[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 27 20:10:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59433d65 by security tracker role at 2022-01-27T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2022-24069
+	RESERVED
+CVE-2022-24064
+	RESERVED
+CVE-2022-24063
+	RESERVED
+CVE-2022-24062
+	RESERVED
+CVE-2022-24061
+	RESERVED
+CVE-2022-24060
+	RESERVED
+CVE-2022-24059
+	RESERVED
+CVE-2022-24058
+	RESERVED
+CVE-2022-24057
+	RESERVED
+CVE-2022-24056
+	RESERVED
+CVE-2022-24055
+	RESERVED
+CVE-2022-24054
+	RESERVED
+CVE-2022-24053
+	RESERVED
+CVE-2022-24052
+	RESERVED
+CVE-2022-24051
+	RESERVED
+CVE-2022-24050
+	RESERVED
+CVE-2022-24049
+	RESERVED
+CVE-2022-24048
+	RESERVED
+CVE-2022-24047
+	RESERVED
+CVE-2022-24046
+	RESERVED
+CVE-2022-24045
+	RESERVED
+CVE-2022-24044
+	RESERVED
+CVE-2022-24043
+	RESERVED
+CVE-2022-24042
+	RESERVED
+CVE-2022-24041
+	RESERVED
+CVE-2022-24040
+	RESERVED
+CVE-2022-24039
+	RESERVED
+CVE-2022-24038
+	RESERVED
+CVE-2022-24037
+	RESERVED
+CVE-2022-24036
+	RESERVED
+CVE-2022-23921
+	RESERVED
+CVE-2022-22987
+	RESERVED
+CVE-2022-21798
+	RESERVED
+CVE-2022-21154
+	RESERVED
+CVE-2022-0392
+	RESERVED
+CVE-2022-0391
+	RESERVED
+CVE-2022-0390
+	RESERVED
+CVE-2022-0389
+	RESERVED
+CVE-2022-0388
+	RESERVED
+CVE-2021-4217
+	RESERVED
+CVE-2021-4216
+	RESERVED
 CVE-2022-24035
 	RESERVED
 CVE-2022-24034
@@ -341,8 +423,8 @@ CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
 	NOT-FOR-US: livehelperchat
 CVE-2022-0373
 	RESERVED
-CVE-2022-0372
-	RESERVED
+CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...)
+	TODO: check
 CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
 	NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API
 CVE-2018-25029
@@ -655,8 +737,8 @@ CVE-2022-0350
 	RESERVED
 CVE-2022-0349
 	RESERVED
-CVE-2022-0348
-	RESERVED
+CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+	TODO: check
 CVE-2022-0347
 	RESERVED
 CVE-2022-0346
@@ -929,10 +1011,10 @@ CVE-2021-46430
 	RESERVED
 CVE-2021-46429
 	RESERVED
-CVE-2021-46428
-	RESERVED
-CVE-2021-46427
-	RESERVED
+CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester S ...)
+	TODO: check
+CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...)
+	TODO: check
 CVE-2021-46426
 	RESERVED
 CVE-2021-46425
@@ -2423,8 +2505,8 @@ CVE-2021-46379
 	RESERVED
 CVE-2021-46378
 	RESERVED
-CVE-2021-46377
-	RESERVED
+CVE-2021-46377 (There is a front-end sql injection vulnerability in cszcms 1.2.9 via c ...)
+	TODO: check
 CVE-2021-46376
 	RESERVED
 CVE-2021-46375
@@ -3090,8 +3172,8 @@ CVE-2022-23185
 	RESERVED
 CVE-2022-23184
 	RESERVED
-CVE-2022-23181
-	RESERVED
+CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use  ...)
+	TODO: check
 CVE-2022-23180
 	RESERVED
 CVE-2022-23179
@@ -5882,8 +5964,8 @@ CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a dire
 	NOT-FOR-US: webp_server_go
 CVE-2021-46103
 	RESERVED
-CVE-2021-46102
-	RESERVED
+CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in  ...)
+	TODO: check
 CVE-2021-46101
 	RESERVED
 CVE-2021-46100
@@ -5892,8 +5974,8 @@ CVE-2021-46099
 	RESERVED
 CVE-2021-46098
 	RESERVED
-CVE-2021-46097
-	RESERVED
+CVE-2021-46097 (Dolphinphp v1.5.0 contains a remote code execution vulnerability in /a ...)
+	TODO: check
 CVE-2021-46096
 	RESERVED
 CVE-2021-46095
@@ -5910,8 +5992,8 @@ CVE-2021-46090
 	RESERVED
 CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...)
 	NOT-FOR-US: JeecgBoot
-CVE-2021-46088
-	RESERVED
+CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...)
+	TODO: check
 CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ...)
 	NOT-FOR-US: jfinal_cms
 CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The fron ...)
@@ -5956,8 +6038,8 @@ CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal t
 	NOT-FOR-US: Sourcecodester Vehicle Service Management System
 CVE-2021-46066
 	RESERVED
-CVE-2021-46065
-	RESERVED
+CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...)
+	TODO: check
 CVE-2021-46064
 	RESERVED
 CVE-2021-46063
@@ -10493,14 +10575,14 @@ CVE-2022-21814
 	RESERVED
 CVE-2022-21813
 	RESERVED
-CVE-2021-44795
-	RESERVED
-CVE-2021-44794
-	RESERVED
-CVE-2021-44793
-	RESERVED
-CVE-2021-44792
-	RESERVED
+CVE-2021-44795 (Single Connect does not perform an authorization check when using the  ...)
+	TODO: check
+CVE-2021-44794 (Single Connect does not perform an authorization check when using the  ...)
+	TODO: check
+CVE-2021-44793 (Single Connect does not perform an authorization check when using the  ...)
+	TODO: check
+CVE-2021-44792 (Single Connect does not perform an authorization check when using the  ...)
+	TODO: check
 CVE-2021-44791
 	RESERVED
 CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
@@ -12514,7 +12596,7 @@ CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerabili
 CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...)
 	TODO: check
 CVE-2021-44121
-	RESERVED
+	REJECTED
 CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
 	TODO: check
 CVE-2021-44119
@@ -56125,8 +56207,8 @@ CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A
 	NOT-FOR-US: Forescout CounterACT
 CVE-2021-28097
 	RESERVED
-CVE-2021-28096
-	RESERVED
+CVE-2021-28096 (An issue was discovered in Stormshield SNS before 4.2.3 (when the prox ...)
+	TODO: check
 CVE-2021-28095 (OX Documents before 7.10.5-rev5 has Incorrect Access Control for docum ...)
 	NOT-FOR-US: OX Documents
 CVE-2021-28094 (OX Documents before 7.10.5-rev7 has Incorrect Access Control for conve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59433d6552a7ce74910c1360865736b51aeb1a00

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59433d6552a7ce74910c1360865736b51aeb1a00
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220127/a95450b1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list