[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 15 20:10:31 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5679f8ac by security tracker role at 2022-01-15T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-0238
+	RESERVED
 CVE-2022-23301
 	RESERVED
 CVE-2022-23300
@@ -377,6 +379,7 @@ CVE-2022-21199
 	RESERVED
 CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface]
 	RESERVED
+	{DSA-5047-1}
 	- prosody 0.11.12-1 (bug #1003696)
 	NOTE: https://prosody.im/security/advisory_20220113/
 	NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
@@ -410,8 +413,8 @@ CVE-2022-0200
 	RESERVED
 CVE-2022-0199
 	RESERVED
-CVE-2022-23178
-	RESERVED
+CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices.  ...)
+	TODO: check
 CVE-2022-23177
 	RESERVED
 CVE-2022-23176
@@ -626,9 +629,10 @@ CVE-2022-23097
 	RESERVED
 CVE-2022-23096
 	RESERVED
-CVE-2022-23095
-	RESERVED
+CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...)
+	TODO: check
 CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...)
+	{DSA-5048-1}
 	- libreswan 4.6-1
 	[buster] - libreswan <not-affected> (Vulnerable code introduced in 4.2)
 	NOTE: https://github.com/libreswan/libreswan/issues/585
@@ -3147,17 +3151,20 @@ CVE-2021-46062
 	RESERVED
 CVE-2021-46061
 	RESERVED
-CVE-2021-46060 (A NULL Pointer Dereference vulnerability exists in GNU inetutils 2.2 v ...)
+CVE-2021-46060
+	REJECTED
 	- inetutils <unfixed> (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html
 	NOTE: Crash in CLI tool, no security impact
-CVE-2021-46059 (A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim ...)
+CVE-2021-46059
+	REJECTED
 	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor isue)
 	NOTE: https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/
 	NOTE: Fixed by: https://github.com/vim/vim/commit/5937c7505f444dd896f336fa0119a93a55ebe9a2 (v8.2.3883)
-CVE-2021-46058 (AHheap-based Buffer Overflow vulnerabiity exists in GNU inetutils 2.2  ...)
+CVE-2021-46058
+	REJECTED
 	- inetutils <unfixed> (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html
 	NOTE: Negligible security impact
@@ -4176,30 +4183,37 @@ CVE-2021-45784
 	RESERVED
 CVE-2021-45783
 	RESERVED
-CVE-2021-45782 (An untrusted pointer dereference in getcmd() at inetutils/src/tftp.c o ...)
+CVE-2021-45782
+	REJECTED
 	- inetutils <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
-CVE-2021-45781 (GNU Inetutils 2.2.16-cf091 was discovered to contain a heap-based buff ...)
+CVE-2021-45781
+	REJECTED
 	- inetutils <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00015.html
-CVE-2021-45780 (GNU Inetutils commit cf091 was discovered to contain a memory leak via ...)
+CVE-2021-45780
+	REJECTED
 	- inetutils <unfixed> (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00014.html
 	NOTE: Negligible security impact
-CVE-2021-45779 (A NULL pointer dereference in unsetcmd() at inetutils/telnet/commands. ...)
+CVE-2021-45779
+	REJECTED
 	- inetutils <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00007.html
-CVE-2021-45778 (A NULL pointer dereference in setnmap() at cmds.c of GNU Inetutils v2. ...)
+CVE-2021-45778
+	REJECTED
 	- inetutils <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html
 CVE-2021-45777
 	RESERVED
 CVE-2021-45776
 	RESERVED
-CVE-2021-45775 (GNU Inetutils 2.2.16-cf091 was discovered to contain an infinite loop  ...)
+CVE-2021-45775
+	REJECTED
 	- inetutils <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html
-CVE-2021-45774 (A NULL pointer dereference in help() at inetutils/telnet/commands.c of ...)
+CVE-2021-45774
+	REJECTED
 	- inetutils <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00006.html
 CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...)
@@ -7223,7 +7237,7 @@ CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1960
 	NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92
-CVE-2021-44926 (A null pointer dereference vulnerability exists in the gpac in the gf_ ...)
+CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...)
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1961
 	NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e
@@ -9834,8 +9848,8 @@ CVE-2021-44051
 	RESERVED
 CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
 	NOT-FOR-US: CA Network Flow Analysis (NFA)
-CVE-2021-44049
-	RESERVED
+CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...)
+	TODO: check
 CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...)
 	NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
 CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...)
@@ -15608,8 +15622,8 @@ CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypa
 	NOT-FOR-US: Jeedom
 CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
 	NOT-FOR-US: Rasa X
-CVE-2021-42555
-	RESERVED
+CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...)
+	TODO: check
 CVE-2021-42554
 	RESERVED
 CVE-2021-3892
@@ -33007,8 +33021,8 @@ CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and
 	NOT-FOR-US: Veeam
 CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...)
 	NOT-FOR-US: Coral
-CVE-2021-35969
-	RESERVED
+CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...)
+	TODO: check
 CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...)
 	NOT-FOR-US: Orca HCM digital learning platform
 CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...)
@@ -37559,8 +37573,8 @@ CVE-2021-33965
 	RESERVED
 CVE-2021-33964
 	RESERVED
-CVE-2021-33963
-	RESERVED
+CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...)
+	TODO: check
 CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...)
 	NOT-FOR-US: China Mobile An Lianbao WF-1 router
 CVE-2021-33961
@@ -38777,10 +38791,10 @@ CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Cod
 	NOT-FOR-US: Overwolf
 CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
 	- putty <not-affected> (Windows-specific)
-CVE-2021-33499
-	RESERVED
-CVE-2021-33498
-	RESERVED
+CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+	TODO: check
+CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+	TODO: check
 CVE-2021-3563
 	RESERVED
 	- keystone <unfixed> (bug #989998)
@@ -41229,8 +41243,8 @@ CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would
 	NOT-FOR-US: Apport
 CVE-2021-32546
 	RESERVED
-CVE-2021-32545
-	RESERVED
+CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+	TODO: check
 CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in  ...)
 	NOT-FOR-US: igt+
 CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...)
@@ -78882,8 +78896,8 @@ CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through
 	NOT-FOR-US: Devid Espenschied PC Analyser
 CVE-2020-28920
 	RESERVED
-CVE-2020-28919
-	RESERVED
+CVE-2020-28919 (A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x pr ...)
+	TODO: check
 CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...)
 	NOT-FOR-US: DualShield
 CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5679f8ac83c7466771c2c5034bc863d818750182

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5679f8ac83c7466771c2c5034bc863d818750182
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220115/7609e28b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list