Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
caf2a263 by security tracker role at 2022-02-08T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-24668
+ RESERVED
+CVE-2022-24667
+ RESERVED
+CVE-2022-24666
+ RESERVED
+CVE-2022-0528
+ RESERVED
+CVE-2022-0527
+ RESERVED
+CVE-2022-0526
+ RESERVED
+CVE-2022-0525
+ RESERVED
+CVE-2022-0524
+ RESERVED
+CVE-2022-0523
+ RESERVED
+CVE-2022-0522
+ RESERVED
+CVE-2022-0521
+ RESERVED
+CVE-2022-0520
+ RESERVED
+CVE-2022-0519
+ RESERVED
+CVE-2022-0518
+ RESERVED
+CVE-2022-0517
+ RESERVED
+CVE-2022-0516
+ RESERVED
CVE-2022-24665
RESERVED
CVE-2022-24664
@@ -428,8 +460,8 @@ CVE-2022-24452
RESERVED
CVE-2022-24451
RESERVED
-CVE-2022-24450
- RESERVED
+CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control.
Any authen ...)
+ TODO: check
CVE-2022-24449
RESERVED
CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel
before 5.1 ...)
@@ -870,96 +902,115 @@ CVE-2022-21173
RESERVED
CVE-2022-0470
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0469
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0468
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0467
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0466
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0465
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0464
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0463
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0462
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0461
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0460
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0459
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0458
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0457
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0456
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0455
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0454
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0453
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0452
RESERVED
+ {DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -3369,10 +3420,10 @@ CVE-2022-23626
RESERVED
CVE-2022-23625
RESERVED
-CVE-2022-23624
- RESERVED
-CVE-2022-23623
- RESERVED
+CVE-2022-23624 (Frourio-express is a minimal full stack framework, for
TypeScript. Fro ...)
+ TODO: check
+CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio
users who u ...)
+ TODO: check
CVE-2022-23622
RESERVED
CVE-2022-23621
@@ -3391,8 +3442,8 @@ CVE-2022-23615
RESERVED
CVE-2022-23614 (Twig is an open source template language for PHP. When in a
sandbox mo ...)
TODO: check
-CVE-2022-23613
- RESERVED
+CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server.
In affect ...)
+ TODO: check
CVE-2022-23612
RESERVED
CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on
Windows ...)
@@ -8200,7 +8251,7 @@ CVE-2022-0078
RESERVED
CVE-2021-45959
REJECTED
-CVE-2021-45958 (** DISPUTED ** UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a
stack-b ...)
+CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer
overflow ...)
- ujson <unfixed> (bug #1005140)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
NOTE: https://github.com/ultrajson/ultrajson/issues/501
@@ -10634,8 +10685,8 @@ CVE-2021-45283
RESERVED
CVE-2021-45282
RESERVED
-CVE-2021-45281
- RESERVED
+CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS)
vulnerabilit ...)
+ TODO: check
CVE-2021-45280
RESERVED
CVE-2021-45279
@@ -12447,12 +12498,11 @@ CVE-2022-21818
RESERVED
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource
Sharing (CO ...)
NOT-FOR-US: NVIDIA
-CVE-2022-21816
- RESERVED
-CVE-2022-21815
- RESERVED
-CVE-2022-21814
- RESERVED
+CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
+ TODO: check
+CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability
in the ke ...)
- nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -12469,8 +12519,7 @@ CVE-2022-21814
[bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
[bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not
supported)
-CVE-2022-21813
- RESERVED
+CVE-2022-21813 (NVIDIA GPU Display Driver for Linux contains a vulnerability
in the ke ...)
- nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -15114,8 +15163,8 @@ CVE-2022-21714
RESERVED
CVE-2022-21713
RESERVED
-CVE-2022-21712
- RESERVED
+CVE-2022-21712 (twisted is an event-driven networking engine written in
Python. In aff ...)
+ TODO: check
CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework
that parse ...)
NOT-FOR-US: elfspirit
CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local
short de ...)
@@ -23248,8 +23297,8 @@ CVE-2021-42009 (An authenticated Apache Traffic Control
Traffic Ops user with Po
NOT-FOR-US: Apache Traffic Control
CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input
During Web ...)
NOT-FOR-US: icecoder
-CVE-2021-3861
- RESERVED
+CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow
vulnerability. Z ...)
+ TODO: check
CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only),
is vul ...)
NOT-FOR-US: JFrog Artifactory
CVE-2021-3859
@@ -23897,8 +23946,8 @@ CVE-2021-41766 (Apache Karaf allows monitoring of
applications and the Java runt
CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External
Entity R ...)
- dbeaver <itp> (bug #680987)
NOTE:
https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22
-CVE-2021-3835
- RESERVED
+CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions >=
v2.6.0 cont ...)
+ TODO: check
CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly
some fiel ...)
NOT-FOR-US: Integria IMS
CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to
compare the ...)
@@ -24520,7 +24569,7 @@ CVE-2021-41496 (** DISPUTED ** Buffer overflow in the
array_from_pyobj function
NOTE: https://github.com/numpy/numpy/issues/19000
NOTE: https://github.com/numpy/numpy/pull/20630
NOTE:
https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2
-CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in
NumPy & ...)
+CVE-2021-41495 (** DISPUTED ** Null Pointer Dereference vulnerability exists
in numpy. ...)
- numpy <unfixed>
[bullseye] - numpy <no-dsa> (Minor issue)
NOTE: https://github.com/numpy/numpy/issues/19038
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf2a2635171e065e10c31477939bf4337bb0cc1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/caf2a2635171e065e10c31477939bf4337bb0cc1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
