[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 21 Jan 2022 00:10:30 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5537eafa by security tracker role at 2022-01-21T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-23809
+       RESERVED
+CVE-2022-23808
+       RESERVED
+CVE-2022-23807
+       RESERVED
+CVE-2022-23806
+       RESERVED
+CVE-2022-23805
+       RESERVED
+CVE-2022-23804
+       RESERVED
+CVE-2022-23803
+       RESERVED
+CVE-2022-23802
+       RESERVED
+CVE-2022-23801
+       RESERVED
+CVE-2022-23800
+       RESERVED
+CVE-2022-23799
+       RESERVED
+CVE-2022-23798
+       RESERVED
+CVE-2022-23797
+       RESERVED
+CVE-2022-23796
+       RESERVED
+CVE-2022-23795
+       RESERVED
+CVE-2022-23794
+       RESERVED
+CVE-2022-23793
+       RESERVED
+CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+       TODO: check
+CVE-2022-0325
+       RESERVED
+CVE-2022-0324
+       RESERVED
+CVE-2021-46402
+       RESERVED
 CVE-2022-23792
        RESERVED
 CVE-2022-23791
@@ -1114,10 +1156,10 @@ CVE-2022-23317
        RESERVED
 CVE-2022-23316
        RESERVED
-CVE-2022-23315
-       RESERVED
-CVE-2022-23314
-       RESERVED
+CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload 
vulnera ...)
+       TODO: check
+CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection 
vulnerability vi ...)
+       TODO: check
 CVE-2022-23313
        RESERVED
 CVE-2022-22137
@@ -1238,66 +1280,66 @@ CVE-2021-46353
        RESERVED
 CVE-2021-46352
        RESERVED
-CVE-2021-46351
-       RESERVED
-CVE-2021-46350
-       RESERVED
-CVE-2021-46349
-       RESERVED
-CVE-2021-46348
-       RESERVED
-CVE-2021-46347
-       RESERVED
-CVE-2021-46346
-       RESERVED
-CVE-2021-46345
-       RESERVED
-CVE-2021-46344
-       RESERVED
-CVE-2021-46343
-       RESERVED
-CVE-2021-46342
-       RESERVED
+CVE-2021-46351 (There is an Assertion 'local_tza == 
ecma_date_local_time_zone_adjustme ...)
+       TODO: check
+CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at 
jerrysc ...)
+       TODO: check
+CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || 
type == ECM ...)
+       TODO: check
+CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE 
(string_p)' fa ...)
+       TODO: check
+CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object 
(obj_p)' ...)
+       TODO: check
+CVE-2021-46346 (There is an Assertion 'local_tza == 
ecma_date_local_time_zone_adjustme ...)
+       TODO: check
+CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed 
at /jerry ...)
+       TODO: check
+CVE-2021-46344 (There is an Assertion 'flags &amp; 
PARSER_PATTERN_HAS_REST_ELEMENT' fa ...)
+       TODO: check
+CVE-2021-46343 (There is an Assertion 'context_p-&gt;token.type == 
LEXER_LITERAL' fail ...)
+       TODO: check
+CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || 
!ecma_op ...)
+       TODO: check
 CVE-2021-46341
        RESERVED
-CVE-2021-46340
-       RESERVED
-CVE-2021-46339
-       RESERVED
-CVE-2021-46338
-       RESERVED
-CVE-2021-46337
-       RESERVED
-CVE-2021-46336
-       RESERVED
-CVE-2021-46335
-       RESERVED
-CVE-2021-46334
-       RESERVED
-CVE-2021-46333
-       RESERVED
-CVE-2021-46332
-       RESERVED
-CVE-2021-46331
-       RESERVED
-CVE-2021-46330
-       RESERVED
-CVE-2021-46329
-       RESERVED
-CVE-2021-46328
-       RESERVED
-CVE-2021-46327
-       RESERVED
-CVE-2021-46326
-       RESERVED
-CVE-2021-46325
-       RESERVED
-CVE-2021-46324
-       RESERVED
-CVE-2021-46323
-       RESERVED
-CVE-2021-46322
-       RESERVED
+CVE-2021-46340 (There is an Assertion 'context_p-&gt;stack_top_uint8 == 
SCAN_STACK_TRY ...)
+       TODO: check
+CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, 
string_siz ...)
+       TODO: check
+CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' 
failed  ...)
+       TODO: check
+CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at 
/parser/js/js-parser- ...)
+       TODO: check
+CVE-2021-46336 (There is an Assertion 'opts &amp; 
PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...)
+       TODO: check
+CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer 
derefere ...)
+       TODO: check
+CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer 
overflow ...)
+       TODO: check
+CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid 
memory acces ...)
+       TODO: check
+CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a 
heap-buffer-overflow  ...)
