Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba14b454 by security tracker role at 2022-01-12T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2022-23178
+ RESERVED
+CVE-2022-23177
+ RESERVED
+CVE-2022-23176
+ RESERVED
+CVE-2022-23175
+ RESERVED
+CVE-2022-23174
+ RESERVED
+CVE-2022-23173
+ RESERVED
+CVE-2022-23172
+ RESERVED
+CVE-2022-23171
+ RESERVED
+CVE-2022-23170
+ RESERVED
+CVE-2022-23169
+ RESERVED
+CVE-2022-23168
+ RESERVED
+CVE-2022-23167
+ RESERVED
+CVE-2022-23166
+ RESERVED
+CVE-2022-23165
+ RESERVED
+CVE-2022-23164
+ RESERVED
+CVE-2022-23163
+ RESERVED
+CVE-2022-23162
+ RESERVED
+CVE-2022-23161
+ RESERVED
+CVE-2022-23160
+ RESERVED
+CVE-2022-23159
+ RESERVED
+CVE-2022-23158
+ RESERVED
+CVE-2022-23157
+ RESERVED
+CVE-2022-23156
+ RESERVED
+CVE-2022-23155
+ RESERVED
+CVE-2022-23154
+ RESERVED
+CVE-2022-23153
+ RESERVED
+CVE-2022-23152
+ RESERVED
+CVE-2022-23151
+ RESERVED
+CVE-2022-23150
+ RESERVED
+CVE-2022-23149
+ RESERVED
+CVE-2022-23148
+ RESERVED
+CVE-2022-23147
+ RESERVED
+CVE-2022-23146
+ RESERVED
+CVE-2022-23145
+ RESERVED
+CVE-2022-23144
+ RESERVED
+CVE-2022-23143
+ RESERVED
+CVE-2022-23142
+ RESERVED
+CVE-2022-23141
+ RESERVED
+CVE-2022-23140
+ RESERVED
+CVE-2022-23139
+ RESERVED
+CVE-2022-23138
+ RESERVED
+CVE-2022-23137
+ RESERVED
+CVE-2022-23136
+ RESERVED
+CVE-2022-23135
+ RESERVED
+CVE-2022-23134
+ RESERVED
+CVE-2022-23133
+ RESERVED
+CVE-2022-23132
+ RESERVED
+CVE-2022-23131
+ RESERVED
+CVE-2022-23130
+ RESERVED
+CVE-2022-23129
+ RESERVED
+CVE-2022-23128
+ RESERVED
+CVE-2022-23127
+ RESERVED
+CVE-2022-23126
+ RESERVED
+CVE-2022-0198
+ RESERVED
+CVE-2022-0197
+ RESERVED
+CVE-2022-0196
+ RESERVED
+CVE-2022-0195
+ RESERVED
+CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux
kernel ...)
+ TODO: check
CVE-2022-23125
RESERVED
CVE-2022-23124
@@ -314,8 +430,8 @@ CVE-2022-0181
RESERVED
CVE-2022-0180
RESERVED
-CVE-2022-0179
- RESERVED
+CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...)
+ TODO: check
CVE-2022-0178
RESERVED
CVE-2022-0177
@@ -856,8 +972,8 @@ CVE-2021-23218 (When running with FIPS mode enabled,
Mirantis Container Runtime
TODO: check
CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration
creates helm c ...)
NOT-FOR-US: Lens
-CVE-2022-0159
- RESERVED
+CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input
During W ...)
+ TODO: check
CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -2369,8 +2485,8 @@ CVE-2022-22308
RESERVED
CVE-2022-22307
RESERVED
-CVE-2022-0087
- RESERVED
+CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input
During Web ...)
+ TODO: check
CVE-2021-46130
RESERVED
CVE-2022-22306
@@ -5493,10 +5609,10 @@ CVE-2022-21972
RESERVED
CVE-2022-21971
RESERVED
-CVE-2022-21970
- RESERVED
-CVE-2022-21969
- RESERVED
+CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability.
This CV ...)
+ TODO: check
CVE-2022-21968
RESERVED
CVE-2022-21967
@@ -5505,28 +5621,28 @@ CVE-2022-21966
RESERVED
CVE-2022-21965
RESERVED
-CVE-2022-21964
- RESERVED
-CVE-2022-21963
- RESERVED
-CVE-2022-21962
- RESERVED
-CVE-2022-21961
- RESERVED
-CVE-2022-21960
- RESERVED
-CVE-2022-21959
- RESERVED
-CVE-2022-21958
- RESERVED
+CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure
Vulnerabilit ...)
