- wordpress 5.8.3+dfsg1-1 (bug #1003243)
 	NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
@@ -11291,8 +11372,7 @@ CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecds
 	NOT-FOR-US: Stark bank libraries
 CVE-2021-43567
 	RESERVED
-CVE-2021-43566
-	RESERVED
+CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...)
 	- samba <unfixed>
 	[bullseye] - samba <no-dsa> (Minor issue; no backport to older versions, mitigations exists)
 	[buster] - samba <no-dsa> (Minor issue; no backport to older versions, mitigations exists)
@@ -13630,14 +13710,14 @@ CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
-CVE-2021-43055
-	RESERVED
-CVE-2021-43054
-	RESERVED
-CVE-2021-43053
-	RESERVED
-CVE-2021-43052
-	RESERVED
+CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+	TODO: check
+CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+	TODO: check
+CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+	TODO: check
+CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+	TODO: check
 CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
 	NOT-FOR-US: Spotfire Server component of TIBCO
 CVE-2021-43050
@@ -17977,8 +18057,8 @@ CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing
 	NOT-FOR-US: Ping Identity PingFederate
 CVE-2021-3838
 	RESERVED
-CVE-2021-41769
-	RESERVED
+CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
+	TODO: check
 CVE-2021-41768
 	RESERVED
 CVE-2021-41767
@@ -24730,8 +24810,8 @@ CVE-2021-38993
 	RESERVED
 CVE-2021-38992
 	RESERVED
-CVE-2021-38991
-	RESERVED
+CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...)
+	TODO: check
 CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
 	NOT-FOR-US: IBM
 CVE-2021-38989
@@ -29121,14 +29201,14 @@ CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions &
 	NOT-FOR-US: Siemens
 CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions),  ...)
 	NOT-FOR-US: Siemens
-CVE-2021-37198
-	RESERVED
-CVE-2021-37197
-	RESERVED
-CVE-2021-37196
-	RESERVED
-CVE-2021-37195
-	RESERVED
+CVE-2021-37198 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+	TODO: check
+CVE-2021-37197 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+	TODO: check
+CVE-2021-37196 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+	TODO: check
+CVE-2021-37195 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+	TODO: check
 CVE-2021-37194
 	RESERVED
 CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -34970,8 +35050,8 @@ CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco I
 	NOT-FOR-US: Cisco
 CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...)
 	NOT-FOR-US: Cisco
-CVE-2021-34704
-	RESERVED
+CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+	TODO: check
 CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...)
 	NOT-FOR-US: Cisco
 CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -47827,8 +47907,8 @@ CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is
 	NOT-FOR-US: IBM
 CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
 	NOT-FOR-US: IBM
-CVE-2021-29701
-	RESERVED
+CVE-2021-29701 (IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as I ...)
+	TODO: check
 CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
 	NOT-FOR-US: IBM
 CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...)
@@ -53563,7 +53643,7 @@ CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian
 	NOT-FOR-US: Siemens
 CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
 	NOT-FOR-US: Mendix Applications (Siemens)
-CVE-2021-27393 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network  ...)
 	NOT-FOR-US: Siveillance
@@ -58033,7 +58113,7 @@ CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command
 	NOT-FOR-US: Node async-git
 CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
 	NOT-FOR-US: Solid Edge (Siemens)
-CVE-2021-25677 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...)
 	NOT-FOR-US: Siemens
@@ -78674,8 +78754,8 @@ CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Vi
 	NOT-FOR-US: Cisco
 CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
-CVE-2021-1573
-	RESERVED
+CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+	TODO: check
 CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker  ...)
 	NOT-FOR-US: Cisco
 CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -82587,10 +82667,10 @@ CVE-2020-28105
 	RESERVED
 CVE-2020-28104
 	RESERVED
-CVE-2020-28103
-	RESERVED
-CVE-2020-28102
-	RESERVED
+CVE-2020-28103 (cscms v4.1 allows for SQL injection via the "page_del" function. ...)
+	TODO: check
+CVE-2020-28102 (cscms v4.1 allows for SQL injection via the "js_del" function. ...)
+	TODO: check
 CVE-2020-28101
 	RESERVED
 CVE-2020-28100
@@ -83931,11 +84011,11 @@ CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit throug
 	- webcit <removed> (bug #973385)
 	[buster] - webcit <ignored> (Minor issue)
 	[stretch] - webcit <ignored> (Minor issue)
-CVE-2020-27738 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27738 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
 	NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27737 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27737 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
 	NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27736 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27736 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...)
 	NOT-FOR-US: Wing FTP
@@ -85948,7 +86028,7 @@ CVE-2020-27011
 	RESERVED
 CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
 	NOT-FOR-US: Trend Micro
-CVE-2020-27009 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All versions <  ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
 	NOT-FOR-US: JT2Go
@@ -111016,7 +111096,7 @@ CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All
 	NOT-FOR-US: DCA Vantage Analyzer
 CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
 	NOT-FOR-US: Siemens
-CVE-2020-15795 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All versions <  ...)
 	NOT-FOR-US: Nucleus (Siemens)
 CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions).  ...)
 	NOT-FOR-US: Desigo Insight



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504e4d73dc4bd3508fd4d079bdb53c4a3dcb7235

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504e4d73dc4bd3508fd4d079bdb53c4a3dcb7235
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220111/36318b95/attachment.htm>

More information about the debian-security-tracker-commits mailing list