[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 31 20:10:25 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b32a3589 by security tracker role at 2022-01-31T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-24282
+	RESERVED
+CVE-2022-24281
+	RESERVED
+CVE-2022-24280
+	RESERVED
+CVE-2022-24277
+	RESERVED
+CVE-2022-24276
+	RESERVED
+CVE-2022-24275
+	RESERVED
+CVE-2022-24274
+	RESERVED
+CVE-2022-24273
+	RESERVED
+CVE-2022-24272
+	RESERVED
+CVE-2022-23400
+	RESERVED
+CVE-2022-0435
+	RESERVED
+CVE-2022-0434
+	RESERVED
+CVE-2022-0433
+	RESERVED
+CVE-2022-0432
+	RESERVED
+CVE-2022-0431
+	RESERVED
+CVE-2022-0430
+	RESERVED
+CVE-2022-0429
+	RESERVED
+CVE-2022-0428
+	RESERVED
+CVE-2022-0427
+	RESERVED
+CVE-2022-0426
+	RESERVED
+CVE-2022-0425
+	RESERVED
+CVE-2022-0424
+	RESERVED
+CVE-2022-0423
+	RESERVED
+CVE-2022-0422
+	RESERVED
+CVE-2022-0421
+	RESERVED
+CVE-2022-0420
+	RESERVED
 CVE-2022-24271
 	RESERVED
 CVE-2022-24270
@@ -335,8 +387,8 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application
 	[buster] - mariadb-10.3 1:10.3.31-0+deb10u1
 	NOTE: https://jira.mariadb.org/browse/MDEV-25629
 	NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
-CVE-2022-0414
-	RESERVED
+CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...)
+	TODO: check
 CVE-2022-0413 (Use After Free in Conda vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -1508,10 +1560,10 @@ CVE-2021-46461
 	RESERVED
 CVE-2021-46460
 	RESERVED
-CVE-2021-46459
-	RESERVED
-CVE-2021-46458
-	RESERVED
+CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...)
+	TODO: check
+CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+	TODO: check
 CVE-2021-46457
 	RESERVED
 CVE-2021-46456
@@ -2747,8 +2799,8 @@ CVE-2022-0288
 	RESERVED
 CVE-2022-0287
 	RESERVED
-CVE-2022-0286
-	RESERVED
+CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
+	TODO: check
 CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
 	NOT-FOR-US: pimcore
 CVE-2022-0284
@@ -3289,11 +3341,13 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem
 CVE-2022-0265
 	RESERVED
 CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
+	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11 (bug #1004482)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
 CVE-2022-23306
 	RESERVED
 CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
+	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11 (bug #1004482)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
@@ -3359,6 +3413,7 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
 	NOT-FOR-US: Orchard CMS
 CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization  ...)
+	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11 (bug #1004482)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
 CVE-2022-22142
@@ -6578,8 +6633,8 @@ CVE-2021-46103
 	RESERVED
 CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in  ...)
 	TODO: check
-CVE-2021-46101
-	RESERVED
+CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...)
+	TODO: check
 CVE-2021-46100
 	RESERVED
 CVE-2021-46099
@@ -10155,8 +10210,7 @@ CVE-2021-45081
 	RESERVED
 CVE-2021-45080
 	RESERVED
-CVE-2021-45079
-	RESERVED
+CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...)
 	{DSA-5056-1}
 	- strongswan 5.9.5-1
 	NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
@@ -11034,6 +11088,7 @@ CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the T
 CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
 	NOT-FOR-US: CLI for Amazon AWS OpenSearch
 CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...)
+	{DLA-2905-1}
 	- apache-log4j1.2 1.2.17-11
 	[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
 	[buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
@@ -12705,8 +12760,8 @@ CVE-2021-44257
 	RESERVED
 CVE-2021-44256
 	RESERVED
-CVE-2021-44255
-	RESERVED
+CVE-2021-44255 (Authenticated remote code execution in MotionEye <= 0.42.1 and Moti ...)
