[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 13 20:10:35 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fd961b9 by security tracker role at 2022-01-13T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-0226
+	RESERVED
+CVE-2022-0225
+	RESERVED
+CVE-2022-0224
+	RESERVED
+CVE-2022-0223
+	RESERVED
+CVE-2022-0222
+	RESERVED
+CVE-2022-0221
+	RESERVED
+CVE-2022-0220
+	RESERVED
+CVE-2022-0219
+	RESERVED
+CVE-2022-0218
+	RESERVED
+CVE-2022-0216
+	RESERVED
+CVE-2022-0215
+	RESERVED
+CVE-2022-0214
+	RESERVED
+CVE-2022-0213
+	RESERVED
+CVE-2022-0212
+	RESERVED
+CVE-2022-0211
+	RESERVED
+CVE-2021-45729
+	RESERVED
+CVE-2021-44779
+	RESERVED
+CVE-2021-44777
+	RESERVED
+CVE-2021-44760
+	RESERVED
+CVE-2021-4207
+	RESERVED
+CVE-2021-4206
+	RESERVED
+CVE-2021-4205
+	RESERVED
+CVE-2021-31567
+	RESERVED
+CVE-2021-26256
+	RESERVED
+CVE-2021-23227
+	RESERVED
+CVE-2021-23209
+	RESERVED
+CVE-2021-23174
+	RESERVED
+CVE-2021-23150
+	RESERVED
 CVE-2022-23206
 	RESERVED
 CVE-2022-23205
@@ -53,6 +109,7 @@ CVE-2022-23179
 CVE-2022-21199
 	RESERVED
 CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface]
+	RESERVED
 	- prosody <unfixed>
 	NOTE: https://prosody.im/security/advisory_20220113/
 	NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
@@ -169,14 +226,14 @@ CVE-2022-23136
 	RESERVED
 CVE-2022-23135
 	RESERVED
-CVE-2022-23134
-	RESERVED
-CVE-2022-23133
-	RESERVED
-CVE-2022-23132
-	RESERVED
-CVE-2022-23131
-	RESERVED
+CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
+	TODO: check
+CVE-2022-23133 (An authenticated user can create a hosts group from the configuration  ...)
+	TODO: check
+CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...)
+	TODO: check
+CVE-2022-23131 (In the case of instances where the SAML SSO authentication is enabled  ...)
+	TODO: check
 CVE-2022-23130
 	RESERVED
 CVE-2022-23129
@@ -1321,6 +1378,7 @@ CVE-2022-22752
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752
 CVE-2022-22751
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1337,6 +1395,7 @@ CVE-2022-22749
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749
 CVE-2022-22748
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1345,6 +1404,7 @@ CVE-2022-22748
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
 CVE-2022-22747
 	RESERVED
+	{DSA-5044-1}
 	- nss 2:3.73-1
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
@@ -1364,6 +1424,7 @@ CVE-2022-22746
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746
 CVE-2022-22745
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1380,6 +1441,7 @@ CVE-2022-22744
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744
 CVE-2022-22743
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1388,6 +1450,7 @@ CVE-2022-22743
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743
 CVE-2022-22742
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1396,6 +1459,7 @@ CVE-2022-22742
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742
 CVE-2022-22741
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1404,6 +1468,7 @@ CVE-2022-22741
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741
 CVE-2022-22740
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1412,6 +1477,7 @@ CVE-2022-22740
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740
 CVE-2022-22739
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1420,6 +1486,7 @@ CVE-2022-22739
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739
 CVE-2022-22738
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -1428,6 +1495,7 @@ CVE-2022-22738
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738
 CVE-2022-22737
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -3741,10 +3809,10 @@ CVE-2021-45809
 	RESERVED
 CVE-2021-45808
 	RESERVED
-CVE-2021-45807
-	RESERVED
-CVE-2021-45806
-	RESERVED
+CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
+	TODO: check
+CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers  ...)
+	TODO: check
 CVE-2021-45805
 	RESERVED
 CVE-2021-45804
@@ -4879,14 +4947,14 @@ CVE-2022-22127
 	RESERVED
 CVE-2022-22126
 	RESERVED
-CVE-2022-22125
-	RESERVED
-CVE-2022-22124
-	RESERVED
-CVE-2022-22123
-	RESERVED
-CVE-2022-22122
-	RESERVED
+CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored  ...)
+	TODO: check
+CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored  ...)
+	TODO: check
+CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored  ...)
+	TODO: check
+CVE-2022-22122 (In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0 ...)
+	TODO: check
 CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...)
 	NOT-FOR-US: NocoDB
 CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...)
@@ -4903,10 +4971,10 @@ CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cr
 	NOT-FOR-US: Teedy
 CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...)
 	NOT-FOR-US: Teedy
-CVE-2022-22113
-	RESERVED
-CVE-2022-22112
-	RESERVED
+CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable  ...)
+	TODO: check
+CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...)
+	TODO: check
 CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...)
 	NOT-FOR-US: DayByDay CRM
 CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...)
@@ -5153,8 +5221,8 @@ CVE-2021-45424
 	RESERVED
 CVE-2021-45423
 	RESERVED
-CVE-2021-45422
-	RESERVED
+CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
+	TODO: check
 CVE-2021-45421
 	RESERVED
 CVE-2021-45420
@@ -5579,6 +5647,7 @@ CVE-2021-4141
 	RESERVED
 CVE-2021-4140
 	RESERVED
+	{DSA-5044-1}
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
 	- thunderbird 1:91.5.0-1
@@ -9805,8 +9874,8 @@ CVE-2022-21680
 	RESERVED
 CVE-2022-21679
 	RESERVED
-CVE-2022-21678
-	RESERVED
+CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...)
+	TODO: check
 CVE-2022-21677
 	RESERVED
 CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
@@ -20663,8 +20732,8 @@ CVE-2021-40815
 	RESERVED
 CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...)
 	NOT-FOR-US: PrestaShop addon
-CVE-2021-40813
-	RESERVED
+CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
+	TODO: check
 CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
 	- libgd2 <unfixed>
 	[bullseye] - libgd2 <no-dsa> (Minor issue)
@@ -21176,26 +21245,26 @@ CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerabilit
 	NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
 CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
 	NOT-FOR-US: Sourcecodester
-CVE-2021-40576
-	RESERVED
-CVE-2021-40575
-	RESERVED
-CVE-2021-40574
-	RESERVED
-CVE-2021-40573
-	RESERVED
-CVE-2021-40572
-	RESERVED
-CVE-2021-40571
-	RESERVED
-CVE-2021-40570
-	RESERVED
-CVE-2021-40569
-	RESERVED
-CVE-2021-40568
-	RESERVED
-CVE-2021-40567
-	RESERVED
+CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+	TODO: check
+CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+	TODO: check
+CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+	TODO: check
+CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+	TODO: check
+CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
+	TODO: check
+CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+	TODO: check
+CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+	TODO: check
+CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
+	TODO: check
+CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
+	TODO: check
+CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the  ...)
+	TODO: check
 CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
 	TODO: check
 CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
@@ -21857,8 +21926,8 @@ CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...)
 	NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7)
 CVE-2021-40328
 	RESERVED
-CVE-2021-40327
-	RESERVED
+CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...)
+	TODO: check
 CVE-2021-40326
 	RESERVED
 CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
@@ -25007,8 +25076,8 @@ CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker
 	NOT-FOR-US: IBM
 CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...)
 	NOT-FOR-US: IBM
-CVE-2021-39056
-	RESERVED
+CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...)
+	TODO: check
 CVE-2021-39055
 	RESERVED
 CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
@@ -46561,8 +46630,7 @@ CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 imp
 	NOT-FOR-US: Amazon Kindle e-reader
 CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains  ...)
 	NOT-FOR-US: Amazon Kindle e-reader
-CVE-2021-30353
-	RESERVED
+CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30352
 	RESERVED
@@ -46608,8 +46676,8 @@ CVE-2021-30332
 	RESERVED
 CVE-2021-30331
 	RESERVED
-CVE-2021-30330
-	RESERVED
+CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...)
+	TODO: check
 CVE-2021-30329
 	RESERVED
 CVE-2021-30328
@@ -46630,8 +46698,7 @@ CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check d
 	NOT-FOR-US: Snapdragon
 CVE-2021-30320
 	RESERVED
-CVE-2021-30319
-	RESERVED
+CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30318
 	RESERVED
@@ -46641,25 +46708,21 @@ CVE-2021-30316 (Possible out of bound memory access due to improper boundary che
 	NOT-FOR-US: Snapdragon
 CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
 	NOT-FOR-US: Snapdragon
-CVE-2021-30314
-	RESERVED
+CVE-2021-30314 (Lack of validation for third party application accessing the service c ...)
 	NOT-FOR-US: Qualcomm
-CVE-2021-30313
-	RESERVED
+CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...)
+	TODO: check
 CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30311
-	RESERVED
+CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30309
 	RESERVED
-CVE-2021-30308
-	RESERVED
+CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...)
 	NOT-FOR-US: Qualcomm
-CVE-2021-30307
-	RESERVED
+CVE-2021-30307 (Possible denial of service due to improper validation of DNS response  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -46671,11 +46734,9 @@ CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated  ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30301
-	RESERVED
+CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...)
 	NOT-FOR-US: Qualcomm
-CVE-2021-30300
-	RESERVED
+CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30299
 	RESERVED
@@ -46701,13 +46762,11 @@ CVE-2021-30289 (Possible buffer overflow due to lack of range check while proces
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30287
-	RESERVED
+CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30286
 	RESERVED
-CVE-2021-30285
-	RESERVED
+CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...)
 	NOT-FOR-US: Qualcomm
 CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -62765,8 +62824,8 @@ CVE-2021-23826
 	RESERVED
 CVE-2021-23825
 	RESERVED
-CVE-2021-23824
-	RESERVED
+CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...)
+	TODO: check
 CVE-2021-23823
 	RESERVED
 CVE-2021-23822
@@ -63391,8 +63450,8 @@ CVE-2021-23516
 	RESERVED
 CVE-2021-23515
 	RESERVED
-CVE-2021-23514
-	RESERVED
+CVE-2021-23514 (This affects the package Crow before 0.3+4. It is possible to traverse ...)
+	TODO: check
 CVE-2021-23513
 	RESERVED
 CVE-2021-23512



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd961b9495129a3c008b83527f8af6a440e9ce8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd961b9495129a3c008b83527f8af6a440e9ce8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220113/b5efd513/attachment.htm>


More information about the debian-security-tracker-commits mailing list