[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 15 08:10:24 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df579c4a by security tracker role at 2022-03-15T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (X ...)
+	TODO: check
+CVE-2022-27192
+	RESERVED
+CVE-2022-27191
+	RESERVED
+CVE-2022-27190
+	RESERVED
+CVE-2022-27175
+	RESERVED
+CVE-2022-26839
+	RESERVED
+CVE-2022-26836
+	RESERVED
+CVE-2022-26338
+	RESERVED
+CVE-2022-26069
+	RESERVED
+CVE-2022-26065
+	RESERVED
+CVE-2022-26059
+	RESERVED
+CVE-2022-26013
+	RESERVED
+CVE-2022-25980
+	RESERVED
+CVE-2022-25347
+	RESERVED
+CVE-2022-0980
+	RESERVED
+CVE-2022-0979
+	RESERVED
+CVE-2022-0978
+	RESERVED
+CVE-2022-0977
+	RESERVED
+CVE-2022-0976
+	RESERVED
+CVE-2022-0975
+	RESERVED
+CVE-2022-0974
+	RESERVED
+CVE-2022-0973
+	RESERVED
+CVE-2022-0972
+	RESERVED
+CVE-2022-0971
+	RESERVED
+CVE-2021-46738
+	RESERVED
+CVE-2021-46737
+	RESERVED
+CVE-2021-46736
+	RESERVED
+CVE-2021-46735
+	RESERVED
+CVE-2021-46734
+	RESERVED
+CVE-2021-46733
+	RESERVED
+CVE-2021-46732
+	RESERVED
+CVE-2021-46731
+	RESERVED
+CVE-2021-46730
+	RESERVED
+CVE-2021-46729
+	RESERVED
+CVE-2021-46728
+	RESERVED
+CVE-2021-46727
+	RESERVED
+CVE-2021-46726
+	RESERVED
+CVE-2021-46725
+	RESERVED
+CVE-2021-46724
+	RESERVED
+CVE-2021-46723
+	RESERVED
+CVE-2021-46722
+	RESERVED
+CVE-2021-46721
+	RESERVED
+CVE-2021-46720
+	RESERVED
+CVE-2021-46719
+	RESERVED
+CVE-2021-46718
+	RESERVED
+CVE-2021-46717
+	RESERVED
+CVE-2021-46716
+	RESERVED
+CVE-2021-46715
+	RESERVED
+CVE-2021-46714
+	RESERVED
+CVE-2021-46713
+	RESERVED
+CVE-2021-46712
+	RESERVED
+CVE-2021-46711
+	RESERVED
+CVE-2021-46710
+	RESERVED
 CVE-2022-27169
 	RESERVED
 CVE-2022-27167
@@ -447,12 +553,12 @@ CVE-2022-0947
 	RESERVED
 CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...)
 	NOT-FOR-US: ShowDoc
-CVE-2022-0945
-	RESERVED
-CVE-2022-0944
-	RESERVED
-CVE-2022-0943
-	RESERVED
+CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHu ...)
+	TODO: check
+CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in GitHub  ...)
+	TODO: check
+CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim  ...)
+	TODO: check
 CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in  ...)
 	- liblouis <unfixed>
 	NOTE: https://github.com/liblouis/liblouis/issues/1171
@@ -6282,8 +6388,8 @@ CVE-2022-24764
 	RESERVED
 CVE-2022-24763
 	RESERVED
-CVE-2022-24762
-	RESERVED
+CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...)
+	TODO: check
 CVE-2022-24761
 	RESERVED
 CVE-2022-24760 (Parse Server is an open source http web server backend. In versions pr ...)
@@ -6311,8 +6417,8 @@ CVE-2022-24751
 	RESERVED
 CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. A vulner ...)
 	NOT-FOR-US: UltraVNC
-CVE-2022-24749
-	RESERVED
+CVE-2022-24749 (Sylius is an open source eCommerce platform. In versions prior to 1.9. ...)
+	TODO: check
 CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
 	NOT-FOR-US: Shopware
 CVE-2022-24747 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
@@ -6323,14 +6429,14 @@ CVE-2022-24745 (Shopware is an open commerce platform based on the Symfony php F
 	NOT-FOR-US: Shopware
 CVE-2022-24744 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
 	NOT-FOR-US: Shopware
-CVE-2022-24743
-	RESERVED
-CVE-2022-24742
-	RESERVED
+CVE-2022-24743 (Sylius is an open source eCommerce platform. Prior to versions 1.10.11 ...)
+	TODO: check
+CVE-2022-24742 (Sylius is an open source eCommerce platform. Prior to versions 1.9.10, ...)
+	TODO: check
 CVE-2022-24741 (Nextcloud server is an open source, self hosted cloud style services p ...)
 	- nextcloud-server <itp> (bug #941708)
-CVE-2022-24740
-	RESERVED
+CVE-2022-24740 (Volto is a ReactJS-based frontend for the Plone Content Management Sys ...)
+	TODO: check
 CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior to 3.0. ...)
 	NOT-FOR-US: alltube
 CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...)
@@ -25143,10 +25249,10 @@ CVE-2021-43307
 	RESERVED
 CVE-2021-43306
 	RESERVED
-CVE-2021-43305
-	RESERVED
-CVE-2021-43304
-	RESERVED
+CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
+	TODO: check
+CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...)
+	TODO: check
 CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
 	- asterisk <unfixed>
 	- pjproject <removed>
@@ -29324,16 +29430,16 @@ CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 databas
 	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
 	NOTE: Fixed by https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7
 	NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd
-CVE-2021-42391
-	RESERVED
-CVE-2021-42390
-	RESERVED
-CVE-2021-42389
-	RESERVED
-CVE-2021-42388
-	RESERVED
-CVE-2021-42387
-	RESERVED
+CVE-2021-42391 (Divide-by-zero in Clickhouse's Gorilla compression codec when parsing  ...)
+	TODO: check
+CVE-2021-42390 (Divide-by-zero in Clickhouse's DeltaDouble compression codec when pars ...)
+	TODO: check
+CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when parsing a  ...)
+	TODO: check
+CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
+	TODO: check
+CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...)
+	TODO: check
 CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
 	- busybox <unfixed> (bug #999567)
 	[bullseye] - busybox <no-dsa> (Minor issue)
@@ -62034,7 +62140,8 @@ CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploi
 	NOT-FOR-US: Kennnyshiwa-cogs
 CVE-2021-29492 (Envoy is a cloud-native edge/middle/service proxy. Envoy does not deco ...)
 	- envoyproxy <itp> (bug #987544)
-CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...)
+CVE-2021-29491
+	REJECTED
 	NOT-FOR-US: mixme nodejs module
 CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...)
 	NOT-FOR-US: Jellyfin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df579c4a732dfe51b410a47945ad087122b3776b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df579c4a732dfe51b410a47945ad087122b3776b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220315/af65a924/attachment.htm>

More information about the debian-security-tracker-commits mailing list