automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-18 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-18 20:10:22 +0000
commit: 7d151558ef36947c4bd09680c0938bf4f1646d0e (patch)
tree: 2ddb90539fde384e0960d3a490c2918473a85f0b
parent: 6718ba9e307555d3827ad71320b36086732a395e (diff)
4 files changed, 138 insertions, 108 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index b045c03cb4..f8b7f0c111 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -25811,7 +25811,7 @@ CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 a
 	NOT-FOR-US: Android
 CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before 20 ...)
 	NOT-FOR-US: Android
-CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client be ...)
+CVE-2016-2408 (Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service b ...)
 	NOT-FOR-US: Pulse Secure Desktop Client
 CVE-2016-2407
 	REJECTED
@@ -26872,8 +26872,7 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
 	- samba 2:4.5.2+dfsg-2
 	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
 	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
-CVE-2016-2124 [SMB1 client connections can be downgraded to plaintext authentication]
-	RESERVED
+CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An  ...)
 	{DSA-5003-1}
 	- samba 2:4.13.14+dfsg-1
 	[buster] - samba <no-dsa> (Minor issue)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 60cebc2cb5..e7adfd5490 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -12992,8 +12992,7 @@ CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation
 	- qemu 1:5.2+dfsg-1 (bug #975276)
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0)
-CVE-2020-25722 [AD DC UPN vs samAccountName not checked]
-	RESERVED
+CVE-2020-25722 (Multiple flaws were found in the way samba AD DC implemented access an ...)
 	{DSA-5003-1}
 	- samba 2:4.13.14+dfsg-1
 	[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
@@ -13010,24 +13009,21 @@ CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (e
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html
 CVE-2020-25720
 	RESERVED
-CVE-2020-25719 [AD DC Username based races when no PAC is given]
-	RESERVED
+CVE-2020-25719 (A flaw was found in the way Samba, as an Active Directory Domain Contr ...)
 	{DSA-5003-1}
 	- samba 2:4.13.14+dfsg-1
 	[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html
-CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers]
-	RESERVED
+CVE-2020-25718 (A flaw was found in the way samba, as an Active Directory Domain Contr ...)
 	{DSA-5003-1}
 	- samba 2:4.13.14+dfsg-1
 	[buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
 	NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
-CVE-2020-25717 [A user on the domain can become root on domain members]
-	RESERVED
+CVE-2020-25717 (A flaw was found in the way Samba maps domain users to local users. An ...)
 	{DSA-5015-1 DSA-5003-1}
 	- samba 2:4.13.14+dfsg-1
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
@@ -53954,8 +53950,8 @@ CVE-2020-8244 (A buffer over-read vulnerability exists in bl &lt;4.0.3, &lt;3.0.
 	NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
 CVE-2020-8243 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin web int ...)
 	NOT-FOR-US: Pulse Connect Secure
-CVE-2020-8242
-	RESERVED
+CVE-2020-8242 (Unsanitized user input in ExpressionEngine &lt;= 5.4.0 control panel m ...)
+	TODO: check
 CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 could al ...)
 	NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
 CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 allows a ...)
@@ -54338,8 +54334,8 @@ CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that re
 	NOT-FOR-US: Bitdefender
 CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
 	NOT-FOR-US: Bitdefender
-CVE-2020-8107
-	RESERVED
+CVE-2020-8107 (A Process Control vulnerability in ProductAgentUI.exe as used in Bitde ...)
+	TODO: check
 CVE-2020-8106
 	REJECTED
 CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...)
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 167a2b1ead..c4a8c3e782 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,5 @@
+CVE-2021-4221
+	RESERVED
 CVE-2021-46699
 	RESERVED
 CVE-2021-4220
@@ -723,8 +725,8 @@ CVE-2021-46374
 	RESERVED
 CVE-2021-46373
 	RESERVED
-CVE-2021-46372
-	RESERVED
+CVE-2021-46372 (Scoold 1.47.2 is a Q&amp;A/knowledge base platform written in Java. Wh ...)
+	TODO: check
 CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...)
 	NOT-FOR-US: antd-admin
 CVE-2021-46370
@@ -1598,10 +1600,10 @@ CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unli
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/2000
 	NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
-CVE-2021-46037
-	RESERVED
-CVE-2021-46036
-	RESERVED
+CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
+	TODO: check
+CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...)
