automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-01-25 08:10:27 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-01-25 08:10:27 +0000
commit: 11446148c9312ecb49b1ffdaf9ba625a6333bc33 (patch)
tree: 6980b1f5f157547e080b0e5d3b6a531d83b02561
parent: db61f3e251d42839b3f361c940c9ee56f674d07e (diff)
4 files changed, 121 insertions, 59 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 4078027376..5f6baebde9 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -18082,7 +18082,7 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP
 CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to  ...)
 	- airflow <itp> (bug #819700)
 CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with  ...)
-	{DLA-1162-1}
+	{DLA-2897-1 DLA-1162-1}
 	- apr 1.6.3-1 (low; bug #879708)
 	[jessie] - apr <no-dsa> (Minor issue)
 	NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 1f15f9b70d..bbfb69501e 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -31190,8 +31190,8 @@ CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL i
 	NOT-FOR-US: Cellopoint Cellos
 CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
 	NOT-FOR-US: Cellopoint Cellos
-CVE-2020-17383
-	RESERVED
+CVE-2020-17383 (A directory traversal vulnerability on Telos Z/IP One devices through  ...)
+	TODO: check
 CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...)
 	NOT-FOR-US: MSI AmbientLink MsIo64 driver
 CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 7aea5792af..09c16b2889 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,9 @@
+CVE-2021-4212
+	RESERVED
+CVE-2021-4211
+	RESERVED
+CVE-2021-4210
+	RESERVED
 CVE-2021-46558
 	RESERVED
 CVE-2021-46557
@@ -148,26 +154,26 @@ CVE-2021-46485
 	RESERVED
 CVE-2021-46484
 	RESERVED
-CVE-2021-46483
-	RESERVED
-CVE-2021-46482
-	RESERVED
-CVE-2021-46481
-	RESERVED
-CVE-2021-46480
-	RESERVED
+CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...)
+	TODO: check
+CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...)
+	TODO: check
+CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at  ...)
+	TODO: check
+CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...)
+	TODO: check
 CVE-2021-46479
 	RESERVED
-CVE-2021-46478
-	RESERVED
-CVE-2021-46477
-	RESERVED
+CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...)
+	TODO: check
+CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...)
+	TODO: check
 CVE-2021-46476
 	RESERVED
-CVE-2021-46475
-	RESERVED
-CVE-2021-46474
-	RESERVED
+CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...)
+	TODO: check
+CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...)
+	TODO: check
 CVE-2021-46473
 	RESERVED
 CVE-2021-46472
@@ -3312,16 +3318,16 @@ CVE-2021-45228
 	RESERVED
 CVE-2021-45227
 	RESERVED
-CVE-2021-45226
-	RESERVED
-CVE-2021-45225
-	RESERVED
-CVE-2021-45224
-	RESERVED
-CVE-2021-45223
-	RESERVED
-CVE-2021-45222
-	RESERVED
+CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+	TODO: check
+CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+	TODO: check
+CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several  ...)
+	TODO: check
+CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...)
+	TODO: check
+CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...)
+	TODO: check
 CVE-2021-45221
 	RESERVED
 CVE-2021-45220
@@ -3967,20 +3973,20 @@ CVE-2021-44996
 	RESERVED
 CVE-2021-44995
 	RESERVED
-CVE-2021-44994
-	RESERVED
-CVE-2021-44993
-	RESERVED
-CVE-2021-44992
-	RESERVED
+CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...)
+	TODO: check
+CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...)
+	TODO: check
+CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at  ...)
+	TODO: check
 CVE-2021-44991
 	RESERVED
 CVE-2021-44990
 	RESERVED
 CVE-2021-44989
 	RESERVED
-CVE-2021-44988
-	RESERVED
+CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...)
+	TODO: check
 CVE-2021-44987
 	RESERVED
 CVE-2021-44986
@@ -7647,10 +7653,10 @@ CVE-2021-43591
 	RESERVED
 CVE-2021-43590
 	RESERVED
-CVE-2021-43589
-	RESERVED
-CVE-2021-43588
-	RESERVED
+CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...)
+	TODO: check
+CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...)
+	TODO: check
 CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0,  ...)
 	NOT-FOR-US: Dell
 CVE-2021-43586
@@ -8267,8 +8273,8 @@ CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate thei
 	NOT-FOR-US: LiquidFiles
 CVE-2021-43395
 	RESERVED
-CVE-2021-43394
-	RESERVED
+CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
+	TODO: check
 CVE-2021-43393
 	RESERVED
 CVE-2021-43392
@@ -25268,8 +25274,8 @@ CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
 	NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
 CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...)
 	NOT-FOR-US: Dell
-CVE-2021-36349
-	RESERVED
+CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
+	TODO: check
 CVE-2021-36348
 	RESERVED
 CVE-2021-36347
@@ -25280,10 +25286,10 @@ CVE-2021-36345
 	RESERVED
 CVE-2021-36344
 	RESERVED
-CVE-2021-36343
-	RESERVED
-CVE-2021-36342
-	RESERVED
+CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+	TODO: check
+CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+	TODO: check
 CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive  ...)
 	NOT-FOR-US: Dell
 CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 3742ae6661..aeb50ab5ba 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,59 @@
+CVE-2022-23941
+	RESERVED
+CVE-2022-23940
+	RESERVED
+CVE-2022-23939
+	RESERVED
+CVE-2022-23938
+	RESERVED
+CVE-2022-23937
+	RESERVED
+CVE-2022-23936
+	RESERVED
+CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
+	TODO: check
+CVE-2022-23934
+	RESERVED
+CVE-2022-23933
+	RESERVED
+CVE-2022-23932
+	RESERVED
+CVE-2022-23931
+	RESERVED
+CVE-2022-23930
+	RESERVED
+CVE-2022-23929
+	RESERVED
+CVE-2022-23928
+	RESERVED
+CVE-2022-23927
+	RESERVED
+CVE-2022-23926
+	RESERVED
+CVE-2022-23925
+	RESERVED
+CVE-2022-23924
+	RESERVED
+CVE-2022-23919
+	RESERVED
+CVE-2022-23918
+	RESERVED
+CVE-2022-23399
+	RESERVED
+CVE-2022-22144
+	RESERVED
+CVE-2022-22140
+	RESERVED
+CVE-2022-21201
+	RESERVED
+CVE-2022-21178
+	RESERVED
+CVE-2022-0355
+	RESERVED
+CVE-2022-0354
+	RESERVED
+CVE-2022-0353
+	RESERVED
 CVE-2022-23913
 	RESERVED
 CVE-2022-23912
@@ -2408,8 +2464,8 @@ CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: snipe-it
 CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
 	NOT-FOR-US: snipe-it
-CVE-2022-0177
-	RESERVED
+CVE-2022-0177 (Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js  ...)
+	TODO: check
 CVE-2022-22983
 	RESERVED
 CVE-2022-22982
@@ -3557,8 +3613,8 @@ CVE-2022-22556
 	RESERVED
 CVE-2022-22555
 	RESERVED
-CVE-2022-22554
-	RESERVED
+CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...)
+	TODO: check
 CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...)
 	NOT-FOR-US: EMC
 CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...)
@@ -5570,18 +5626,18 @@ CVE-2022-21717
 	RESERVED
 CVE-2022-21716
 	RESERVED
-CVE-2022-21715
-	RESERVED
+CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...)
+	TODO: check
 CVE-2022-21714
 	RESERVED
 CVE-2022-21713
 	RESERVED
 CVE-2022-21712
 	RESERVED
-CVE-2022-21711
-	RESERVED
-CVE-2022-21710
-	RESERVED
+CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
+	TODO: check
+CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
+	TODO: check
 CVE-2022-21709
 	RESERVED
 CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...)
author	security tracker role <sectracker@soriano.debian.org>	2022-01-25 08:10:27 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-01-25 08:10:27 +0000
commit	11446148c9312ecb49b1ffdaf9ba625a6333bc33 (patch)
tree	6980b1f5f157547e080b0e5d3b6a531d83b02561
parent	db61f3e251d42839b3f361c940c9ee56f674d07e (diff)