[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 29 08:10:27 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c258f02 by security tracker role at 2022-01-29T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2022-24120
+	RESERVED
+CVE-2022-24119
+	RESERVED
+CVE-2022-24118
+	RESERVED
+CVE-2022-24117
+	RESERVED
+CVE-2022-24116
+	RESERVED
+CVE-2022-24115
+	RESERVED
+CVE-2022-24114
+	RESERVED
+CVE-2022-24113
+	RESERVED
+CVE-2022-0409
+	RESERVED
+CVE-2022-0408
+	RESERVED
+CVE-2022-0407
+	RESERVED
 CVE-2022-24112
 	RESERVED
 CVE-2022-0406
@@ -134,12 +156,12 @@ CVE-2022-24070
 	RESERVED
 CVE-2022-0396
 	RESERVED
-CVE-2022-0395
-	RESERVED
+CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+	TODO: check
 CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
 	NOT-FOR-US: livehelperchat
-CVE-2022-0393
-	RESERVED
+CVE-2022-0393 (Out-of-bounds Read in Conda vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-24069
 	RESERVED
 CVE-2022-24064
@@ -208,8 +230,8 @@ CVE-2022-21798
 	RESERVED
 CVE-2022-21154
 	RESERVED
-CVE-2022-0392
-	RESERVED
+CVE-2022-0392 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-0391 [urllib.parse does not sanitize URLs containing ASCII newline and tabs]
 	RESERVED
 	- python3.9 3.9.7-1
@@ -542,8 +564,8 @@ CVE-2022-23981
 	RESERVED
 CVE-2022-23980
 	RESERVED
-CVE-2022-23979
-	RESERVED
+CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+	TODO: check
 CVE-2022-23978
 	RESERVED
 CVE-2022-23977
@@ -832,12 +854,12 @@ CVE-2022-23891
 	RESERVED
 CVE-2022-23890
 	RESERVED
-CVE-2022-23889
-	RESERVED
-CVE-2022-23888
-	RESERVED
-CVE-2022-23887
-	RESERVED
+CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...)
+	TODO: check
+CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...)
+	TODO: check
+CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
+	TODO: check
 CVE-2022-23886
 	RESERVED
 CVE-2022-23885
@@ -882,8 +904,8 @@ CVE-2022-23866
 	RESERVED
 CVE-2022-23865
 	RESERVED
-CVE-2022-0352
-	RESERVED
+CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
+	TODO: check
 CVE-2022-0351 (Access of Memory Location Before Start of Buffer in Conda vim prior to ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -1128,16 +1150,16 @@ CVE-2021-46450
 	RESERVED
 CVE-2021-46449
 	RESERVED
-CVE-2021-46448
-	RESERVED
-CVE-2021-46447
-	RESERVED
-CVE-2021-46446
-	RESERVED
-CVE-2021-46445
-	RESERVED
-CVE-2021-46444
-	RESERVED
+CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+	TODO: check
+CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0  ...)
+	TODO: check
+CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+	TODO: check
+CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+	TODO: check
+CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+	TODO: check
 CVE-2021-46443
 	RESERVED
 CVE-2021-46442
@@ -1601,8 +1623,8 @@ CVE-2022-23729
 	RESERVED
 CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
 	NOT-FOR-US: LG
-CVE-2022-23727
-	RESERVED
+CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...)
+	TODO: check
 CVE-2022-23726
 	RESERVED
 CVE-2022-23725
@@ -1857,10 +1879,10 @@ CVE-2022-23601
 	RESERVED
 CVE-2022-23600
 	RESERVED
-CVE-2022-23599
-	RESERVED
-CVE-2022-23598
-	RESERVED
+CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...)
+	TODO: check
+CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...)
+	TODO: check
 CVE-2022-23597
 	RESERVED
 CVE-2022-23596
@@ -2151,8 +2173,8 @@ CVE-2022-0312
 	RESERVED
 CVE-2022-0299
 	RESERVED
-CVE-2022-23456
-	RESERVED
+CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...)