+	TODO: check
 CVE-2021-46035
 	RESERVED
 CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
@@ -3230,7 +3232,7 @@ CVE-2021-45446
 CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
 	NOT-FOR-US: Unisys
 CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
-	{DSA-5078-1}
+	{DSA-5078-1 DLA-2926-1}
 	- zsh 5.8.1-1
 	NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
 	NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
@@ -3333,8 +3335,8 @@ CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linu
 	NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60
 	NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
 	NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6
-CVE-2021-45401
-	RESERVED
+CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...)
+	TODO: check
 CVE-2021-45400
 	RESERVED
 CVE-2021-45399
@@ -3411,7 +3413,7 @@ CVE-2021-45366
 	RESERVED
 CVE-2021-45365
 	RESERVED
-CVE-2021-45364 (A Code Execution vulnerability exists in Statamic Version through 3.2. ...)
+CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...)
 	NOT-FOR-US: Statamic
 CVE-2021-45363
 	RESERVED
@@ -4493,8 +4495,8 @@ CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (
 	NOT-FOR-US: MiniCMS
 CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
 	NOT-FOR-US: Taocms
-CVE-2021-44968
-	RESERVED
+CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15  ...)
+	TODO: check
 CVE-2021-44967
 	RESERVED
 CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
@@ -4983,8 +4985,7 @@ CVE-2021-4095
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194
 CVE-2021-4094
 	RESERVED
-CVE-2021-4093
-	RESERVED
+CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...)
 	- linux 5.14.16-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4993,14 +4994,12 @@ CVE-2021-4093
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
 CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: yetiforcecrm
-CVE-2021-4091 [double-free of the virtual attribute context in persistent search]
-	RESERVED
+CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
 	- 389-ds-base <unfixed>
 	[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
 	NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
-CVE-2021-4090 [Overflow of bmval[bmlen-1] in nfsd4_decode_bitmap function]
-	RESERVED
+CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the  ...)
 	- linux 5.15.5-1
 	[bullseye] - linux <not-affected> (Vulnerable code introduced later)
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5156,9 +5155,11 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
 CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when  ...)
+	{DSA-5080-1}
 	- snapd <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
 CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
+	{DSA-5080-1}
 	- snapd <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
 CVE-2021-44729
@@ -8243,11 +8244,9 @@ CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who i
 	NOT-FOR-US: Philips
 CVE-2021-3949
 	RESERVED
-CVE-2021-3948
-	RESERVED
+CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...)
 	NOT-FOR-US: Migration Toolkit for Containers
-CVE-2021-3947 [NVME: Arbitrary Memory Read]
-	RESERVED
+CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...)
 	- qemu 1:6.2+dfsg-1
 	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -8778,8 +8777,7 @@ CVE-2021-43401
 	RESERVED
 CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: snipe-it
-CVE-2021-3930 [off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c]
-	RESERVED
+CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
 	- qemu 1:6.2+dfsg-1
 	[bullseye] - qemu <postponed> (Minor issue)
 	[buster] - qemu <postponed> (Minor issue)
@@ -19451,8 +19449,8 @@ CVE-2021-39028
 	RESERVED
 CVE-2021-39027
 	RESERVED
-CVE-2021-39026
-	RESERVED
+CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
+	TODO: check
 CVE-2021-39025
 	RESERVED
 CVE-2021-39024
@@ -19633,8 +19631,8 @@ CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an a
 	NOT-FOR-US: IBM
 CVE-2021-38936
 	RESERVED
-CVE-2021-38935
-	RESERVED
+CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
+	TODO: check
 CVE-2021-38934
 	RESERVED
 CVE-2021-38933
@@ -24083,8 +24081,7 @@ CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3
 	NOT-FOR-US: Sonatype
 CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...)
 	NOT-FOR-US: CyberArk Identity
-CVE-2021-3657 [multiple buffer overflows in isync/mbsync]
-	RESERVED
+CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate  ...)
 	- isync 1.4.4-1
 	[bullseye] - isync 1.3.0-2.2+deb11u1
 	[buster] - isync <no-dsa> (Minor issue)
@@ -39637,8 +39634,8 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This
 	NOT-FOR-US: Apple
 CVE-2021-30651
 	RESERVED
-CVE-2021-30650
-	RESERVED
+CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
+	TODO: check
 CVE-2021-30649
 	RESERVED
 CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management  ...)
