[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 31 20:10:25 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b32a3589 by security tracker role at 2022-01-31T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-24282
+ RESERVED
+CVE-2022-24281
+ RESERVED
+CVE-2022-24280
+ RESERVED
+CVE-2022-24277
+ RESERVED
+CVE-2022-24276
+ RESERVED
+CVE-2022-24275
+ RESERVED
+CVE-2022-24274
+ RESERVED
+CVE-2022-24273
+ RESERVED
+CVE-2022-24272
+ RESERVED
+CVE-2022-23400
+ RESERVED
+CVE-2022-0435
+ RESERVED
+CVE-2022-0434
+ RESERVED
+CVE-2022-0433
+ RESERVED
+CVE-2022-0432
+ RESERVED
+CVE-2022-0431
+ RESERVED
+CVE-2022-0430
+ RESERVED
+CVE-2022-0429
+ RESERVED
+CVE-2022-0428
+ RESERVED
+CVE-2022-0427
+ RESERVED
+CVE-2022-0426
+ RESERVED
+CVE-2022-0425
+ RESERVED
+CVE-2022-0424
+ RESERVED
+CVE-2022-0423
+ RESERVED
+CVE-2022-0422
+ RESERVED
+CVE-2022-0421
+ RESERVED
+CVE-2022-0420
+ RESERVED
CVE-2022-24271
RESERVED
CVE-2022-24270
@@ -335,8 +387,8 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application
[buster] - mariadb-10.3 1:10.3.31-0+deb10u1
NOTE: https://jira.mariadb.org/browse/MDEV-25629
NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
-CVE-2022-0414
- RESERVED
+CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...)
+ TODO: check
CVE-2022-0413 (Use After Free in Conda vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -1508,10 +1560,10 @@ CVE-2021-46461
RESERVED
CVE-2021-46460
RESERVED
-CVE-2021-46459
- RESERVED
-CVE-2021-46458
- RESERVED
+CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...)
+ TODO: check
+CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
CVE-2021-46457
RESERVED
CVE-2021-46456
@@ -2747,8 +2799,8 @@ CVE-2022-0288
RESERVED
CVE-2022-0287
RESERVED
-CVE-2022-0286
- RESERVED
+CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
+ TODO: check
CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
CVE-2022-0284
@@ -3289,11 +3341,13 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem
CVE-2022-0265
RESERVED
CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
+ {DLA-2905-1}
- apache-log4j1.2 1.2.17-11 (bug #1004482)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
CVE-2022-23306
RESERVED
CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
+ {DLA-2905-1}
- apache-log4j1.2 1.2.17-11 (bug #1004482)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
@@ -3359,6 +3413,7 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
+ {DLA-2905-1}
- apache-log4j1.2 1.2.17-11 (bug #1004482)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
CVE-2022-22142
@@ -6578,8 +6633,8 @@ CVE-2021-46103
RESERVED
CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in ...)
TODO: check
-CVE-2021-46101
- RESERVED
+CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...)
+ TODO: check
CVE-2021-46100
RESERVED
CVE-2021-46099
@@ -10155,8 +10210,7 @@ CVE-2021-45081
RESERVED
CVE-2021-45080
RESERVED
-CVE-2021-45079
- RESERVED
+CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...)
{DSA-5056-1}
- strongswan 5.9.5-1
NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
@@ -11034,6 +11088,7 @@ CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the T
CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
NOT-FOR-US: CLI for Amazon AWS OpenSearch
CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...)
+ {DLA-2905-1}
- apache-log4j1.2 1.2.17-11
[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
[buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
@@ -12705,8 +12760,8 @@ CVE-2021-44257
RESERVED
CVE-2021-44256
RESERVED
-CVE-2021-44255
- RESERVED
+CVE-2021-44255 (Authenticated remote code execution in MotionEye <= 0.42.1 and Moti ...)
+ TODO: check
CVE-2021-44254
RESERVED
CVE-2021-44253
@@ -13183,10 +13238,12 @@ CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to
[stretch] - isync <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2
CVE-2021-44142 [Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution]
+ RESERVED
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914
CVE-2021-44141 [Information leak via symlinks of existance of files or directories outside of the exported share]
+ RESERVED
- samba <unfixed>
NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911
@@ -13259,8 +13316,8 @@ CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <
NOT-FOR-US: Anchor CMS
CVE-2021-44115
RESERVED
-CVE-2021-44114
- RESERVED
+CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...)
+ TODO: check
CVE-2021-44113
RESERVED
CVE-2021-44112
@@ -13831,7 +13888,7 @@ CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microse
CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
TODO: check
CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...)
- {DLA-2896-1}
+ {DSA-5065-1 DLA-2896-1}
- ipython 7.31.1-1 (bug #1004122)
NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
@@ -19157,16 +19214,16 @@ CVE-2021-42637
RESERVED
CVE-2021-42636
RESERVED
-CVE-2021-42635
- RESERVED
+CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
+ TODO: check
CVE-2021-42634
RESERVED
CVE-2021-42633
RESERVED
CVE-2021-42632
RESERVED
-CVE-2021-42631
- RESERVED
+CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
+ TODO: check
CVE-2021-42630
RESERVED
CVE-2021-42629
@@ -26764,8 +26821,8 @@ CVE-2021-40044
RESERVED
CVE-2021-40043
RESERVED
-CVE-2021-40042
- RESERVED
+CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
+ TODO: check
CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
NOT-FOR-US: Huawei
CVE-2021-40040
@@ -26782,8 +26839,8 @@ CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error
NOT-FOR-US: Huawei
CVE-2021-40034
RESERVED
-CVE-2021-40033
- RESERVED
+CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...)
+ TODO: check
CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
NOT-FOR-US: Huawei
CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
@@ -39528,8 +39585,8 @@ CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in
NOT-FOR-US: Zimbra
CVE-2021-34806
RESERVED
-CVE-2021-34805
- RESERVED
+CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...)
+ TODO: check
CVE-2021-34804
RESERVED
CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
@@ -47606,8 +47663,8 @@ CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol chec
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
-CVE-2021-31617
- RESERVED
+CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...)
+ TODO: check
CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
@@ -54630,8 +54687,8 @@ CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctre
- linux 5.10.26-1
[buster] - linux 4.19.194-1
NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
-CVE-2021-28962
- RESERVED
+CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a read-only adm ...)
+ TODO: check
CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
NOT-FOR-US: DDNS package for OpenWrt
CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthe ...)
@@ -67894,10 +67951,10 @@ CVE-2021-23523
RESERVED
CVE-2021-23522
RESERVED
-CVE-2021-23521
- RESERVED
-CVE-2021-23520
- RESERVED
+CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This vulner ...)
+ TODO: check
+CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...)
+ TODO: check
CVE-2021-23519
RESERVED
CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
@@ -72957,8 +73014,8 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (r
NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3
CVE-2020-36065
RESERVED
-CVE-2020-36064
- RESERVED
+CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardcoded cr ...)
+ TODO: check
CVE-2020-36063
RESERVED
CVE-2020-36062
@@ -72973,8 +73030,8 @@ CVE-2020-36058
RESERVED
CVE-2020-36057
RESERVED
-CVE-2020-36056
- RESERVED
+CVE-2020-36056 (Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_ ...)
+ TODO: check
CVE-2020-36055
RESERVED
CVE-2020-36054
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32a3589e1361391cb676aef07f9489c547cd56a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b32a3589e1361391cb676aef07f9489c547cd56a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220131/96d2b0a3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list