[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0e4dd0a1 by security tracker role at 2022-02-04T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-24408
+       RESERVED
+CVE-2022-0501
+       RESERVED
+CVE-2022-0500
+       RESERVED
+CVE-2022-0499
+       RESERVED
+CVE-2022-0498
+       RESERVED
+CVE-2022-0497
+       RESERVED
+CVE-2022-0496
+       RESERVED
+CVE-2022-0495
+       RESERVED
+CVE-2022-0494
+       RESERVED
+CVE-2022-0493
+       RESERVED
 CVE-2022-XXXX [information leak]
        - atftp 0.7.git20210915-1 (bug #1004974)
        NOTE: 
https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5
 (v0.7.5)
@@ -3599,8 +3619,8 @@ CVE-2022-23318
        RESERVED
 CVE-2022-23317
        RESERVED
-CVE-2022-23316
-       RESERVED
+CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an 
arbitrary file r ...)
+       TODO: check
 CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload 
vulnera ...)
        NOT-FOR-US: MCMS
 CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection 
vulnerability vi ...)
@@ -3631,8 +3651,8 @@ CVE-2022-0267
        RESERVED
 CVE-2021-46399
        RESERVED
-CVE-2021-46398
-       RESERVED
+CVE-2021-46398 (A Cross-Site Request Forgery (CSRF) vulnerability exists in 
Filebrowse ...)
+       TODO: check
 CVE-2021-46397
        RESERVED
 CVE-2021-46396
@@ -3827,8 +3847,8 @@ CVE-2021-46322 (Duktape v2.99.99 was discovered to 
contain a SEGV vulnerability
        NOT-FOR-US: Duktape
 CVE-2021-46321
        RESERVED
-CVE-2021-46320
-       RESERVED
+CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are 
invoked se ...)
+       TODO: check
 CVE-2021-46319
        RESERVED
 CVE-2021-46318
@@ -11312,8 +11332,8 @@ CVE-2021-44985
        RESERVED
 CVE-2021-44984
        RESERVED
-CVE-2021-44983
-       RESERVED
+CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is 
an Arbitr ...)
+       TODO: check
 CVE-2021-44982
        RESERVED
 CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a 
variable w ...)
@@ -11322,10 +11342,10 @@ CVE-2021-44980
        RESERVED
 CVE-2021-44979
        RESERVED
-CVE-2021-44978
-       RESERVED
-CVE-2021-44977
-       RESERVED
+CVE-2021-44978 (iCMS <= 8.0.0 allows users to add and render a comtom 
template, whi ...)
+       TODO: check
+CVE-2021-44977 (In iCMS <=8.0.0, a directory traversal vulnerability allows 
an atta ...)
+       TODO: check
 CVE-2021-44976
        RESERVED
 CVE-2021-44975
@@ -11501,16 +11521,16 @@ CVE-2021-44905
        RESERVED
 CVE-2021-44904
        RESERVED
-CVE-2021-44903
-       RESERVED
+CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is 
vulnerable ...)
+       TODO: check
 CVE-2021-44902
        RESERVED
-CVE-2021-44901
-       RESERVED
-CVE-2021-44900
-       RESERVED
-CVE-2021-44899
-       RESERVED
+CVE-2021-44901 (Micro-Star International (MSI) Dragon Center <= 2.0.116.0 
is vulner ...)
+       TODO: check
+CVE-2021-44900 (Micro-Star International (MSI) App Player <= 4.280.1.6309 
is vulner ...)
+       TODO: check
+CVE-2021-44899 (Micro-Star International (MSI) Center <= 1.0.31.0 is 
vulnerable to  ...)
+       TODO: check
 CVE-2021-44898
        RESERVED
 CVE-2021-44897
@@ -11535,8 +11555,8 @@ CVE-2021-44888
        RESERVED
 CVE-2021-44887
        RESERVED
-CVE-2021-44886
-       RESERVED
+CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods 
and subs ...)
+       TODO: check
 CVE-2021-44885
        RESERVED
 CVE-2021-44884
@@ -18679,8 +18699,8 @@ CVE-2021-43147
        RESERVED
 CVE-2021-43146
        RESERVED
-CVE-2021-43145
-       RESERVED
+CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be 
vulnera ...)
+       TODO: check
 CVE-2021-43144
        RESERVED
 CVE-2021-43143
@@ -302856,15 +302876,17 @@ CVE-2017-6964 (dmcrypt-get-device, as shipped in 
the eject package of Debian and
 CVE-2017-6963
        RESERVED
 CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer 
overflow  ...)
+       {DLA-2911-1}
        - apng2gif 1.8-0.1 (bug #854447)
        [jessie] - apng2gif <not-affected> (Vulnerable code introduced later 
with refactoring)
        [wheezy] - apng2gif <not-affected> (Vulnerable code introduced later 
with refactoring)
 CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper 
sanitizatio ...)
+       {DLA-2911-1}
        - apng2gif 1.8-0.1 (bug #854441)
        [jessie] - apng2gif <not-affected> (Vulnerable code introduced later 
with refactoring)
        [wheezy] - apng2gif <not-affected> (Vulnerable code introduced later 
with refactoring)
 CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer 
overflow  ...)
-       {DLA-2165-1 DLA-981-1}
+       {DLA-2911-1 DLA-2165-1 DLA-981-1}
        - apng2gif 1.8-0.1 (bug #854367)
 CVE-2017-6959
        REJECTED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e4dd0a183e4b3324da121acb8911e2e06a19f6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e4dd0a183e4b3324da121acb8911e2e06a19f6e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits