[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 25 Jan 2022 00:10:47 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
95e940c7 by security tracker role at 2022-01-25T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2022-23941
+       RESERVED
+CVE-2022-23940
+       RESERVED
+CVE-2022-23939
+       RESERVED
+CVE-2022-23938
+       RESERVED
+CVE-2022-23937
+       RESERVED
+CVE-2022-23936
+       RESERVED
+CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a 
$file =~ / ...)
+       TODO: check
+CVE-2022-23934
+       RESERVED
+CVE-2022-23933
+       RESERVED
+CVE-2022-23932
+       RESERVED
+CVE-2022-23931
+       RESERVED
+CVE-2022-23930
+       RESERVED
+CVE-2022-23929
+       RESERVED
+CVE-2022-23928
+       RESERVED
+CVE-2022-23927
+       RESERVED
+CVE-2022-23926
+       RESERVED
+CVE-2022-23925
+       RESERVED
+CVE-2022-23924
+       RESERVED
+CVE-2022-23919
+       RESERVED
+CVE-2022-23918
+       RESERVED
+CVE-2022-23399
+       RESERVED
+CVE-2022-22144
+       RESERVED
+CVE-2022-22140
+       RESERVED
+CVE-2022-21201
+       RESERVED
+CVE-2022-21178
+       RESERVED
+CVE-2022-0355
+       RESERVED
+CVE-2022-0354
+       RESERVED
+CVE-2022-0353
+       RESERVED
+CVE-2021-4212
+       RESERVED
+CVE-2021-4211
+       RESERVED
+CVE-2021-4210
+       RESERVED
 CVE-2022-23913
        RESERVED
 CVE-2022-23912
@@ -268,26 +330,26 @@ CVE-2021-46485
        RESERVED
 CVE-2021-46484
        RESERVED
-CVE-2021-46483
-       RESERVED
-CVE-2021-46482
-       RESERVED
-CVE-2021-46481
-       RESERVED
-CVE-2021-46480
-       RESERVED
+CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow 
via Bool ...)
+       TODO: check
+CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow 
via Numb ...)
+       TODO: check
+CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via 
linenoise at  ...)
+       TODO: check
+CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow 
via jsiV ...)
+       TODO: check
 CVE-2021-46479
        RESERVED
-CVE-2021-46478
-       RESERVED
-CVE-2021-46477
-       RESERVED
+CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow 
via jsiC ...)
+       TODO: check
+CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow 
via RegE ...)
+       TODO: check
 CVE-2021-46476
        RESERVED
-CVE-2021-46475
-       RESERVED
-CVE-2021-46474
-       RESERVED
+CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow 
via jsi_ ...)
+       TODO: check
+CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow 
via jsiE ...)
+       TODO: check
 CVE-2021-46473
        RESERVED
 CVE-2021-46472
@@ -3036,8 +3098,8 @@ CVE-2022-0179 (snipe-it is vulnerable to Improper Access 
Control ...)
        NOT-FOR-US: snipe-it
 CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
        NOT-FOR-US: snipe-it
-CVE-2022-0177
-       RESERVED
+CVE-2022-0177 (Cross-site Scripting (XSS) - DOM in GitHub repository 
mrdoob/three.js  ...)
+       TODO: check
 CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
        RESERVED
        - linux <unfixed>
@@ -4497,8 +4559,8 @@ CVE-2022-22556
        RESERVED
 CVE-2022-22555
        RESERVED
-CVE-2022-22554
-       RESERVED
+CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an 
Unprotecte ...)
+       TODO: check
 CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper 
Restriction o ...)
        NOT-FOR-US: EMC
 CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking 
vulnerabil ...)
@@ -8413,16 +8475,16 @@ CVE-2021-45228
        RESERVED
 CVE-2021-45227
        RESERVED
-CVE-2021-45226
-       RESERVED
-CVE-2021-45225
-       RESERVED
-CVE-2021-45224
-       RESERVED
-CVE-2021-45223
-       RESERVED
-CVE-2021-45222
-       RESERVED
+CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to impr ...)
+       TODO: check
+CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to impr ...)
+       TODO: check
+CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In 
several  ...)
+       TODO: check
+CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to insu ...)
+       TODO: check
+CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due 
to logi ...)
