[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0803596f by security tracker role at 2022-02-17T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2022-25299
+       RESERVED
+CVE-2022-25298
+       RESERVED
+CVE-2022-25297
+       RESERVED
+CVE-2022-25296
+       RESERVED
+CVE-2022-25295
+       RESERVED
+CVE-2022-25294
+       RESERVED
+CVE-2022-25293
+       RESERVED
+CVE-2022-25292
+       RESERVED
+CVE-2022-25291
+       RESERVED
+CVE-2022-25290
+       RESERVED
+CVE-2022-25289
+       RESERVED
+CVE-2022-25288
+       RESERVED
+CVE-2022-25287
+       RESERVED
+CVE-2022-25286
+       RESERVED
+CVE-2022-25285
+       RESERVED
+CVE-2022-25284
+       RESERVED
+CVE-2022-25283
+       RESERVED
+CVE-2022-25282
+       RESERVED
+CVE-2022-25281
+       RESERVED
+CVE-2022-25280
+       RESERVED
+CVE-2022-25279
+       RESERVED
+CVE-2022-25278
+       RESERVED
+CVE-2022-25277
+       RESERVED
+CVE-2022-25276
+       RESERVED
+CVE-2022-25275
+       RESERVED
+CVE-2022-25274
+       RESERVED
+CVE-2022-25273
+       RESERVED
+CVE-2022-25272
+       RESERVED
+CVE-2022-25271 (Drupal core's form API has a vulnerability where certain 
contributed o ...)
+       TODO: check
+CVE-2022-25270 (The Quick Edit module does not properly check entity access in 
some ci ...)
+       TODO: check
+CVE-2022-25269
+       RESERVED
+CVE-2022-25268
+       RESERVED
+CVE-2022-25267
+       RESERVED
+CVE-2022-25266
+       RESERVED
+CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may 
have the ...)
+       TODO: check
+CVE-2022-25264
+       RESERVED
+CVE-2022-25263
+       RESERVED
+CVE-2022-25262
+       RESERVED
+CVE-2022-25261
+       RESERVED
+CVE-2022-25260
+       RESERVED
+CVE-2022-25259
+       RESERVED
+CVE-2022-25258 (An issue was discovered in the Linux kernel before 5.16.10. 
The USB Ga ...)
+       TODO: check
+CVE-2022-0655
+       RESERVED
+CVE-2022-0654
+       RESERVED
+CVE-2022-0653
+       RESERVED
+CVE-2022-0652
+       RESERVED
+CVE-2022-0651
+       RESERVED
+CVE-2022-0650
+       RESERVED
+CVE-2022-0649
+       RESERVED
+CVE-2021-46699
+       RESERVED
 CVE-2022-25257
        RESERVED
 CVE-2022-25256
@@ -157,10 +257,10 @@ CVE-2022-22985
        RESERVED
 CVE-2022-21146
        RESERVED
-CVE-2022-0623
-       RESERVED
-CVE-2022-0622
-       RESERVED
+CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+       TODO: check
+CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in 
Packag ...)
+       TODO: check
 CVE-2022-0621
        RESERVED
 CVE-2022-0620
@@ -739,16 +839,16 @@ CVE-2022-24987
        RESERVED
 CVE-2022-24986
        RESERVED
-CVE-2022-24985
-       RESERVED
-CVE-2022-24984
-       RESERVED
-CVE-2022-24983
-       RESERVED
-CVE-2022-24982
-       RESERVED
-CVE-2022-24981
-       RESERVED
+CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a 
remote au ...)
+       TODO: check
+CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if 
file-upload ca ...)
+       TODO: check
+CVE-2022-24983 (Forms generated by JQueryForm.com before 2022-02-05 allow 
remote attac ...)
+       TODO: check
+CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a 
remote au ...)
+       TODO: check
+CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms 
generate ...)
+       TODO: check
 CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 
3.6.1  ...)
        - wireshark <unfixed>
        [bullseye] - wireshark <no-dsa> (Minor issue)
@@ -899,8 +999,8 @@ CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit 
PDF Editor before 11.2.
        NOT-FOR-US: Foxit
 CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 
11.2.1 have ...)
        NOT-FOR-US: Foxit
-CVE-2022-24953
-       RESERVED
+CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent 
addition ...)
+       TODO: check
 CVE-2022-24952
        RESERVED
 CVE-2022-24951
@@ -5118,8 +5218,8 @@ CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer 
written in PHP. A cross-sit
        TODO: check
 CVE-2022-23637 (K-Box is a web-based application to manage documents, images, 
videos a ...)
        NOT-FOR-US: K-Box
-CVE-2022-23636
-       RESERVED
+CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. 
Prior t ...)
+       TODO: check
 CVE-2022-23635
        RESERVED
 CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to 
`puma`  ...)
@@ -7457,8 +7557,8 @@ CVE-2022-22903
        RESERVED
 CVE-2022-22902
        RESERVED
-CVE-2022-22901
-       RESERVED
+CVE-2022-22901 (There is an Assertion in 
'context_p-&gt;next_scanner_info_p-&gt;type = ...)
+       TODO: check
 CVE-2022-22900
        RESERVED
 CVE-2022-22899
@@ -7517,18 +7617,18 @@ CVE-2022-22887
        RESERVED
 CVE-2022-22886
        RESERVED
-CVE-2022-22885
-       RESERVED
+CVE-2022-22885 (Hutool v5.7.18's HttpRequest was discovered to ignore all 
TLS/SSL cert ...)
+       TODO: check
 CVE-2022-22884
        RESERVED
 CVE-2022-22883
        RESERVED
 CVE-2022-22882
        RESERVED
-CVE-2022-22881
-       RESERVED
-CVE-2022-22880
-       RESERVED
+CVE-2022-22881 (Jeecg-boot v3.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
+CVE-2022-22880 (Jeecg-boot v3.0 was discovered to contain a SQL injection 
vulnerabilit ...)
+       TODO: check
 CVE-2022-22879
        RESERVED
 CVE-2022-22878
@@ -19795,16 +19895,16 @@ CVE-2021-43305
        RESERVED
 CVE-2021-43304
        RESERVED
-CVE-2021-43303
-       RESERVED
-CVE-2021-43302
-       RESERVED
-CVE-2021-43301
-       RESERVED
-CVE-2021-43300
-       RESERVED
-CVE-2021-43299
-       RESERVED
+CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An 
attacker ...)
+       TODO: check
+CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling 
pjsua_recorder_create. An ...)
+       TODO: check
+CVE-2021-43301 (Stack overflow in PJSUA API when calling 
pjsua_playlist_create. An att ...)
+       TODO: check
+CVE-2021-43300 (Stack overflow in PJSUA API when calling 
pjsua_recorder_create. An att ...)
+       TODO: check
+CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. 
An attac ...)
+       TODO: check
 CVE-2021-43298 (The code that performs password matching when using 'Basic' 
HTTP authe ...)
        NOT-FOR-US: GoAhead Web Server
 CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 
3.2.11 a ...)
@@ -65701,8 +65801,8 @@ CVE-2021-3244
        RESERVED
 CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) 
vulnerabilit ...)
        NOT-FOR-US: Wfilter ICF
-CVE-2021-3242
-       RESERVED
+CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection 
vulnerability  ...)
+       TODO: check
 CVE-2021-3241
        RESERVED
 CVE-2021-3240



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0803596fd6c23e4d726f29905564db285cc633d8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0803596fd6c23e4d726f29905564db285cc633d8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits