automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-01-26 08:10:15 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-01-26 08:10:15 +0000
commit: b361259ee645e28648a3c98463ac9c1a6634c14b (patch)
tree: 686e6cf731680580c8025d11e687d327f25f7a96
parent: 9221c678a4b8e863e0204c904e0f323e459e3f1a (diff)
5 files changed, 163 insertions, 103 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 8a4542f206..5f7292f72d 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -6867,6 +6867,7 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul
 	NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload
 	NOTE: did not merge in the 1.14.0-2 upload.
 CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker  ...)
+	{DLA-2901-1}
 	- libxfont 1:2.0.3-1 (low; bug #883929)
 	[jessie] - libxfont <no-dsa> (Minor issue)
 	[wheezy] - libxfont <postponed> (Minor issue)
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 2dacee44e8..888cddd21e 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -29645,6 +29645,7 @@ CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists fun
 	NOTE: https://gitlab.com/graphviz/graphviz/issues/1367
 	NOTE: https://issuetracker.google.com/issues/77810342
 CVE-2018-10195 (lrzsz before version 0.12.21~rc can leak information to the receiving  ...)
+	{DLA-2900-1}
 	- lrzsz 0.12.21-10 (low; bug #897010)
 	[jessie] - lrzsz <no-dsa> (Minor issue)
 	[wheezy] - lrzsz <no-dsa> (Minor issue)
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index b9f6177b1e..e5699237c4 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -1,3 +1,5 @@
+CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
+	TODO: check
 CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...)
 	NOT-FOR-US: Rust crate libpulse-binding
 CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...)
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index e1043a5227..09b42eeb47 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,7 @@
+CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
+	TODO: check
+CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm  ...)
+	TODO: check
 CVE-2021-4215
 	RESERVED
 CVE-2021-4214
@@ -607,8 +611,8 @@ CVE-2021-46285
 	RESERVED
 CVE-2021-46284
 	RESERVED
-CVE-2021-45729
-	RESERVED
+CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
+	TODO: check
 CVE-2021-44779
 	RESERVED
 CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
@@ -2799,8 +2803,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver]
 	NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
 CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...)
 	NOT-FOR-US: pimcore
-CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c]
-	RESERVED
+CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...)
 	- qemu 1:6.2+dfsg-1
 	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -3588,8 +3591,7 @@ CVE-2021-4135
 	NOTE: CONFIG_NETDEVSIM is not set in Debian
 CVE-2021-4134
 	RESERVED
-CVE-2021-4133
-	RESERVED
+CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
 	NOT-FOR-US: Keycloak
 CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: livehelperchat
@@ -7201,8 +7203,8 @@ CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercu
 	NOT-FOR-US: Mercurius
 CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...)
 	NOT-FOR-US: Wiki.js
-CVE-2021-43799
-	RESERVED
+CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...)
+	TODO: check
 CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
 	- grafana <removed>
 CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
@@ -8521,8 +8523,8 @@ CVE-2021-43300
 	RESERVED
 CVE-2021-43299
 	RESERVED
-CVE-2021-43298
-	RESERVED
+CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...)
+	TODO: check
 CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...)
 	NOT-FOR-US: Apache Dubbo
 CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...)
@@ -12523,8 +12525,8 @@ CVE-2021-41600
 	RESERVED
 CVE-2021-41599
 	RESERVED
-CVE-2021-41598
-	RESERVED
+CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
+	TODO: check
 CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote  ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via  ...)
@@ -15637,8 +15639,8 @@ CVE-2021-40339
 	RESERVED
 CVE-2021-40338
 	RESERVED
-CVE-2021-40337
-	RESERVED
+CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
+	TODO: check
 CVE-2021-40336
 	RESERVED
 CVE-2021-40335
@@ -16037,8 +16039,8 @@ CVE-2021-40169
 	RESERVED
 CVE-2021-40168
 	RESERVED
-CVE-2021-40167
-	RESERVED
+CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
+	TODO: check
 CVE-2021-40166
 	RESERVED
 CVE-2021-40165
@@ -16053,10 +16055,10 @@ CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution thr
 	NOT-FOR-US: Autodesk
 CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
 	NOT-FOR-US: Autodesk
-CVE-2021-40159
-	RESERVED
-CVE-2021-40158
-	RESERVED
+CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
+	TODO: check
+CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...)
