[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 13 20:10:35 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3fd961b9 by security tracker role at 2022-01-13T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-0226
+ RESERVED
+CVE-2022-0225
+ RESERVED
+CVE-2022-0224
+ RESERVED
+CVE-2022-0223
+ RESERVED
+CVE-2022-0222
+ RESERVED
+CVE-2022-0221
+ RESERVED
+CVE-2022-0220
+ RESERVED
+CVE-2022-0219
+ RESERVED
+CVE-2022-0218
+ RESERVED
+CVE-2022-0216
+ RESERVED
+CVE-2022-0215
+ RESERVED
+CVE-2022-0214
+ RESERVED
+CVE-2022-0213
+ RESERVED
+CVE-2022-0212
+ RESERVED
+CVE-2022-0211
+ RESERVED
+CVE-2021-45729
+ RESERVED
+CVE-2021-44779
+ RESERVED
+CVE-2021-44777
+ RESERVED
+CVE-2021-44760
+ RESERVED
+CVE-2021-4207
+ RESERVED
+CVE-2021-4206
+ RESERVED
+CVE-2021-4205
+ RESERVED
+CVE-2021-31567
+ RESERVED
+CVE-2021-26256
+ RESERVED
+CVE-2021-23227
+ RESERVED
+CVE-2021-23209
+ RESERVED
+CVE-2021-23174
+ RESERVED
+CVE-2021-23150
+ RESERVED
CVE-2022-23206
RESERVED
CVE-2022-23205
@@ -53,6 +109,7 @@ CVE-2022-23179
CVE-2022-21199
RESERVED
CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface]
+ RESERVED
- prosody <unfixed>
NOTE: https://prosody.im/security/advisory_20220113/
NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
@@ -169,14 +226,14 @@ CVE-2022-23136
RESERVED
CVE-2022-23135
RESERVED
-CVE-2022-23134
- RESERVED
-CVE-2022-23133
- RESERVED
-CVE-2022-23132
- RESERVED
-CVE-2022-23131
- RESERVED
+CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
+ TODO: check
+CVE-2022-23133 (An authenticated user can create a hosts group from the configuration ...)
+ TODO: check
+CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...)
+ TODO: check
+CVE-2022-23131 (In the case of instances where the SAML SSO authentication is enabled ...)
+ TODO: check
CVE-2022-23130
RESERVED
CVE-2022-23129
@@ -1321,6 +1378,7 @@ CVE-2022-22752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752
CVE-2022-22751
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1337,6 +1395,7 @@ CVE-2022-22749
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749
CVE-2022-22748
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1345,6 +1404,7 @@ CVE-2022-22748
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
CVE-2022-22747
RESERVED
+ {DSA-5044-1}
- nss 2:3.73-1
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -1364,6 +1424,7 @@ CVE-2022-22746
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746
CVE-2022-22745
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1380,6 +1441,7 @@ CVE-2022-22744
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744
CVE-2022-22743
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1388,6 +1450,7 @@ CVE-2022-22743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743
CVE-2022-22742
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1396,6 +1459,7 @@ CVE-2022-22742
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742
CVE-2022-22741
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1404,6 +1468,7 @@ CVE-2022-22741
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741
CVE-2022-22740
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1412,6 +1477,7 @@ CVE-2022-22740
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740
CVE-2022-22739
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1420,6 +1486,7 @@ CVE-2022-22739
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739
CVE-2022-22738
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -1428,6 +1495,7 @@ CVE-2022-22738
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738
CVE-2022-22737
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -3741,10 +3809,10 @@ CVE-2021-45809
RESERVED
CVE-2021-45808
RESERVED
-CVE-2021-45807
- RESERVED
-CVE-2021-45806
- RESERVED
+CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
+ TODO: check
+CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...)
+ TODO: check
CVE-2021-45805
RESERVED
CVE-2021-45804
@@ -4879,14 +4947,14 @@ CVE-2022-22127
RESERVED
CVE-2022-22126
RESERVED
-CVE-2022-22125
- RESERVED
-CVE-2022-22124
- RESERVED
-CVE-2022-22123
- RESERVED
-CVE-2022-22122
- RESERVED
+CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ TODO: check
+CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ TODO: check
+CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ TODO: check
+CVE-2022-22122 (In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0 ...)
+ TODO: check
CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...)
NOT-FOR-US: NocoDB
CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...)
@@ -4903,10 +4971,10 @@ CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cr
NOT-FOR-US: Teedy
CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...)
NOT-FOR-US: Teedy
-CVE-2022-22113
- RESERVED
-CVE-2022-22112
- RESERVED
+CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable ...)
+ TODO: check
+CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...)
+ TODO: check
CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...)
NOT-FOR-US: DayByDay CRM
CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...)
@@ -5153,8 +5221,8 @@ CVE-2021-45424
RESERVED
CVE-2021-45423
RESERVED
-CVE-2021-45422
- RESERVED
+CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
+ TODO: check
CVE-2021-45421
RESERVED
CVE-2021-45420
@@ -5579,6 +5647,7 @@ CVE-2021-4141
RESERVED
CVE-2021-4140
RESERVED
+ {DSA-5044-1}
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
- thunderbird 1:91.5.0-1
@@ -9805,8 +9874,8 @@ CVE-2022-21680
RESERVED
CVE-2022-21679
RESERVED
-CVE-2022-21678
- RESERVED
+CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...)
+ TODO: check
CVE-2022-21677
RESERVED
CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
@@ -20663,8 +20732,8 @@ CVE-2021-40815
RESERVED
CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...)
NOT-FOR-US: PrestaShop addon
-CVE-2021-40813
- RESERVED
+CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
+ TODO: check
CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
- libgd2 <unfixed>
[bullseye] - libgd2 <no-dsa> (Minor issue)
@@ -21176,26 +21245,26 @@ CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerabilit
NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-40576
- RESERVED
-CVE-2021-40575
- RESERVED
-CVE-2021-40574
- RESERVED
-CVE-2021-40573
- RESERVED
-CVE-2021-40572
- RESERVED
-CVE-2021-40571
- RESERVED
-CVE-2021-40570
- RESERVED
-CVE-2021-40569
- RESERVED
-CVE-2021-40568
- RESERVED
-CVE-2021-40567
- RESERVED
+CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ TODO: check
+CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ TODO: check
+CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ TODO: check
+CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ TODO: check
+CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
+ TODO: check
+CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ TODO: check
+CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ TODO: check
+CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
+ TODO: check
+CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
+ TODO: check
+CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...)
+ TODO: check
CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
TODO: check
CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
@@ -21857,8 +21926,8 @@ CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...)
NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7)
CVE-2021-40328
RESERVED
-CVE-2021-40327
- RESERVED
+CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...)
+ TODO: check
CVE-2021-40326
RESERVED
CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
@@ -25007,8 +25076,8 @@ CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker
NOT-FOR-US: IBM
CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...)
NOT-FOR-US: IBM
-CVE-2021-39056
- RESERVED
+CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...)
+ TODO: check
CVE-2021-39055
RESERVED
CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
@@ -46561,8 +46630,7 @@ CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 imp
NOT-FOR-US: Amazon Kindle e-reader
CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...)
NOT-FOR-US: Amazon Kindle e-reader
-CVE-2021-30353
- RESERVED
+CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...)
NOT-FOR-US: Qualcomm
CVE-2021-30352
RESERVED
@@ -46608,8 +46676,8 @@ CVE-2021-30332
RESERVED
CVE-2021-30331
RESERVED
-CVE-2021-30330
- RESERVED
+CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...)
+ TODO: check
CVE-2021-30329
RESERVED
CVE-2021-30328
@@ -46630,8 +46698,7 @@ CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check d
NOT-FOR-US: Snapdragon
CVE-2021-30320
RESERVED
-CVE-2021-30319
- RESERVED
+CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...)
NOT-FOR-US: Qualcomm
CVE-2021-30318
RESERVED
@@ -46641,25 +46708,21 @@ CVE-2021-30316 (Possible out of bound memory access due to improper boundary che
NOT-FOR-US: Snapdragon
CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
NOT-FOR-US: Snapdragon
-CVE-2021-30314
- RESERVED
+CVE-2021-30314 (Lack of validation for third party application accessing the service c ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30313
- RESERVED
+CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...)
+ TODO: check
CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30311
- RESERVED
+CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...)
NOT-FOR-US: Qualcomm
CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30309
RESERVED
-CVE-2021-30308
- RESERVED
+CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30307
- RESERVED
+CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...)
NOT-FOR-US: Qualcomm
CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...)
NOT-FOR-US: Qualcomm components for Android
@@ -46671,11 +46734,9 @@ CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30301
- RESERVED
+CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30300
- RESERVED
+CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...)
NOT-FOR-US: Qualcomm
CVE-2021-30299
RESERVED
@@ -46701,13 +46762,11 @@ CVE-2021-30289 (Possible buffer overflow due to lack of range check while proces
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30287
- RESERVED
+CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...)
NOT-FOR-US: Qualcomm
CVE-2021-30286
RESERVED
-CVE-2021-30285
- RESERVED
+CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...)
NOT-FOR-US: Qualcomm
CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...)
NOT-FOR-US: Qualcomm components for Android
@@ -62765,8 +62824,8 @@ CVE-2021-23826
RESERVED
CVE-2021-23825
RESERVED
-CVE-2021-23824
- RESERVED
+CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...)
+ TODO: check
CVE-2021-23823
RESERVED
CVE-2021-23822
@@ -63391,8 +63450,8 @@ CVE-2021-23516
RESERVED
CVE-2021-23515
RESERVED
-CVE-2021-23514
- RESERVED
+CVE-2021-23514 (This affects the package Crow before 0.3+4. It is possible to traverse ...)
+ TODO: check
CVE-2021-23513
RESERVED
CVE-2021-23512
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd961b9495129a3c008b83527f8af6a440e9ce8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fd961b9495129a3c008b83527f8af6a440e9ce8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220113/b5efd513/attachment.htm>
More information about the debian-security-tracker-commits
mailing list