automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-12 08:10:12 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-12 08:10:12 +0000
commit: 2080260371585e63d7d3f7619ab74b33fb54dc7a (patch)
tree: 25f9f1b06c6fa714ca9e77cafb135a765843fbf5 /data
parent: ede2fee415351e848ed5fbcbbe4880c21f065a8d (diff)
2 files changed, 75 insertions, 123 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 76b87ade27..f29027c6c6 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -715,18 +715,18 @@ CVE-2021-46368
 	RESERVED
 CVE-2021-46367
 	RESERVED
-CVE-2021-46366
-	RESERVED
-CVE-2021-46365
-	RESERVED
-CVE-2021-46364
-	RESERVED
-CVE-2021-46363
-	RESERVED
-CVE-2021-46362
-	RESERVED
-CVE-2021-46361
-	RESERVED
+CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
+	TODO: check
+CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+	TODO: check
+CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...)
+	TODO: check
+CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+	TODO: check
+CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...)
+	TODO: check
+CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...)
+	TODO: check
 CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
 	NOT-FOR-US: Composr-CMS
 CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
@@ -4876,32 +4876,27 @@ CVE-2021-44797
 	RESERVED
 CVE-2021-44796
 	RESERVED
-CVE-2021-4102
-	RESERVED
+CVE-2021-4102 (Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4101
-	RESERVED
+CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4100
-	RESERVED
+CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4099
-	RESERVED
+CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110  ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-4098
-	RESERVED
+CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -56891,8 +56886,8 @@ CVE-2021-23557
 	RESERVED
 CVE-2021-23556
 	RESERVED
-CVE-2021-23555
-	RESERVED
+CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...)
+	TODO: check
 CVE-2021-23554
 	RESERVED
 CVE-2021-23553
@@ -65602,9 +65597,8 @@ CVE-2021-20003
 	REJECTED
 CVE-2021-20002
 	REJECTED
-CVE-2021-20001
-	RESERVED
-	{DSA-5072-1}
+CVE-2021-20001 (It was discovered, that debian-edu-config, a set of configuration file ...)
+	{DSA-5072-1 DLA-2918-1}
 	- debian-edu-config 2.12.16
 	NOTE: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
 CVE-2021-2485 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 266aa231e7..d9385f93c1 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -1,3 +1,7 @@
+CVE-2022-0570
+	RESERVED
+CVE-2022-0569
+	RESERVED
 CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...)
 	- git <unfixed> (unimportant)
 	NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
@@ -3548,10 +3552,9 @@ CVE-2022-23636
 	RESERVED
 CVE-2022-23635
 	RESERVED
-CVE-2022-23634
-	RESERVED
-CVE-2022-23633
-	RESERVED
+CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma`  ...)
+	TODO: check
+CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...)
 	- rails <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5
 	NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5)
@@ -3986,50 +3989,42 @@ CVE-2022-23438
 CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
 	- libxerces2-java <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3
-CVE-2022-0311
-	RESERVED
+CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0310
-	RESERVED
+CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0309
-	RESERVED
+CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0308
-	RESERVED
+CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS prior to ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0307
-	RESERVED
+CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to 97.0.46 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0306
-	RESERVED
+CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99  ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0305
-	RESERVED
+CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google Chrome pr ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0304
-	RESERVED
+CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 all ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -4040,80 +4035,67 @@ CVE-2022-0303
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0302
-	RESERVED
+CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0301
-	RESERVED
+CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.9 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0300
-	RESERVED
+CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on Android ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0298
-	RESERVED
+CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 al ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0297
-	RESERVED
+CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowe ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0296
-	RESERVED
+CVE-2022-0296 (Use after free in Printing in Google Chrome prior to 97.0.4692.99 allo ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0295
-	RESERVED
+CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0294
-	RESERVED
+CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome prior  ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0293
-	RESERVED
+CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0292
-	RESERVED
+CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0291
-	RESERVED
+CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior to 97.0 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0290
-	RESERVED
+CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to 97.0.4692.9 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0289
-	RESERVED
+CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 ...)
 	{DSA-5054-1}
 	- chromium 97.0.4692.99-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -5982,8 +5964,8 @@ CVE-2022-22767
 	RESERVED
 CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
 	NOT-FOR-US: BD Pyxis
-CVE-2022-22765
-	RESERVED
+CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...)
+	TODO: check
 CVE-2022-22764
 	RESERVED
 	{DSA-5069-1 DLA-2916-1}
@@ -6702,148 +6684,124 @@ CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installatio
 	NOT-FOR-US: SAP
 CVE-2022-22527
 	RESERVED
-CVE-2022-0120
-	RESERVED
+CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome prior to 97 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-0119
 	RESERVED
-CVE-2022-0118
-	RESERVED
+CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior to 97. ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0117
-	RESERVED
+CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed  ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0116
-	RESERVED
+CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome prior to  ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0115
-	RESERVED
+CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 a ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0114
-	RESERVED
+CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google Chrome prior ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0113
-	RESERVED
+CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to 97.0.4 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0112
-	RESERVED
+CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to 97.0.469 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0111
-	RESERVED
+CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0110
-	RESERVED
+CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692. ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0109
-	RESERVED
+CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0108
-	RESERVED
+CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0107
-	RESERVED
+CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome OS prior ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0106
-	RESERVED
+CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allo ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0105
-	RESERVED
+CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to 97.0.469 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0104
-	RESERVED
+CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 a ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0103
-	RESERVED
+CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 a ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0102
-	RESERVED
+CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a  ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0101
-	RESERVED
+CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692. ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0100
-	RESERVED
+CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome prior to 97 ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0099
-	RESERVED
+CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allow ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0098
-	RESERVED
+CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS prior t ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0097
-	RESERVED
+CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior to 97. ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0096
-	RESERVED
+CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71 allow ...)
 	{DSA-5046-1}
 	- chromium 97.0.4692.71-0.1
 	[buster] - chromium <end-of-life> (see DSA 5046)
author	security tracker role <sectracker@soriano.debian.org>	2022-02-12 08:10:12 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-12 08:10:12 +0000
commit	2080260371585e63d7d3f7619ab74b33fb54dc7a (patch)
tree	25f9f1b06c6fa714ca9e77cafb135a765843fbf5 /data
parent	ede2fee415351e848ed5fbcbbe4880c21f065a8d (diff)