@@ -49703,10 +49700,10 @@ CVE-2021-26621
 	RESERVED
 CVE-2021-26620
 	RESERVED
-CVE-2021-26619
-	RESERVED
-CVE-2021-26618
-	RESERVED
+CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was  ...)
+	TODO: check
+CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
+	TODO: check
 CVE-2021-26617
 	RESERVED
 CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
@@ -61311,6 +61308,7 @@ CVE-2021-21709
 	RESERVED
 CVE-2021-21708
 	RESERVED
+	{DSA-5082-1}
 	- php8.1 <unfixed>
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -61318,6 +61316,7 @@ CVE-2021-21708
 	NOTE: Fixed in 8.1.3, 7.4.28
 	NOTE: PHP Bug: https://bugs.php.net/81708
 CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...)
+	{DSA-5082-1}
 	- php8.1 8.1.0-1
 	- php8.0 <removed>
 	- php7.4 7.4.26-1
@@ -64610,8 +64609,7 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma
 	- mongodb <removed>
 	[stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
 	NOTE: https://jira.mongodb.org/browse/SERVER-53929
-CVE-2021-20325
-	RESERVED
+CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
 	- apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
 CVE-2021-20324
@@ -64620,20 +64618,17 @@ CVE-2021-20324
 CVE-2021-20323
 	RESERVED
 	NOT-FOR-US: Keycloak
-CVE-2021-20322 [new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies]
-	RESERVED
+CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
 	{DLA-2843-1}
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
-CVE-2021-20321
-	RESERVED
+CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...)
 	{DLA-2843-1}
 	- linux 5.14.12-1
 	[bullseye] - linux 5.10.84-1
 	NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
-CVE-2021-20320
-	RESERVED
+CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...)
 	- linux 5.14.9-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
@@ -64655,8 +64650,7 @@ CVE-2021-20316
 	[buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
 	NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842
-CVE-2021-20315 [locking protection bypass allow unauthorized user to kill existing applications or start new ones]
-	RESERVED
+CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...)
 	- gnome-shell <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285
 	TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index bdd407bef7..1f02e3760e 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,7 +1,49 @@
-CVE-2022-25323
+CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+	TODO: check
+CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+	TODO: check
+CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
+	TODO: check
+CVE-2022-25334
+	RESERVED
+CVE-2022-25333
+	RESERVED
+CVE-2022-25332
+	RESERVED
+CVE-2022-25331
+	RESERVED
+CVE-2022-25330
+	RESERVED
+CVE-2022-25329
+	RESERVED
+CVE-2022-25328
+	RESERVED
+CVE-2022-25327
+	RESERVED
+CVE-2022-25326
+	RESERVED
+CVE-2022-23183
+	RESERVED
+CVE-2022-21179
+	RESERVED
+CVE-2022-0683
+	RESERVED
+CVE-2022-0682
+	RESERVED
+CVE-2022-0681
+	RESERVED
+CVE-2022-0680
 	RESERVED
-CVE-2022-25322
+CVE-2022-0679
 	RESERVED
+CVE-2022-0678
+	RESERVED
+CVE-2022-0677
+	RESERVED
+CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
+	TODO: check
+CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...)
+	TODO: check
 CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
 	NOT-FOR-US: Cerebrate
 CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
@@ -52,12 +94,12 @@ CVE-2022-21158
 	RESERVED
 CVE-2022-0674
 	RESERVED
-CVE-2022-0673
-	RESERVED
-CVE-2022-0672
-	RESERVED
-CVE-2022-0671
-	RESERVED
+CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...)
+	TODO: check
+CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...)
+	TODO: check
+CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...)
+	TODO: check
 CVE-2022-0670
 	RESERVED
 CVE-2022-0669
@@ -66,20 +108,20 @@ CVE-2022-0668
 	RESERVED
 CVE-2022-0667
 	RESERVED
-CVE-2022-0666
-	RESERVED
+CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering  ...)
+	TODO: check
 CVE-2022-0665
 	RESERVED
-CVE-2022-0664
-	RESERVED
+CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker  ...)
