automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-04 20:10:17 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-04 20:10:17 +0000
commit: 4cabe1815ed3c4ca2467a1ba9c89531b2a3e9887 (patch)
tree: 30e28c90c31b77f1a779cdcc151160b6b53eb1d0
parent: 4707be0524001f889596945a35dd16f5eec5045a (diff)
3 files changed, 47 insertions, 25 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 4d680bac9e..de12d6676c 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -34790,15 +34790,17 @@ CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and
 CVE-2017-6963
 	RESERVED
 CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow  ...)
+	{DLA-2911-1}
 	- apng2gif 1.8-0.1 (bug #854447)
 	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...)
+	{DLA-2911-1}
 	- apng2gif 1.8-0.1 (bug #854441)
 	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
 CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow  ...)
-	{DLA-2165-1 DLA-981-1}
+	{DLA-2911-1 DLA-2165-1 DLA-981-1}
 	- apng2gif 1.8-0.1 (bug #854367)
 CVE-2017-6959
 	REJECTED
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f6ea32def8..2872d29a02 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -620,8 +620,8 @@ CVE-2021-46400
 	RESERVED
 CVE-2021-46399
 	RESERVED
-CVE-2021-46398
-	RESERVED
+CVE-2021-46398 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowse ...)
+	TODO: check
 CVE-2021-46397
 	RESERVED
 CVE-2021-46396
@@ -816,8 +816,8 @@ CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability
 	NOT-FOR-US: Duktape
 CVE-2021-46321
 	RESERVED
-CVE-2021-46320
-	RESERVED
+CVE-2021-46320 (In OpenZeppelin &lt;=v4.4.0, initializer functions that are invoked se ...)
+	TODO: check
 CVE-2021-46319
 	RESERVED
 CVE-2021-46318
@@ -4354,8 +4354,8 @@ CVE-2021-44985
 	RESERVED
 CVE-2021-44984
 	RESERVED
-CVE-2021-44983
-	RESERVED
+CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...)
+	TODO: check
 CVE-2021-44982
 	RESERVED
 CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...)
@@ -4364,10 +4364,10 @@ CVE-2021-44980
 	RESERVED
 CVE-2021-44979
 	RESERVED
-CVE-2021-44978
-	RESERVED
-CVE-2021-44977
-	RESERVED
+CVE-2021-44978 (iCMS &lt;= 8.0.0 allows users to add and render a comtom template, whi ...)
+	TODO: check
+CVE-2021-44977 (In iCMS &lt;=8.0.0, a directory traversal vulnerability allows an atta ...)
+	TODO: check
 CVE-2021-44976
 	RESERVED
 CVE-2021-44975
@@ -4543,16 +4543,16 @@ CVE-2021-44905
 	RESERVED
 CVE-2021-44904
 	RESERVED
-CVE-2021-44903
-	RESERVED
+CVE-2021-44903 (Micro-Star International (MSI) Center Pro &lt;= 2.0.16.0 is vulnerable ...)
+	TODO: check
 CVE-2021-44902
 	RESERVED
-CVE-2021-44901
-	RESERVED
-CVE-2021-44900
-	RESERVED
-CVE-2021-44899
-	RESERVED
+CVE-2021-44901 (Micro-Star International (MSI) Dragon Center &lt;= 2.0.116.0 is vulner ...)
+	TODO: check
+CVE-2021-44900 (Micro-Star International (MSI) App Player &lt;= 4.280.1.6309 is vulner ...)
+	TODO: check
+CVE-2021-44899 (Micro-Star International (MSI) Center &lt;= 1.0.31.0 is vulnerable to  ...)
+	TODO: check
 CVE-2021-44898
 	RESERVED
 CVE-2021-44897
@@ -4577,8 +4577,8 @@ CVE-2021-44888
 	RESERVED
 CVE-2021-44887
 	RESERVED
-CVE-2021-44886
-	RESERVED
+CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...)
+	TODO: check
 CVE-2021-44885
 	RESERVED
 CVE-2021-44884
@@ -9278,8 +9278,8 @@ CVE-2021-43147
 	RESERVED
 CVE-2021-43146
 	RESERVED
-CVE-2021-43145
-	RESERVED
+CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...)
+	TODO: check
 CVE-2021-43144
 	RESERVED
 CVE-2021-43143
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index c2133d69e5..4205106e46 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,23 @@
+CVE-2022-24408
+	RESERVED
+CVE-2022-0501
+	RESERVED
+CVE-2022-0500
+	RESERVED
+CVE-2022-0499
+	RESERVED
+CVE-2022-0498
+	RESERVED
+CVE-2022-0497
+	RESERVED
+CVE-2022-0496
+	RESERVED
+CVE-2022-0495
+	RESERVED
+CVE-2022-0494
+	RESERVED
+CVE-2022-0493
+	RESERVED
 CVE-2022-XXXX [information leak]
 	- atftp 0.7.git20210915-1 (bug #1004974)
 	NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
@@ -2945,8 +2965,8 @@ CVE-2022-23318
 	RESERVED
 CVE-2022-23317
 	RESERVED
-CVE-2022-23316
-	RESERVED
+CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
+	TODO: check
 CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
 	NOT-FOR-US: MCMS
 CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...)
author	security tracker role <sectracker@soriano.debian.org>	2022-02-04 20:10:17 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-04 20:10:17 +0000
commit	4cabe1815ed3c4ca2467a1ba9c89531b2a3e9887 (patch)
tree	30e28c90c31b77f1a779cdcc151160b6b53eb1d0
parent	4707be0524001f889596945a35dd16f5eec5045a (diff)