+ TODO: check
+CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2022-21962 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2022-21961 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2022-21960 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
CVE-2022-21957
RESERVED
CVE-2022-21956
RESERVED
CVE-2022-21955
RESERVED
-CVE-2022-21954
- RESERVED
+CVE-2022-21954 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2021-45233
RESERVED
CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses
two fra ...)
@@ -6094,206 +6210,206 @@ CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is
vulnerable to a reflected
NOT-FOR-US: DIAEnergie
CVE-2022-21933
RESERVED
-CVE-2022-21932
- RESERVED
-CVE-2022-21931
- RESERVED
-CVE-2022-21930
- RESERVED
-CVE-2022-21929
- RESERVED
-CVE-2022-21928
- RESERVED
+CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site
Scripting Vulner ...)
+ TODO: check
+CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability. T ...)
+ TODO: check
+CVE-2022-21930 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability. T ...)
+ TODO: check
+CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability. T ...)
+ TODO: check
+CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
CVE-2022-21927
RESERVED
CVE-2022-21926
RESERVED
-CVE-2022-21925
- RESERVED
-CVE-2022-21924
- RESERVED
+CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass
Vulnerabilit ...)
+ TODO: check
+CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass
Vulnerabil ...)
+ TODO: check
CVE-2022-21923
RESERVED
-CVE-2022-21922
- RESERVED
-CVE-2022-21921
- RESERVED
-CVE-2022-21920
- RESERVED
-CVE-2022-21919
- RESERVED
-CVE-2022-21918
- RESERVED
-CVE-2022-21917
- RESERVED
-CVE-2022-21916
- RESERVED
-CVE-2022-21915
- RESERVED
-CVE-2022-21914
- RESERVED
-CVE-2022-21913
- RESERVED
-CVE-2022-21912
- RESERVED
-CVE-2022-21911
- RESERVED
-CVE-2022-21910
- RESERVED
+CVE-2022-21922 (Remote Procedure Call Runtime Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-21921 (Windows Defender Credential Guard Security Feature Bypass
Vulnerabilit ...)
+ TODO: check
+CVE-2022-21920 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21919 (Windows User Profile Service Elevation of Privilege
Vulnerability. Thi ...)
+ TODO: check
+CVE-2022-21918 (DirectX Graphics Kernel File Denial of Service Vulnerability.
...)
+ TODO: check
+CVE-2022-21917 (HEVC Video Extensions Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21916 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2022-21915 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID
is uniq ...)
+ TODO: check
+CVE-2022-21914 (Windows Remote Access Connection Manager Elevation of
Privilege Vulner ...)
+ TODO: check
+CVE-2022-21913 (Local Security Authority (Domain Policy) Remote Protocol
Security Feat ...)
+ TODO: check
+CVE-2022-21912 (DirectX Graphics Kernel Remote Code Execution Vulnerability.
This CVE ...)
+ TODO: check
+CVE-2022-21911 (.NET Framework Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-21910 (Microsoft Cluster Port Driver Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-21909
RESERVED
-CVE-2022-21908
- RESERVED
-CVE-2022-21907
- RESERVED
-CVE-2022-21906
- RESERVED
-CVE-2022-21905
- RESERVED
-CVE-2022-21904
- RESERVED
-CVE-2022-21903
- RESERVED
-CVE-2022-21902
- RESERVED
-CVE-2022-21901
- RESERVED
-CVE-2022-21900
- RESERVED
-CVE-2022-21899
- RESERVED
-CVE-2022-21898
- RESERVED
-CVE-2022-21897
- RESERVED
-CVE-2022-21896
- RESERVED
-CVE-2022-21895
- RESERVED
-CVE-2022-21894
- RESERVED
-CVE-2022-21893
- RESERVED
-CVE-2022-21892
- RESERVED
-CVE-2022-21891
- RESERVED
-CVE-2022-21890
- RESERVED
-CVE-2022-21889
- RESERVED
-CVE-2022-21888
- RESERVED
-CVE-2022-21887
- RESERVED
+CVE-2022-21908 (Windows Installer Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21906 (Windows Defender Application Control Security Feature Bypass
Vulnerabi ...)