+	TODO: check
 CVE-2022-0663
 	RESERVED
 CVE-2022-0662
 	RESERVED
 CVE-2022-0661
 	RESERVED
-CVE-2022-0660
-	RESERVED
+CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
+	TODO: check
 CVE-2022-0659
 	RESERVED
 CVE-2022-0658
@@ -92,10 +134,10 @@ CVE-2022-XXXX [Arbitrary File Write Vulnerability ]
 	- libpgjava 42.3.3-1
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
 	NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
-CVE-2022-25299
-	RESERVED
-CVE-2022-25298
-	RESERVED
+CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...)
+	TODO: check
+CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible  ...)
+	TODO: check
 CVE-2022-25297
 	RESERVED
 CVE-2022-25296
@@ -234,8 +276,7 @@ CVE-2022-0648
 	RESERVED
 CVE-2022-0647
 	RESERVED
-CVE-2022-0646 [mctp: serial: Cancel pending work from ndo_uninit handler]
-	RESERVED
+CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
 CVE-2022-0645
@@ -272,8 +313,8 @@ CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium b
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0632
 	RESERVED
-CVE-2022-0631
-	RESERVED
+CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
+	TODO: check
 CVE-2022-0630
 	RESERVED
 CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
@@ -956,8 +997,7 @@ CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3
 	[buster] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
-CVE-2022-0585
-	RESERVED
+CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
 	- wireshark <unfixed>
 	[bullseye] - wireshark <no-dsa> (Minor issue)
 	[buster] - wireshark <no-dsa> (Minor issue)
@@ -1738,6 +1778,7 @@ CVE-2022-0544
 	RESERVED
 CVE-2022-0543 [sandbox escape]
 	RESERVED
+	{DSA-5081-1}
 	- redis <unfixed> (bug #1005787)
 	NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
 CVE-2022-0542
@@ -2273,7 +2314,7 @@ CVE-2022-24447
 CVE-2022-24446
 	RESERVED
 CVE-2022-24445
-	RESERVED
+	REJECTED
 CVE-2022-24444
 	RESERVED
 CVE-2022-24443
@@ -2831,8 +2872,8 @@ CVE-2022-0452
 	- chromium 98.0.4758.80-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0451
-	RESERVED
+CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
+	TODO: check
 CVE-2022-0450
 	RESERVED
 CVE-2022-0449
@@ -3665,10 +3706,10 @@ CVE-2022-23984
 	RESERVED
 CVE-2022-23983
 	RESERVED
-CVE-2022-23982
-	RESERVED
-CVE-2022-23981
-	RESERVED
+CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
+	TODO: check
+CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
+	TODO: check
 CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr &#8211; Ye ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -4188,12 +4229,12 @@ CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.
 	NOT-FOR-US: TransmitMail
 CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
 	NOT-FOR-US: TransmitMail
-CVE-2022-21176
-	RESERVED
-CVE-2022-21143
-	RESERVED
-CVE-2022-21141
-	RESERVED
+CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
+CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
+CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
 CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
 	- moodle <removed>
 CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
@@ -4617,8 +4658,8 @@ CVE-2022-23649
 	RESERVED
 CVE-2022-23648
 	RESERVED
-CVE-2022-23647
-	RESERVED
+CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
+	TODO: check
 CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
 	TODO: check
 CVE-2022-23645
@@ -7383,8 +7424,8 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
 	NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
-CVE-2022-0138
-	RESERVED
+CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
 CVE-2022-0137
 	RESERVED
 CVE-2022-0136
@@ -8856,12 +8897,12 @@ CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocati
 	NOT-FOR-US: Juniper
 CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...)
 	NOT-FOR-US: Juniper
-CVE-2022-21800
-	RESERVED
-CVE-2022-21215
-	RESERVED
-CVE-2022-21196
-	RESERVED
+CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
+CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...)
+	TODO: check
+CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+	TODO: check
 CVE-2022-21155
 	RESERVED
 CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
author	security tracker role <sectracker@soriano.debian.org>	2022-02-18 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-18 20:10:22 +0000
commit	7d151558ef36947c4bd09680c0938bf4f1646d0e (patch)
tree	2ddb90539fde384e0960d3a490c2918473a85f0b
parent	6718ba9e307555d3827ad71320b36086732a395e (diff)