diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2022-02-19 20:10:18 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2022-02-19 20:10:18 +0000 |
| commit | 4745bf1ee8e16d2f23bbc0a2dd2525f7a939f3fc (patch) | |
| tree | 10b1ded891b895cd627b5905747806328facde53 | |
| parent | eac7f3f3d36df1bd504f3a938f5555ebab07add7 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list.2016 | 3 | ||||
| -rw-r--r-- | data/CVE/list.2020 | 4 | ||||
| -rw-r--r-- | data/CVE/list.2021 | 4 | ||||
| -rw-r--r-- | data/CVE/list.2022 | 41 |
4 files changed, 38 insertions, 14 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 0195236e5c..cef3871438 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -29783,8 +29783,7 @@ CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb - tomcat7 7.0.70-3 - tomcat6 6.0.41-3 NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs -CVE-2016-1239 [loads arbitrary code from the current untrusted directory] - RESERVED +CVE-2016-1239 (duck before 0.10 did not properly handle loading of untrusted code fro ...) - duck 0.10 [jessie] - duck 0.7+deb8u1 NOTE: https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 9ceea64af2..4f293a4e01 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -49584,13 +49584,13 @@ CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Incons CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...) NOT-FOR-US: Citrix CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) - {DLA-2145-1} + {DLA-2927-1 DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted <no-dsa> (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) - {DLA-2145-1} + {DLA-2927-1 DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted <no-dsa> (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 2a936cfccd..9ed81bf571 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,3 +1,7 @@ +CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...) + TODO: check +CVE-2021-4222 + RESERVED CVE-2021-4221 RESERVED CVE-2021-46699 diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 0657ddedf8..7bff249fe0 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,3 +1,19 @@ +CVE-2022-25368 + RESERVED +CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) + TODO: check +CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...) + TODO: check +CVE-2022-0688 + RESERVED +CVE-2022-0687 + RESERVED +CVE-2022-0686 + RESERVED +CVE-2022-0685 + RESERVED +CVE-2022-0684 + RESERVED CVE-2022-25367 RESERVED CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...) @@ -94,8 +110,8 @@ CVE-2022-0680 RESERVED CVE-2022-0679 RESERVED -CVE-2022-0678 - RESERVED +CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) + TODO: check CVE-2022-0677 RESERVED CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...) @@ -369,12 +385,12 @@ CVE-2022-0634 RESERVED CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...) NOT-FOR-US: WordPress plugin -CVE-2022-0632 - RESERVED +CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...) + TODO: check CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...) TODO: check -CVE-2022-0630 - RESERVED +CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...) + TODO: check CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) TODO: check CVE-2022-0628 @@ -5443,10 +5459,10 @@ CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2 NOT-FOR-US: TastyIgniter CVE-2022-23377 RESERVED -CVE-2022-23376 - RESERVED -CVE-2022-23375 - RESERVED +CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on ...) + TODO: check +CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...) + TODO: check CVE-2022-23374 RESERVED CVE-2022-23373 @@ -7705,6 +7721,7 @@ CVE-2022-22621 RESERVED CVE-2022-22620 [A use after free issue was addressed with improved memory management] RESERVED + {DSA-5084-1 DSA-5083-1} - webkit2gtk 2.34.6-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.34.6-1 @@ -7772,6 +7789,7 @@ CVE-2022-22591 RESERVED CVE-2022-22589 [A validation issue was addressed with improved input sanitization] RESERVED + {DSA-5084-1 DSA-5083-1} - webkit2gtk 2.34.5-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.34.5-1 @@ -9887,6 +9905,7 @@ CVE-2022-21714 CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...) - grafana <removed> CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...) + {DLA-2927-1} - twisted 22.1.0-1 [bullseye] - twisted <no-dsa> (Minor issue) [buster] - twisted <no-dsa> (Minor issue) @@ -13268,12 +13287,14 @@ CVE-2022-20001 RESERVED CVE-2022-22590 [A use after free issue was addressed with improved memory management] RESERVED + {DSA-5084-1 DSA-5083-1} - webkit2gtk 2.34.5-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.34.5-1 NOTE: https://webkitgtk.org/security/WSA-2022-0002.html CVE-2022-22592 [A logic issue was addressed with improved state management] RESERVED + {DSA-5084-1 DSA-5083-1} - webkit2gtk 2.34.5-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.34.5-1 |