automatic update

author: security tracker role <sectracker@soriano.debian.org> 2022-01-04 20:10:21 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2022-01-04 20:10:21 +0000
commit: 235f0bffb9d5712463b04197c32742098a5308f2 (patch)
tree: 241fc026cbdbeb2293c0523568b9aba18d0b8f1d
parent: 6a5a7759acf6aa40fdc9a48627ebfe5845f362a5 (diff)
3 files changed, 284 insertions, 95 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index fd5798e971..b74e2f07d6 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -44656,7 +44656,7 @@ CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring d
 	NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue
 	NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This
 	NOTE: CVE is closely related to CVE-2020-1957.
-CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...)
+CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...)
 	- xmlgraphics-commons 2.4-2 (bug #984949)
 	[bullseye] - xmlgraphics-commons 2.4-2~deb11u1
 	[buster] - xmlgraphics-commons 2.3-1+deb10u1
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index db502d438d..897af52c5f 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,3 +1,47 @@
+CVE-2021-46140
+	RESERVED
+CVE-2021-46139
+	RESERVED
+CVE-2021-46138
+	RESERVED
+CVE-2021-46137
+	RESERVED
+CVE-2021-46136
+	RESERVED
+CVE-2021-46135
+	RESERVED
+CVE-2021-46134
+	RESERVED
+CVE-2021-46133
+	RESERVED
+CVE-2021-46132
+	RESERVED
+CVE-2021-46131
+	RESERVED
+CVE-2021-45722
+	RESERVED
+CVE-2021-45110
+	RESERVED
+CVE-2021-45073
+	RESERVED
+CVE-2021-44778
+	RESERVED
+CVE-2021-44468
+	RESERVED
+CVE-2021-44456
+	RESERVED
+CVE-2021-44452
+	RESERVED
+CVE-2021-43352
+	RESERVED
+CVE-2021-4199
+	RESERVED
+CVE-2021-4198
+	RESERVED
+CVE-2021-31564
+	RESERVED
+CVE-2021-23229
+	RESERVED
 CVE-2021-46130
 	RESERVED
 CVE-2021-46129
@@ -309,12 +353,12 @@ CVE-2021-45982
 	RESERVED
 CVE-2021-45981
 	RESERVED
-CVE-2021-45980
-	RESERVED
-CVE-2021-45979
-	RESERVED
-CVE-2021-45978
-	RESERVED
+CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+	TODO: check
+CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+	TODO: check
+CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+	TODO: check
 CVE-2021-45977
 	RESERVED
 CVE-2021-45976
@@ -564,10 +608,10 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
 	- mruby <not-affected> (Vulnerable code introduced later)
 	NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
 	NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
-CVE-2021-45913
-	RESERVED
-CVE-2021-45912
-	RESERVED
+CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...)
+	TODO: check
+CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
+	TODO: check
 CVE-2021-44775
 	RESERVED
 CVE-2021-44465
@@ -1842,8 +1886,8 @@ CVE-2021-45391
 	RESERVED
 CVE-2021-45390
 	RESERVED
-CVE-2021-45389
-	RESERVED
+CVE-2021-45389 (StarWind SAN &amp; NAS build 1578 and StarWind Command Center Build 68 ...)
+	TODO: check
 CVE-2021-45388
 	RESERVED
 CVE-2021-45387
@@ -2492,7 +2536,7 @@ CVE-2021-4127
 	RESERVED
 CVE-2021-4126
 	RESERVED
-	{DSA-5034-1}
+	{DSA-5034-1 DLA-2874-1}
 	- thunderbird 1:91.4.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
 CVE-2021-26264
@@ -3367,6 +3411,7 @@ CVE-2021-44792
 CVE-2021-44791
 	RESERVED
 CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
+	{DSA-5035-1}
 	- apache2 2.4.52-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
 	NOTE: Fixed by: https://svn.apache.org/r1896039
@@ -4062,7 +4107,7 @@ CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
 CVE-2021-44539
 	RESERVED
 CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...)
-	{DSA-5034-1}
+	{DSA-5034-1 DLA-2874-1}
 	- element-web <itp> (bug #866502)
 	- olm 3.2.8~dfsg-1 (bug #1001664)
 	[buster] - olm <not-affected> (Vulnerable code introduced later)
@@ -4833,6 +4878,7 @@ CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficien
 	NOTE: https://github.com/acassen/keepalived/pull/2063
 	NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
 CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...)
