automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-19 08:10:16 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-19 08:10:16 +0000
commit: e02e72eb11423c3d46f0fa648dcfe64a1024a87b (patch)
tree: bb36426012765541c04ac4626b666ec7b2907dbb
parent: 34da3e2f1031ac50636895abe2a881475f1da71b (diff)
4 files changed, 374 insertions, 320 deletions
diff --git a/data/CVE/list.2016 b/data/CVE/list.2016
index 147ae0a1e5..0195236e5c 100644
--- a/data/CVE/list.2016
+++ b/data/CVE/list.2016
@@ -1,3 +1,5 @@
+CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...)
+	TODO: check
 CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...)
 	- openssh <unfixed> (unimportant)
 	NOTE: https://github.com/openssh/openssh-portable/pull/270
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 9ebbf9e129..dcb1defe6c 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -51097,8 +51097,7 @@ CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawik
 	NOTE: https://phabricator.wikimedia.org/T158689
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
 	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
-CVE-2017-0371
-	RESERVED
+CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.2 ...)
 	- mediawiki 1:1.27.2-1
 	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
 	NOTE: https://phabricator.wikimedia.org/T140591
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index b1a47ad899..ee07b82abe 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -135,196 +135,196 @@ CVE-2021-4217 [Null pointer dereference in Unicode strings code]
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-4216
 	RESERVED
-CVE-2021-46656
-	RESERVED
-CVE-2021-46655
-	RESERVED
-CVE-2021-46654
-	RESERVED
-CVE-2021-46653
-	RESERVED
-CVE-2021-46652
-	RESERVED
-CVE-2021-46651
-	RESERVED
-CVE-2021-46650
-	RESERVED
-CVE-2021-46649
-	RESERVED
-CVE-2021-46648
-	RESERVED
-CVE-2021-46647
-	RESERVED
-CVE-2021-46646
-	RESERVED
-CVE-2021-46645
-	RESERVED
-CVE-2021-46644
-	RESERVED
-CVE-2021-46643
-	RESERVED
-CVE-2021-46642
-	RESERVED
-CVE-2021-46641
-	RESERVED
-CVE-2021-46640
-	RESERVED
-CVE-2021-46639
-	RESERVED
-CVE-2021-46638
-	RESERVED
-CVE-2021-46637
-	RESERVED
-CVE-2021-46636
-	RESERVED
-CVE-2021-46635
-	RESERVED
-CVE-2021-46634
-	RESERVED
-CVE-2021-46633
-	RESERVED
-CVE-2021-46632
-	RESERVED
-CVE-2021-46631
-	RESERVED
-CVE-2021-46630
-	RESERVED
-CVE-2021-46629
-	RESERVED
-CVE-2021-46628
-	RESERVED
-CVE-2021-46627
-	RESERVED
-CVE-2021-46626
-	RESERVED
-CVE-2021-46625
-	RESERVED
-CVE-2021-46624
-	RESERVED
-CVE-2021-46623
-	RESERVED
-CVE-2021-46622
-	RESERVED
-CVE-2021-46621
-	RESERVED
-CVE-2021-46620
-	RESERVED
-CVE-2021-46619
-	RESERVED
-CVE-2021-46618
-	RESERVED
-CVE-2021-46617
-	RESERVED
-CVE-2021-46616
-	RESERVED
-CVE-2021-46615
-	RESERVED
-CVE-2021-46614
-	RESERVED
-CVE-2021-46613
-	RESERVED
-CVE-2021-46612
-	RESERVED
-CVE-2021-46611
-	RESERVED
-CVE-2021-46610
-	RESERVED
-CVE-2021-46609
-	RESERVED
-CVE-2021-46608
-	RESERVED
-CVE-2021-46607
-	RESERVED
-CVE-2021-46606
-	RESERVED
-CVE-2021-46605
-	RESERVED
-CVE-2021-46604
-	RESERVED
-CVE-2021-46603
-	RESERVED
-CVE-2021-46602
-	RESERVED
-CVE-2021-46601
-	RESERVED
-CVE-2021-46600
-	RESERVED
-CVE-2021-46599
-	RESERVED
-CVE-2021-46598
-	RESERVED
-CVE-2021-46597
-	RESERVED
-CVE-2021-46596
-	RESERVED
-CVE-2021-46595
-	RESERVED
-CVE-2021-46594
-	RESERVED
-CVE-2021-46593
-	RESERVED
-CVE-2021-46592
-	RESERVED
-CVE-2021-46591
-	RESERVED
-CVE-2021-46590
-	RESERVED
-CVE-2021-46589
-	RESERVED
-CVE-2021-46588
-	RESERVED
-CVE-2021-46587
-	RESERVED
-CVE-2021-46586
-	RESERVED
-CVE-2021-46585
-	RESERVED
-CVE-2021-46584
-	RESERVED
-CVE-2021-46583
-	RESERVED
-CVE-2021-46582
-	RESERVED
-CVE-2021-46581
-	RESERVED
-CVE-2021-46580
-	RESERVED
-CVE-2021-46579
-	RESERVED
-CVE-2021-46578
-	RESERVED
-CVE-2021-46577
-	RESERVED
-CVE-2021-46576
-	RESERVED
-CVE-2021-46575
-	RESERVED
-CVE-2021-46574
-	RESERVED
-CVE-2021-46573
-	RESERVED
-CVE-2021-46572
-	RESERVED
-CVE-2021-46571
-	RESERVED
-CVE-2021-46570
-	RESERVED
-CVE-2021-46569
-	RESERVED
-CVE-2021-46568
-	RESERVED
-CVE-2021-46567
-	RESERVED
-CVE-2021-46566
-	RESERVED
-CVE-2021-46565
-	RESERVED
-CVE-2021-46564
-	RESERVED
-CVE-2021-46563
-	RESERVED
-CVE-2021-46562
-	RESERVED
+CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
 	NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API
 CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
@@ -1400,8 +1400,8 @@ CVE-2021-46112
 	RESERVED
 CVE-2021-46111
 	RESERVED
-CVE-2021-46110
-	RESERVED
+CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...)
+	TODO: check
 CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...)
 	NOT-FOR-US: ASUS
 CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...)
@@ -1460,8 +1460,8 @@ CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (
 	NOT-FOR-US: uscat
 CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
 	NOT-FOR-US: uscat
-CVE-2021-46082
-	RESERVED
+CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...)
+	TODO: check
 CVE-2021-46081
 	RESERVED
 CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...)
@@ -1498,10 +1498,10 @@ CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Fi
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-46064
 	RESERVED
-CVE-2021-46063
-	RESERVED
-CVE-2021-46062
-	RESERVED
+CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...)
+	TODO: check
+CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...)
+	TODO: check
 CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-46060
@@ -4153,8 +4153,8 @@ CVE-2021-45084
 	RESERVED
 CVE-2021-45083
 	RESERVED
-CVE-2021-45082
-	RESERVED
+CVE-2021-45082 (An issue was discovered in Cobbler through 3.3.0. In the templar.py fi ...)
+	TODO: check
 CVE-2021-45081
 	RESERVED
 CVE-2021-45080
@@ -6310,8 +6310,8 @@ CVE-2021-44304
 	RESERVED
 CVE-2021-44303
 	RESERVED
-CVE-2021-44302
-	RESERVED
+CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...)
+	TODO: check
 CVE-2021-44301
 	RESERVED
 CVE-2021-44300
@@ -14937,10 +14937,10 @@ CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe d
 	NOT-FOR-US: Proofpoint
 CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...)
 	NOT-FOR-US: Proofpoint
-CVE-2021-40841
-	RESERVED
-CVE-2021-40840
-	RESERVED
+CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...)
+	TODO: check
+CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form  ...)
+	TODO: check
 CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
 	- python-rencode 1.0.6-2
 	[bullseye] - python-rencode <no-dsa> (Minor issue)
@@ -42396,10 +42396,10 @@ CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134
 	NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
-CVE-2021-29656
-	RESERVED
-CVE-2021-29655
-	RESERVED
+CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validat ...)
+	TODO: check
+CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning authent ...)
