Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f036096 by security tracker role at 2022-01-24T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-23864
+ RESERVED
+CVE-2022-23863
+ RESERVED
+CVE-2022-23862
+ RESERVED
+CVE-2022-23861
+ RESERVED
+CVE-2022-23860
+ RESERVED
+CVE-2022-23859
+ RESERVED
+CVE-2022-23858 (In StarWind Command Center before V2 build 6021, an
authenticated read ...)
+ TODO: check
+CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is
vulnerable to ...)
+ TODO: check
+CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud
(EIC) 5.5 ...)
+ TODO: check
+CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud
(EIC) 5.5 ...)
+ TODO: check
+CVE-2022-23854
+ RESERVED
+CVE-2022-23853
+ RESERVED
+CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer
overflow in XML ...)
+ TODO: check
+CVE-2022-23851
+ RESERVED
+CVE-2022-0341
+ RESERVED
+CVE-2022-0340
+ RESERVED
+CVE-2021-4209
+ RESERVED
CVE-2021-XXXX [ItemStack meta injection vulnerability]
- minetest 5.4.1+repack-1 (bug #1004223)
NOTE: Fixed by:
https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
@@ -7251,7 +7285,7 @@ CVE-2021-45419 (Certain Starcharge products are affected
by Improper Input Valid
CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory
Traversal via ...)
NOT-FOR-US: Nova 360 Cabinet
CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root
privileges via cr ...)
- {DSA-5051-1}
+ {DSA-5051-1 DLA-2894-1}
- aide 0.17.4-1
NOTE:
https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc
(v0.17.4)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
@@ -26570,8 +26604,7 @@ CVE-2021-23156
NOT-FOR-US: Red Hat Serverless
CVE-2021-39294
RESERVED
-CVE-2021-39293
- RESERVED
+CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a
crafted ...)
{DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.1-1
- golang-1.16 1.16.8-1
@@ -48171,8 +48204,8 @@ CVE-2021-30638 (Information Exposure vulnerability in
context asset handling of
NOT-FOR-US: Apache Tapestry
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or
Descript ...)
NOT-FOR-US: htmly
-CVE-2021-30636
- RESERVED
+CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible
memory corrup ...)
+ TODO: check
CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a
remote at ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-30634
@@ -58180,8 +58213,8 @@ CVE-2020-36241 (autoar-extractor.c in GNOME
gnome-autoar through 0.2.4, as used
NOTE: When fixing the issue make sure to apply as well the followup fix:
NOTE:
https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
NOTE: to not open CVE-2021-28650.
-CVE-2021-26706
- RESERVED
+CVE-2021-26706 (An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB
1.38.x an ...)
+ TODO: check
CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2.
An atta ...)
NOT-FOR-US: SquareBox CatDV Server
CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary
commands vi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f036096c2621913ea5d8e38630f1014b93b8e2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f036096c2621913ea5d8e38630f1014b93b8e2c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