+	{DSA-5035-1}
 	- apache2 2.4.52-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224
 	NOTE: Fixed by: https://svn.apache.org/r1895955
@@ -4981,8 +5027,8 @@ CVE-2021-44170
 	RESERVED
 CVE-2021-44169
 	RESERVED
-CVE-2021-44168
-	RESERVED
+CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
+	TODO: check
 CVE-2021-44167
 	RESERVED
 CVE-2021-44166
@@ -6117,8 +6163,8 @@ CVE-2021-43713
 	RESERVED
 CVE-2021-43712
 	RESERVED
-CVE-2021-43711
-	RESERVED
+CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
+	TODO: check
 CVE-2021-43710
 	RESERVED
 CVE-2021-43709
@@ -6530,7 +6576,7 @@ CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 re
 CVE-2021-43547
 	RESERVED
 CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6538,7 +6584,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
 CVE-2021-43545 (Using the Location API in a loop could have caused severe application  ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6549,7 +6595,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s
 	- firefox <not-affected> (Only affects Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6557,7 +6603,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6565,7 +6611,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
 CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6576,7 +6622,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a
 	- firefox 95.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
 CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm  ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6584,7 +6630,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
 CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6592,7 +6638,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6600,7 +6646,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused  ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -6608,7 +6654,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
 CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 93.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -6616,7 +6662,7 @@ CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
 CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -6637,12 +6683,12 @@ CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
 CVE-2021-43529
 	RESERVED
-	{DSA-5034-1}
+	{DSA-5034-1 DLA-2874-1}
 	- thunderbird 1:91.3.0-1
 	NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
 CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...)
-	{DSA-5034-1}
+	{DSA-5034-1 DLA-2874-1}
 	- thunderbird 1:91.4.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
 CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...)
@@ -7080,7 +7126,7 @@ CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allow
 	NOT-FOR-US: Sunnet eHRD
 CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
 	NOT-FOR-US: Sunnet eHRD
-CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
+CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
 	- vim 2:8.2.3995-1
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
@@ -10617,8 +10663,8 @@ CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dan
 	NOT-FOR-US: firefly-iii
 CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...)
 	NOT-FOR-US: Trend Micro
-CVE-2021-3845
-	RESERVED
+CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...)
+	TODO: check
 CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
 	NOT-FOR-US: Apache OpenOffice
 CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...)
@@ -10629,8 +10675,8 @@ CVE-2021-3844
 	RESERVED
 CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...)
 	NOT-FOR-US: Lenovo
-CVE-2021-3842
-	RESERVED
+CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+	TODO: check
 CVE-2021-3841
 	RESERVED
 CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the  ...)
@@ -10754,8 +10800,8 @@ CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0
 	NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share
 CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
 	NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
-CVE-2021-41789
-	RESERVED
+CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...)
+	TODO: check
 CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...)
 	NOT-FOR-US: Netgear
 CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...)
@@ -12059,8 +12105,8 @@ CVE-2021-41238 (Hangfire is an open source system to perform background job proc
 	NOT-FOR-US: Hangfire
 CVE-2021-41237
 	RESERVED
-CVE-2021-41236
-	RESERVED
+CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+	TODO: check
 CVE-2021-41235
 	RESERVED
 CVE-2021-41234
@@ -12298,8 +12344,8 @@ CVE-2021-41143
 	RESERVED
 CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
 	NOT-FOR-US: Tuleap
-CVE-2021-41141
-	RESERVED
+CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
+	TODO: check
 CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...)
 	NOT-FOR-US: Discourse plugin
 CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -13768,8 +13814,7 @@ CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the
 	NOT-FOR-US: "com.onepeloton.erlich" mobile application
 CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
 	NOT-FOR-US: Peleton
-CVE-2021-40525
-	RESERVED
+CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...)
 	NOT-FOR-US: Apache James
 CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: showdoc
@@ -14717,8 +14762,8 @@ CVE-2021-40150
 	RESERVED
 CVE-2021-40149
 	RESERVED
-CVE-2021-40148
-	RESERVED
+CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
+	TODO: check
 CVE-2021-3743
 	RESERVED
 	{DSA-4978-1 DLA-2785-1}
@@ -14849,11 +14894,9 @@ CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface o
 	NOT-FOR-US: Cisco
 CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the  ...)
 	NOT-FOR-US: Cisco
-CVE-2021-40111
-	RESERVED
+CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we  ...)
 	NOT-FOR-US: Apache James
-CVE-2021-40110
-	RESERVED
+CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user  ...)
 	NOT-FOR-US: Apache James
 CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...)
