diff options
author | security tracker role <sectracker@soriano.debian.org> | 2022-01-15 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2022-01-15 20:10:22 +0000 |
commit | 5679f8ac83c7466771c2c5034bc863d818750182 (patch) | |
tree | ec49346a5ddcdca8593d8217ce0e29c8828dd8a0 /data | |
parent | c64fbee96955b1d372c9432e426c178e1581fc27 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 76 |
1 files changed, 45 insertions, 31 deletions
diff --git a/data/CVE/list b/data/CVE/list index 062b19f1ec..e7919b9ac3 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,5 @@ +CVE-2022-0238 + RESERVED CVE-2022-23301 RESERVED CVE-2022-23300 @@ -377,6 +379,7 @@ CVE-2022-21199 RESERVED CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface] RESERVED + {DSA-5047-1} - prosody 0.11.12-1 (bug #1003696) NOTE: https://prosody.im/security/advisory_20220113/ NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch @@ -410,8 +413,8 @@ CVE-2022-0200 RESERVED CVE-2022-0199 RESERVED -CVE-2022-23178 - RESERVED +CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) + TODO: check CVE-2022-23177 RESERVED CVE-2022-23176 @@ -626,9 +629,10 @@ CVE-2022-23097 RESERVED CVE-2022-23096 RESERVED -CVE-2022-23095 - RESERVED +CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...) + TODO: check CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...) + {DSA-5048-1} - libreswan 4.6-1 [buster] - libreswan <not-affected> (Vulnerable code introduced in 4.2) NOTE: https://github.com/libreswan/libreswan/issues/585 @@ -3147,17 +3151,20 @@ CVE-2021-46062 RESERVED CVE-2021-46061 RESERVED -CVE-2021-46060 (A NULL Pointer Dereference vulnerability exists in GNU inetutils 2.2 v ...) +CVE-2021-46060 + REJECTED - inetutils <unfixed> (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html NOTE: Crash in CLI tool, no security impact -CVE-2021-46059 (A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim ...) +CVE-2021-46059 + REJECTED - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor isue) NOTE: https://huntr.dev/bounties/a9b015e2-59e3-4ed9-8812-d9021e40b8f2/ NOTE: Fixed by: https://github.com/vim/vim/commit/5937c7505f444dd896f336fa0119a93a55ebe9a2 (v8.2.3883) -CVE-2021-46058 (AHheap-based Buffer Overflow vulnerabiity exists in GNU inetutils 2.2 ...) +CVE-2021-46058 + REJECTED - inetutils <unfixed> (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html NOTE: Negligible security impact @@ -4176,30 +4183,37 @@ CVE-2021-45784 RESERVED CVE-2021-45783 RESERVED -CVE-2021-45782 (An untrusted pointer dereference in getcmd() at inetutils/src/tftp.c o ...) +CVE-2021-45782 + REJECTED - inetutils <unfixed> NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html -CVE-2021-45781 (GNU Inetutils 2.2.16-cf091 was discovered to contain a heap-based buff ...) +CVE-2021-45781 + REJECTED - inetutils <unfixed> NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00015.html -CVE-2021-45780 (GNU Inetutils commit cf091 was discovered to contain a memory leak via ...) +CVE-2021-45780 + REJECTED - inetutils <unfixed> (unimportant) NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00014.html NOTE: Negligible security impact -CVE-2021-45779 (A NULL pointer dereference in unsetcmd() at inetutils/telnet/commands. ...) +CVE-2021-45779 + REJECTED - inetutils <unfixed> NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00007.html -CVE-2021-45778 (A NULL pointer dereference in setnmap() at cmds.c of GNU Inetutils v2. ...) +CVE-2021-45778 + REJECTED - inetutils <unfixed> NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html CVE-2021-45777 RESERVED CVE-2021-45776 RESERVED -CVE-2021-45775 (GNU Inetutils 2.2.16-cf091 was discovered to contain an infinite loop ...) +CVE-2021-45775 + REJECTED - inetutils <unfixed> NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html -CVE-2021-45774 (A NULL pointer dereference in help() at inetutils/telnet/commands.c of ...) +CVE-2021-45774 + REJECTED - inetutils <unfixed> NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00006.html CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...) @@ -7223,7 +7237,7 @@ CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in - gpac <unfixed> NOTE: https://github.com/gpac/gpac/issues/1960 NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 -CVE-2021-44926 (A null pointer dereference vulnerability exists in the gpac in the gf_ ...) +CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...) - gpac <unfixed> NOTE: https://github.com/gpac/gpac/issues/1961 NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e @@ -9834,8 +9848,8 @@ CVE-2021-44051 RESERVED CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...) NOT-FOR-US: CA Network Flow Analysis (NFA) -CVE-2021-44049 - RESERVED +CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...) + TODO: check CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...) NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...) @@ -15608,8 +15622,8 @@ CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypa NOT-FOR-US: Jeedom CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...) NOT-FOR-US: Rasa X -CVE-2021-42555 - RESERVED +CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...) + TODO: check CVE-2021-42554 RESERVED CVE-2021-3892 @@ -33007,8 +33021,8 @@ CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and NOT-FOR-US: Veeam CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...) NOT-FOR-US: Coral -CVE-2021-35969 - RESERVED +CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...) + TODO: check CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...) NOT-FOR-US: Orca HCM digital learning platform CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...) @@ -37559,8 +37573,8 @@ CVE-2021-33965 RESERVED CVE-2021-33964 RESERVED -CVE-2021-33963 - RESERVED +CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...) + TODO: check CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...) NOT-FOR-US: China Mobile An Lianbao WF-1 router CVE-2021-33961 @@ -38777,10 +38791,10 @@ CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Cod NOT-FOR-US: Overwolf CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...) - putty <not-affected> (Windows-specific) -CVE-2021-33499 - RESERVED -CVE-2021-33498 - RESERVED +CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + TODO: check +CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + TODO: check CVE-2021-3563 RESERVED - keystone <unfixed> (bug #989998) @@ -41229,8 +41243,8 @@ CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would NOT-FOR-US: Apport CVE-2021-32546 RESERVED -CVE-2021-32545 - RESERVED +CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + TODO: check CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...) NOT-FOR-US: igt+ CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...) @@ -78882,8 +78896,8 @@ CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through NOT-FOR-US: Devid Espenschied PC Analyser CVE-2020-28920 RESERVED -CVE-2020-28919 - RESERVED +CVE-2020-28919 (A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x pr ...) + TODO: check CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...) NOT-FOR-US: DualShield CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...) |