[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 27 08:10:26 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c042592 by security tracker role at 2022-01-27T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2022-24035
+	RESERVED
+CVE-2022-24034
+	RESERVED
+CVE-2022-24033
+	RESERVED
+CVE-2022-24032
+	RESERVED
+CVE-2022-24031
+	RESERVED
+CVE-2022-24030
+	RESERVED
+CVE-2022-24029
+	RESERVED
+CVE-2022-24028
+	RESERVED
+CVE-2022-24027
+	RESERVED
+CVE-2022-24026
+	RESERVED
+CVE-2022-24025
+	RESERVED
+CVE-2022-24024
+	RESERVED
+CVE-2022-24023
+	RESERVED
+CVE-2022-24022
+	RESERVED
+CVE-2022-24021
+	RESERVED
+CVE-2022-24020
+	RESERVED
+CVE-2022-24019
+	RESERVED
+CVE-2022-24018
+	RESERVED
+CVE-2022-24017
+	RESERVED
+CVE-2022-24016
+	RESERVED
+CVE-2022-24015
+	RESERVED
+CVE-2022-24014
+	RESERVED
+CVE-2022-24013
+	RESERVED
+CVE-2022-24012
+	RESERVED
+CVE-2022-24011
+	RESERVED
+CVE-2022-24010
+	RESERVED
+CVE-2022-24009
+	RESERVED
+CVE-2022-24008
+	RESERVED
+CVE-2022-24007
+	RESERVED
+CVE-2022-24006
+	RESERVED
+CVE-2022-24005
+	RESERVED
+CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+	TODO: check
+CVE-2022-0386
+	RESERVED
+CVE-2022-0385
+	RESERVED
+CVE-2022-0384
+	RESERVED
+CVE-2021-46656
+	RESERVED
+CVE-2021-46655
+	RESERVED
+CVE-2021-46654
+	RESERVED
+CVE-2021-46653
+	RESERVED
+CVE-2021-46652
+	RESERVED
+CVE-2021-46651
+	RESERVED
+CVE-2021-46650
+	RESERVED
+CVE-2021-46649
+	RESERVED
+CVE-2021-46648
+	RESERVED
+CVE-2021-46647
+	RESERVED
+CVE-2021-46646
+	RESERVED
+CVE-2021-46645
+	RESERVED
+CVE-2021-46644
+	RESERVED
+CVE-2021-46643
+	RESERVED
+CVE-2021-46642
+	RESERVED
+CVE-2021-46641
+	RESERVED
+CVE-2021-46640
+	RESERVED
+CVE-2021-46639
+	RESERVED
+CVE-2021-46638
+	RESERVED
+CVE-2021-46637
+	RESERVED
+CVE-2021-46636
+	RESERVED
+CVE-2021-46635
+	RESERVED
+CVE-2021-46634
+	RESERVED
+CVE-2021-46633
+	RESERVED
+CVE-2021-46632
+	RESERVED
+CVE-2021-46631
+	RESERVED
+CVE-2021-46630
+	RESERVED
+CVE-2021-46629
+	RESERVED
+CVE-2021-46628
+	RESERVED
+CVE-2021-46627
+	RESERVED
+CVE-2021-46626
+	RESERVED
+CVE-2021-46625
+	RESERVED
+CVE-2021-46624
+	RESERVED
+CVE-2021-46623
+	RESERVED
+CVE-2021-46622
+	RESERVED
+CVE-2021-46621
+	RESERVED
+CVE-2021-46620
+	RESERVED
+CVE-2021-46619
+	RESERVED
+CVE-2021-46618
+	RESERVED
+CVE-2021-46617
+	RESERVED
+CVE-2021-46616
+	RESERVED
+CVE-2021-46615
+	RESERVED
+CVE-2021-46614
+	RESERVED
+CVE-2021-46613
+	RESERVED
+CVE-2021-46612
+	RESERVED
+CVE-2021-46611
+	RESERVED
+CVE-2021-46610
+	RESERVED
+CVE-2021-46609
+	RESERVED
+CVE-2021-46608
+	RESERVED
+CVE-2021-46607
+	RESERVED
+CVE-2021-46606
+	RESERVED
+CVE-2021-46605
+	RESERVED
+CVE-2021-46604
+	RESERVED
+CVE-2021-46603
+	RESERVED
+CVE-2021-46602
+	RESERVED
+CVE-2021-46601
+	RESERVED
+CVE-2021-46600
+	RESERVED
+CVE-2021-46599
+	RESERVED
+CVE-2021-46598
+	RESERVED
+CVE-2021-46597
+	RESERVED
+CVE-2021-46596
+	RESERVED
+CVE-2021-46595
+	RESERVED
+CVE-2021-46594
+	RESERVED
+CVE-2021-46593
+	RESERVED
+CVE-2021-46592
+	RESERVED
+CVE-2021-46591
+	RESERVED
+CVE-2021-46590
+	RESERVED
+CVE-2021-46589
+	RESERVED
+CVE-2021-46588
+	RESERVED
+CVE-2021-46587
+	RESERVED
+CVE-2021-46586
+	RESERVED
+CVE-2021-46585
+	RESERVED
+CVE-2021-46584
+	RESERVED
+CVE-2021-46583
+	RESERVED
+CVE-2021-46582
+	RESERVED
+CVE-2021-46581
+	RESERVED
+CVE-2021-46580
+	RESERVED
+CVE-2021-46579
+	RESERVED
+CVE-2021-46578
+	RESERVED
+CVE-2021-46577
+	RESERVED
+CVE-2021-46576
+	RESERVED
+CVE-2021-46575
+	RESERVED
+CVE-2021-46574
+	RESERVED
+CVE-2021-46573
+	RESERVED
+CVE-2021-46572
+	RESERVED
+CVE-2021-46571
+	RESERVED
+CVE-2021-46570
+	RESERVED
+CVE-2021-46569
+	RESERVED
+CVE-2021-46568
+	RESERVED
+CVE-2021-46567
+	RESERVED
+CVE-2021-46566
+	RESERVED