+       TODO: check
+CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV 
vulnerability vi ...)
+       TODO: check
+CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV 
vulnerability vi ...)
+       TODO: check
+CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV 
vulnerability vi ...)
+       TODO: check
+CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a 
heap-buffer-overflow  ...)
+       TODO: check
+CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV 
vulnerability vi ...)
+       TODO: check
+CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a 
heap-buffer-overflow  ...)
+       TODO: check
+CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer 
overflow vi ...)
+       TODO: check
+CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer 
overflow vi ...)
+       TODO: check
+CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV 
vulnerability via s ...)
+       TODO: check
+CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV 
vulnerability via th ...)
+       TODO: check
 CVE-2021-46321
        RESERVED
 CVE-2021-46320
@@ -2425,12 +2467,12 @@ CVE-2022-22932
        RESERVED
 CVE-2022-22931
        RESERVED
-CVE-2022-22930
-       RESERVED
-CVE-2022-22929
-       RESERVED
-CVE-2022-22928
-       RESERVED
+CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template 
Management ...)
+       TODO: check
+CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload 
vulnerabil ...)
+       TODO: check
+CVE-2022-22928 (MCMS v5.2.4 was discovered to have a hardcoded shiro-key, 
allowing att ...)
+       TODO: check
 CVE-2022-22927
        RESERVED
 CVE-2022-22926
@@ -2495,22 +2537,22 @@ CVE-2022-22897
        RESERVED
 CVE-2022-22896
        RESERVED
-CVE-2022-22895
-       RESERVED
-CVE-2022-22894
-       RESERVED
-CVE-2022-22893
-       RESERVED
-CVE-2022-22892
-       RESERVED
-CVE-2022-22891
-       RESERVED
-CVE-2022-22890
-       RESERVED
+CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a 
heap-buffer-overflow via ...)
+       TODO: check
+CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow 
via ecma_ ...)
+       TODO: check
+CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow 
via vm_lo ...)
+       TODO: check
+CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || 
ecma_is_valu ...)
+       TODO: check
+CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV 
vulnerability via e ...)
+       TODO: check
+CVE-2022-22890 (There is an Assertion 'arguments_type != 
SCANNER_ARGUMENTS_PRESENT &am ...)
+       TODO: check
 CVE-2022-22889
        RESERVED
-CVE-2022-22888
-       RESERVED
+CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow 
via ecma_ ...)
+       TODO: check
 CVE-2022-22887
        RESERVED
 CVE-2022-22886
@@ -4613,8 +4655,8 @@ CVE-2021-46063
        RESERVED
 CVE-2021-46062
        RESERVED
-CVE-2021-46061
-       RESERVED
+CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester 
Computer and M ...)
+       TODO: check
 CVE-2021-46060
        REJECTED
 CVE-2021-46059
@@ -39300,6 +39342,7 @@ CVE-2021-33915
 CVE-2021-33914
        RESERVED
 CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that 
might allo ...)
+       {DLA-2890-1}
        - libspf2 1.2.10-7.1
        [bullseye] - libspf2 1.2.10-7.1~deb11u1
        [buster] - libspf2 1.2.10-7.1~deb10u1
@@ -39307,6 +39350,7 @@ CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based 
buffer overflow that migh
        NOTE: https://github.com/shevek/libspf2/pull/35
        NOTE: 
https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
 CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer 
overflow that  ...)
+       {DLA-2890-1}
        - libspf2 1.2.10-7.1
        [bullseye] - libspf2 1.2.10-7.1~deb11u1
        [buster] - libspf2 1.2.10-7.1~deb10u1
@@ -50304,8 +50348,8 @@ CVE-2021-29787
        RESERVED
 CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear 
text wh ...)
        NOT-FOR-US: IBM
-CVE-2021-29785
-       RESERVED
+CVE-2021-29785 (IBM Security SOAR V42 and V43could allow a remote attacker to 
obtain s ...)
+       TODO: check
 CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote 
attacker t ...)
        NOT-FOR-US: IBM
 CVE-2021-29783
@@ -97390,8 +97434,8 @@ CVE-2020-23317
        RESERVED
 CVE-2020-23316
        RESERVED
-CVE-2020-23315
-       RESERVED
+CVE-2020-23315 (There is an ASSERTION (pFuncBody-&gt;GetYieldRegister() == 
oldYieldReg ...)
+       TODO: check
 CVE-2020-23314 (There is an Assertion 'block_found' failed at 
js-parser-statm.c:2003 p ...)
        - iotjs <unfixed> (bug #989991)
        [bullseye] - iotjs <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5537eafab0bb742e5eba88848a04f31bdae9c456

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5537eafab0bb742e5eba88848a04f31bdae9c456
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to