+	TODO: check
 CVE-2022-23455
 	RESERVED
 CVE-2022-23454
@@ -2607,10 +2629,10 @@ CVE-2022-23313
 	RESERVED
 CVE-2022-22137
 	RESERVED
-CVE-2022-21801
-	RESERVED
-CVE-2022-21796
-	RESERVED
+CVE-2022-21801 (A denial of service vulnerability exists in the netserver recv_command ...)
+	TODO: check
+CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_comman ...)
+	TODO: check
 CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
 	NOT-FOR-US: Orchard CMS
 CVE-2022-0273
@@ -3280,16 +3302,16 @@ CVE-2021-4206
 	RESERVED
 CVE-2021-4205
 	RESERVED
-CVE-2021-31567
-	RESERVED
+CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...)
+	TODO: check
 CVE-2021-26256
 	RESERVED
 CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-23209
 	RESERVED
-CVE-2021-23174
-	RESERVED
+CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+	TODO: check
 CVE-2021-23150
 	RESERVED
 CVE-2022-23206
@@ -3349,8 +3371,8 @@ CVE-2022-23180
 	RESERVED
 CVE-2022-23179
 	RESERVED
-CVE-2022-21199
-	RESERVED
+CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...)
+	TODO: check
 CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface]
 	RESERVED
 	{DSA-5047-1}
@@ -3565,12 +3587,12 @@ CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encryp
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-23102
 	RESERVED
-CVE-2022-21236
-	RESERVED
-CVE-2022-21217
-	RESERVED
-CVE-2022-21134
-	RESERVED
+CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...)
+	TODO: check
+CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...)
+	TODO: check
+CVE-2022-21134 (A firmware update vulnerability exists in the &quot;update&quo ...)
+	TODO: check
 CVE-2022-0194
 	RESERVED
 CVE-2022-0193
@@ -3837,12 +3859,12 @@ CVE-2022-22996
 	RESERVED
 CVE-2022-22995
 	RESERVED
-CVE-2022-22994
-	RESERVED
-CVE-2022-22993
-	RESERVED
-CVE-2022-22992
-	RESERVED
+CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...)
+	TODO: check
+CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...)
+	TODO: check
+CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...)
+	TODO: check
 CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a  ...)
 	NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
 CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...)
@@ -3969,8 +3991,8 @@ CVE-2022-22940
 	RESERVED
 CVE-2022-22939
 	RESERVED
-CVE-2022-22938
-	RESERVED
+CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...)
+	TODO: check
 CVE-2022-22937
 	RESERVED
 CVE-2022-22936
@@ -4636,10 +4658,10 @@ CVE-2022-22793
 	RESERVED
 CVE-2022-22792
 	RESERVED
-CVE-2022-22791
-	RESERVED
-CVE-2022-22790
-	RESERVED
+CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code  ...)
+	TODO: check
+CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...)
+	TODO: check
 CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...)
 	NOT-FOR-US: Charactell - FormStorm Enterprise
 CVE-2022-22788
@@ -8025,8 +8047,7 @@ CVE-2021-45466
 	RESERVED
 CVE-2021-45465
 	RESERVED
-CVE-2021-4160 [BN_mod_exp may produce incorrect results on MIPS]
-	RESERVED
+CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...)
 	- openssl 1.1.1m-1
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m)
 	NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html
@@ -9530,8 +9551,8 @@ CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before
 	NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26)
 CVE-2021-45106
 	RESERVED
-CVE-2021-44463
-	RESERVED
+CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
+	TODO: check
 CVE-2021-44462
 	RESERVED
 CVE-2021-4137
@@ -9572,8 +9593,8 @@ CVE-2021-4126
 	{DSA-5034-1 DLA-2874-1}
 	- thunderbird 1:91.4.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
-CVE-2021-26264
-	RESERVED
+CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control  ...)
+	TODO: check
 CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
 	NOT-FOR-US: Philips
 CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...)
@@ -11890,7 +11911,7 @@ CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) ver
 	NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
 CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
 	NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
-CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...)
+CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...)
 	NOT-FOR-US: Fresenius Kabi Agilia Link
 CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0  ...)
