automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-01-25 20:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-01-25 20:10:20 +0000
commit: a8927b69c8e3b709c2e6e9d2c5fc22fd3eabe0c4 (patch)
tree: 17dfd0afdc465cebe7a3c8f278863c8ce7e23511 /data/CVE/list.2022
parent: 79b0d48fec5d366c5a82085f4b0d96f171ff2c32 (diff)
1 files changed, 69 insertions, 32 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index f10924caaa..6093f19ce4 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,43 @@
+CVE-2022-23947
+	RESERVED
+CVE-2022-23946
+	RESERVED
+CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...)
+	TODO: check
+CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
+	TODO: check
+CVE-2022-23943
+	RESERVED
+CVE-2022-23942
+	RESERVED
+CVE-2022-21184
+	RESERVED
+CVE-2022-0368
+	RESERVED
+CVE-2022-0367
+	RESERVED
+CVE-2022-0366
+	RESERVED
+CVE-2022-0365
+	RESERVED
+CVE-2022-0364
+	RESERVED
+CVE-2022-0363
+	RESERVED
+CVE-2022-0362
+	RESERVED
+CVE-2022-0361
+	RESERVED
+CVE-2022-0360
+	RESERVED
+CVE-2022-0359
+	RESERVED
+CVE-2022-0358
+	RESERVED
+CVE-2022-0357
+	RESERVED
+CVE-2022-0356
+	RESERVED
 CVE-2022-23941
 	RESERVED
 CVE-2022-23940
@@ -155,8 +195,8 @@ CVE-2022-23865
 	RESERVED
 CVE-2022-0352
 	RESERVED
-CVE-2022-0351
-	RESERVED
+CVE-2022-0351 (Access of Memory Location Before Start of Buffer in Conda vim prior to ...)
+	TODO: check
 CVE-2022-0350
 	RESERVED
 CVE-2022-0349
@@ -214,8 +254,8 @@ CVE-2022-23849
 	RESERVED
 CVE-2022-0339
 	RESERVED
-CVE-2022-0338
-	RESERVED
+CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
+	TODO: check
 CVE-2022-23848
 	RESERVED
 CVE-2022-23847
@@ -1547,8 +1587,8 @@ CVE-2022-0270
 	RESERVED
 CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
 	TODO: check
-CVE-2022-0268
-	RESERVED
+CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
+	TODO: check
 CVE-2022-0267
 	RESERVED
 CVE-2022-23312
@@ -1808,8 +1848,8 @@ CVE-2022-23225
 	RESERVED
 CVE-2022-23224
 	RESERVED
-CVE-2022-23223
-	RESERVED
+CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
+	TODO: check
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
 	- h2database <unfixed>
 	NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
@@ -2362,20 +2402,17 @@ CVE-2022-23037
 	RESERVED
 CVE-2022-23036
 	RESERVED
-CVE-2022-23035
-	RESERVED
+CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
 	- xen <unfixed>
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-395.html
-CVE-2022-23034
-	RESERVED
+CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...)
 	- xen <unfixed>
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-394.html
-CVE-2022-23033
-	RESERVED
+CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...)
 	- xen <unfixed>
 	[buster] - xen <end-of-life> (DSA 4677-1)
 	[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -3090,7 +3127,7 @@ CVE-2022-22748
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
 CVE-2022-22747
 	RESERVED
-	{DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+	{DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
 	- nss 2:3.73-1
 	- firefox 96.0-1
 	- firefox-esr 91.5.0esr-1
@@ -5690,8 +5727,8 @@ CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive
 	NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
 CVE-2022-21698
 	RESERVED
-CVE-2022-21697
-	RESERVED
+CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...)
+	TODO: check
 CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)
 	- onionshare <unfixed>
 	NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f
@@ -6395,11 +6432,11 @@ CVE-2022-21367 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-5.7 <removed>
 	- mysql-8.0 <unfixed>
 CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
 CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
@@ -6412,7 +6449,7 @@ CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
@@ -6454,12 +6491,12 @@ CVE-2022-21343
 CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
 CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
@@ -6532,7 +6569,7 @@ CVE-2022-21307 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp
 CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
@@ -6549,7 +6586,7 @@ CVE-2022-21301 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
@@ -6558,26 +6595,26 @@ CVE-2022-21298 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
 CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox <not-affected> (Windows-specific)
 CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
 CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
 CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
@@ -6596,11 +6633,11 @@ CVE-2022-21285 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp
 CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
 	NOT-FOR-US: MySQL Cluster
 CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
 CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
@@ -6613,7 +6650,7 @@ CVE-2022-21279 (Vulnerability in the MySQL Cluster product of Oracle MySQL (comp
 CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
 CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
@@ -6675,7 +6712,7 @@ CVE-2022-21250 (Vulnerability in the Oracle Trade Management product of Oracle E
 CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed>
 CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
-	{DSA-5057-1}
+	{DSA-5058-1 DSA-5057-1}
 	- openjdk-8 <unfixed>
 	- openjdk-11 11.0.14+9-1
 	- openjdk-17 17.0.2+8-1
author	security tracker role <sectracker@soriano.debian.org>	2022-01-25 20:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-01-25 20:10:20 +0000
commit	a8927b69c8e3b709c2e6e9d2c5fc22fd3eabe0c4 (patch)
tree	17dfd0afdc465cebe7a3c8f278863c8ce7e23511 /data/CVE/list.2022
parent	79b0d48fec5d366c5a82085f4b0d96f171ff2c32 (diff)