+CVE-2021-46565
+	RESERVED
+CVE-2021-46564
+	RESERVED
+CVE-2021-46563
+	RESERVED
+CVE-2021-46562
+	RESERVED
 CVE-2022-24004
 	RESERVED
 CVE-2022-24003
@@ -99,10 +359,10 @@ CVE-2022-23970
 	RESERVED
 CVE-2022-23969
 	RESERVED
-CVE-2022-23968 (Xerox VersaLink devices through 2022-01-24 allow remote attackers to b ...)
+CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...)
 	NOT-FOR-US: Xerox
-CVE-2022-23967
-	RESERVED
+CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...)
+	TODO: check
 CVE-2022-23966
 	RESERVED
 CVE-2022-23965
@@ -147,8 +407,8 @@ CVE-2022-23948
 	RESERVED
 CVE-2022-0371
 	RESERVED
-CVE-2022-0370
-	RESERVED
+CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+	TODO: check
 CVE-2022-0369
 	RESERVED
 CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
@@ -3995,8 +4255,8 @@ CVE-2022-22830
 	RESERVED
 CVE-2022-22829
 	RESERVED
-CVE-2022-22828
-	RESERVED
+CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...)
+	TODO: check
 CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...)
@@ -6068,7 +6328,7 @@ CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCI
 	NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947
 	NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
-CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...)
+CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
 	- openexr <unfixed>
 	[buster] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
@@ -12781,10 +13041,10 @@ CVE-2022-21725
 	RESERVED
 CVE-2022-21724
 	RESERVED
-CVE-2022-21723
-	RESERVED
-CVE-2022-21722
-	RESERVED
+CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
+	TODO: check
+CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
+	TODO: check
 CVE-2022-21721
 	RESERVED
 CVE-2022-21720
@@ -12870,8 +13130,8 @@ CVE-2022-21688 (OnionShare is an open source tool that lets you securely and ano
 	NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
 CVE-2022-21687
 	RESERVED
-CVE-2022-21686
-	RESERVED
+CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...)
+	TODO: check
 CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit  ...)
 	TODO: check
 CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...)
@@ -22919,8 +23179,8 @@ CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser
 	NOT-FOR-US: Snudown
 CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...)
 	NOT-FOR-US: modern-async
-CVE-2021-41166
-	RESERVED
+CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+	TODO: check
 CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...)
 	- ckeditor <unfixed> (bug #999909)
 	[bullseye] - ckeditor <no-dsa> (Minor issue)
@@ -43207,8 +43467,8 @@ CVE-2021-32851
 	RESERVED
 CVE-2021-32850
 	RESERVED
-CVE-2021-32849
-	RESERVED
+CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
+	TODO: check
 CVE-2021-32848
 	RESERVED
 CVE-2021-32847
@@ -43221,12 +43481,12 @@ CVE-2021-32844
 	RESERVED
 CVE-2021-32843
 	RESERVED
-CVE-2021-32842
-	RESERVED
-CVE-2021-32841
-	RESERVED
-CVE-2021-32840
-	RESERVED
+CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+	TODO: check
+CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+	TODO: check
+CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior  ...)
+	TODO: check
 CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...)
 	- sqlparse 0.4.2-1 (bug #994841)
 	[bullseye] - sqlparse <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c04259222b794e997981bd5d89b5ff89c191aed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c04259222b794e997981bd5d89b5ff89c191aed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220127/bce667d3/attachment.htm>


More information about the debian-security-tracker-commits mailing list