 	NOT-FOR-US: Fresenius Kabi Agilia Link
@@ -11931,130 +11952,130 @@ CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3
 	NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
 	NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
 	NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25)
-CVE-2021-44419
-	RESERVED
-CVE-2021-44418
-	RESERVED
-CVE-2021-44417
-	RESERVED
-CVE-2021-44416
-	RESERVED
-CVE-2021-44415
-	RESERVED
-CVE-2021-44414
-	RESERVED
-CVE-2021-44413
-	RESERVED
-CVE-2021-44412
-	RESERVED
-CVE-2021-44411
-	RESERVED
-CVE-2021-44410
-	RESERVED
-CVE-2021-44409
-	RESERVED
-CVE-2021-44408
-	RESERVED
-CVE-2021-44407
-	RESERVED
-CVE-2021-44406
-	RESERVED
-CVE-2021-44405
-	RESERVED
-CVE-2021-44404
-	RESERVED
-CVE-2021-44403
-	RESERVED
-CVE-2021-44402
-	RESERVED
-CVE-2021-44401
-	RESERVED
-CVE-2021-44400
-	RESERVED
-CVE-2021-44399
-	RESERVED
-CVE-2021-44398
-	RESERVED
-CVE-2021-44397
-	RESERVED
-CVE-2021-44396
-	RESERVED
-CVE-2021-44395
-	RESERVED
+CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
 CVE-2021-44394
 	RESERVED
-CVE-2021-44393
-	RESERVED
-CVE-2021-44392
-	RESERVED
-CVE-2021-44391
-	RESERVED
-CVE-2021-44390
-	RESERVED
-CVE-2021-44389
-	RESERVED
-CVE-2021-44388
-	RESERVED
-CVE-2021-44387
-	RESERVED
-CVE-2021-44386
-	RESERVED
-CVE-2021-44385
-	RESERVED
-CVE-2021-44384
-	RESERVED
-CVE-2021-44383
-	RESERVED
-CVE-2021-44382
-	RESERVED
-CVE-2021-44381
-	RESERVED
-CVE-2021-44380
-	RESERVED
-CVE-2021-44379
-	RESERVED
-CVE-2021-44378
-	RESERVED
-CVE-2021-44377
-	RESERVED
-CVE-2021-44376
-	RESERVED
+CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
 CVE-2021-44375
 	RESERVED
-CVE-2021-44374
-	RESERVED
-CVE-2021-44373
-	RESERVED
-CVE-2021-44372
-	RESERVED
-CVE-2021-44371
-	RESERVED
-CVE-2021-44370
-	RESERVED
-CVE-2021-44369
-	RESERVED
-CVE-2021-44368
-	RESERVED
-CVE-2021-44367
-	RESERVED
+CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
 CVE-2021-44366
 	RESERVED
-CVE-2021-44365
-	RESERVED
-CVE-2021-44364
-	RESERVED
-CVE-2021-44363
-	RESERVED
-CVE-2021-44362
-	RESERVED
-CVE-2021-44361
-	RESERVED
-CVE-2021-44360
-	RESERVED
-CVE-2021-44359
-	RESERVED
-CVE-2021-44358
-	RESERVED
+CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
+CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+	TODO: check
 CVE-2021-44357
 	RESERVED
 CVE-2021-44356
@@ -12063,8 +12084,7 @@ CVE-2021-44355
 	RESERVED
 CVE-2021-44354
 	RESERVED
-CVE-2021-4034
-	RESERVED
+CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...)
 	{DSA-5059-1 DLA-2899-1}
 	- policykit-1 0.105-31.1
 	NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
@@ -13341,8 +13361,8 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
 	TODO: check
 CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
 	TODO: check
-CVE-2022-21721
-	RESERVED
+CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...)
+	TODO: check
 CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...)
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
@@ -25353,46 +25373,46 @@ CVE-2021-40425
 	RESERVED
 CVE-2021-40424
 	RESERVED
-CVE-2021-40423
-	RESERVED
+CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...)
+	TODO: check
 CVE-2021-40422
 	RESERVED
 CVE-2021-40421
 	RESERVED
 CVE-2021-40420
 	RESERVED
-CVE-2021-40419
-	RESERVED
+CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...)
+	TODO: check
 CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
 	NOT-FOR-US: DaVinci Resolve
 CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
 	NOT-FOR-US: DaVinci Resolve
-CVE-2021-40416
-	RESERVED
-CVE-2021-40415
-	RESERVED
-CVE-2021-40414
-	RESERVED
-CVE-2021-40413
-	RESERVED
-CVE-2021-40412
-	RESERVED
-CVE-2021-40411
-	RESERVED
-CVE-2021-40410
-	RESERVED
-CVE-2021-40409
-	RESERVED
-CVE-2021-40408
-	RESERVED
-CVE-2021-40407
-	RESERVED
-CVE-2021-40406
-	RESERVED
+CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+	TODO: check
+CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+	TODO: check
+CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+	TODO: check
+CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+	TODO: check
+CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...)
+	TODO: check
+CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...)
+	TODO: check
+CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...)
+	TODO: check
+CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...)
+	TODO: check
+CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...)
+	TODO: check
+CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...)
+	TODO: check
+CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session  ...)
+	TODO: check
 CVE-2021-40405
 	RESERVED
-CVE-2021-40404
-	RESERVED
+CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
+	TODO: check
 CVE-2021-40403
 	RESERVED
 CVE-2021-40402
@@ -25405,10 +25425,10 @@ CVE-2021-40399
 	RESERVED
 CVE-2021-40398
 	RESERVED
-CVE-2021-40397
-	RESERVED
-CVE-2021-40396
-	RESERVED
+CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
+	TODO: check
+CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...)
+	TODO: check
 CVE-2021-40395
 	REJECTED
 CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
@@ -25439,10 +25459,10 @@ CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format
 	NOTE: https://github.com/gerbv/gerbv/issues/30
 CVE-2021-40390
 	RESERVED
-CVE-2021-40389
-	RESERVED
-CVE-2021-40388
-	RESERVED
+CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...)
+	TODO: check
+CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...)
+	TODO: check
 CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
 	NOT-FOR-US: Kaseya Unitrends Backup Software
 CVE-2021-40386
@@ -25558,12 +25578,12 @@ CVE-2021-40342
 	RESERVED
 CVE-2021-40341
 	RESERVED
-CVE-2021-40340
-	RESERVED
-CVE-2021-40339
-	RESERVED
-CVE-2021-40338
-	RESERVED
+CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
+	TODO: check
+CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due  ...)
+	TODO: check
+CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...)
+	TODO: check
 CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
 	NOT-FOR-US: Hitachi
 CVE-2021-40336
@@ -57463,8 +57483,8 @@ CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior c
 	NOT-FOR-US: exacqVision Web Service
 CVE-2021-27655
 	RESERVED
-CVE-2021-27654
-	RESERVED
+CVE-2021-27654 (Forgotten password reset functionality for local accounts can be used  ...)
+	TODO: check
 CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...)
 	NOT-FOR-US: Pega
 CVE-2021-27652
@@ -66687,8 +66707,8 @@ CVE-2021-23865
 	RESERVED
 CVE-2021-23864
 	RESERVED
-CVE-2021-23863
-	RESERVED
+CVE-2021-23863 (HTML code injection vulnerability in Android Application, Bosch Video  ...)
+	TODO: check
 CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...)
 	NOT-FOR-US: Bosch
 CVE-2021-23861 (By executing a special command, an user with administrative rights can ...)
@@ -66955,8 +66975,8 @@ CVE-2021-23762
 	RESERVED
 CVE-2021-23761
 	RESERVED
-CVE-2021-23760
-	RESERVED
+CVE-2021-23760 (The package keyget from 0.0.0 are vulnerable to Prototype Pollution vi ...)
+	TODO: check
 CVE-2021-23759
 	RESERVED
 CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...)
