[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jan 30 08:10:22 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94ee66c3 by security tracker role at 2022-01-30T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-24129
+	RESERVED
+CVE-2022-24128
+	RESERVED
+CVE-2022-24127
+	RESERVED
+CVE-2022-24126
+	RESERVED
+CVE-2022-24125
+	RESERVED
+CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...)
+	TODO: check
+CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...)
+	TODO: check
+CVE-2022-24121
+	RESERVED
+CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...)
+	TODO: check
+CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not  ...)
+	TODO: check
+CVE-2021-46658 (save_window_function_values in MariaDB before 10.6.3 allows an applica ...)
+	TODO: check
+CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application crash ...)
+	TODO: check
 CVE-2022-0414
 	RESERVED
 CVE-2022-0413
@@ -8,7 +32,7 @@ CVE-2022-0411
 	RESERVED
 CVE-2022-0410
 	RESERVED
-CVE-2022-24122 [ucount:  Make get_ucount a safe get_user replacement]
+CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...)
 	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -288,8 +312,8 @@ CVE-2022-24034
 	RESERVED
 CVE-2022-24033
 	RESERVED
-CVE-2022-24032
-	RESERVED
+CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...)
+	TODO: check
 CVE-2022-24031
 	RESERVED
 CVE-2022-24030
@@ -4055,8 +4079,8 @@ CVE-2022-22921
 	RESERVED
 CVE-2022-22920
 	RESERVED
-CVE-2022-22919
-	RESERVED
+CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SS ...)
+	TODO: check
 CVE-2022-22918
 	RESERVED
 CVE-2022-22917
@@ -23845,6 +23869,7 @@ CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDon
 CVE-2021-41056
 	RESERVED
 CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a  ...)
+	{DSA-5064-1}
 	- python-nbxmpp 2.0.4-1
 	[buster] - python-nbxmpp <not-affected> (Vulnerable code not present)
 	[stretch] - python-nbxmpp <not-affected> (Vulnerable code introduced later (modules added in v1.0.0))



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94ee66c31d9fee35e9b0e43ea61ea1f69ca06d20

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94ee66c31d9fee35e9b0e43ea61ea1f69ca06d20
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220130/198893ac/attachment-0001.htm>
