[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 22 08:10:19 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
617c0899 by security tracker role at 2022-01-22T08:10:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-23848
+ RESERVED
+CVE-2022-23847
+ RESERVED
+CVE-2022-23846
+ RESERVED
+CVE-2022-23845
+ RESERVED
+CVE-2022-23844
+ RESERVED
+CVE-2022-23843
+ RESERVED
+CVE-2022-23842
+ RESERVED
+CVE-2022-23841
+ RESERVED
+CVE-2022-23840
+ RESERVED
+CVE-2022-23839
+ RESERVED
+CVE-2022-23838
+ RESERVED
+CVE-2022-23837 (In api.rb in Sidekiq before 6.4.0, there is no limit on the number of ...)
+ TODO: check
+CVE-2022-23836
+ RESERVED
+CVE-2022-23835
+ RESERVED
+CVE-2022-0337
+ RESERVED
+CVE-2022-0336
+ RESERVED
CVE-2022-23834
RESERVED
CVE-2022-23833
@@ -76,10 +108,10 @@ CVE-2021-4208
RESERVED
CVE-2022-23809
RESERVED
-CVE-2022-23808
- RESERVED
-CVE-2022-23807
- RESERVED
+CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...)
+ TODO: check
+CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ...)
+ TODO: check
CVE-2022-23806
RESERVED
CVE-2022-23805
@@ -1130,14 +1162,14 @@ CVE-2022-23368
RESERVED
CVE-2022-23367
RESERVED
-CVE-2022-23366
- RESERVED
-CVE-2022-23365
- RESERVED
-CVE-2022-23364
- RESERVED
-CVE-2022-23363
- RESERVED
+CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...)
+ TODO: check
+CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...)
+ TODO: check
+CVE-2022-23364 (HMS v1.0 was discovered to contain a SQL injection vulnerability via a ...)
+ TODO: check
+CVE-2022-23363 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+ TODO: check
CVE-2022-23362
RESERVED
CVE-2022-23361
@@ -1432,12 +1464,12 @@ CVE-2021-46315
RESERVED
CVE-2021-46314
RESERVED
-CVE-2021-46313
- RESERVED
+CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
+ TODO: check
CVE-2021-46312
RESERVED
-CVE-2021-46311
- RESERVED
+CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ TODO: check
CVE-2021-46310
RESERVED
CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
@@ -2802,28 +2834,28 @@ CVE-2021-46246
RESERVED
CVE-2021-46245
RESERVED
-CVE-2021-46244
- RESERVED
-CVE-2021-46243
- RESERVED
-CVE-2021-46242
- RESERVED
+CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...)
+ TODO: check
+CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...)
+ TODO: check
+CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...)
+ TODO: check
CVE-2021-46241
RESERVED
-CVE-2021-46240
- RESERVED
-CVE-2021-46239
- RESERVED
-CVE-2021-46238
- RESERVED
-CVE-2021-46237
- RESERVED
-CVE-2021-46236
- RESERVED
+CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ TODO: check
+CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...)
+ TODO: check
+CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...)
+ TODO: check
+CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...)
+ TODO: check
+CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ TODO: check
CVE-2021-46235
RESERVED
-CVE-2021-46234
- RESERVED
+CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ TODO: check
CVE-2021-46233
RESERVED
CVE-2021-46232
@@ -3869,12 +3901,12 @@ CVE-2022-22555
RESERVED
CVE-2022-22554
RESERVED
-CVE-2022-22553
- RESERVED
-CVE-2022-22552
- RESERVED
-CVE-2022-22551
- RESERVED
+CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...)
+ TODO: check
+CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...)
+ TODO: check
+CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensi ...)
+ TODO: check
CVE-2022-22550
RESERVED
CVE-2022-22549
@@ -9492,6 +9524,7 @@ CVE-2021-44719
CVE-2021-44718
RESERVED
CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -9504,6 +9537,7 @@ CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write
NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5)
NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12)
CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -11785,10 +11819,10 @@ CVE-2022-21710
RESERVED
CVE-2022-21709
RESERVED
-CVE-2022-21708
- RESERVED
-CVE-2022-21707
- RESERVED
+CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...)
+ TODO: check
+CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...)
+ TODO: check
CVE-2022-21706
RESERVED
CVE-2022-21705
@@ -20445,6 +20479,7 @@ CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip
NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3)
NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10)
CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.3-1
- golang-1.16 1.16.10-1
- golang-1.15 1.15.15-5
@@ -25958,8 +25993,8 @@ CVE-2021-39482
RESERVED
CVE-2021-39481
RESERVED
-CVE-2021-39480
- RESERVED
+CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...)
+ TODO: check
CVE-2021-39479
RESERVED
CVE-2021-39478
@@ -26409,6 +26444,7 @@ CVE-2021-39294
RESERVED
CVE-2021-39293
RESERVED
+ {DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.1-1
- golang-1.16 1.16.8-1
- golang-1.15 1.15.15-2
@@ -33785,10 +33821,10 @@ CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sens
NOT-FOR-US: Dell
CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
NOT-FOR-US: EMC
-CVE-2021-36339
- RESERVED
-CVE-2021-36338
- RESERVED
+CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...)
+ TODO: check
+CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege ...)
+ TODO: check
CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...)
NOT-FOR-US: Dell
CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...)
@@ -34038,6 +34074,7 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center
NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.16 1.16.7-1
- golang-1.15 1.15.15-1 (bug #991961)
[bullseye] - golang-1.15 1.15.15-1~deb11u1
@@ -41266,6 +41303,7 @@ CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configuratio
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)
CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...)
+ {DLA-2892-1 DLA-2891-1}
- golang-1.16 1.16.5-1 (bug #989492)
- golang-1.15 1.15.9-4
- golang-1.11 <removed>
@@ -65452,8 +65490,8 @@ CVE-2021-23666
RESERVED
CVE-2021-23665
RESERVED
-CVE-2021-23664
- RESERVED
+CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ...)
+ TODO: check
CVE-2021-23663 (All versions of package sey are vulnerable to Prototype Pollution via ...)
TODO: check
CVE-2021-23662
@@ -65518,8 +65556,8 @@ CVE-2021-23633
RESERVED
CVE-2021-23632
RESERVED
-CVE-2021-23631
- RESERVED
+CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...)
+ TODO: check
CVE-2021-23630
RESERVED
CVE-2021-23629
@@ -65744,8 +65782,8 @@ CVE-2021-23520
RESERVED
CVE-2021-23519
RESERVED
-CVE-2021-23518
- RESERVED
+CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
+ TODO: check
CVE-2021-23517
RESERVED
CVE-2021-23516
@@ -65861,8 +65899,8 @@ CVE-2021-23462
RESERVED
CVE-2021-23461
RESERVED
-CVE-2021-23460
- RESERVED
+CVE-2021-23460 (The package min-dash before 3.8.1 are vulnerable to Prototype Pollutio ...)
+ TODO: check
CVE-2021-23459
RESERVED
CVE-2021-23458
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/617c0899f39fd772b12257f1f3e584e3bf353aa2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/617c0899f39fd772b12257f1f3e584e3bf353aa2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220122/835b923d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list