[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 01 Feb 2022 00:10:33 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
63bc46fb by security tracker role at 2022-02-01T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-24286
+       RESERVED
+CVE-2022-24285
+       RESERVED
+CVE-2022-24284
+       RESERVED
+CVE-2022-24283
+       RESERVED
+CVE-2022-0437
+       RESERVED
+CVE-2022-0436
+       RESERVED
+CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a 
convert_const_to_ ...)
+       TODO: check
+CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain 
long SE ...)
+       TODO: check
+CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, 
leading to an ...)
+       TODO: check
+CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of 
mishandli ...)
+       TODO: check
+CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash 
because ...)
+       TODO: check
+CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in 
sub_select_postj ...)
+       TODO: check
+CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application 
crash via ...)
+       TODO: check
+CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash 
via certa ...)
+       TODO: check
+CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in 
find_field_in_ta ...)
+       TODO: check
+CVE-2021-4218
+       RESERVED
 CVE-2022-24282
        RESERVED
 CVE-2022-24281
@@ -63,14 +95,14 @@ CVE-2022-24268
        RESERVED
 CVE-2022-24267
        RESERVED
-CVE-2022-24266
-       RESERVED
-CVE-2022-24265
-       RESERVED
-CVE-2022-24264
-       RESERVED
-CVE-2022-24263
-       RESERVED
+CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection 
vulnerability ...)
+       TODO: check
+CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection 
vulnerability ...)
+       TODO: check
+CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection 
vulnerability ...)
+       TODO: check
+CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a 
SQL inject ...)
+       TODO: check
 CVE-2022-24262
        RESERVED
 CVE-2022-24261
@@ -1323,8 +1355,8 @@ CVE-2022-23874
        RESERVED
 CVE-2022-23873
        RESERVED
-CVE-2022-23872
-       RESERVED
+CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site 
scripti ...)
+       TODO: check
 CVE-2022-23871
        RESERVED
 CVE-2022-23870
@@ -1972,8 +2004,8 @@ CVE-2022-23776
        RESERVED
 CVE-2022-23775
        RESERVED
-CVE-2022-23774
-       RESERVED
+CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to 
move arbitr ...)
+       TODO: check
 CVE-2022-23773
        RESERVED
 CVE-2022-23772
@@ -5773,6 +5805,7 @@ CVE-2022-22596
 CVE-2022-22595
        RESERVED
 CVE-2022-22594 [A cross-origin issue in the IndexDB API was addressed with 
improved input validation]
+       RESERVED
        {DSA-5061-1 DSA-5060-1}
        - webkit2gtk 2.34.4-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
@@ -14030,8 +14063,8 @@ CVE-2022-21661 (WordPress is a free and open-source 
content management system wr
        NOTE: 
https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
 CVE-2022-21660
        RESERVED
-CVE-2022-21659
-       RESERVED
+CVE-2022-21659 (Flask-AppBuilder is an application development framework, 
built on top ...)
+       TODO: check
 CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language 
designe ...)
        - rustc <unfixed>
        NOTE: 
https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
@@ -46527,7 +46560,7 @@ CVE-2018-25014 (A flaw was found in libwebp in versions 
before 1.0.1. An unitial
        - libwebp 0.6.1-2.1
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
 CVE-2021-3534
-       RESERVED
+       REJECTED
 CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets 
ANSIBLE_ASYNC_DIR  ...)
        - ansible <unfixed>
        [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed 
upstream)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bc46fb702799e19f85fae65633b0c1604f4ae5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63bc46fb702799e19f85fae65633b0c1604f4ae5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to