+	TODO: check
 CVE-2021-44254
 	RESERVED
 CVE-2021-44253
@@ -13183,10 +13238,12 @@ CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to
 	[stretch] - isync <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2
 CVE-2021-44142 [Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution]
+	RESERVED
 	- samba <unfixed>
 	NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914
 CVE-2021-44141 [Information leak via symlinks of existance of files or directories outside of the exported share]
+	RESERVED
 	- samba <unfixed>
 	NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911
@@ -13259,8 +13316,8 @@ CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS &lt
 	NOT-FOR-US: Anchor CMS
 CVE-2021-44115
 	RESERVED
-CVE-2021-44114
-	RESERVED
+CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...)
+	TODO: check
 CVE-2021-44113
 	RESERVED
 CVE-2021-44112
@@ -13831,7 +13888,7 @@ CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microse
 CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
 	TODO: check
 CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...)
-	{DLA-2896-1}
+	{DSA-5065-1 DLA-2896-1}
 	- ipython 7.31.1-1 (bug #1004122)
 	NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
 	NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
@@ -19157,16 +19214,16 @@ CVE-2021-42637
 	RESERVED
 CVE-2021-42636
 	RESERVED
-CVE-2021-42635
-	RESERVED
+CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
+	TODO: check
 CVE-2021-42634
 	RESERVED
 CVE-2021-42633
 	RESERVED
 CVE-2021-42632
 	RESERVED
-CVE-2021-42631
-	RESERVED
+CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
+	TODO: check
 CVE-2021-42630
 	RESERVED
 CVE-2021-42629
@@ -26764,8 +26821,8 @@ CVE-2021-40044
 	RESERVED
 CVE-2021-40043
 	RESERVED
-CVE-2021-40042
-	RESERVED
+CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
+	TODO: check
 CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
 	NOT-FOR-US: Huawei
 CVE-2021-40040
@@ -26782,8 +26839,8 @@ CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error
 	NOT-FOR-US: Huawei
 CVE-2021-40034
 	RESERVED
-CVE-2021-40033
-	RESERVED
+CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...)
+	TODO: check
 CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
 	NOT-FOR-US: Huawei
 CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
@@ -39528,8 +39585,8 @@ CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in
 	NOT-FOR-US: Zimbra
 CVE-2021-34806
 	RESERVED
-CVE-2021-34805
-	RESERVED
+CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...)
+	TODO: check
 CVE-2021-34804
 	RESERVED
 CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
@@ -47606,8 +47663,8 @@ CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol chec
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
 	NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
 	NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
-CVE-2021-31617
-	RESERVED
+CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...)
+	TODO: check
 CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
 	NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
 CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
@@ -54630,8 +54687,8 @@ CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctre
 	- linux 5.10.26-1
 	[buster] - linux 4.19.194-1
 	NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
-CVE-2021-28962
-	RESERVED
+CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a read-only adm ...)
+	TODO: check
 CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
 	NOT-FOR-US: DDNS package for OpenWrt
 CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthe ...)
@@ -67894,10 +67951,10 @@ CVE-2021-23523
 	RESERVED
 CVE-2021-23522
 	RESERVED
-CVE-2021-23521
-	RESERVED
-CVE-2021-23520
-	RESERVED
+CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This vulner ...)
+	TODO: check
+CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...)
+	TODO: check
 CVE-2021-23519
 	RESERVED
 CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
@@ -72957,8 +73014,8 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (r
 	NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3
 CVE-2020-36065
 	RESERVED
-CVE-2020-36064
-	RESERVED
+CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardcoded cr ...)
+	TODO: check
 CVE-2020-36063
 	RESERVED
 CVE-2020-36062
@@ -72973,8 +73030,8 @@ CVE-2020-36058
 	RESERVED
 CVE-2020-36057
 	RESERVED
-CVE-2020-36056
-	RESERVED
+CVE-2020-36056 (Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_ ...)
+	TODO: check
 CVE-2020-36055
 	RESERVED
 CVE-2020-36054



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32a3589e1361391cb676aef07f9489c547cd56a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32a3589e1361391cb676aef07f9489c547cd56a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220131/96d2b0a3/attachment.htm>


More information about the debian-security-tracker-commits mailing list