[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 21 08:10:22 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5537eafa by security tracker role at 2022-01-21T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-23809
+	RESERVED
+CVE-2022-23808
+	RESERVED
+CVE-2022-23807
+	RESERVED
+CVE-2022-23806
+	RESERVED
+CVE-2022-23805
+	RESERVED
+CVE-2022-23804
+	RESERVED
+CVE-2022-23803
+	RESERVED
+CVE-2022-23802
+	RESERVED
+CVE-2022-23801
+	RESERVED
+CVE-2022-23800
+	RESERVED
+CVE-2022-23799
+	RESERVED
+CVE-2022-23798
+	RESERVED
+CVE-2022-23797
+	RESERVED
+CVE-2022-23796
+	RESERVED
+CVE-2022-23795
+	RESERVED
+CVE-2022-23794
+	RESERVED
+CVE-2022-23793
+	RESERVED
+CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+	TODO: check
+CVE-2022-0325
+	RESERVED
+CVE-2022-0324
+	RESERVED
+CVE-2021-46402
+	RESERVED
 CVE-2022-23792
 	RESERVED
 CVE-2022-23791
@@ -1114,10 +1156,10 @@ CVE-2022-23317
 	RESERVED
 CVE-2022-23316
 	RESERVED
-CVE-2022-23315
-	RESERVED
-CVE-2022-23314
-	RESERVED
+CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
+	TODO: check
+CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...)
+	TODO: check
 CVE-2022-23313
 	RESERVED
 CVE-2022-22137
@@ -1238,66 +1280,66 @@ CVE-2021-46353
 	RESERVED
 CVE-2021-46352
 	RESERVED
-CVE-2021-46351
-	RESERVED
-CVE-2021-46350
-	RESERVED
-CVE-2021-46349
-	RESERVED
-CVE-2021-46348
-	RESERVED
-CVE-2021-46347
-	RESERVED
-CVE-2021-46346
-	RESERVED
-CVE-2021-46345
-	RESERVED
-CVE-2021-46344
-	RESERVED
-CVE-2021-46343
-	RESERVED
-CVE-2021-46342
-	RESERVED
+CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+	TODO: check
+CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...)
+	TODO: check
+CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...)
+	TODO: check
+CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...)
+	TODO: check
+CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...)
+	TODO: check
+CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+	TODO: check
+CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...)
+	TODO: check
+CVE-2021-46344 (There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' fa ...)
+	TODO: check
+CVE-2021-46343 (There is an Assertion 'context_p->token.type == LEXER_LITERAL' fail ...)
+	TODO: check
+CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...)
+	TODO: check
 CVE-2021-46341
 	RESERVED
-CVE-2021-46340
-	RESERVED
-CVE-2021-46339
-	RESERVED
-CVE-2021-46338
-	RESERVED
-CVE-2021-46337
-	RESERVED
-CVE-2021-46336
-	RESERVED
-CVE-2021-46335
-	RESERVED
-CVE-2021-46334
-	RESERVED
-CVE-2021-46333
-	RESERVED
-CVE-2021-46332
-	RESERVED
-CVE-2021-46331
-	RESERVED
-CVE-2021-46330
-	RESERVED
-CVE-2021-46329
-	RESERVED
-CVE-2021-46328
-	RESERVED
-CVE-2021-46327
-	RESERVED
-CVE-2021-46326
-	RESERVED
-CVE-2021-46325
-	RESERVED
-CVE-2021-46324
-	RESERVED
-CVE-2021-46323
-	RESERVED
-CVE-2021-46322
-	RESERVED
+CVE-2021-46340 (There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY ...)
+	TODO: check
+CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...)
+	TODO: check
+CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed  ...)
+	TODO: check
+CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...)
+	TODO: check
+CVE-2021-46336 (There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...)
+	TODO: check
+CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...)
+	TODO: check
+CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...)
+	TODO: check
+CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid memory acces ...)
