[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd17244a by security tracker role at 2022-01-13T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-23206
+	RESERVED
 CVE-2022-23205
 	RESERVED
 CVE-2022-23204
@@ -180,12 +182,12 @@ CVE-2022-23127
 	RESERVED
 CVE-2022-23126
 	RESERVED
-CVE-2022-0198
-	RESERVED
-CVE-2022-0197
-	RESERVED
-CVE-2022-0196
-	RESERVED
+CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+	TODO: check
+CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
+CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+	TODO: check
 CVE-2022-0195
 	RESERVED
 CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel  ...)
@@ -923,8 +925,8 @@ CVE-2021-46227
 	RESERVED
 CVE-2021-46226
 	RESERVED
-CVE-2021-46225
-	RESERVED
+CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...)
+	TODO: check
 CVE-2021-46224
 	RESERVED
 CVE-2021-46223
@@ -5050,8 +5052,8 @@ CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_gener
 	- mbedtls <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0)
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0)
-CVE-2021-45449
-	RESERVED
+CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...)
+	TODO: check
 CVE-2021-45448
 	RESERVED
 CVE-2021-45447
@@ -10053,8 +10055,7 @@ CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that
 	- node-mermaid 8.13.8+~cs10.4.16-1
 	NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
 	NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
-CVE-2021-43860 [Permissions granted to applications can be hidden from the user at install time]
-	RESERVED
+CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework.  ...)
 	- flatpak 1.12.3-1
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
 	NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
@@ -10157,7 +10158,7 @@ CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is
 CVE-2021-43819
 	RESERVED
 CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language.  ...)
-	{DLA-2871-1}
+	{DSA-5043-1 DLA-2871-1}
 	- lxml 4.7.1-1 (bug #1001885)
 	NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
 	NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)
@@ -15118,8 +15119,8 @@ CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Hu
 	TODO: check
 CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives  ...)
 	TODO: check
-CVE-2021-42559
-	RESERVED
+CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...)
+	TODO: check
 CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...)
 	TODO: check
 CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
@@ -18685,8 +18686,8 @@ CVE-2021-41599
 	RESERVED
 CVE-2021-41598
 	RESERVED
-CVE-2021-41597
-	RESERVED
+CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote  ...)
+	TODO: check
 CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via  ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via  ...)
@@ -21145,22 +21146,22 @@ CVE-2021-40568
 	RESERVED
 CVE-2021-40567
 	RESERVED
-CVE-2021-40566
-	RESERVED
-CVE-2021-40565
-	RESERVED
-CVE-2021-40564
-	RESERVED
-CVE-2021-40563
-	RESERVED
-CVE-2021-40562
-	RESERVED
+CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
+	TODO: check
+CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
+	TODO: check
+CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability  ...)
+	TODO: check
+CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists  ...)
+	TODO: check
+CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
+	TODO: check
 CVE-2021-40561
 	RESERVED
 CVE-2021-40560
 	RESERVED
-CVE-2021-40559
-	RESERVED
+CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
+	TODO: check
 CVE-2021-40558
 	RESERVED
 CVE-2021-40557
@@ -28748,10 +28749,10 @@ CVE-2021-37532 (SAP Business One version - 10, due to improper input validation,
 	NOT-FOR-US: SAP
 CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...)
 	NOT-FOR-US: SAP
-CVE-2021-37530
-	RESERVED
-CVE-2021-37529
-	RESERVED
+CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...)
+	TODO: check
+CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...)
+	TODO: check
 CVE-2021-37528
 	RESERVED
 CVE-2021-37527



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd17244acee1befac20c0d233e981c67ae20bd76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd17244acee1befac20c0d233e981c67ae20bd76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220113/863c680d/attachment-0001.htm>