[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 25 08:10:39 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95e940c7 by security tracker role at 2022-01-25T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2022-23941
+	RESERVED
+CVE-2022-23940
+	RESERVED
+CVE-2022-23939
+	RESERVED
+CVE-2022-23938
+	RESERVED
+CVE-2022-23937
+	RESERVED
+CVE-2022-23936
+	RESERVED
+CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
+	TODO: check
+CVE-2022-23934
+	RESERVED
+CVE-2022-23933
+	RESERVED
+CVE-2022-23932
+	RESERVED
+CVE-2022-23931
+	RESERVED
+CVE-2022-23930
+	RESERVED
+CVE-2022-23929
+	RESERVED
+CVE-2022-23928
+	RESERVED
+CVE-2022-23927
+	RESERVED
+CVE-2022-23926
+	RESERVED
+CVE-2022-23925
+	RESERVED
+CVE-2022-23924
+	RESERVED
+CVE-2022-23919
+	RESERVED
+CVE-2022-23918
+	RESERVED
+CVE-2022-23399
+	RESERVED
+CVE-2022-22144
+	RESERVED
+CVE-2022-22140
+	RESERVED
+CVE-2022-21201
+	RESERVED
+CVE-2022-21178
+	RESERVED
+CVE-2022-0355
+	RESERVED
+CVE-2022-0354
+	RESERVED
+CVE-2022-0353
+	RESERVED
+CVE-2021-4212
+	RESERVED
+CVE-2021-4211
+	RESERVED
+CVE-2021-4210
+	RESERVED
 CVE-2022-23913
 	RESERVED
 CVE-2022-23912
@@ -268,26 +330,26 @@ CVE-2021-46485
 	RESERVED
 CVE-2021-46484
 	RESERVED
-CVE-2021-46483
-	RESERVED
-CVE-2021-46482
-	RESERVED
-CVE-2021-46481
-	RESERVED
-CVE-2021-46480
-	RESERVED
+CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...)
+	TODO: check
+CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...)
+	TODO: check
+CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at  ...)
+	TODO: check
+CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...)
+	TODO: check
 CVE-2021-46479
 	RESERVED
-CVE-2021-46478
-	RESERVED
-CVE-2021-46477
-	RESERVED
+CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...)
+	TODO: check
+CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...)
+	TODO: check
 CVE-2021-46476
 	RESERVED
-CVE-2021-46475
-	RESERVED
-CVE-2021-46474
-	RESERVED
+CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...)
+	TODO: check
+CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...)
+	TODO: check
 CVE-2021-46473
 	RESERVED
 CVE-2021-46472
@@ -3036,8 +3098,8 @@ CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: snipe-it
 CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: snipe-it
-CVE-2022-0177
-	RESERVED
+CVE-2022-0177 (Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js  ...)
+	TODO: check
 CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
 	RESERVED
 	- linux <unfixed>
@@ -4497,8 +4559,8 @@ CVE-2022-22556
 	RESERVED
 CVE-2022-22555
 	RESERVED
-CVE-2022-22554
-	RESERVED
+CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...)
+	TODO: check
 CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...)
 	NOT-FOR-US: EMC
 CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...)
@@ -8413,16 +8475,16 @@ CVE-2021-45228
 	RESERVED
 CVE-2021-45227
 	RESERVED
-CVE-2021-45226
-	RESERVED
-CVE-2021-45225
-	RESERVED
-CVE-2021-45224
-	RESERVED
-CVE-2021-45223
-	RESERVED
-CVE-2021-45222
-	RESERVED
+CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+	TODO: check
+CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+	TODO: check
+CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several  ...)
+	TODO: check
+CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...)
+	TODO: check
+CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...)
+	TODO: check
 CVE-2021-45221
 	RESERVED
 CVE-2021-45220
@@ -9312,20 +9374,20 @@ CVE-2021-44996
 	RESERVED
 CVE-2021-44995
 	RESERVED
-CVE-2021-44994
-	RESERVED
-CVE-2021-44993
-	RESERVED
-CVE-2021-44992
-	RESERVED
+CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...)
+	TODO: check
+CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...)
+	TODO: check
+CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at  ...)
+	TODO: check
 CVE-2021-44991
 	RESERVED
 CVE-2021-44990
 	RESERVED
 CVE-2021-44989
 	RESERVED
-CVE-2021-44988
-	RESERVED
+CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...)
+	TODO: check
 CVE-2021-44987
 	RESERVED
 CVE-2021-44986
@@ -12445,18 +12507,18 @@ CVE-2022-21717
 	RESERVED
 CVE-2022-21716
 	RESERVED
-CVE-2022-21715
-	RESERVED
+CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...)
+	TODO: check
 CVE-2022-21714
 	RESERVED
 CVE-2022-21713
 	RESERVED
 CVE-2022-21712
 	RESERVED
-CVE-2022-21711
-	RESERVED
-CVE-2022-21710
-	RESERVED
+CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
+	TODO: check
+CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
+	TODO: check
 CVE-2022-21709
 	RESERVED
 CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...)
@@ -14339,10 +14401,10 @@ CVE-2021-43591
 	RESERVED
 CVE-2021-43590
 	RESERVED
-CVE-2021-43589
-	RESERVED
-CVE-2021-43588
-	RESERVED
+CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...)
+	TODO: check
+CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...)
+	TODO: check
 CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0,  ...)
 	NOT-FOR-US: Dell
 CVE-2021-43586
@@ -14981,8 +15043,8 @@ CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate thei
 	NOT-FOR-US: LiquidFiles
 CVE-2021-43395
 	RESERVED
-CVE-2021-43394
-	RESERVED
+CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
+	TODO: check
 CVE-2021-43393
 	RESERVED
 CVE-2021-43392
@@ -34494,8 +34556,8 @@ CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
 	NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
 CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...)
 	NOT-FOR-US: Dell
-CVE-2021-36349
-	RESERVED
+CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
+	TODO: check
 CVE-2021-36348
 	RESERVED
 CVE-2021-36347
@@ -34506,10 +34568,10 @@ CVE-2021-36345
 	RESERVED
 CVE-2021-36344
 	RESERVED
-CVE-2021-36343
-	RESERVED
-CVE-2021-36342
-	RESERVED
+CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+	TODO: check
+CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+	TODO: check
 CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive  ...)
 	NOT-FOR-US: Dell
 CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
@@ -110867,8 +110929,8 @@ CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL i
 	NOT-FOR-US: Cellopoint Cellos
 CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
 	NOT-FOR-US: Cellopoint Cellos
-CVE-2020-17383
-	RESERVED
+CVE-2020-17383 (A directory traversal vulnerability on Telos Z/IP One devices through  ...)
+	TODO: check
 CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...)
 	NOT-FOR-US: MSI AmbientLink MsIo64 driver
 CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
@@ -283106,7 +283168,7 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP
 CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to  ...)
 	- airflow <itp> (bug #819700)
 CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with  ...)
-	{DLA-1162-1}
+	{DLA-2897-1 DLA-1162-1}
 	- apr 1.6.3-1 (low; bug #879708)
 	[jessie] - apr <no-dsa> (Minor issue)
 	NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95e940c7ca07366133a2f50246da6c2ecd45bbfc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95e940c7ca07366133a2f50246da6c2ecd45bbfc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220125/bf4d14f5/attachment.htm>

More information about the debian-security-tracker-commits mailing list