+	TODO: check
+CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow  ...)
+	TODO: check
+CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+	TODO: check
+CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+	TODO: check
+CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+	TODO: check
+CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow  ...)
+	TODO: check
+CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+	TODO: check
+CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow  ...)
+	TODO: check
+CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer overflow vi ...)
+	TODO: check
+CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...)
+	TODO: check
+CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...)
+	TODO: check
+CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...)
+	TODO: check
 CVE-2021-46321
 	RESERVED
 CVE-2021-46320
@@ -2425,12 +2467,12 @@ CVE-2022-22932
 	RESERVED
 CVE-2022-22931
 	RESERVED
-CVE-2022-22930
-	RESERVED
-CVE-2022-22929
-	RESERVED
-CVE-2022-22928
-	RESERVED
+CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...)
+	TODO: check
+CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...)
+	TODO: check
+CVE-2022-22928 (MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing att ...)
+	TODO: check
 CVE-2022-22927
 	RESERVED
 CVE-2022-22926
@@ -2495,22 +2537,22 @@ CVE-2022-22897
 	RESERVED
 CVE-2022-22896
 	RESERVED
-CVE-2022-22895
-	RESERVED
-CVE-2022-22894
-	RESERVED
-CVE-2022-22893
-	RESERVED
-CVE-2022-22892
-	RESERVED
-CVE-2022-22891
-	RESERVED
-CVE-2022-22890
-	RESERVED
+CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
+	TODO: check
+CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
+	TODO: check
+CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...)
+	TODO: check
+CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...)
+	TODO: check
+CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...)
+	TODO: check
+CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...)
+	TODO: check
 CVE-2022-22889
 	RESERVED
-CVE-2022-22888
-	RESERVED
+CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
+	TODO: check
 CVE-2022-22887
 	RESERVED
 CVE-2022-22886
@@ -4613,8 +4655,8 @@ CVE-2021-46063
 	RESERVED
 CVE-2021-46062
 	RESERVED
-CVE-2021-46061
-	RESERVED
+CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...)
+	TODO: check
 CVE-2021-46060
 	REJECTED
 CVE-2021-46059
@@ -39300,6 +39342,7 @@ CVE-2021-33915
 CVE-2021-33914
 	RESERVED
 CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...)
+	{DLA-2890-1}
 	- libspf2 1.2.10-7.1
 	[bullseye] - libspf2 1.2.10-7.1~deb11u1
 	[buster] - libspf2 1.2.10-7.1~deb10u1
@@ -39307,6 +39350,7 @@ CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that migh
 	NOTE: https://github.com/shevek/libspf2/pull/35
 	NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
 CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that  ...)
+	{DLA-2890-1}
 	- libspf2 1.2.10-7.1
 	[bullseye] - libspf2 1.2.10-7.1~deb11u1
 	[buster] - libspf2 1.2.10-7.1~deb10u1
@@ -50304,8 +50348,8 @@ CVE-2021-29787
 	RESERVED
 CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear text wh ...)
 	NOT-FOR-US: IBM
-CVE-2021-29785
-	RESERVED
+CVE-2021-29785 (IBM Security SOAR V42 and V43could allow a remote attacker to obtain s ...)
+	TODO: check
 CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker t ...)
 	NOT-FOR-US: IBM
 CVE-2021-29783
@@ -97390,8 +97434,8 @@ CVE-2020-23317
 	RESERVED
 CVE-2020-23316
 	RESERVED
-CVE-2020-23315
-	RESERVED
+CVE-2020-23315 (There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldReg ...)
+	TODO: check
 CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...)
 	- iotjs <unfixed> (bug #989991)
 	[bullseye] - iotjs <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5537eafab0bb742e5eba88848a04f31bdae9c456

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5537eafab0bb742e5eba88848a04f31bdae9c456
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220121/27ee68d8/attachment.htm>


More information about the debian-security-tracker-commits mailing list