+	TODO: check
 CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
 	NOT-FOR-US: Autodesk
 CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
@@ -21016,8 +21018,8 @@ CVE-2021-38131
 	RESERVED
 CVE-2021-38130
 	RESERVED
-CVE-2021-38129
-	RESERVED
+CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
+	TODO: check
 CVE-2021-38128
 	RESERVED
 CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
@@ -25308,12 +25310,12 @@ CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authen
 	NOT-FOR-US: Dell
 CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
 	NOT-FOR-US: EMC
-CVE-2021-36348
-	RESERVED
-CVE-2021-36347
-	RESERVED
-CVE-2021-36346
-	RESERVED
+CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...)
+	TODO: check
+CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...)
+	TODO: check
+CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...)
+	TODO: check
 CVE-2021-36345
 	RESERVED
 CVE-2021-36344
@@ -25412,12 +25414,12 @@ CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky crypt
 	NOT-FOR-US: EMC
 CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search  ...)
 	NOT-FOR-US: SupportAssist Client (Dell)
-CVE-2021-36296
-	RESERVED
-CVE-2021-36295
-	RESERVED
-CVE-2021-36294
-	RESERVED
+CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+	TODO: check
+CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+	TODO: check
+CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+	TODO: check
 CVE-2021-36293
 	RESERVED
 CVE-2021-36292
@@ -25426,8 +25428,8 @@ CVE-2021-36291
 	RESERVED
 CVE-2021-36290
 	RESERVED
-CVE-2021-36289
-	RESERVED
+CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...)
+	TODO: check
 CVE-2021-36288
 	RESERVED
 CVE-2021-36287
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index b2fe6dc545..94a08782e3 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,61 @@
+CVE-2022-23973
+	RESERVED
+CVE-2022-23972
+	RESERVED
+CVE-2022-23971
+	RESERVED
+CVE-2022-23970
+	RESERVED
+CVE-2022-23969
+	RESERVED
+CVE-2022-23968 (Xerox VersaLink devices through 2022-01-24 allow remote attackers to b ...)
+	TODO: check
+CVE-2022-23967
+	RESERVED
+CVE-2022-23966
+	RESERVED
+CVE-2022-23965
+	RESERVED
+CVE-2022-23964
+	RESERVED
+CVE-2022-23963
+	RESERVED
+CVE-2022-23962
+	RESERVED
+CVE-2022-23961
+	RESERVED
+CVE-2022-23960
+	RESERVED
+CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0  ...)
+	TODO: check
+CVE-2022-23958
+	RESERVED
+CVE-2022-23957
+	RESERVED
+CVE-2022-23956
+	RESERVED
+CVE-2022-23955
+	RESERVED
+CVE-2022-23954
+	RESERVED
+CVE-2022-23953
+	RESERVED
+CVE-2022-23952
+	RESERVED
+CVE-2022-23951
+	RESERVED
+CVE-2022-23950
+	RESERVED
+CVE-2022-23949
+	RESERVED
+CVE-2022-23948
+	RESERVED
+CVE-2022-0371
+	RESERVED
+CVE-2022-0370
+	RESERVED
+CVE-2022-0369
+	RESERVED
 CVE-2022-23947
 	RESERVED
 CVE-2022-23946
@@ -91,8 +149,8 @@ CVE-2022-21201
 	RESERVED
 CVE-2022-21178
 	RESERVED
-CVE-2022-0355
-	RESERVED
+CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM hiep ...)
+	TODO: check
 CVE-2022-0354
 	RESERVED
 CVE-2022-0353
@@ -345,17 +403,13 @@ CVE-2022-21143
 	RESERVED
 CVE-2022-21141
 	RESERVED
-CVE-2022-0335
-	RESERVED
+CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
 	- moodle <removed>
-CVE-2022-0334
-	RESERVED
+CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
 	- moodle <removed>
-CVE-2022-0333
-	RESERVED
+CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
 	- moodle <removed>
-CVE-2022-0332
-	RESERVED
+CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...)
