[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 27 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c042592 by security tracker role at 2022-01-27T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2022-24035
+ RESERVED
+CVE-2022-24034
+ RESERVED
+CVE-2022-24033
+ RESERVED
+CVE-2022-24032
+ RESERVED
+CVE-2022-24031
+ RESERVED
+CVE-2022-24030
+ RESERVED
+CVE-2022-24029
+ RESERVED
+CVE-2022-24028
+ RESERVED
+CVE-2022-24027
+ RESERVED
+CVE-2022-24026
+ RESERVED
+CVE-2022-24025
+ RESERVED
+CVE-2022-24024
+ RESERVED
+CVE-2022-24023
+ RESERVED
+CVE-2022-24022
+ RESERVED
+CVE-2022-24021
+ RESERVED
+CVE-2022-24020
+ RESERVED
+CVE-2022-24019
+ RESERVED
+CVE-2022-24018
+ RESERVED
+CVE-2022-24017
+ RESERVED
+CVE-2022-24016
+ RESERVED
+CVE-2022-24015
+ RESERVED
+CVE-2022-24014
+ RESERVED
+CVE-2022-24013
+ RESERVED
+CVE-2022-24012
+ RESERVED
+CVE-2022-24011
+ RESERVED
+CVE-2022-24010
+ RESERVED
+CVE-2022-24009
+ RESERVED
+CVE-2022-24008
+ RESERVED
+CVE-2022-24007
+ RESERVED
+CVE-2022-24006
+ RESERVED
+CVE-2022-24005
+ RESERVED
+CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ TODO: check
+CVE-2022-0386
+ RESERVED
+CVE-2022-0385
+ RESERVED
+CVE-2022-0384
+ RESERVED
+CVE-2021-46656
+ RESERVED
+CVE-2021-46655
+ RESERVED
+CVE-2021-46654
+ RESERVED
+CVE-2021-46653
+ RESERVED
+CVE-2021-46652
+ RESERVED
+CVE-2021-46651
+ RESERVED
+CVE-2021-46650
+ RESERVED
+CVE-2021-46649
+ RESERVED
+CVE-2021-46648
+ RESERVED
+CVE-2021-46647
+ RESERVED
+CVE-2021-46646
+ RESERVED
+CVE-2021-46645
+ RESERVED
+CVE-2021-46644
+ RESERVED
+CVE-2021-46643
+ RESERVED
+CVE-2021-46642
+ RESERVED
+CVE-2021-46641
+ RESERVED
+CVE-2021-46640
+ RESERVED
+CVE-2021-46639
+ RESERVED
+CVE-2021-46638
+ RESERVED
+CVE-2021-46637
+ RESERVED
+CVE-2021-46636
+ RESERVED
+CVE-2021-46635
+ RESERVED
+CVE-2021-46634
+ RESERVED
+CVE-2021-46633
+ RESERVED
+CVE-2021-46632
+ RESERVED
+CVE-2021-46631
+ RESERVED
+CVE-2021-46630
+ RESERVED
+CVE-2021-46629
+ RESERVED
+CVE-2021-46628
+ RESERVED
+CVE-2021-46627
+ RESERVED
+CVE-2021-46626
+ RESERVED
+CVE-2021-46625
+ RESERVED
+CVE-2021-46624
+ RESERVED
+CVE-2021-46623
+ RESERVED
+CVE-2021-46622
+ RESERVED
+CVE-2021-46621
+ RESERVED
+CVE-2021-46620
+ RESERVED
+CVE-2021-46619
+ RESERVED
+CVE-2021-46618
+ RESERVED
+CVE-2021-46617
+ RESERVED
+CVE-2021-46616
+ RESERVED
+CVE-2021-46615
+ RESERVED
+CVE-2021-46614
+ RESERVED
+CVE-2021-46613
+ RESERVED
+CVE-2021-46612
+ RESERVED
+CVE-2021-46611
+ RESERVED
+CVE-2021-46610
+ RESERVED
+CVE-2021-46609
+ RESERVED
+CVE-2021-46608
+ RESERVED
+CVE-2021-46607
+ RESERVED
+CVE-2021-46606
+ RESERVED
+CVE-2021-46605
+ RESERVED
+CVE-2021-46604
+ RESERVED
+CVE-2021-46603
+ RESERVED
+CVE-2021-46602
+ RESERVED
+CVE-2021-46601
+ RESERVED
+CVE-2021-46600
+ RESERVED
+CVE-2021-46599
+ RESERVED
+CVE-2021-46598
+ RESERVED
+CVE-2021-46597
+ RESERVED
+CVE-2021-46596
+ RESERVED
+CVE-2021-46595
+ RESERVED
+CVE-2021-46594
+ RESERVED
+CVE-2021-46593
+ RESERVED
+CVE-2021-46592
+ RESERVED
+CVE-2021-46591
+ RESERVED
+CVE-2021-46590
+ RESERVED
+CVE-2021-46589
+ RESERVED
+CVE-2021-46588
+ RESERVED
+CVE-2021-46587
+ RESERVED
+CVE-2021-46586
+ RESERVED
+CVE-2021-46585
+ RESERVED
+CVE-2021-46584
+ RESERVED
+CVE-2021-46583
+ RESERVED
+CVE-2021-46582
+ RESERVED
+CVE-2021-46581
+ RESERVED
+CVE-2021-46580
+ RESERVED
+CVE-2021-46579
+ RESERVED
+CVE-2021-46578
+ RESERVED
+CVE-2021-46577
+ RESERVED
+CVE-2021-46576
+ RESERVED
+CVE-2021-46575
+ RESERVED
+CVE-2021-46574
+ RESERVED
+CVE-2021-46573
+ RESERVED
+CVE-2021-46572
+ RESERVED
+CVE-2021-46571
+ RESERVED
+CVE-2021-46570
+ RESERVED
+CVE-2021-46569
+ RESERVED
