automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-11-15 20:10:23 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-11-15 20:10:23 +0000
commit: 62a16b79eb66bcaf78f2cb70729b456c2862fa99 (patch)
tree: 94923033e1e93ab5767feb348854dc7ea75b2c4c
parent: 0970250e9f4c70a071d619082094685e65ce8196 (diff)
3 files changed, 88 insertions, 75 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6a9f40f661..633da843b4 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -41943,11 +41943,9 @@ CVE-2020-12966
 	RESERVED
 CVE-2020-12965
 	RESERVED
-CVE-2020-12964
-	RESERVED
+CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...)
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12963
-	RESERVED
+CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12962
 	RESERVED
@@ -42017,8 +42015,7 @@ CVE-2020-12931
 	RESERVED
 CVE-2020-12930
 	RESERVED
-CVE-2020-12929
-	RESERVED
+CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...)
 	NOT-FOR-US: AMD
 CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
 	NOT-FOR-US: AMD Ryzen Master
@@ -42036,8 +42033,7 @@ CVE-2020-12922
 	REJECTED
 CVE-2020-12921
 	REJECTED
-CVE-2020-12920
-	RESERVED
+CVE-2020-12920 (A potential denial of service issue exists in the AMD Display driver E ...)
 	NOT-FOR-US: AMD
 CVE-2020-12919
 	REJECTED
@@ -42076,34 +42072,27 @@ CVE-2020-12906
 CVE-2020-12905
 	RESERVED
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12904
-	RESERVED
+CVE-2020-12904 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...)
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12903
 	RESERVED
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12902
-	RESERVED
+CVE-2020-12902 (Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Wi ...)
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12901
 	RESERVED
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12900
-	RESERVED
+CVE-2020-12900 (An arbitrary write vulnerability in the AMD Radeon Graphics Driver for ...)
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12899
-	RESERVED
+CVE-2020-12899 (Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR ...)
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12898
-	RESERVED
+CVE-2020-12898 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead t ...)
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12897
-	RESERVED
+CVE-2020-12897 (Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 m ...)
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12896
 	REJECTED
-CVE-2020-12895
-	RESERVED
+CVE-2020-12895 (Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x1 ...)
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12894
 	RESERVED
@@ -42111,8 +42100,7 @@ CVE-2020-12894
 CVE-2020-12893
 	RESERVED
 	NOT-FOR-US: Intel / AMD
-CVE-2020-12892
-	RESERVED
+CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to  ...)
 	NOT-FOR-US: Intel / AMD
 CVE-2020-12891
 	RESERVED
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 94209f94a0..1e5cd4e894 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,9 @@
+CVE-2021-3960
+	RESERVED
+CVE-2021-3959
+	RESERVED
+CVE-2021-3958
+	RESERVED
 CVE-2021-43745
 	RESERVED
 CVE-2021-43744
@@ -399,8 +405,8 @@ CVE-2021-3943
 	RESERVED
 CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
 	NOT-FOR-US: KNX ETS6
-CVE-2021-43574
-	RESERVED
+CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 ...)
+	TODO: check
 CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
 	NOT-FOR-US: Realtek
 CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...)
@@ -596,8 +602,8 @@ CVE-2021-43497
 	RESERVED
 CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
 	NOT-FOR-US: Clustering
-CVE-2021-43495
-	RESERVED
+CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+	TODO: check
 CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
 	NOT-FOR-US: OpenCV-REST-API
 CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
@@ -2064,10 +2070,10 @@ CVE-2021-42841
 	RESERVED
 CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
 	NOT-FOR-US: SuiteCRM
-CVE-2021-42839
-	RESERVED
-CVE-2021-42838
-	RESERVED
+CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...)
+	TODO: check
+CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...)
+	TODO: check
 CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...)
 	NOT-FOR-US: Talend Data Catalog
 CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
@@ -2362,14 +2368,14 @@ CVE-2021-42708
 	RESERVED
 CVE-2021-42707
 	RESERVED
-CVE-2021-42706
-	RESERVED
+CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
+	TODO: check
 CVE-2021-42705
 	RESERVED
 CVE-2021-42704
 	RESERVED
-CVE-2021-42703
-	RESERVED
+CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
+	TODO: check
 CVE-2021-42702
 	RESERVED
 CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
@@ -2614,8 +2620,8 @@ CVE-2021-42582
 	RESERVED
 CVE-2021-42581
 	RESERVED
-CVE-2021-42580
-	RESERVED
+CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...)
+	TODO: check
 CVE-2021-42579
 	RESERVED
 CVE-2021-42578
@@ -4112,10 +4118,10 @@ CVE-2021-41953
 	RESERVED
 CVE-2021-41952
 	RESERVED
-CVE-2021-41951
-	RESERVED
-CVE-2021-41950
-	RESERVED
+CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...)
+	TODO: check
+CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277  ...)
+	TODO: check
 CVE-2021-41949
 	RESERVED
 CVE-2021-41948
@@ -4576,8 +4582,8 @@ CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code
 	NOT-FOR-US: Integria IMS
 CVE-2021-3831
 	RESERVED
-CVE-2021-41765
-	RESERVED
+CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...)
+	TODO: check
 CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...)
 	NOT-FOR-US: Streama
 CVE-2021-41763
@@ -5640,8 +5646,8 @@ CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclo
 	NOT-FOR-US: ECOA BAS controller
 CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...)
 	NOT-FOR-US: ECOA BAS controller
-CVE-2021-41289
-	RESERVED
+CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...)
+	TODO: check
 CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-41287
@@ -7039,7 +7045,7 @@ CVE-2021-40692
 CVE-2021-40691
 	RESERVED
 CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
-	{DLA-2767-1}
+	{DSA-5010-1 DLA-2767-1}
 	- libxml-security-java 2.1.7-1 (bug #994569)
 	NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc
 CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web  ...)
@@ -10574,8 +10580,8 @@ CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform.
 	NOT-FOR-US: Nextcloud OfficeOnline
 CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
 	NOT-FOR-US: Nextcloud Richdocuments
-CVE-2021-39222
-	RESERVED
+CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+	TODO: check
 CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
 	NOT-FOR-US: Nextcloud Contacts
 CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
@@ -11138,28 +11144,28 @@ CVE-2021-38986
 	RESERVED
 CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
 	NOT-FOR-US: IBM
-CVE-2021-38984
-	RESERVED
-CVE-2021-38983
-	RESERVED
-CVE-2021-38982
-	RESERVED
-CVE-2021-38981
-	RESERVED
+CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker  ...)
+	TODO: check
+CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker  ...)
+	TODO: check
+CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...)
+	TODO: check
+CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow  ...)
+	TODO: check
 CVE-2021-38980
 	RESERVED
-CVE-2021-38979
-	RESERVED
-CVE-2021-38978
-	RESERVED
-CVE-2021-38977
-	RESERVED
-CVE-2021-38976
-	RESERVED
-CVE-2021-38975
-	RESERVED
-CVE-2021-38974
-	RESERVED
+CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...)
+	TODO: check
+CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow  ...)
+	TODO: check
+CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...)
+	TODO: check
+CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user  ...)
+	TODO: check
+CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow  ...)
+	TODO: check
+CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow  ...)
+	TODO: check
 CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
 	NOT-FOR-US: IBM
 CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
@@ -20420,10 +20426,10 @@ CVE-2021-34994
 	RESERVED
 CVE-2021-34993
 	RESERVED
-CVE-2021-34992
-	RESERVED
-CVE-2021-34991
-	RESERVED
+CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
 CVE-2021-34990
 	RESERVED
 CVE-2021-34989
@@ -49309,8 +49315,7 @@ CVE-2021-22960 (The parse function in llhttp &lt; 2.1.4 and &lt; 6.0.6. ignores
 	- nodejs 12.22.7~dfsg-1
 	[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
-CVE-2021-22959 [HTTP Request Smuggling due to spaced in headers]
-	RESERVED
+CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the heade ...)
 	- nodejs 12.22.7~dfsg-1
 	[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index dd77b975de..9f370dc1c0 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,23 @@
+CVE-2022-21216
+	RESERVED
+CVE-2022-21204
+	RESERVED
+CVE-2022-21200
+	RESERVED
+CVE-2022-21174
+	RESERVED
+CVE-2022-21157
+	RESERVED
+CVE-2022-21153
+	RESERVED
+CVE-2022-21151
+	RESERVED
+CVE-2022-21138
+	RESERVED
+CVE-2022-21136
+	RESERVED
+CVE-2022-21131
+	RESERVED
 CVE-2022-21220
 	RESERVED
 CVE-2022-21207
author	security tracker role <sectracker@soriano.debian.org>	2021-11-15 20:10:23 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-11-15 20:10:23 +0000
commit	62a16b79eb66bcaf78f2cb70729b456c2862fa99 (patch)
tree	94923033e1e93ab5767feb348854dc7ea75b2c4c
parent	0970250e9f4c70a071d619082094685e65ce8196 (diff)