 	- moodle <removed>
 CVE-2022-0331
 	RESERVED
@@ -1589,8 +1643,8 @@ CVE-2022-0272
 	RESERVED
 CVE-2022-0271
 	RESERVED
-CVE-2022-0270
-	RESERVED
+CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
+	TODO: check
 CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
 	TODO: check
 CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
@@ -1784,8 +1838,8 @@ CVE-2022-23260
 	RESERVED
 CVE-2022-23259
 	RESERVED
-CVE-2022-23258
-	RESERVED
+CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
+	TODO: check
 CVE-2022-23257
 	RESERVED
 CVE-2022-23256
@@ -2425,56 +2479,56 @@ CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The
 	[buster] - xen <not-affected> (Vulnerable code introduced later)
 	[stretch] - xen <not-affected> (Vulnerable code introduced later)
 	NOTE: https://xenbits.xen.org/xsa/advisory-393.html
-CVE-2022-23032
-	RESERVED
-CVE-2022-23031
-	RESERVED
-CVE-2022-23030
-	RESERVED
-CVE-2022-23029
-	RESERVED
-CVE-2022-23028
-	RESERVED
-CVE-2022-23027
-	RESERVED
-CVE-2022-23026
-	RESERVED
-CVE-2022-23025
-	RESERVED
-CVE-2022-23024
-	RESERVED
-CVE-2022-23023
-	RESERVED
-CVE-2022-23022
-	RESERVED
-CVE-2022-23021
-	RESERVED
-CVE-2022-23020
-	RESERVED
-CVE-2022-23019
-	RESERVED
-CVE-2022-23018
-	RESERVED
-CVE-2022-23017
-	RESERVED
-CVE-2022-23016
-	RESERVED
-CVE-2022-23015
-	RESERVED
-CVE-2022-23014
-	RESERVED
-CVE-2022-23013
-	RESERVED
-CVE-2022-23012
-	RESERVED
-CVE-2022-23011
-	RESERVED
-CVE-2022-23010
-	RESERVED
-CVE-2022-23009
-	RESERVED
-CVE-2022-23008
-	RESERVED
+CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in  ...)
+	TODO: check
+CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...)
+	TODO: check
+CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...)
+	TODO: check
+CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+	TODO: check
+CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...)
+	TODO: check
+CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...)
+	TODO: check
+CVE-2022-23026 (On BIG-IP ASM &amp; Advanced WAF version 16.1.x before 16.1.2, 15.1.x  ...)
+	TODO: check
+CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...)
+	TODO: check
+CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...)
+	TODO: check
+CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...)
+	TODO: check
+CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...)
+	TODO: check
+CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...)
+	TODO: check
+CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...)
+	TODO: check
+CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...)
+	TODO: check
+CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...)
+	TODO: check
+CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+	TODO: check
+CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+	TODO: check
+CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...)
+	TODO: check
+CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+	TODO: check
+CVE-2022-23013 (On BIG-IP DNS &amp; GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...)
+	TODO: check
+CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5,  ...)
+	TODO: check
+CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4  ...)
+	TODO: check
+CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x  ...)
+	TODO: check
+CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...)
+	TODO: check
+CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...)
+	TODO: check
 CVE-2022-23007
 	RESERVED
 CVE-2022-23006
@@ -3029,8 +3083,8 @@ CVE-2022-22791
 	RESERVED
 CVE-2022-22790
 	RESERVED
-CVE-2022-22789
-	RESERVED
+CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover &#8211; An attacker ...)
+	TODO: check
 CVE-2022-22788
 	RESERVED
 CVE-2022-22787
@@ -3135,7 +3189,7 @@ CVE-2022-22748
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
 CVE-2022-22747
 	RESERVED
-	{DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
+	{DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
 	- nss 2:3.73-1
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
author	security tracker role <sectracker@soriano.debian.org>	2022-01-26 08:10:15 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-01-26 08:10:15 +0000
commit	b361259ee645e28648a3c98463ac9c1a6634c14b (patch)
tree	686e6cf731680580c8025d11e687d327f25f7a96
parent	9221c678a4b8e863e0204c904e0f323e459e3f1a (diff)