automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-02-17 20:10:19 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-02-17 20:10:19 +0000
commit: 69052c443ec9779d122f2496aa9d2721605b9191 (patch)
tree: ad23605f3d8c1cc639455f318134b22166c94181
parent: c1e1b9983c58174de060064a29a7e12d2de457d5 (diff)
3 files changed, 92 insertions, 37 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6d344184c7..60cebc2cb5 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -5469,7 +5469,7 @@ CVE-2020-28887
 	RESERVED
 CVE-2020-28886
 	RESERVED
-CVE-2020-28885 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
+CVE-2020-28885 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is ...)
 	NOT-FOR-US: Liferay
 CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
 	NOT-FOR-US: Liferay
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 38c2ec2713..054d916991 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -731,8 +731,8 @@ CVE-2021-46370
 	RESERVED
 CVE-2021-46369
 	RESERVED
-CVE-2021-46368
-	RESERVED
+CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...)
+	TODO: check
 CVE-2021-46367
 	RESERVED
 CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
@@ -1031,8 +1031,8 @@ CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Sp
 	TODO: check
 CVE-2021-46248
 	RESERVED
-CVE-2021-46247
-	RESERVED
+CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the  ...)
+	TODO: check
 CVE-2021-46246
 	RESERVED
 CVE-2021-46245
@@ -4720,8 +4720,8 @@ CVE-2021-44870
 	RESERVED
 CVE-2021-44869
 	RESERVED
-CVE-2021-44868
-	RESERVED
+CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...)
+	TODO: check
 CVE-2021-44867
 	RESERVED
 CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
@@ -13172,7 +13172,7 @@ CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815
 	NOT-FOR-US: ARCHIBUS Web Central
 CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a  ...)
 	NOT-FOR-US: ARCHIBUS Web Central
-CVE-2021-41552 (CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Inject ...)
+CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...)
 	NOT-FOR-US: CommScope
 CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
 	NOT-FOR-US: Leostream Connection Broker
@@ -19407,8 +19407,8 @@ CVE-2021-39036
 	RESERVED
 CVE-2021-39035
 	RESERVED
-CVE-2021-39034
-	RESERVED
+CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
+	TODO: check
 CVE-2021-39033
 	RESERVED
 CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 6ae2ba13c6..42d97392e7 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,57 @@
+CVE-2022-25311
+	RESERVED
+CVE-2022-25310
+	RESERVED
+CVE-2022-25309
+	RESERVED
+CVE-2022-25308
+	RESERVED
+CVE-2022-25307
+	RESERVED
+CVE-2022-25306
+	RESERVED
+CVE-2022-25305
+	RESERVED
+CVE-2022-21158
+	RESERVED
+CVE-2022-0674
+	RESERVED
+CVE-2022-0673
+	RESERVED
+CVE-2022-0672
+	RESERVED
+CVE-2022-0671
+	RESERVED
+CVE-2022-0670
+	RESERVED
+CVE-2022-0669
+	RESERVED
+CVE-2022-0668
+	RESERVED
+CVE-2022-0667
+	RESERVED
+CVE-2022-0666
+	RESERVED
+CVE-2022-0665
+	RESERVED
+CVE-2022-0664
+	RESERVED
+CVE-2022-0663
+	RESERVED
+CVE-2022-0662
+	RESERVED
+CVE-2022-0661
+	RESERVED
+CVE-2022-0660
+	RESERVED
+CVE-2022-0659
+	RESERVED
+CVE-2022-0658
+	RESERVED
+CVE-2022-0657
+	RESERVED
+CVE-2022-0656
+	RESERVED
 CVE-2022-XXXX [Arbitrary File Write Vulnerability ]
 	- libpgjava 42.3.3-1
 	NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
@@ -157,10 +211,10 @@ CVE-2022-0641
 	RESERVED
 CVE-2022-0640
 	RESERVED
-CVE-2022-0639
-	RESERVED
-CVE-2022-0638
-	RESERVED
+CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+	TODO: check
+CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+	TODO: check
 CVE-2022-0637
 	RESERVED
 CVE-2022-0636
@@ -169,16 +223,16 @@ CVE-2022-0635
 	RESERVED
 CVE-2022-0634
 	RESERVED
-CVE-2022-0633
-	RESERVED
+CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
+	TODO: check
 CVE-2022-0632
 	RESERVED
 CVE-2022-0631
 	RESERVED
 CVE-2022-0630
 	RESERVED
-CVE-2022-0629
-	RESERVED
+CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-0628
 	RESERVED
 CVE-2022-0627
@@ -189,7 +243,8 @@ CVE-2022-0625
 	RESERVED
 CVE-2022-0624
 	RESERVED
-CVE-2022-25271 [Improper input validation - SA-CORE-2022-003]
+CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...)