@@ -67364,8 +67384,8 @@ CVE-2021-23560
 	RESERVED
 CVE-2021-23559
 	RESERVED
-CVE-2021-23558
-	RESERVED
+CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Pollution  ...)
+	TODO: check
 CVE-2021-23557
 	RESERVED
 CVE-2021-23556
@@ -67515,8 +67535,8 @@ CVE-2021-23486
 	RESERVED
 CVE-2021-23485
 	RESERVED
-CVE-2021-23484
-	RESERVED
+CVE-2021-23484 (The package zip-local before 0.3.5 are vulnerable to Arbitrary File Wr ...)
+	TODO: check
 CVE-2021-23483
 	RESERVED
 CVE-2021-23482
@@ -69042,48 +69062,48 @@ CVE-2021-22829
 	RESERVED
 CVE-2021-22828
 	RESERVED
-CVE-2021-22827
-	RESERVED
-CVE-2021-22826
-	RESERVED
-CVE-2021-22825
-	RESERVED
+CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+	TODO: check
+CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+	TODO: check
+CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
+	TODO: check
 CVE-2021-22824
 	RESERVED
 CVE-2021-22823
 	RESERVED
-CVE-2021-22822
-	RESERVED
-CVE-2021-22821
-	RESERVED
-CVE-2021-22820
-	RESERVED
-CVE-2021-22819
-	RESERVED
-CVE-2021-22818
-	RESERVED
+CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
+	TODO: check
+CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...)
+	TODO: check
+CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists that co ...)
+	TODO: check
+CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
+	TODO: check
+CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
+	TODO: check
 CVE-2021-22817
 	RESERVED
-CVE-2021-22816
-	RESERVED
-CVE-2021-22815
-	RESERVED
-CVE-2021-22814
-	RESERVED
-CVE-2021-22813
-	RESERVED
-CVE-2021-22812
-	RESERVED
-CVE-2021-22811
-	RESERVED
-CVE-2021-22810
-	RESERVED
-CVE-2021-22809
-	RESERVED
-CVE-2021-22808
-	RESERVED
-CVE-2021-22807
-	RESERVED
+CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+	TODO: check
+CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...)
+	TODO: check
+CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
+	TODO: check
+CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
+	TODO: check
+CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
+	TODO: check
+CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
+	TODO: check
+CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
+	TODO: check
+CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could cause uni ...)
+	TODO: check
+CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause arbitr ...)
+	TODO: check
+CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...)
+	TODO: check
 CVE-2021-22806
 	RESERVED
 CVE-2021-22805
@@ -69098,8 +69118,8 @@ CVE-2021-22801
 	RESERVED
 CVE-2021-22800
 	RESERVED
-CVE-2021-22799
-	RESERVED
+CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause  ...)
+	TODO: check
 CVE-2021-22798
 	RESERVED
 CVE-2021-22797
@@ -69246,10 +69266,10 @@ CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink C
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in  ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2021-22725
-	RESERVED
-CVE-2021-22724
-	RESERVED
+CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that  ...)
+	TODO: check
+CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that  ...)
+	TODO: check
 CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation  ...)
@@ -142773,7 +142793,7 @@ CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way
 	[jessie] - coturn <not-affected> (Vulnerable code introduced later)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
 	NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
-CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...)
+CVE-2020-6061 (An exploitable heap out-of-bounds read vulnerability exists in the way ...)
 	{DSA-4711-1}
 	- coturn 4.5.1.1-1.2 (bug #951876)
 	[jessie] - coturn <not-affected> (Vulnerable code introduced later)
@@ -339887,8 +339907,8 @@ CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6
 	NOT-FOR-US: Red Hat / JBoss Operations Network server
 CVE-2016-3736
 	REJECTED
-CVE-2016-3735
-	RESERVED
+CVE-2016-3735 (Piwigo is image gallery software written in PHP. When a criteria is no ...)
+	TODO: check
 CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...)
 	- moodle 2.7.14+dfsg-1
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c258f029c0ff10c2d14d6a2d21085292ceecc7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c258f029c0ff10c2d14d6a2d21085292ceecc7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220129/4aa58518/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list