[Git][security-tracker-team/security-tracker][master] automatic update

Wed, 16 Feb 2022 00:10:40 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
89994e6b by security tracker role at 2022-02-16T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2022-25245
+       RESERVED
+CVE-2022-25244
+       RESERVED
+CVE-2022-25243
+       RESERVED
+CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against 
Cross-S ...)
+       TODO: check
+CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is 
vulnera ...)
+       TODO: check
+CVE-2022-25240
+       RESERVED
+CVE-2022-25239
+       RESERVED
+CVE-2022-25238
+       RESERVED
+CVE-2022-25237
+       RESERVED
+CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows 
attackers to in ...)
+       TODO: check
+CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks 
certain valid ...)
+       TODO: check
+CVE-2022-25229
+       RESERVED
+CVE-2022-25228
+       RESERVED
+CVE-2022-25227
+       RESERVED
+CVE-2022-25226
+       RESERVED
+CVE-2022-25225
+       RESERVED
+CVE-2022-25224
+       RESERVED
+CVE-2022-25223
+       RESERVED
+CVE-2022-25222
+       RESERVED
+CVE-2022-25221
+       RESERVED
+CVE-2022-25220
+       RESERVED
+CVE-2022-25219
+       RESERVED
+CVE-2022-25218
+       RESERVED
+CVE-2022-25217
+       RESERVED
+CVE-2022-25216
+       RESERVED
+CVE-2022-25215
+       RESERVED
+CVE-2022-25214
+       RESERVED
+CVE-2022-25213
+       RESERVED
+CVE-2022-24915
+       RESERVED
+CVE-2022-24432
+       RESERVED
+CVE-2022-22985
+       RESERVED
+CVE-2022-21146
+       RESERVED
+CVE-2022-0623
+       RESERVED
+CVE-2022-0622
+       RESERVED
+CVE-2022-0621
+       RESERVED
+CVE-2022-0620
+       RESERVED
+CVE-2022-0619
+       RESERVED
 CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not 
configure its XM ...)
        NOT-FOR-US: Jenkins Chef Sinatra Plugin
 CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and 
earlier use ...)
@@ -147,10 +221,10 @@ CVE-2022-25149
        RESERVED
 CVE-2022-25148
        RESERVED
-CVE-2022-0612
-       RESERVED
-CVE-2022-0611
-       RESERVED
+CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist 
remdex/livehelperchat ...)
+       TODO: check
+CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior 
to 5.3 ...)
+       TODO: check
 CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be 
modified vi ...)
        NOT-FOR-US: Corda
 CVE-2022-25147
@@ -4928,12 +5002,12 @@ CVE-2022-23645
        RESERVED
 CVE-2022-23644
        RESERVED
-CVE-2022-23643
-       RESERVED
+CVE-2022-23643 (Sourcegraph is a code search and navigation engine. 
Sourcegraph versio ...)
+       TODO: check
 CVE-2022-23642
        RESERVED
-CVE-2022-23641
-       RESERVED
+CVE-2022-23641 (Discourse is an open source discussion platform. In versions 
prior to  ...)
+       TODO: check
 CVE-2022-23640
        RESERVED
 CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, 
scoped t ...)
@@ -6001,8 +6075,8 @@ CVE-2021-46323 (Espruino 2v11.251 was discovered to 
contain a SEGV vulnerability
        NOT-FOR-US: Espruino
 CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV 
vulnerability via th ...)
        NOT-FOR-US: Duktape
-CVE-2021-46321
-       RESERVED
+CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to 
contain ...)
+       TODO: check
 CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are 
invoked se ...)
        NOT-FOR-US: OpenZeppelin
 CVE-2021-46319
@@ -7467,14 +7541,14 @@ CVE-2021-46267
        RESERVED
 CVE-2021-46266
        RESERVED
-CVE-2021-46265
-       RESERVED
-CVE-2021-46264
-       RESERVED
-CVE-2021-46263
-       RESERVED
-CVE-2021-46262
-       RESERVED
+CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to 
contain ...)
+       TODO: check
+CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to 
contain ...)
+       TODO: check
+CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to 
contain ...)
+       TODO: check
+CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to 
contain ...)
+       TODO: check
 CVE-2021-46261
        RESERVED
 CVE-2021-46260
@@ -7493,14 +7567,14 @@ CVE-2021-46254
        RESERVED
 CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post 
function ...)
        NOT-FOR-US: Anchor CMS
-CVE-2021-46252
-       RESERVED
-CVE-2021-46251
-       RESERVED
-CVE-2021-46250
-       RESERVED
-CVE-2021-46249
-       RESERVED
+CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in 
RequirementsBypassPage.php of S ...)
+       TODO: check
+CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before 
commit  ...)
+       TODO: check
+CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before 
commit a91879 ...)
+       TODO: check
+CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in 
Specific ...)
+       TODO: check
 CVE-2021-46248
        RESERVED
 CVE-2021-46247
@@ -17252,6 +17326,7 @@ CVE-2021-43860 (Flatpak is a Linux application 
sandboxing and distribution frame
        NOTE: 
https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
        NOTE: 
https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
 CVE-2021-43859 (XStream is an open source java library to serialize objects to 
XML and ...)
+       {DLA-2924-1}
        - libxstream-java <unfixed>
        NOTE: 
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
        NOTE: https://x-stream.github.io/CVE-2021-43859.html
@@ -36626,8 +36701,8 @@ CVE-2021-37356
        RESERVED
 CVE-2021-37355
        RESERVED
-CVE-2021-37354
-       RESERVED
+CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a 
buffer ov ...)
+       TODO: check
 CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to 
SSRF due ...)
        NOT-FOR-US: Nagios XI
 CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before 
version 5.8. ...)
@@ -41367,8 +41442,8 @@ CVE-2021-35382
        RESERVED
 CVE-2021-35381
        RESERVED
-CVE-2021-35380
-       RESERVED
+CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine 
TermTalk ...)
+       TODO: check
 CVE-2021-35379
        RESERVED
 CVE-2021-35378
@@ -44595,8 +44670,8 @@ CVE-2021-33947
        RESERVED
 CVE-2021-33946
        RESERVED
-CVE-2021-33945
-       RESERVED
+CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, 
SP 320SFN ...)
+       TODO: check
 CVE-2021-33944
        RESERVED
 CVE-2021-33943



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994e6b919893de168cf1470d8c75f2662d77be

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89994e6b919893de168cf1470d8c75f2662d77be
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to