+       TODO: check
 CVE-2021-45221
        RESERVED
 CVE-2021-45220
@@ -9312,20 +9374,20 @@ CVE-2021-44996
        RESERVED
 CVE-2021-44995
        RESERVED
-CVE-2021-44994
-       RESERVED
-CVE-2021-44993
-       RESERVED
-CVE-2021-44992
-       RESERVED
+CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT 
(jmem_heap_allocated_size) == 0' ...)
+       TODO: check
+CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' 
failed at ...)
+       TODO: check
+CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' 
failed at  ...)
+       TODO: check
 CVE-2021-44991
        RESERVED
 CVE-2021-44990
        RESERVED
 CVE-2021-44989
        RESERVED
-CVE-2021-44988
-       RESERVED
+CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack 
overflo ...)
+       TODO: check
 CVE-2021-44987
        RESERVED
 CVE-2021-44986
@@ -12445,18 +12507,18 @@ CVE-2022-21717
        RESERVED
 CVE-2022-21716
        RESERVED
-CVE-2022-21715
-       RESERVED
+CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP 
full-stack web fr ...)
+       TODO: check
 CVE-2022-21714
        RESERVED
 CVE-2022-21713
        RESERVED
 CVE-2022-21712
        RESERVED
-CVE-2022-21711
-       RESERVED
-CVE-2022-21710
-       RESERVED
+CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework 
that parse ...)
+       TODO: check
+CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local 
short de ...)
+       TODO: check
 CVE-2022-21709
        RESERVED
 CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In 
version ...)
@@ -14339,10 +14401,10 @@ CVE-2021-43591
        RESERVED
 CVE-2021-43590
        RESERVED
-CVE-2021-43589
-       RESERVED
-CVE-2021-43588
-       RESERVED
+CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT 
versions prior ...)
+       TODO: check
+CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an 
Improper Inp ...)
+       TODO: check
 CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 
P01, 3.0,  ...)
        NOT-FOR-US: Dell
 CVE-2021-43586
@@ -14981,8 +15043,8 @@ CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote 
attackers to elevate thei
        NOT-FOR-US: LiquidFiles
 CVE-2021-43395
        RESERVED
-CVE-2021-43394
-       RESERVED
+CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 
and IC4, ...)
+       TODO: check
 CVE-2021-43393
        RESERVED
 CVE-2021-43392
@@ -34494,8 +34556,8 @@ CVE-2021-3639 [Prevent redirect to URLs that begin with 
'///']
        NOTE: 
https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
 CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an 
authenticati ...)
        NOT-FOR-US: Dell
-CVE-2021-36349
-       RESERVED
+CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior 
contain a Ser ...)
+       TODO: check
 CVE-2021-36348
        RESERVED
 CVE-2021-36347
@@ -34506,10 +34568,10 @@ CVE-2021-36345
        RESERVED
 CVE-2021-36344
        RESERVED
-CVE-2021-36343
-       RESERVED
-CVE-2021-36342
-       RESERVED
+CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
+CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
+       TODO: check
 CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a 
sensitive  ...)
        NOT-FOR-US: Dell
 CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive 
information d ...)
@@ -110867,8 +110929,8 @@ CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 
20190922 does not validate URL i
        NOT-FOR-US: Cellopoint Cellos
 CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL 
inputte ...)
        NOT-FOR-US: Cellopoint Cellos
-CVE-2020-17383
-       RESERVED
+CVE-2020-17383 (A directory traversal vulnerability on Telos Z/IP One devices 
through  ...)
+       TODO: check
 CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer 
Overflow (0x801 ...)
        NOT-FOR-US: MSI AmbientLink MsIo64 driver
 CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due 
to insuff ...)
@@ -283106,7 +283168,7 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 
7.0.79 on Windows with HTTP
 CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be 
exploited to  ...)
        - airflow <itp> (bug #819700)
 CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are 
invoked with  ...)
-       {DLA-1162-1}
+       {DLA-2897-1 DLA-1162-1}
        - apr 1.6.3-1 (low; bug #879708)
        [jessie] - apr <no-dsa> (Minor issue)
        NOTE: 
mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95e940c7ca07366133a2f50246da6c2ecd45bbfc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95e940c7ca07366133a2f50246da6c2ecd45bbfc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to