+	{DLA-2925-1}
 	- drupal7 <removed>
 	NOTE: https://www.drupal.org/sa-core-2022-003
 	NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712
@@ -1572,8 +1627,8 @@ CVE-2022-24685
 CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
 	- nomad <undetermined>
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
-CVE-2022-24683
-	RESERVED
+CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
+	TODO: check
 CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
 	NOT-FOR-US: Zimbra
 CVE-2022-24681
@@ -4539,8 +4594,8 @@ CVE-2022-23633 (Action Pack is a framework for handling and responding to web re
 	NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6)
 	NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1)
 	NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2)
-CVE-2022-23632
-	RESERVED
+CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
+	TODO: check
 CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
 	TODO: check
 CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...)
@@ -5344,10 +5399,10 @@ CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on
 	NOT-FOR-US: XMPie
 CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
 	NOT-FOR-US: XMPie uStore
-CVE-2022-23319
-	RESERVED
-CVE-2022-23318
-	RESERVED
+CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions &gt;= ...)
+	TODO: check
+CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions &gt;= 1.05 allows an attac ...)
+	TODO: check
 CVE-2022-23317 (CobaltStrike &lt;=4.5 HTTP(S) listener does not determine whether the  ...)
 	NOT-FOR-US: CobaltStrike
 CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
@@ -6514,8 +6569,8 @@ CVE-2022-22914
 	RESERVED
 CVE-2022-22913
 	RESERVED
-CVE-2022-22912
-	RESERVED
+CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4  ...)
+	TODO: check
 CVE-2022-22911
 	RESERVED
 CVE-2022-22910
@@ -6540,8 +6595,8 @@ CVE-2022-22901 (There is an Assertion in 'context_p-&gt;next_scanner_info_p-&gt;
 	TODO: check
 CVE-2022-22900
 	RESERVED
-CVE-2022-22899
-	RESERVED
+CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...)
+	TODO: check
 CVE-2022-22898
 	RESERVED
 CVE-2022-22897
@@ -11533,8 +11588,8 @@ CVE-2022-20752
 	RESERVED
 CVE-2022-20751
 	RESERVED
-CVE-2022-20750
-	RESERVED
+CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
+	TODO: check
 CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340,  ...)
 	NOT-FOR-US: Cisco Small Business RV Series Routers
 CVE-2022-20748
@@ -11720,8 +11775,8 @@ CVE-2022-20661
 	RESERVED
 CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20659
-	RESERVED
+CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+	TODO: check
 CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20657
@@ -11732,8 +11787,8 @@ CVE-2022-20655
 	RESERVED
 CVE-2022-20654
 	RESERVED
-CVE-2022-20653
-	RESERVED
+CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...)
+	TODO: check
 CVE-2022-20652
 	RESERVED
 CVE-2022-20651
author	security tracker role <sectracker@soriano.debian.org>	2022-02-17 20:10:19 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-02-17 20:10:19 +0000
commit	69052c443ec9779d122f2496aa9d2721605b9191 (patch)
tree	ad23605f3d8c1cc639455f318134b22166c94181
parent	c1e1b9983c58174de060064a29a7e12d2de457d5 (diff)