+ TODO: check
+CVE-2022-21905 (Windows Hyper-V Security Feature Bypass Vulnerability. This
CVE ID is ...)
+ TODO: check
+CVE-2022-21904 (Windows GDI Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-21903 (Windows GDI Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21902 (Windows DWM Core Library Elevation of Privilege Vulnerability.
This CV ...)
+ TODO: check
+CVE-2022-21901 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21900 (Windows Hyper-V Security Feature Bypass Vulnerability. This
CVE ID is ...)
+ TODO: check
+CVE-2022-21899 (Windows Extensible Firmware Interface Security Feature Bypass
Vulnerab ...)
+ TODO: check
+CVE-2022-21898 (DirectX Graphics Kernel Remote Code Execution Vulnerability.
This CVE ...)
+ TODO: check
+CVE-2022-21897 (Windows Common Log File System Driver Elevation of Privilege
Vulnerabi ...)
+ TODO: check
+CVE-2022-21896 (Windows DWM Core Library Elevation of Privilege Vulnerability.
This CV ...)
+ TODO: check
+CVE-2022-21895 (Windows User Profile Service Elevation of Privilege
Vulnerability. Thi ...)
+ TODO: check
+CVE-2022-21894 (Secure Boot Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-21893 (Remote Desktop Protocol Remote Code Execution Vulnerability.
...)
+ TODO: check
+CVE-2022-21892 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2022-21891 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability.
...)
+ TODO: check
+CVE-2022-21890 (Windows IKE Extension Denial of Service Vulnerability. This
CVE ID is ...)
+ TODO: check
+CVE-2022-21889 (Windows IKE Extension Denial of Service Vulnerability. This
CVE ID is ...)
+ TODO: check
+CVE-2022-21888 (Windows Modern Execution Server Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-21887 (Win32k Elevation of Privilege Vulnerability. This CVE ID is
unique fro ...)
+ TODO: check
CVE-2022-21886
RESERVED
-CVE-2022-21885
- RESERVED
-CVE-2022-21884
- RESERVED
-CVE-2022-21883
- RESERVED
-CVE-2022-21882
- RESERVED
-CVE-2022-21881
- RESERVED
-CVE-2022-21880
- RESERVED
-CVE-2022-21879
- RESERVED
-CVE-2022-21878
- RESERVED
-CVE-2022-21877
- RESERVED
-CVE-2022-21876
- RESERVED
-CVE-2022-21875
- RESERVED
-CVE-2022-21874
- RESERVED
-CVE-2022-21873
- RESERVED
-CVE-2022-21872
- RESERVED
-CVE-2022-21871
- RESERVED
-CVE-2022-21870
- RESERVED
-CVE-2022-21869
- RESERVED
-CVE-2022-21868
- RESERVED
-CVE-2022-21867
- RESERVED
-CVE-2022-21866
- RESERVED
-CVE-2022-21865
- RESERVED
-CVE-2022-21864
- RESERVED
-CVE-2022-21863
- RESERVED
-CVE-2022-21862
- RESERVED
-CVE-2022-21861
- RESERVED
-CVE-2022-21860
- RESERVED
-CVE-2022-21859
- RESERVED
-CVE-2022-21858
- RESERVED
-CVE-2022-21857
- RESERVED
+CVE-2022-21885 (Windows Remote Access Connection Manager Elevation of
Privilege Vulner ...)
+ TODO: check
+CVE-2022-21884 (Local Security Authority Subsystem Service Elevation of
Privilege Vuln ...)
+ TODO: check
+CVE-2022-21883 (Windows IKE Extension Denial of Service Vulnerability. This
CVE ID is ...)
+ TODO: check
+CVE-2022-21882 (Win32k Elevation of Privilege Vulnerability. This CVE ID is
unique fro ...)
+ TODO: check
+CVE-2022-21881 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+ TODO: check
+CVE-2022-21880 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID
is uniq ...)
+ TODO: check
+CVE-2022-21879 (Windows Kernel Elevation of Privilege Vulnerability. This CVE
ID is un ...)
+ TODO: check
+CVE-2022-21878 (Windows Geolocation Service Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-21877 (Storage Spaces Controller Information Disclosure
Vulnerability. ...)
