[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
df579c4a by security tracker role at 2022-03-15T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External 
Entities (X ...)
+       TODO: check
+CVE-2022-27192
+       RESERVED
+CVE-2022-27191
+       RESERVED
+CVE-2022-27190
+       RESERVED
+CVE-2022-27175
+       RESERVED
+CVE-2022-26839
+       RESERVED
+CVE-2022-26836
+       RESERVED
+CVE-2022-26338
+       RESERVED
+CVE-2022-26069
+       RESERVED
+CVE-2022-26065
+       RESERVED
+CVE-2022-26059
+       RESERVED
+CVE-2022-26013
+       RESERVED
+CVE-2022-25980
+       RESERVED
+CVE-2022-25347
+       RESERVED
+CVE-2022-0980
+       RESERVED
+CVE-2022-0979
+       RESERVED
+CVE-2022-0978
+       RESERVED
+CVE-2022-0977
+       RESERVED
+CVE-2022-0976
+       RESERVED
+CVE-2022-0975
+       RESERVED
+CVE-2022-0974
+       RESERVED
+CVE-2022-0973
+       RESERVED
+CVE-2022-0972
+       RESERVED
+CVE-2022-0971
+       RESERVED
+CVE-2021-46738
+       RESERVED
+CVE-2021-46737
+       RESERVED
+CVE-2021-46736
+       RESERVED
+CVE-2021-46735
+       RESERVED
+CVE-2021-46734
+       RESERVED
+CVE-2021-46733
+       RESERVED
+CVE-2021-46732
+       RESERVED
+CVE-2021-46731
+       RESERVED
+CVE-2021-46730
+       RESERVED
+CVE-2021-46729
+       RESERVED
+CVE-2021-46728
+       RESERVED
+CVE-2021-46727
+       RESERVED
+CVE-2021-46726
+       RESERVED
+CVE-2021-46725
+       RESERVED
+CVE-2021-46724
+       RESERVED
+CVE-2021-46723
+       RESERVED
+CVE-2021-46722
+       RESERVED
+CVE-2021-46721
+       RESERVED
+CVE-2021-46720
+       RESERVED
+CVE-2021-46719
+       RESERVED
+CVE-2021-46718
+       RESERVED
+CVE-2021-46717
+       RESERVED
+CVE-2021-46716
+       RESERVED
+CVE-2021-46715
+       RESERVED
+CVE-2021-46714
+       RESERVED
+CVE-2021-46713
+       RESERVED
+CVE-2021-46712
+       RESERVED
+CVE-2021-46711
+       RESERVED
+CVE-2021-46710
+       RESERVED
 CVE-2022-27169
        RESERVED
 CVE-2022-27167
@@ -447,12 +553,12 @@ CVE-2022-0947
        RESERVED
 CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository 
star7th/showdoc ...)
        NOT-FOR-US: ShowDoc
-CVE-2022-0945
-       RESERVED
-CVE-2022-0944
-       RESERVED
-CVE-2022-0943
-       RESERVED
+CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc 
in GitHu ...)
+       TODO: check
+CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in 
GitHub  ...)
+       TODO: check
+CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository 
vim/vim  ...)
+       TODO: check
 CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in 
compilePassOpcode in  ...)
        - liblouis <unfixed>
        NOTE: https://github.com/liblouis/liblouis/issues/1171
@@ -6282,8 +6388,8 @@ CVE-2022-24764
        RESERVED
 CVE-2022-24763
        RESERVED
-CVE-2022-24762
-       RESERVED
+CVE-2022-24762 (sysend.js is a library that allows a user to send messages 
between pag ...)
+       TODO: check
 CVE-2022-24761
        RESERVED
 CVE-2022-24760 (Parse Server is an open source http web server backend. In 
versions pr ...)
@@ -6311,8 +6417,8 @@ CVE-2022-24751
        RESERVED
 CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. 
A vulner ...)
        NOT-FOR-US: UltraVNC
-CVE-2022-24749
-       RESERVED
+CVE-2022-24749 (Sylius is an open source eCommerce platform. In versions prior 
to 1.9. ...)
+       TODO: check
 CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php 
Framewo ...)
        NOT-FOR-US: Shopware
 CVE-2022-24747 (Shopware is an open commerce platform based on the Symfony php 
Framewo ...)
@@ -6323,14 +6429,14 @@ CVE-2022-24745 (Shopware is an open commerce platform 
based on the Symfony php F
        NOT-FOR-US: Shopware
 CVE-2022-24744 (Shopware is an open commerce platform based on the Symfony php 
Framewo ...)
        NOT-FOR-US: Shopware
-CVE-2022-24743
-       RESERVED
-CVE-2022-24742
-       RESERVED
+CVE-2022-24743 (Sylius is an open source eCommerce platform. Prior to versions 
1.10.11 ...)
+       TODO: check
+CVE-2022-24742 (Sylius is an open source eCommerce platform. Prior to versions 
1.9.10, ...)
+       TODO: check
 CVE-2022-24741 (Nextcloud server is an open source, self hosted cloud style 
services p ...)
        - nextcloud-server <itp> (bug #941708)
-CVE-2022-24740
-       RESERVED
+CVE-2022-24740 (Volto is a ReactJS-based frontend for the Plone Content 
Management Sys ...)
+       TODO: check
 CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior 
to 3.0. ...)
        NOT-FOR-US: alltube
 CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos 
Network. ...)
@@ -25143,10 +25249,10 @@ CVE-2021-43307
        RESERVED
 CVE-2021-43306
        RESERVED
-CVE-2021-43305
-       RESERVED
-CVE-2021-43304
-       RESERVED
+CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec 
when parsin ...)
+       TODO: check
+CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec 
when parsin ...)
+       TODO: check
 CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An 
attacker ...)
        - asterisk <unfixed>
        - pjproject <removed>
@@ -29324,16 +29430,16 @@ CVE-2021-42392 (The 
org.h2.util.JdbcUtils.getConnection method of the H2 databas
        NOTE: 
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
        NOTE: Fixed by 
https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7
        NOTE: 
https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd
-CVE-2021-42391
-       RESERVED
-CVE-2021-42390
-       RESERVED
-CVE-2021-42389
-       RESERVED
-CVE-2021-42388
-       RESERVED
-CVE-2021-42387
-       RESERVED
+CVE-2021-42391 (Divide-by-zero in Clickhouse's Gorilla compression codec when 
parsing  ...)
+       TODO: check
+CVE-2021-42390 (Divide-by-zero in Clickhouse's DeltaDouble compression codec 
when pars ...)
+       TODO: check
+CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when 
parsing a  ...)
+       TODO: check
+CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec 
when par ...)
+       TODO: check
+CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec 
when par ...)
+       TODO: check
 CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of 
service an ...)
        - busybox <unfixed> (bug #999567)
        [bullseye] - busybox <no-dsa> (Minor issue)
@@ -62034,7 +62140,8 @@ CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red 
Discordbot. An RCE exploi
        NOT-FOR-US: Kennnyshiwa-cogs
 CVE-2021-29492 (Envoy is a cloud-native edge/middle/service proxy. Envoy does 
not deco ...)
        - envoyproxy <itp> (bug #987544)
-CVE-2021-29491 (Mixme is a library for recursive merging of Javascript 
objects. In Nod ...)
+CVE-2021-29491
+       REJECTED
        NOT-FOR-US: mixme nodejs module
 CVE-2021-29490 (Jellyfin is a free software media system that provides media 
from a de ...)
        NOT-FOR-US: Jellyfin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df579c4a732dfe51b410a47945ad087122b3776b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df579c4a732dfe51b410a47945ad087122b3776b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits