automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-01-06 20:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-01-06 20:10:20 +0000
commit: 01fae168e9664c10eeccdd1f56b7bea093a183c5 (patch)
tree: c4079be5dbb91366257e9bd93a27a3a6e01f21e4 /data/CVE
parent: f7c88fe3bd1e04195872118e5f697de11c7a5397 (diff)
3 files changed, 121 insertions, 70 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 544f7e7fc1..031e4a7efa 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -5016,6 +5016,7 @@ CVE-2020-29051
 	RESERVED
 CVE-2020-29050 [arbitrary file reads by scattered file snippets]
 	RESERVED
+	{DSA-5036-1}
 	- sphinxsearch 2.2.11-3
 	NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
 	NOTE: and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 3a9d8030e9..ff5e3942fe 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,5 @@
+CVE-2021-4201
+	RESERVED
 CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
 	NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
 CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
@@ -158,34 +160,34 @@ CVE-2021-46082
 	RESERVED
 CVE-2021-46081
 	RESERVED
-CVE-2021-46080
-	RESERVED
-CVE-2021-46079
-	RESERVED
-CVE-2021-46078
-	RESERVED
+CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...)
+	TODO: check
+CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+	TODO: check
+CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+	TODO: check
 CVE-2021-46077
 	RESERVED
-CVE-2021-46076
-	RESERVED
-CVE-2021-46075
-	RESERVED
-CVE-2021-46074
-	RESERVED
-CVE-2021-46073
-	RESERVED
-CVE-2021-46072
-	RESERVED
-CVE-2021-46071
-	RESERVED
-CVE-2021-46070
-	RESERVED
-CVE-2021-46069
-	RESERVED
-CVE-2021-46068
-	RESERVED
-CVE-2021-46067
-	RESERVED
+CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to  ...)
+	TODO: check
+CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle  ...)
+	TODO: check
+CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+	TODO: check
+CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+	TODO: check
+CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+	TODO: check
+CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+	TODO: check
+CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+	TODO: check
+CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+	TODO: check
+CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+	TODO: check
+CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...)
+	TODO: check
 CVE-2021-46066
 	RESERVED
 CVE-2021-46065
@@ -566,8 +568,8 @@ CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive infor
 	NOT-FOR-US: Netgear
 CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
 	NOT-FOR-US: Bitmask Riseup VPN
-CVE-2021-4194
-	RESERVED
+CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
+	TODO: check
 CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
 	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -1018,10 +1020,10 @@ CVE-2021-45747
 	RESERVED
 CVE-2021-45746
 	RESERVED
-CVE-2021-45745
-	RESERVED
-CVE-2021-45744
-	RESERVED
+CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...)
+	TODO: check
+CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...)
+	TODO: check
 CVE-2021-45743
 	RESERVED
 CVE-2021-45742
@@ -1718,14 +1720,11 @@ CVE-2021-4152
 	RESERVED
 CVE-2021-4151
 	RESERVED
-CVE-2021-45458
-	RESERVED
+CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2021-45457
-	RESERVED
+CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2021-45456
-	RESERVED
+CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45455
 	RESERVED
@@ -3170,8 +3169,8 @@ CVE-2021-44880
 	RESERVED
 CVE-2021-44879
 	RESERVED
-CVE-2021-44878
-	RESERVED
+CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
+	TODO: check
 CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
 	NOT-FOR-US: Dalmark Systems Systeam
 CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
@@ -3940,10 +3939,10 @@ CVE-2021-44593
 	RESERVED
 CVE-2021-44592
 	RESERVED
-CVE-2021-44591
-	RESERVED
-CVE-2021-44590
-	RESERVED
+CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
+	TODO: check
+CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...)
+	TODO: check
 CVE-2021-44589
 	RESERVED
 CVE-2021-44588
@@ -3954,8 +3953,8 @@ CVE-2021-44586
 	RESERVED
 CVE-2021-44585
 	RESERVED
-CVE-2021-44584
-	RESERVED
+CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
+	TODO: check
 CVE-2021-44583
 	RESERVED
 CVE-2021-44582
@@ -3994,8 +3993,8 @@ CVE-2021-44566
 	RESERVED
 CVE-2021-44565
 	RESERVED
-CVE-2021-44564
-	RESERVED
+CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product,  ...)