 	NOT-FOR-US: Concrete CMS
@@ -17224,8 +17267,8 @@ CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back
 	- libxstream-java 1.4.18-1 (bug #998054)
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
 	NOTE: https://x-stream.github.io/CVE-2021-39144.html
-CVE-2021-39143
-	RESERVED
+CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+	TODO: check
 CVE-2021-39142
 	RESERVED
 CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
@@ -18545,8 +18588,7 @@ CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remo
 	NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices
 CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...)
 	NOT-FOR-US: TP-Link
-CVE-2021-38542
-	RESERVED
+CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...)
 	NOT-FOR-US: Apache James
 CVE-2021-38541
 	RESERVED
@@ -18624,7 +18666,7 @@ CVE-2021-38510 (The executable file warning was not presented when downloading .
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
 CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18632,7 +18674,7 @@ CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Java
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
 CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18640,7 +18682,7 @@ CVE-2021-38508 (By displaying a form validity message in the correct location at
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
 CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18648,7 +18690,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
 CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18663,7 +18705,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
 CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with  ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18671,7 +18713,7 @@ CVE-2021-38504 (When interacting with an HTML input element's file picker dialog
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
 CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
-	{DSA-5034-1 DSA-5026-1 DLA-2863-1}
+	{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -18679,7 +18721,7 @@ CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT styl
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503
 CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
-	{DSA-5034-1}
+	{DSA-5034-1 DLA-2874-1}
 	[experimental] - thunderbird 1:91.2.0-1
 	- thunderbird 1:91.2.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
@@ -18691,7 +18733,7 @@ CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefo
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
 CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
-	{DSA-5034-1 DSA-4981-1 DLA-2782-1}
+	{DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
 	- firefox 93.0-1
 	- firefox-esr 91.2.0esr-1
 	[experimental] - thunderbird 1:91.2.0-1
@@ -18719,7 +18761,7 @@ CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
 CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while  ...)
-	{DSA-5034-1 DSA-4981-1 DLA-2782-1}
+	{DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
 	- firefox 93.0-1
 	- firefox-esr 91.2.0esr-1
 	[experimental] - thunderbird 1:91.2.0-1
@@ -25774,7 +25816,7 @@ CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authentic
 	NOT-FOR-US: Wowza Streaming Engine
 CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
 	NOT-FOR-US: Wowza Streaming Engine
-CVE-2021-35490 (Thruk 2.40-2 allows stored XSS. ...)
+CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...)
 	NOT-FOR-US: Thruk
 CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&amp;host={HOSTN ...)
 	NOT-FOR-US: Thruk
@@ -27322,8 +27364,7 @@ CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL po
 	NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1)
 CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
 	NOT-FOR-US: Secure 8 (Evalos)
-CVE-2021-34797
-	RESERVED
+CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log  ...)
 	NOT-FOR-US: Apache Geode
 CVE-2021-34796
 	RESERVED
@@ -34549,8 +34590,8 @@ CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrato
 	NOT-FOR-US: McAfee
 CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
 	NOT-FOR-US: McAfee
-CVE-2021-31833
-	RESERVED
+CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application  ...)
+	TODO: check
 CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
 	NOT-FOR-US: McAfee
 CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
@@ -53426,8 +53467,8 @@ CVE-2021-24044
 	RESERVED
 CVE-2021-24043
 	RESERVED
-CVE-2021-24042
-	RESERVED
+CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
+	TODO: check
 CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
 	TODO: check
 CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the  ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index d214ebf1b0..b1db173140 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,151 @@
+CVE-2022-22567
+	RESERVED
+CVE-2022-22566
+	RESERVED
+CVE-2022-22565
+	RESERVED
+CVE-2022-22564
+	RESERVED
+CVE-2022-22563
+	RESERVED
+CVE-2022-22562
+	RESERVED
+CVE-2022-22561
+	RESERVED
+CVE-2022-22560
+	RESERVED
+CVE-2022-22559
+	RESERVED
+CVE-2022-22558
+	RESERVED
+CVE-2022-22557
+	RESERVED
+CVE-2022-22556
+	RESERVED
+CVE-2022-22555
+	RESERVED
+CVE-2022-22554
+	RESERVED
+CVE-2022-22553
+	RESERVED
+CVE-2022-22552
+	RESERVED
+CVE-2022-22551
+	RESERVED
+CVE-2022-22550
+	RESERVED
+CVE-2022-22549
+	RESERVED
+CVE-2022-22548
+	RESERVED
+CVE-2022-22547
+	RESERVED
+CVE-2022-22546
+	RESERVED
+CVE-2022-22545
+	RESERVED
+CVE-2022-22544
+	RESERVED
+CVE-2022-22543
+	RESERVED
+CVE-2022-22542
+	RESERVED
+CVE-2022-22541
+	RESERVED
+CVE-2022-22540
+	RESERVED
+CVE-2022-22539
+	RESERVED
+CVE-2022-22538
+	RESERVED
+CVE-2022-22537
+	RESERVED
+CVE-2022-22536
+	RESERVED
+CVE-2022-22535
+	RESERVED
+CVE-2022-22534
+	RESERVED
+CVE-2022-22533
+	RESERVED
+CVE-2022-22532
+	RESERVED
+CVE-2022-22531
+	RESERVED
+CVE-2022-22530
+	RESERVED
+CVE-2022-22529
+	RESERVED
+CVE-2022-22528
+	RESERVED
+CVE-2022-22527
+	RESERVED
+CVE-2022-0120
+	RESERVED
+CVE-2022-0119
+	RESERVED
+CVE-2022-0118
+	RESERVED
+CVE-2022-0117
+	RESERVED
+CVE-2022-0116
+	RESERVED
+CVE-2022-0115
+	RESERVED
+CVE-2022-0114
+	RESERVED
+CVE-2022-0113
+	RESERVED
+CVE-2022-0112
+	RESERVED
+CVE-2022-0111
+	RESERVED
+CVE-2022-0110
+	RESERVED
+CVE-2022-0109
+	RESERVED
+CVE-2022-0108
+	RESERVED
+CVE-2022-0107
+	RESERVED
+CVE-2022-0106
+	RESERVED
+CVE-2022-0105
+	RESERVED
+CVE-2022-0104
+	RESERVED
+CVE-2022-0103
+	RESERVED
+CVE-2022-0102
+	RESERVED
+CVE-2022-0101
+	RESERVED
+CVE-2022-0100
+	RESERVED
+CVE-2022-0099
+	RESERVED
+CVE-2022-0098
+	RESERVED
+CVE-2022-0097
+	RESERVED
+CVE-2022-0096
+	RESERVED
+CVE-2022-0095
+	RESERVED
+CVE-2022-0094
+	RESERVED
+CVE-2022-0093
+	RESERVED
+CVE-2022-0092
+	RESERVED
+CVE-2022-0091
+	RESERVED
+CVE-2022-0090
+	RESERVED
+CVE-2022-0089
+	RESERVED
+CVE-2022-0088
+	RESERVED
 CVE-2022-22526
 	RESERVED
 CVE-2022-22525
@@ -466,8 +614,8 @@ CVE-2022-22295
 	RESERVED
 CVE-2022-22294
 	RESERVED
-CVE-2022-0086
-	RESERVED
+CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
+	TODO: check
 CVE-2022-0085
 	RESERVED
 CVE-2022-0084
@@ -4982,30 +5130,30 @@ CVE-2022-20025
 	RESERVED
 CVE-2022-20024
 	RESERVED
-CVE-2022-20023
-	RESERVED
-CVE-2022-20022
-	RESERVED
-CVE-2022-20021
-	RESERVED
-CVE-2022-20020
-	RESERVED
-CVE-2022-20019
-	RESERVED
-CVE-2022-20018
-	RESERVED
+CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...)
+	TODO: check
+CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth  ...)
+	TODO: check
+CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...)
+	TODO: check
+CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...)
+	TODO: check
+CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to  ...)
+	TODO: check
+CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...)
+	TODO: check
 CVE-2022-20017
 	RESERVED
-CVE-2022-20016
-	RESERVED
-CVE-2022-20015
-	RESERVED
-CVE-2022-20014
-	RESERVED
-CVE-2022-20013
-	RESERVED
-CVE-2022-20012
-	RESERVED
+CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...)
+	TODO: check
+CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...)
+	TODO: check
+CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...)
+	TODO: check
+CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...)
+	TODO: check
+CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...)
+	TODO: check
 CVE-2022-20011
 	RESERVED
 CVE-2022-20010
author	security tracker role <sectracker@soriano.debian.org>	2022-01-04 20:10:21 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2022-01-04 20:10:21 +0000
commit	235f0bffb9d5712463b04197c32742098a5308f2 (patch)
tree	241fc026cbdbeb2293c0523568b9aba18d0b8f1d
parent	6a5a7759acf6aa40fdc9a48627ebfe5845f362a5 (diff)