[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 20 20:10:28 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cca4437f by security tracker role at 2022-01-20T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2022-23792
+	RESERVED
+CVE-2022-23791
+	RESERVED
+CVE-2022-23790
+	RESERVED
+CVE-2022-23789
+	RESERVED
+CVE-2022-23788
+	RESERVED
+CVE-2022-23787
+	RESERVED
+CVE-2022-23786
+	RESERVED
+CVE-2022-23785
+	RESERVED
+CVE-2022-23784
+	RESERVED
+CVE-2022-23783
+	RESERVED
+CVE-2022-23782
+	RESERVED
+CVE-2022-23781
+	RESERVED
+CVE-2022-23780
+	RESERVED
+CVE-2022-21147
+	RESERVED
+CVE-2022-0323
+	RESERVED
+CVE-2022-0322
+	RESERVED
+CVE-2022-0321
+	RESERVED
+CVE-2022-0320
+	RESERVED
+CVE-2022-0319
+	RESERVED
+CVE-2022-0318
+	RESERVED
+CVE-2022-0317
+	RESERVED
+CVE-2022-0316
+	RESERVED
+CVE-2022-0315
+	RESERVED
 CVE-2022-23779
 	RESERVED
 CVE-2022-23778
@@ -808,24 +854,24 @@ CVE-2022-0287
 	RESERVED
 CVE-2022-0286
 	RESERVED
-CVE-2022-0285
-	RESERVED
+CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+	TODO: check
 CVE-2022-0284
 	RESERVED
 CVE-2022-0283
 	RESERVED
-CVE-2022-0282
-	RESERVED
-CVE-2022-0281
-	RESERVED
+CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
+	TODO: check
+CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+	TODO: check
 CVE-2022-0280
 	RESERVED
 CVE-2022-0279
 	RESERVED
-CVE-2022-0278
-	RESERVED
-CVE-2022-0277
-	RESERVED
+CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+	TODO: check
+CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
+	TODO: check
 CVE-2021-46401
 	RESERVED
 CVE-2021-46400
@@ -1571,6 +1617,7 @@ CVE-2022-0228
 CVE-2021-46304
 	RESERVED
 CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1666,8 +1713,8 @@ CVE-2022-0221
 	RESERVED
 CVE-2022-0220
 	RESERVED
-CVE-2022-0219
-	RESERVED
+CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
+	TODO: check
 CVE-2022-0218
 	RESERVED
 CVE-2022-0216
@@ -1941,10 +1988,10 @@ CVE-2022-23122
 	RESERVED
 CVE-2022-23121
 	RESERVED
-CVE-2022-23120
-	RESERVED
-CVE-2022-23119
-	RESERVED
+CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud  ...)
+	TODO: check
+CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...)
+	TODO: check
 CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
@@ -2001,6 +2048,7 @@ CVE-2022-0186
 	RESERVED
 CVE-2022-0185 [vfs: fs_context: fix up param length parsing in legacy_parse_param]
 	RESERVED
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -2907,8 +2955,8 @@ CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha
 	NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
 CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...)
 	NOT-FOR-US: NVIDIA NeMo
-CVE-2022-22820
-	RESERVED
+CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...)
+	TODO: check
 CVE-2022-22819
 	RESERVED
 CVE-2022-22818
@@ -3193,8 +3241,7 @@ CVE-2022-22735
 	RESERVED
 CVE-2022-22734
 	RESERVED
-CVE-2022-22733
-	RESERVED
+CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
 CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
@@ -6268,21 +6315,22 @@ CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, ne
 CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...)
 	NOT-FOR-US: NetBSD
 CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...)
-	{DSA-4995-1 DSA-4996-1}
+	{DSA-4996-1 DSA-4995-1}
 	- webkit2gtk 2.34.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.1-1
 CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...)
-	{DSA-4975-1 DSA-4976-1}
+	{DSA-4976-1 DSA-4975-1}
 	- webkit2gtk 2.32.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.32.4-1
 CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
-	{DSA-4995-1 DSA-4996-1}
+	{DSA-4996-1 DSA-4995-1}
 	- webkit2gtk 2.34.0-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.34.1-1
 CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
@@ -6334,6 +6382,7 @@ CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular e
 CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
 	NOT-FOR-US: Moxa
 CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
 CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
@@ -6390,6 +6439,7 @@ CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
 	NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
 CVE-2021-4155
 	RESERVED
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
 	NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
@@ -6947,8 +6997,8 @@ CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Valid
 	NOT-FOR-US: Nova 360 Cabinet
 CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via  ...)
 	NOT-FOR-US: Nova 360 Cabinet
-CVE-2021-45417
-	RESERVED
+CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...)
+	{DSA-5051-1}
 	- aide 0.17.4-1
 	NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
@@ -7584,8 +7634,7 @@ CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses t
 	NOT-FOR-US: Apache APISIX Dashboard
 CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...)