+	TODO: check
 CVE-2021-44563
 	RESERVED
 CVE-2021-44562
@@ -4582,8 +4581,8 @@ CVE-2021-44353
 	RESERVED
 CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
 	NOT-FOR-US: Tenda
-CVE-2021-44351
-	RESERVED
+CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...)
+	TODO: check
 CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x &lt;=5.1.22 via  ...)
 	NOT-FOR-US: ThinkPHP5
 CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
@@ -7877,8 +7876,7 @@ CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6)
-CVE-2021-43045
-	RESERVED
+CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...)
 	NOT-FOR-US: Apache Avro
 CVE-2021-3913
 	RESERVED
@@ -22885,8 +22883,7 @@ CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested
 	- linux 5.14.6-1
 	[buster] - linux 4.19.208-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
-CVE-2021-36774
-	RESERVED
+CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
 	- ublock-origin 1.37.0+dfsg-1 (bug #991386)
@@ -23007,14 +23004,11 @@ CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Obje
 CVE-2021-3644
 	RESERVED
 	- wildfly <itp> (bug #752018)
-CVE-2021-36739
-	RESERVED
+CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...)
 	NOT-FOR-US: Apache Pluto MVCBean JSP portlet
-CVE-2021-36738
-	RESERVED
+CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...)
 	NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet
-CVE-2021-36737
-	RESERVED
+CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to  ...)
 	NOT-FOR-US: Apache Pluto UrlTestPortlet
 CVE-2021-36736
 	RESERVED
@@ -35429,8 +35423,7 @@ CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer func
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e
 CVE-2021-31524
 	RESERVED
-CVE-2021-31522
-	RESERVED
+CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
@@ -42462,12 +42455,10 @@ CVE-2021-28717
 	RESERVED
 CVE-2021-28716
 	RESERVED
-CVE-2021-28715
-	RESERVED
+CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-392.html
-CVE-2021-28714
-	RESERVED
+CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
 	- linux <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-392.html
 CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
@@ -44879,8 +44870,7 @@ CVE-2021-27740
 	RESERVED
 CVE-2021-27739
 	RESERVED
-CVE-2021-27738
-	RESERVED
+CVE-2021-27738 (All request mappings in `StreamingCoordinatorController.java` handling ...)
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...)
 	- trafficserver <not-affected> (Only affects 9.x)
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 928f11e0e6..ed28990233 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,63 @@
+CVE-2022-22728
+	RESERVED
+CVE-2022-22727
+	RESERVED
+CVE-2022-22726
+	RESERVED
+CVE-2022-22725
+	RESERVED
+CVE-2022-22724
+	RESERVED
+CVE-2022-22723
+	RESERVED
+CVE-2022-22722
+	RESERVED
+CVE-2022-22721
+	RESERVED
+CVE-2022-22720
+	RESERVED
+CVE-2022-22719
+	RESERVED
+CVE-2022-22718
+	RESERVED
+CVE-2022-22717
+	RESERVED
+CVE-2022-22716
+	RESERVED
+CVE-2022-22715
+	RESERVED
+CVE-2022-22714
+	RESERVED
+CVE-2022-22713
+	RESERVED
+CVE-2022-22712
+	RESERVED
+CVE-2022-22711
+	RESERVED
+CVE-2022-22710
+	RESERVED
+CVE-2022-22709
+	RESERVED
+CVE-2022-21806
+	RESERVED
+CVE-2022-0139
+	RESERVED
+CVE-2022-0138
+	RESERVED
+CVE-2022-0137
+	RESERVED
+CVE-2022-0136
+	RESERVED
+CVE-2022-0135
+	RESERVED
+CVE-2022-0134
+	RESERVED
+CVE-2022-0133
+	RESERVED
+CVE-2022-0132
+	RESERVED
+CVE-2022-0131
+	RESERVED
 CVE-2022-22708
 	RESERVED
 CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
@@ -67,8 +127,8 @@ CVE-2022-22678
 	RESERVED
 CVE-2022-0129
 	RESERVED
-CVE-2022-0128
-	RESERVED
+CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...)
+	TODO: check
 CVE-2022-0127
 	RESERVED
 CVE-2022-0126
author	security tracker role <sectracker@soriano.debian.org>	2022-01-06 20:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-01-06 20:10:20 +0000
commit	01fae168e9664c10eeccdd1f56b7bea093a183c5 (patch)
tree	c4079be5dbb91366257e9bd93a27a3a6e01f21e4 /data/CVE
parent	f7c88fe3bd1e04195872118e5f697de11c7a5397 (diff)