+	TODO: check
 CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
 	NOT-FOR-US: AjaxSearchPro
 CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...)
@@ -56715,8 +56715,8 @@ CVE-2021-23704
 	RESERVED
 CVE-2021-23703
 	RESERVED
-CVE-2021-23702
-	RESERVED
+CVE-2021-23702 (The package object-extend from 0.0.0 are vulnerable to Prototype Pollu ...)
+	TODO: check
 CVE-2021-23701
 	RESERVED
 CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...)
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 4f2926b45c..091e69ca33 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,61 @@
+CVE-2022-25367
+	RESERVED
+CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it  ...)
+	TODO: check
+CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...)
+	TODO: check
+CVE-2022-25364
+	RESERVED
+CVE-2022-25363
+	RESERVED
+CVE-2022-25362
+	RESERVED
+CVE-2022-25361
+	RESERVED
+CVE-2022-25360
+	RESERVED
+CVE-2022-25359
+	RESERVED
+CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...)
+	TODO: check
+CVE-2022-25357
+	RESERVED
+CVE-2022-25356
+	RESERVED
+CVE-2022-25344
+	RESERVED
+CVE-2022-25343
+	RESERVED
+CVE-2022-25342
+	RESERVED
+CVE-2022-25341
+	RESERVED
+CVE-2022-25340
+	RESERVED
+CVE-2022-25339
+	RESERVED
+CVE-2022-25338
+	RESERVED
+CVE-2022-24914
+	RESERVED
+CVE-2022-24436
+	RESERVED
+CVE-2022-24378
+	RESERVED
+CVE-2022-24067
+	RESERVED
+CVE-2022-23403
+	RESERVED
+CVE-2022-23182
+	RESERVED
+CVE-2022-22139
+	RESERVED
+CVE-2022-21225
+	RESERVED
+CVE-2022-21198
+	RESERVED
+CVE-2022-21183
+	RESERVED
 CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
 	NOT-FOR-US: Ibexa
 CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
@@ -235,8 +293,8 @@ CVE-2022-0649
 	RESERVED
 CVE-2022-25257
 	RESERVED
-CVE-2022-25256
-	RESERVED
+CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...)
+	TODO: check
 CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...)
 	- qt6-base <unfixed>
 	- qtbase-opensource-src <unfixed>
@@ -677,22 +735,22 @@ CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a he
 	NOT-FOR-US: njs
 CVE-2022-25138
 	RESERVED
-CVE-2022-25137
-	RESERVED
-CVE-2022-25136
-	RESERVED
-CVE-2022-25135
-	RESERVED
-CVE-2022-25134
-	RESERVED
-CVE-2022-25133
-	RESERVED
-CVE-2022-25132
-	RESERVED
-CVE-2022-25131
-	RESERVED
-CVE-2022-25130
-	RESERVED
+CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...)
+	TODO: check
+CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...)
+	TODO: check
+CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync  ...)
+	TODO: check
+CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...)
+	TODO: check
+CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of  ...)
+	TODO: check
+CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...)
+	TODO: check
+CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...)
+	TODO: check
+CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...)
+	TODO: check
 CVE-2022-25129
 	RESERVED
 CVE-2022-25128
@@ -1035,10 +1093,10 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 a
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
 CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...)
 	NOT-FOR-US: LibreNMS
-CVE-2022-24980
-	RESERVED
-CVE-2022-24979
-	RESERVED
+CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...)
+	TODO: check
+CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...)
+	TODO: check
 CVE-2022-24978
 	RESERVED
 CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...)
@@ -1089,8 +1147,8 @@ CVE-2022-24973
 	RESERVED
 CVE-2022-24972
 	RESERVED
-CVE-2022-24971
-	RESERVED
+CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-24970
 	RESERVED
 CVE-2022-24969
@@ -1777,8 +1835,7 @@ CVE-2022-0545
 	RESERVED
 CVE-2022-0544
 	RESERVED
-CVE-2022-0543 [sandbox escape]
-	RESERVED
+CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...)