 	NOT-FOR-US: Trend Micro
-CVE-2021-45230
-	RESERVED
+CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case  ...)
 	- airflow <itp> (bug #819700)
 CVE-2021-45229
 	RESERVED
@@ -8076,6 +8125,7 @@ CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel thro
 	NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
 	NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
 CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
 CVE-2021-45070
@@ -8932,8 +8982,8 @@ CVE-2021-44831
 	RESERVED
 CVE-2021-44830
 	RESERVED
-CVE-2021-44829
-	RESERVED
+CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...)
+	TODO: check
 CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0  ...)
 	NOT-FOR-US: ARM
 CVE-2021-44827
@@ -9265,16 +9315,16 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
 	- rainloop 1.14.0-1 (bug #962629)
 	[buster] - rainloop <no-dsa> (Minor issue)
 	NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
-CVE-2021-44738
-	RESERVED
-CVE-2021-44737
-	RESERVED
-CVE-2021-44736
-	RESERVED
-CVE-2021-44735
-	RESERVED
-CVE-2021-44734
-	RESERVED
+CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...)
+	TODO: check
+CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...)
+	TODO: check
+CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...)
+	TODO: check
+CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...)
+	TODO: check
+CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
+	TODO: check
 CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem  ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -10568,10 +10618,10 @@ CVE-2021-44247
 	RESERVED
 CVE-2021-44246
 	RESERVED
-CVE-2021-44245
-	RESERVED
-CVE-2021-44244
-	RESERVED
+CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
+	TODO: check
+CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
+	TODO: check
 CVE-2021-44243
 	RESERVED
 CVE-2021-44242
@@ -11124,12 +11174,12 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug
 	NOT-FOR-US: zrlog
 CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
 	NOT-FOR-US: zrlog
-CVE-2021-44092
-	RESERVED
-CVE-2021-44091
-	RESERVED
-CVE-2021-44090
-	RESERVED
+CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...)
+	TODO: check
+CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...)
+	TODO: check
+CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...)
+	TODO: check
 CVE-2021-44089
 	RESERVED
 CVE-2021-44088
@@ -11671,6 +11721,7 @@ CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior
 CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...)
 	NOT-FOR-US: Wagtail
 CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework.  ...)
+	{DSA-5049-1}
 	- flatpak 1.12.3-1
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
 	NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
@@ -11743,8 +11794,7 @@ CVE-2022-21660
 	RESERVED
 CVE-2022-21659
 	RESERVED
-CVE-2022-21658 [Race condition in the Rust standard library]
-	RESERVED
+CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...)
 	- rustc <unfixed>
 	NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1
@@ -11985,6 +12035,7 @@ CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that
 	NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
 	NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
 CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework.  ...)
+	{DSA-5049-1}
 	- flatpak 1.12.3-1
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
 	NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
@@ -19510,8 +19561,8 @@ CVE-2021-3868
 	RESERVED
 CVE-2021-3867
 	RESERVED
-CVE-2021-3866
-	RESERVED
+CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip p ...)
+	TODO: check
 CVE-2021-42060
 	RESERVED
 CVE-2021-42059
@@ -25240,6 +25291,7 @@ CVE-2021-39686
 	RESERVED
 CVE-2021-39685
 	RESERVED
+	{DSA-5050-1}
 	- linux 5.15.5-2
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
 CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...)
@@ -37702,8 +37754,8 @@ CVE-2021-34602
 	RESERVED
 CVE-2021-34601
 	RESERVED
-CVE-2021-34600
-	RESERVED
+CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
+	TODO: check
 CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
 	NOT-FOR-US: CODESYS
 CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
@@ -44024,8 +44076,8 @@ CVE-2021-32041
 	RESERVED
 CVE-2021-32040
 	RESERVED
-CVE-2021-32039
-	RESERVED
+CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...)
+	TODO: check
 CVE-2021-32038
 	RESERVED
 CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...)
@@ -52873,18 +52925,23 @@ CVE-2021-28717
 CVE-2021-28716
 	RESERVED
 CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-392.html
 CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-392.html
 CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-391.html
 CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-391.html
 CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+	{DSA-5050-1}
 	- linux 5.15.15-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-391.html
 CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
@@ -141659,7 +141716,7 @@ CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and
 	NOT-FOR-US: GROWI
 CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information  ...)
 	NOT-FOR-US: GROWI
-CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD  ...)
+CVE-2020-5675 (Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT21 ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
 	NOT-FOR-US: SEIKO EPSON products



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cca4437fd41043d13aa2e3baa0b645a392f393a1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cca4437fd41043d13aa2e3baa0b645a392f393a1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220120/3277e914/attachment.htm>

More information about the debian-security-tracker-commits mailing list