[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 26 08:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
548ab52f by security tracker role at 2022-01-26T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-23973
+ RESERVED
+CVE-2022-23972
+ RESERVED
+CVE-2022-23971
+ RESERVED
+CVE-2022-23970
+ RESERVED
+CVE-2022-23969
+ RESERVED
+CVE-2022-23968 (Xerox VersaLink devices through 2022-01-24 allow remote attackers to b ...)
+ TODO: check
+CVE-2022-23967
+ RESERVED
+CVE-2022-23966
+ RESERVED
+CVE-2022-23965
+ RESERVED
+CVE-2022-23964
+ RESERVED
+CVE-2022-23963
+ RESERVED
+CVE-2022-23962
+ RESERVED
+CVE-2022-23961
+ RESERVED
+CVE-2022-23960
+ RESERVED
+CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...)
+ TODO: check
+CVE-2022-23958
+ RESERVED
+CVE-2022-23957
+ RESERVED
+CVE-2022-23956
+ RESERVED
+CVE-2022-23955
+ RESERVED
+CVE-2022-23954
+ RESERVED
+CVE-2022-23953
+ RESERVED
+CVE-2022-23952
+ RESERVED
+CVE-2022-23951
+ RESERVED
+CVE-2022-23950
+ RESERVED
+CVE-2022-23949
+ RESERVED
+CVE-2022-23948
+ RESERVED
+CVE-2022-0371
+ RESERVED
+CVE-2022-0370
+ RESERVED
+CVE-2022-0369
+ RESERVED
+CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
+ TODO: check
+CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...)
+ TODO: check
+CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
+ TODO: check
CVE-2022-23947
RESERVED
CVE-2022-23946
@@ -100,8 +164,8 @@ CVE-2022-21201
RESERVED
CVE-2022-21178
RESERVED
-CVE-2022-0355
- RESERVED
+CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM hiep ...)
+ TODO: check
CVE-2022-0354
RESERVED
CVE-2022-0353
@@ -675,17 +739,13 @@ CVE-2022-21143
RESERVED
CVE-2022-21141
RESERVED
-CVE-2022-0335
- RESERVED
+CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
- moodle <removed>
-CVE-2022-0334
- RESERVED
+CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
- moodle <removed>
-CVE-2022-0333
- RESERVED
+CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
- moodle <removed>
-CVE-2022-0332
- RESERVED
+CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...)
- moodle <removed>
CVE-2022-0331
RESERVED
@@ -1929,8 +1989,8 @@ CVE-2022-0272
RESERVED
CVE-2022-0271
RESERVED
-CVE-2022-0270
- RESERVED
+CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
+ TODO: check
CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
TODO: check
CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
@@ -2351,8 +2411,8 @@ CVE-2022-23260
RESERVED
CVE-2022-23259
RESERVED
-CVE-2022-23258
- RESERVED
+CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
+ TODO: check
CVE-2022-23257
RESERVED
CVE-2022-23256
@@ -2576,8 +2636,8 @@ CVE-2022-0212
RESERVED
CVE-2022-0211
RESERVED
-CVE-2021-45729
- RESERVED
+CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
+ TODO: check
CVE-2021-44779
RESERVED
CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
@@ -3068,56 +3128,56 @@ CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
NOTE: https://xenbits.xen.org/xsa/advisory-393.html
-CVE-2022-23032
- RESERVED
-CVE-2022-23031
- RESERVED
-CVE-2022-23030
- RESERVED
-CVE-2022-23029
- RESERVED
-CVE-2022-23028
- RESERVED
-CVE-2022-23027
- RESERVED
-CVE-2022-23026
- RESERVED
-CVE-2022-23025
- RESERVED
-CVE-2022-23024
- RESERVED
-CVE-2022-23023
- RESERVED
-CVE-2022-23022
- RESERVED
-CVE-2022-23021
- RESERVED
-CVE-2022-23020
- RESERVED
-CVE-2022-23019
- RESERVED
-CVE-2022-23018
- RESERVED
-CVE-2022-23017
- RESERVED
-CVE-2022-23016
- RESERVED
-CVE-2022-23015
- RESERVED
-CVE-2022-23014
- RESERVED
-CVE-2022-23013
- RESERVED
-CVE-2022-23012
- RESERVED
-CVE-2022-23011
- RESERVED
-CVE-2022-23010
- RESERVED
-CVE-2022-23009
- RESERVED
-CVE-2022-23008
- RESERVED
+CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in ...)
+ TODO: check
+CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...)
+ TODO: check
+CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...)
+ TODO: check
+CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+ TODO: check
+CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...)
+ TODO: check
+CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...)
+ TODO: check
+CVE-2022-23026 (On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x ...)
+ TODO: check
+CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...)
+ TODO: check
+CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...)
+ TODO: check
+CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...)
+ TODO: check
+CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...)
+ TODO: check
+CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...)
+ TODO: check
+CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...)
+ TODO: check
+CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...)
+ TODO: check
+CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...)
+ TODO: check
+CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+ TODO: check
+CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+ TODO: check
+CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...)
+ TODO: check
+CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+ TODO: check
+CVE-2022-23013 (On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...)
+ TODO: check
+CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...)
+ TODO: check
+CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 ...)
+ TODO: check
+CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x ...)
