[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 13 08:10:21 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dd17244a by security tracker role at 2022-01-13T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-23206
+ RESERVED
CVE-2022-23205
RESERVED
CVE-2022-23204
@@ -180,12 +182,12 @@ CVE-2022-23127
RESERVED
CVE-2022-23126
RESERVED
-CVE-2022-0198
- RESERVED
-CVE-2022-0197
- RESERVED
-CVE-2022-0196
- RESERVED
+CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ TODO: check
+CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
+CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ TODO: check
CVE-2022-0195
RESERVED
CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...)
@@ -923,8 +925,8 @@ CVE-2021-46227
RESERVED
CVE-2021-46226
RESERVED
-CVE-2021-46225
- RESERVED
+CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...)
+ TODO: check
CVE-2021-46224
RESERVED
CVE-2021-46223
@@ -5050,8 +5052,8 @@ CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_gener
- mbedtls <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0)
NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0)
-CVE-2021-45449
- RESERVED
+CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...)
+ TODO: check
CVE-2021-45448
RESERVED
CVE-2021-45447
@@ -10053,8 +10055,7 @@ CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that
- node-mermaid 8.13.8+~cs10.4.16-1
NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
-CVE-2021-43860 [Permissions granted to applications can be hidden from the user at install time]
- RESERVED
+CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...)
- flatpak 1.12.3-1
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
@@ -10157,7 +10158,7 @@ CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is
CVE-2021-43819
RESERVED
CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...)
- {DLA-2871-1}
+ {DSA-5043-1 DLA-2871-1}
- lxml 4.7.1-1 (bug #1001885)
NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)
@@ -15118,8 +15119,8 @@ CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Hu
TODO: check
CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...)
TODO: check
-CVE-2021-42559
- RESERVED
+CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...)
+ TODO: check
CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...)
TODO: check
CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
@@ -18685,8 +18686,8 @@ CVE-2021-41599
RESERVED
CVE-2021-41598
RESERVED
-CVE-2021-41597
- RESERVED
+CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...)
+ TODO: check
CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
NOT-FOR-US: SuiteCRM
CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
@@ -21145,22 +21146,22 @@ CVE-2021-40568
RESERVED
CVE-2021-40567
RESERVED
-CVE-2021-40566
- RESERVED
-CVE-2021-40565
- RESERVED
-CVE-2021-40564
- RESERVED
-CVE-2021-40563
- RESERVED
-CVE-2021-40562
- RESERVED
+CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
+ TODO: check
+CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
+ TODO: check
+CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...)
+ TODO: check
+CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...)
+ TODO: check
+CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
+ TODO: check
CVE-2021-40561
RESERVED
CVE-2021-40560
RESERVED
-CVE-2021-40559
- RESERVED
+CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
+ TODO: check
CVE-2021-40558
RESERVED
CVE-2021-40557
@@ -28748,10 +28749,10 @@ CVE-2021-37532 (SAP Business One version - 10, due to improper input validation,
NOT-FOR-US: SAP
CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...)
NOT-FOR-US: SAP
-CVE-2021-37530
- RESERVED
-CVE-2021-37529
- RESERVED
+CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...)
+ TODO: check
+CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...)
+ TODO: check
CVE-2021-37528
RESERVED
CVE-2021-37527
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd17244acee1befac20c0d233e981c67ae20bd76
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd17244acee1befac20c0d233e981c67ae20bd76
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220113/863c680d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list