+ TODO: check
+CVE-2022-21876 (Win32k Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-21875 (Windows Storage Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21874 (Windows Security Center API Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-21873 (Tile Data Repository Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21872 (Windows Event Tracing Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-21871 (Microsoft Diagnostics Hub Standard Collector Runtime Elevation
of Priv ...)
+ TODO: check
+CVE-2022-21870 (Tablet Windows User Interface Application Core Elevation of
Privilege ...)
+ TODO: check
+CVE-2022-21869 (Clipboard User Service Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-21868 (Windows Devices Human Interface Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-21867 (Windows Push Notifications Apps Elevation Of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-21866 (Windows System Launcher Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-21865 (Connected Devices Platform Service Elevation of Privilege
Vulnerabilit ...)
+ TODO: check
+CVE-2022-21864 (Windows UI Immersive Server API Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-21863 (Windows StateRepository API Server file Elevation of Privilege
Vulnera ...)
+ TODO: check
+CVE-2022-21862 (Windows Application Model Core API Elevation of Privilege
Vulnerabilit ...)
+ TODO: check
+CVE-2022-21861 (Task Flow Data Engine Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-21860 (Windows AppContracts API Server Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-21859 (Windows Accounts Control Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-21858 (Windows Bind Filter Driver Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-21857 (Active Directory Domain Services Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-21856
RESERVED
-CVE-2022-21855
- RESERVED
+CVE-2022-21855 (Microsoft Exchange Server Remote Code Execution Vulnerability.
This CV ...)
+ TODO: check
CVE-2022-21854
RESERVED
CVE-2022-21853
RESERVED
-CVE-2022-21852
- RESERVED
-CVE-2022-21851
- RESERVED
-CVE-2022-21850
- RESERVED
-CVE-2022-21849
- RESERVED
-CVE-2022-21848
- RESERVED
-CVE-2022-21847
- RESERVED
-CVE-2022-21846
- RESERVED
+CVE-2022-21852 (Windows DWM Core Library Elevation of Privilege Vulnerability.
This CV ...)
+ TODO: check
+CVE-2022-21851 (Remote Desktop Client Remote Code Execution Vulnerability.
This CVE ID ...)
+ TODO: check
+CVE-2022-21850 (Remote Desktop Client Remote Code Execution Vulnerability.
This CVE ID ...)
+ TODO: check
+CVE-2022-21849 (Windows IKE Extension Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21848 (Windows IKE Extension Denial of Service Vulnerability. This
CVE ID is ...)
+ TODO: check
+CVE-2022-21847 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability.
This CV ...)
+ TODO: check
CVE-2022-21845
RESERVED
CVE-2022-21844
RESERVED
-CVE-2022-21843
- RESERVED
-CVE-2022-21842
- RESERVED
-CVE-2022-21841
- RESERVED
-CVE-2022-21840
- RESERVED
-CVE-2022-21839
- RESERVED
-CVE-2022-21838
- RESERVED
-CVE-2022-21837
- RESERVED
-CVE-2022-21836
- RESERVED
-CVE-2022-21835
- RESERVED
-CVE-2022-21834
- RESERVED
-CVE-2022-21833
- RESERVED
+CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This
CVE ID is ...)
+ TODO: check
+CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21841 (Microsoft Excel Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21840 (Microsoft Office Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21839 (Windows Event Tracing Discretionary Access Control List Denial
of Serv ...)
+ TODO: check
+CVE-2022-21838 (Windows Cleanup Manager Elevation of Privilege Vulnerability.
...)
+ TODO: check
+CVE-2022-21837 (Microsoft SharePoint Server Remote Code Execution
Vulnerability. ...)
+ TODO: check
+CVE-2022-21836 (Windows Certificate Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-21835 (Microsoft Cryptographic Services Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-21834 (Windows User-mode Driver Framework Reflector Driver Elevation
of Privi ...)
+ TODO: check
+CVE-2022-21833 (Virtual Machine IDE Drive Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../
directory traver ...)
NOT-FOR-US: HD-Network Real-time Monitoring System
CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x
before 1.8 ...)
@@ -9258,8 +9374,8 @@ CVE-2021-44001 (A vulnerability has been identified in
JT2Go (All versions <
NOT-FOR-US: Siemens
CVE-2021-44000
RESERVED
-CVE-2021-43999
- RESERVED
+CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate
responses re ...)