+ TODO: check
+CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...)
+ TODO: check
+CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...)
+ TODO: check
CVE-2022-23007
RESERVED
CVE-2022-23006
@@ -3926,8 +3986,8 @@ CVE-2022-22791
RESERVED
CVE-2022-22790
RESERVED
-CVE-2022-22789
- RESERVED
+CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...)
+ TODO: check
CVE-2022-22788
RESERVED
CVE-2022-22787
@@ -4032,7 +4092,7 @@ CVE-2022-22748
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
CVE-2022-22747
RESERVED
- {DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
+ {DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
- nss 2:3.73-1
- firefox 96.0-1
- firefox-esr 91.5.0esr-1
@@ -7816,8 +7876,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver]
NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...)
NOT-FOR-US: pimcore
-CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c]
- RESERVED
+CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...)
- qemu 1:6.2+dfsg-1
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -8813,8 +8872,7 @@ CVE-2021-4135
NOTE: CONFIG_NETDEVSIM is not set in Debian
CVE-2021-4134
RESERVED
-CVE-2021-4133
- RESERVED
+CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
NOT-FOR-US: Keycloak
CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
@@ -13148,8 +13206,8 @@ CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercu
NOT-FOR-US: Mercurius
CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...)
NOT-FOR-US: Wiki.js
-CVE-2021-43799
- RESERVED
+CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...)
+ TODO: check
CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
- grafana <removed>
CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
@@ -15359,8 +15417,8 @@ CVE-2021-43300
RESERVED
CVE-2021-43299
RESERVED
-CVE-2021-43298
- RESERVED
+CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...)
+ TODO: check
CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...)
NOT-FOR-US: Apache Dubbo
CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...)
@@ -21683,8 +21741,8 @@ CVE-2021-41600
RESERVED
CVE-2021-41599
RESERVED
-CVE-2021-41598
- RESERVED
+CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
+ TODO: check
CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...)
NOT-FOR-US: SuiteCRM
CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
@@ -24801,8 +24859,8 @@ CVE-2021-40339
RESERVED
CVE-2021-40338
RESERVED
-CVE-2021-40337
- RESERVED
+CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
+ TODO: check
CVE-2021-40336
RESERVED
CVE-2021-40335
@@ -25201,8 +25259,8 @@ CVE-2021-40169
RESERVED
CVE-2021-40168
RESERVED
-CVE-2021-40167
- RESERVED
+CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
+ TODO: check
CVE-2021-40166
RESERVED
CVE-2021-40165
@@ -25217,10 +25275,10 @@ CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution thr
NOT-FOR-US: Autodesk
CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
NOT-FOR-US: Autodesk
-CVE-2021-40159
- RESERVED
-CVE-2021-40158
- RESERVED
+CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
+ TODO: check
+CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...)
+ TODO: check
CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
NOT-FOR-US: Autodesk
CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
@@ -30292,8 +30350,8 @@ CVE-2021-38131
RESERVED
CVE-2021-38130
RESERVED
-CVE-2021-38129
- RESERVED
+CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
+ TODO: check
CVE-2021-38128
RESERVED
CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
@@ -34658,12 +34716,12 @@ CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authen
NOT-FOR-US: Dell
CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
NOT-FOR-US: EMC
-CVE-2021-36348
- RESERVED
-CVE-2021-36347
- RESERVED
-CVE-2021-36346
- RESERVED
+CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...)
+ TODO: check
+CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...)
+ TODO: check
+CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...)
+ TODO: check
CVE-2021-36345
RESERVED
CVE-2021-36344
@@ -34762,12 +34820,12 @@ CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky crypt
NOT-FOR-US: EMC
CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...)
NOT-FOR-US: SupportAssist Client (Dell)
-CVE-2021-36296
- RESERVED
-CVE-2021-36295
- RESERVED
-CVE-2021-36294
- RESERVED
+CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ TODO: check
+CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ TODO: check
+CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ TODO: check
CVE-2021-36293
RESERVED
CVE-2021-36292
@@ -34776,8 +34834,8 @@ CVE-2021-36291
RESERVED
CVE-2021-36290
RESERVED
-CVE-2021-36289
- RESERVED
+CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...)
+ TODO: check
CVE-2021-36288
RESERVED
CVE-2021-36287
@@ -239858,6 +239916,7 @@ CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists fun
NOTE: https://gitlab.com/graphviz/graphviz/issues/1367
NOTE: https://issuetracker.google.com/issues/77810342
CVE-2018-10195 (lrzsz before version 0.12.21~rc can leak information to the receiving ...)
+ {DLA-2900-1}
- lrzsz 0.12.21-10 (low; bug #897010)
[jessie] - lrzsz <no-dsa> (Minor issue)
[wheezy] - lrzsz <no-dsa> (Minor issue)
@@ -271057,6 +271116,7 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul
NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload
NOTE: did not merge in the 1.14.0-2 upload.
CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...)
+ {DLA-2901-1}
- libxfont 1:2.0.3-1 (low; bug #883929)
[jessie] - libxfont <no-dsa> (Minor issue)
[wheezy] - libxfont <postponed> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548ab52f1363ac80a546df377c1b1406050e48f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/548ab52f1363ac80a546df377c1b1406050e48f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220126/95368c59/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list