[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 24 08:10:25 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f036096 by security tracker role at 2022-01-24T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-23864
+	RESERVED
+CVE-2022-23863
+	RESERVED
+CVE-2022-23862
+	RESERVED
+CVE-2022-23861
+	RESERVED
+CVE-2022-23860
+	RESERVED
+CVE-2022-23859
+	RESERVED
+CVE-2022-23858 (In StarWind Command Center before V2 build 6021, an authenticated read ...)
+	TODO: check
+CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to ...)
+	TODO: check
+CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...)
+	TODO: check
+CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...)
+	TODO: check
+CVE-2022-23854
+	RESERVED
+CVE-2022-23853
+	RESERVED
+CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...)
+	TODO: check
+CVE-2022-23851
+	RESERVED
+CVE-2022-0341
+	RESERVED
+CVE-2022-0340
+	RESERVED
+CVE-2021-4209
+	RESERVED
 CVE-2021-XXXX [ItemStack meta injection vulnerability]
 	- minetest 5.4.1+repack-1 (bug #1004223)
 	NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
@@ -7251,7 +7285,7 @@ CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Valid
 CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via  ...)
 	NOT-FOR-US: Nova 360 Cabinet
 CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...)
-	{DSA-5051-1}
+	{DSA-5051-1 DLA-2894-1}
 	- aide 0.17.4-1
 	NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
@@ -26570,8 +26604,7 @@ CVE-2021-23156
 	NOT-FOR-US: Red Hat Serverless
 CVE-2021-39294
 	RESERVED
-CVE-2021-39293
-	RESERVED
+CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...)
 	{DLA-2892-1 DLA-2891-1}
 	- golang-1.17 1.17.1-1
 	- golang-1.16 1.16.8-1
@@ -48171,8 +48204,8 @@ CVE-2021-30638 (Information Exposure vulnerability in context asset handling of
 	NOT-FOR-US: Apache Tapestry
 CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
 	NOT-FOR-US: htmly
-CVE-2021-30636
-	RESERVED
+CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...)
+	TODO: check
 CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
 	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2021-30634
@@ -58180,8 +58213,8 @@ CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used
 	NOTE: When fixing the issue make sure to apply as well the followup fix:
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
 	NOTE: to not open CVE-2021-28650.
-CVE-2021-26706
-	RESERVED
+CVE-2021-26706 (An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x an ...)
+	TODO: check
 CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...)
 	NOT-FOR-US: SquareBox CatDV Server
 CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f036096c2621913ea5d8e38630f1014b93b8e2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f036096c2621913ea5d8e38630f1014b93b8e2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220124/f6a36168/attachment.htm>