+ TODO: check
CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
@@ -9332,14 +9448,14 @@ CVE-2021-43975 (In the Linux kernel through 5.15.2,
hw_atl_utils_fw_rpc_wait in
- linux 5.15.5-2
[bullseye] - linux 5.10.84-1
NOTE:
https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-not...@kernel.org/T/
-CVE-2021-43974
- RESERVED
-CVE-2021-43973
- RESERVED
-CVE-2021-43972
- RESERVED
-CVE-2021-43971
- RESERVED
+CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The
/enduserreg en ...)
+ TODO: check
+CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp
in SysA ...)
+ TODO: check
+CVE-2021-43972 (An unrestricted file copy vulnerability in
/UserSelfServiceSettings.js ...)
+ TODO: check
+CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in
SysAid ITI ...)
+ TODO: check
CVE-2021-43970
RESERVED
CVE-2021-43969
@@ -9603,8 +9719,8 @@ CVE-2022-21648 (Latte is an open source template engine
for PHP. Versions since
NOTE:
https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0
CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework.
Deserializ ...)
- codeigniter <itp> (bug #471583)
-CVE-2022-21646
- RESERVED
+CVE-2022-21646 (SpiceDB is a database system for managing security-critical
applicatio ...)
+ TODO: check
CVE-2022-21645
RESERVED
CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In
affected ver ...)
@@ -13410,12 +13526,13 @@ CVE-2021-3918 (json-schema is vulnerable to
Improperly Controlled Modification o
[buster] - node-json-schema <no-dsa> (Minor issue)
NOTE:
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
(v0.4.0)
CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including
0.10.1, suppo ...)
+ {DSA-5041-1}
- routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
NOTE:
https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
NOTE: https://github.com/NLnetLabs/routinator/pull/667
CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can
be dela ...)
- {DSA-5033-1}
+ {DSA-5041-1 DSA-5033-1}
- routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
- fort-validator 1.5.3-1
@@ -13765,28 +13882,32 @@ CVE-2021-43034 (An issue was discovered in Kaseya
Unitrends Backup Appliance bef
CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance
before 10 ...)
NOT-FOR-US: Kaseya
CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in
memory, ...)
+ {DSA-5041-1}
- routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg
CVE-2021-3911 (If the ROA that a repository returns contains too many bits for
the IP ...)
+ {DSA-5041-1}
- cfrpki 1.4.0-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22
CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an
invali ...)
+ {DSA-5041-1}
- cfrpki 1.4.0-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j
CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing
for a slo ...)
- {DSA-5033-1}
+ {DSA-5041-1 DSA-5033-1}
- routinator <itp> (bug #929024)
- cfrpki 1.4.0-1
- fort-validator 1.5.3-1
- rpki-client 7.5-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain,
allowing for ...)
+ {DSA-5041-1}
- cfrpki 1.4.0-1
- routinator <itp> (bug #929024)
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..",
this a ...)
- {DSA-5033-1}
+ {DSA-5041-1 DSA-5033-1}
- cfrpki 1.4.0-1
- fort-validator 1.5.3-1
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
@@ -18061,8 +18182,8 @@ CVE-2021-41769 (A vulnerability has been identified in
SIPROTEC 5 6MD85 devices
NOT-FOR-US: Siemens
CVE-2021-41768
RESERVED
-CVE-2021-41767
- RESERVED
+CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a
private tun ...)
+ TODO: check
CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...)
NOT-FOR-US: openwhyd
CVE-2021-41766
@@ -21442,6 +21563,7 @@ CVE-2021-40355 (A vulnerability has been identified in
Teamcenter V12.4 (All ver
CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All
versions ...)
NOT-FOR-US: Siemens
CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0
into emitt ...)
+ {DSA-5041-1}
- cfrpki 1.3.0-1 (bug #994572)
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
NOTE:
https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
@@ -22070,7 +22192,7 @@ CVE-2021-40120 (A vulnerability in the web-based
management interface of certain
NOT-FOR-US: Cisco
CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism
of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2021-40118 (Multiple vulnerabilities in the web services interface of
Cisco Adapti ...)
+CVE-2021-40118 (A vulnerability in the web services interface of Cisco
Adaptive Securi ...)
NOT-FOR-US: Cisco
CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive
Security ...)
NOT-FOR-US: Cisco
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba14b45448c21804984a52f87072b7af8f98dde2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba14b45448c21804984a52f87072b7af8f98dde2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
