Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f8c0b6e by security tracker role at 2022-02-22T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,64 @@
-CVE-2022-25636 [netfilter: nf_tables_offload: incorrect flow offload action
array size]
+CVE-2022-25643
+ RESERVED
+CVE-2022-25642
+ RESERVED
+CVE-2022-25641
+ RESERVED
+CVE-2022-25640
+ RESERVED
+CVE-2022-25639
+ RESERVED
+CVE-2022-25638
+ RESERVED
+CVE-2022-25637
+ RESERVED
+CVE-2022-25635
+ RESERVED
+CVE-2022-25634
+ RESERVED
+CVE-2022-25633
+ RESERVED
+CVE-2022-25632
+ RESERVED
+CVE-2022-25631
+ RESERVED
+CVE-2022-25630
+ RESERVED
+CVE-2022-25629
+ RESERVED
+CVE-2022-25628
+ RESERVED
+CVE-2022-25627
+ RESERVED
+CVE-2022-25626
+ RESERVED
+CVE-2022-25625
+ RESERVED
+CVE-2022-25624
+ RESERVED
+CVE-2022-25623
+ RESERVED
+CVE-2022-25325
+ RESERVED
+CVE-2022-25234
+ RESERVED
+CVE-2022-25230
+ RESERVED
+CVE-2022-21219
+ RESERVED
+CVE-2022-21124
+ RESERVED
+CVE-2022-0717
+ RESERVED
+CVE-2022-0716
+ RESERVED
+CVE-2022-0715
+ RESERVED
+CVE-2022-0714
+ RESERVED
+CVE-2022-0713
+ RESERVED
+CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through
5.6.10 a ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -540,8 +600,8 @@ CVE-2022-0698
RESERVED
CVE-2022-0697
RESERVED
-CVE-2022-0696
- RESERVED
+CVE-2022-0696 (NULL Pointer Dereference in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0695
RESERVED
CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket
transport. An ...)
@@ -720,8 +780,8 @@ CVE-2022-25312
RESERVED
CVE-2022-21132
RESERVED
-CVE-2022-0676
- RESERVED
+CVE-2022-0676 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4.
...)
+ TODO: check
CVE-2022-0675
RESERVED
CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer
overflow in ...)
@@ -2332,8 +2392,7 @@ CVE-2022-23922
RESERVED
CVE-2022-23104
RESERVED
-CVE-2022-0563 [partial disclosure of arbitrary files in chfn and chsh when
compiled with libreadline]
- RESERVED
+CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when
compil ...)
- util-linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
NOTE:
https://lore.kernel.org/util-linux/[email protected]/T/#u
@@ -2785,8 +2844,8 @@ CVE-2022-24566
RESERVED
CVE-2022-24565
RESERVED
-CVE-2022-24564
- RESERVED
+CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS)
vulnerabil ...)
+ TODO: check
CVE-2022-24563
RESERVED
CVE-2022-24562
@@ -10523,8 +10582,8 @@ CVE-2022-22310 (IBM WebSphere Application Server
Liberty 21.0.0.10 through 21.0.
NOT-FOR-US: IBM
CVE-2022-22309
RESERVED
-CVE-2022-22308
- RESERVED
+CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File
Include (RFI ...)
+ TODO: check
CVE-2022-22307
RESERVED
CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input
During Web ...)
@@ -14396,8 +14455,7 @@ CVE-2021-4117 (yetiforcecrm is vulnerable to Business
Logic Errors ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input
During ...)
NOT-FOR-US: yetiforcecrm
-CVE-2021-4115 [file descriptor leak allows an unprivileged user to cause a
crash]
- RESERVED
+CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user
to caus ...)
[experimental] - policykit-1 0.120-6
- policykit-1 0.105-32 (bug #1005784)
[bullseye] - policykit-1 <no-dsa> (Minor issue)
@@ -15964,24 +16022,24 @@ CVE-2021-44579
RESERVED
CVE-2021-44578
RESERVED
-CVE-2021-44577
- RESERVED
-CVE-2021-44576
- RESERVED
-CVE-2021-44575
- RESERVED
-CVE-2021-44574
- RESERVED
-CVE-2021-44573
- RESERVED
+CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv
through 13 ...)
+ TODO: check
+CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through
13 Dec 2 ...)
+ TODO: check
+CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv
through 1 ...)
+ TODO: check
+CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv
through 13 De ...)
+ TODO: check
+CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv
through 13 ...)
+ TODO: check
CVE-2021-44572
RESERVED
-CVE-2021-44571
- RESERVED
-CVE-2021-44570
- RESERVED
-CVE-2021-44569
- RESERVED
+CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv
through 13 D ...)
+ TODO: check
+CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv
through 1 ...)
+ TODO: check
+CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in
the solve ...)
+ TODO: check
CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv
libsolv th ...)
- libsolv <unfixed> (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/425
@@ -37682,9 +37740,9 @@ CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus
6111 and prior is vulnerabl
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is
vulnerable to a ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37420 (ManageEngine ADSelfService Plus before 6112 is vulnerable to
mail spoo ...)
+CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable
to mail ...)
NOT-FOR-US: ManageEngine
-CVE-2021-37419 (ManageEngine ADSelfService Plus before 6112 is vulnerable to
SSRF. ...)
+CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable
to SSRF ...)
NOT-FOR-US: ManageEngine
CVE-2021-37418
REJECTED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f8c0b6e305b9e232ca3d1e67957e4d76abcbdf8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f8c0b6e305b9e232ca3d1e67957e4d76abcbdf8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