 	{DSA-5081-1}
 	- redis <unfixed> (bug #1005787)
 	NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
@@ -2536,40 +2593,40 @@ CVE-2022-24372
 	RESERVED
 CVE-2022-24371
 	RESERVED
-CVE-2022-24370
-	RESERVED
-CVE-2022-24369
-	RESERVED
-CVE-2022-24368
-	RESERVED
-CVE-2022-24367
-	RESERVED
-CVE-2022-24366
-	RESERVED
-CVE-2022-24365
-	RESERVED
-CVE-2022-24364
-	RESERVED
-CVE-2022-24363
-	RESERVED
-CVE-2022-24362
-	RESERVED
-CVE-2022-24361
-	RESERVED
-CVE-2022-24360
-	RESERVED
-CVE-2022-24359
-	RESERVED
-CVE-2022-24358
-	RESERVED
-CVE-2022-24357
-	RESERVED
-CVE-2022-24356
-	RESERVED
-CVE-2022-24355
-	RESERVED
-CVE-2022-24354
-	RESERVED
+CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-24353
 	RESERVED
 CVE-2022-24352
@@ -3341,8 +3398,8 @@ CVE-2022-24114 (Local privilege escalation due to race condition on application
 	NOT-FOR-US: Acronis
 CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...)
 	NOT-FOR-US: Acronis
-CVE-2022-0409
-	RESERVED
+CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...)
+	TODO: check
 CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -3478,65 +3535,61 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
 	NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233)
 CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel  ...)
 	NOT-FOR-US: Insyde
-CVE-2022-24064
-	RESERVED
-CVE-2022-24063
-	RESERVED
-CVE-2022-24062
-	RESERVED
-CVE-2022-24061
-	RESERVED
-CVE-2022-24060
-	RESERVED
-CVE-2022-24059
-	RESERVED
-CVE-2022-24058
-	RESERVED
-CVE-2022-24057
-	RESERVED
-CVE-2022-24056
-	RESERVED
-CVE-2022-24055
-	RESERVED
+CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
 CVE-2022-24054
 	RESERVED
 CVE-2022-24053
 	RESERVED
-CVE-2022-24052
-	RESERVED
+CVE-2022-24052 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
-CVE-2022-24051
-	RESERVED
+CVE-2022-24051 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
-CVE-2022-24050
-	RESERVED
+CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
-CVE-2022-24049
-	RESERVED
-CVE-2022-24048
-	RESERVED
+CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...)
 	- mariadb-10.6 <unfixed>
 	- mariadb-10.5 <removed>
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
-CVE-2022-24047
-	RESERVED
-CVE-2022-24046
-	RESERVED
+CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...)
+	TODO: check
+CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2022-24045
 	RESERVED
 CVE-2022-24044
@@ -4653,24 +4706,24 @@ CVE-2022-23652
 	RESERVED
 CVE-2022-23651
 	RESERVED
-CVE-2022-23650
-	RESERVED
-CVE-2022-23649
-	RESERVED
+CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...)
+	TODO: check
+CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
+	TODO: check
 CVE-2022-23648
 	RESERVED
 CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
 	TODO: check
 CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
 	TODO: check
-CVE-2022-23645
-	RESERVED
+CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...)
+	TODO: check
 CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
 	NOT-FOR-US: BookWyrm
 CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
 	TODO: check
-CVE-2022-23642
-	RESERVED
+CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior  ...)
+	TODO: check
 CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to  ...)
 	NOT-FOR-US: Discourse
 CVE-2022-23640
@@ -5807,8 +5860,8 @@ CVE-2022-23230
 	RESERVED
 CVE-2022-23229
 	RESERVED
-CVE-2022-23228
-	RESERVED
+CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...)
+	TODO: check
 CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...)
 	NOT-FOR-US: NUUO NVRmini2
 CVE-2022-23226
author	security tracker role <sectracker@soriano.debian.org>	2022-02-19 08:10:16 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-19 08:10:16 +0000
commit	e02e72eb11423c3d46f0fa648dcfe64a1024a87b (patch)
tree	bb36426012765541c04ac4626b666ec7b2907dbb
parent	34da3e2f1031ac50636895abe2a881475f1da71b (diff)