+CVE-2021-46568
+ RESERVED
+CVE-2021-46567
+ RESERVED
+CVE-2021-46566
+ RESERVED
+CVE-2021-46565
+ RESERVED
+CVE-2021-46564
+ RESERVED
+CVE-2021-46563
+ RESERVED
+CVE-2021-46562
+ RESERVED
CVE-2022-24004
RESERVED
CVE-2022-24003
@@ -99,10 +359,10 @@ CVE-2022-23970
RESERVED
CVE-2022-23969
RESERVED
-CVE-2022-23968 (Xerox VersaLink devices through 2022-01-24 allow remote attackers to b ...)
+CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...)
NOT-FOR-US: Xerox
-CVE-2022-23967
- RESERVED
+CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...)
+ TODO: check
CVE-2022-23966
RESERVED
CVE-2022-23965
@@ -147,8 +407,8 @@ CVE-2022-23948
RESERVED
CVE-2022-0371
RESERVED
-CVE-2022-0370
- RESERVED
+CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ TODO: check
CVE-2022-0369
RESERVED
CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
@@ -3995,8 +4255,8 @@ CVE-2022-22830
RESERVED
CVE-2022-22829
RESERVED
-CVE-2022-22828
- RESERVED
+CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...)
+ TODO: check
CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...)
@@ -6068,7 +6328,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI
NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947
NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
-CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...)
+CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
- openexr <unfixed>
[buster] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
@@ -12781,10 +13041,10 @@ CVE-2022-21725
RESERVED
CVE-2022-21724
RESERVED
-CVE-2022-21723
- RESERVED
-CVE-2022-21722
- RESERVED
+CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
+CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-21721
RESERVED
CVE-2022-21720
@@ -12870,8 +13130,8 @@ CVE-2022-21688 (OnionShare is an open source tool that lets you securely and ano
NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
CVE-2022-21687
RESERVED
-CVE-2022-21686
- RESERVED
+CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...)
+ TODO: check
CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
TODO: check
CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...)
@@ -22919,8 +23179,8 @@ CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser
NOT-FOR-US: Snudown
CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...)
NOT-FOR-US: modern-async
-CVE-2021-41166
- RESERVED
+CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+ TODO: check
CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...)
- ckeditor <unfixed> (bug #999909)
[bullseye] - ckeditor <no-dsa> (Minor issue)
@@ -43207,8 +43467,8 @@ CVE-2021-32851
RESERVED
CVE-2021-32850
RESERVED
-CVE-2021-32849
- RESERVED
+CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
+ TODO: check
CVE-2021-32848
RESERVED
CVE-2021-32847
@@ -43221,12 +43481,12 @@ CVE-2021-32844
RESERVED
CVE-2021-32843
RESERVED
-CVE-2021-32842
- RESERVED
-CVE-2021-32841
- RESERVED
-CVE-2021-32840
- RESERVED
+CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ TODO: check
+CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ TODO: check
+CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...)
+ TODO: check
CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...)
- sqlparse 0.4.2-1 (bug #994841)
[bullseye] - sqlparse <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c04259222b794e997981bd5d89b5ff89c191aed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c04259222b794e997981bd5d89b5ff89c191aed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220127/bce667d3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list