From 89bbbc70bbfd4cc399e08f6e85a600fcfae9421e Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Wed, 5 Jan 2022 08:10:11 +0000
Subject: automatic update

---
 data/CVE/2021.list |  41 ++++-----
 data/CVE/2022.list | 248 ++++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 255 insertions(+), 34 deletions(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index e2a0bbbb7d..a6bb3e6bbf 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1712,8 +1712,7 @@ CVE-2021-45454
 	RESERVED
 CVE-2021-45453
 	RESERVED
-CVE-2021-45452 [Potential directory-traversal via Storage.save()]
-	RESERVED
+CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
 	- python-django 2:3.2.11-1 (bug #1003113)
 	NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
 	NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11)
@@ -2484,14 +2483,12 @@ CVE-2021-45118
 	RESERVED
 CVE-2021-45117
 	RESERVED
-CVE-2021-45116 [Potential information disclosure in dictsort template filter]
-	RESERVED
+CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
 	- python-django 2:3.2.11-1 (bug #1003113)
 	NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
 	NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11)
 	NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26)
-CVE-2021-45115 [Denial-of-service possibility in UserAttributeSimilarityValidator]
-	RESERVED
+CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
 	- python-django 2:3.2.11-1 (bug #1003113)
 	NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
 	NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
@@ -5639,8 +5636,8 @@ CVE-2021-43948
 	RESERVED
 CVE-2021-43947
 	RESERVED
-CVE-2021-43946
-	RESERVED
+CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+	TODO: check
 CVE-2021-43945
 	RESERVED
 CVE-2021-43944
@@ -5836,12 +5833,12 @@ CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python
 	NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6)
 CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...)
 	NOT-FOR-US: Ajax.NET Professional
-CVE-2021-43852
-	RESERVED
+CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+	TODO: check
 CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
 	NOT-FOR-US: Anuko Time Tracker
-CVE-2021-43850
-	RESERVED
+CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...)
+	TODO: check
 CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...)
 	NOT-FOR-US: cordova-plugin-fingerprint-aio
 CVE-2021-43848
@@ -5876,8 +5873,8 @@ CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams
 	NOT-FOR-US: eLabFTW
 CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
 	NOT-FOR-US: eLabFTW
-CVE-2021-43832
-	RESERVED
+CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+	TODO: check
 CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
 	NOT-FOR-US: gradio
 CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
@@ -6231,8 +6228,8 @@ CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in sh
 	NOT-FOR-US: ecshop
 CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
 	NOT-FOR-US: Wechat-php-sdk
-CVE-2021-43677
-	RESERVED
+CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+	TODO: check
 CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
 	NOT-FOR-US: matyhtf framework
 CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
@@ -11229,7 +11226,7 @@ CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2.
 CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
 	NOT-FOR-US: openwhyd
 CVE-2021-41610
-	RESERVED
+	REJECTED
 CVE-2021-41609
 	RESERVED
 CVE-2021-41608
@@ -11744,8 +11741,8 @@ CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provi
 	NOT-FOR-US: Ericsson ECM
 CVE-2021-41389
 	RESERVED
-CVE-2021-41388
-	RESERVED
+CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...)
+	TODO: check
 CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...)
 	- seatd <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
@@ -28881,7 +28878,7 @@ CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C
 	NOT-FOR-US: Zhuhai Jieli
 CVE-2021-34142
 	RESERVED
-CVE-2021-34141 (Incomplete string comparison in the numpy.core component in NumPy1.9.x ...)
+CVE-2021-34141 (** DISPUTED ** Incomplete string comparison in the numpy.core componen ...)
 	- numpy <unfixed>
 	[bullseye] - numpy <no-dsa> (Minor issue)
 	NOTE: https://github.com/numpy/numpy/issues/18993
@@ -58039,8 +58036,8 @@ CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and
 	NOT-FOR-US: Spring Data REST
 CVE-2021-22046
 	RESERVED
-CVE-2021-22045
-	RESERVED
+CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi6 ...)
+	TODO: check
 CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
 	NOT-FOR-US: Spring Cloud OpenFeign
 CVE-2021-22043
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 74510c074a..9ac37801de 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -1,3 +1,227 @@
+CVE-2022-22677
+	RESERVED
+CVE-2022-22676
+	RESERVED
+CVE-2022-22675
+	RESERVED
+CVE-2022-22674
+	RESERVED
+CVE-2022-22673
+	RESERVED
+CVE-2022-22672
+	RESERVED
+CVE-2022-22671
+	RESERVED
+CVE-2022-22670
+	RESERVED
+CVE-2022-22669
+	RESERVED
+CVE-2022-22668
+	RESERVED
+CVE-2022-22667
+	RESERVED
+CVE-2022-22666
+	RESERVED
+CVE-2022-22665
+	RESERVED
+CVE-2022-22664
+	RESERVED
+CVE-2022-22663
+	RESERVED
+CVE-2022-22662
+	RESERVED
+CVE-2022-22661
+	RESERVED
+CVE-2022-22660
+	RESERVED
+CVE-2022-22659
+	RESERVED
+CVE-2022-22658
+	RESERVED
+CVE-2022-22657
+	RESERVED
+CVE-2022-22656
+	RESERVED
+CVE-2022-22655
+	RESERVED
+CVE-2022-22654
+	RESERVED
+CVE-2022-22653
+	RESERVED
+CVE-2022-22652
+	RESERVED
+CVE-2022-22651
+	RESERVED
+CVE-2022-22650
+	RESERVED
+CVE-2022-22649
+	RESERVED
+CVE-2022-22648
+	RESERVED
+CVE-2022-22647
+	RESERVED
+CVE-2022-22646
+	RESERVED
+CVE-2022-22645
+	RESERVED
+CVE-2022-22644
+	RESERVED
+CVE-2022-22643
+	RESERVED
+CVE-2022-22642
+	RESERVED
+CVE-2022-22641
+	RESERVED
+CVE-2022-22640
+	RESERVED
+CVE-2022-22639
+	RESERVED
+CVE-2022-22638
+	RESERVED
+CVE-2022-22637
+	RESERVED
+CVE-2022-22636
+	RESERVED
+CVE-2022-22635
+	RESERVED
+CVE-2022-22634
+	RESERVED
+CVE-2022-22633
+	RESERVED
+CVE-2022-22632
+	RESERVED
+CVE-2022-22631
+	RESERVED
+CVE-2022-22630
+	RESERVED
+CVE-2022-22629
+	RESERVED
+CVE-2022-22628
+	RESERVED
+CVE-2022-22627
+	RESERVED
+CVE-2022-22626
+	RESERVED
+CVE-2022-22625
+	RESERVED
+CVE-2022-22624
+	RESERVED
+CVE-2022-22623
+	RESERVED
+CVE-2022-22622
+	RESERVED
+CVE-2022-22621
+	RESERVED
+CVE-2022-22620
+	RESERVED
+CVE-2022-22619
+	RESERVED
+CVE-2022-22618
+	RESERVED
+CVE-2022-22617
+	RESERVED
+CVE-2022-22616
+	RESERVED
+CVE-2022-22615
+	RESERVED
+CVE-2022-22614
+	RESERVED
+CVE-2022-22613
+	RESERVED
+CVE-2022-22612
+	RESERVED
+CVE-2022-22611
+	RESERVED
+CVE-2022-22610
+	RESERVED
+CVE-2022-22609
+	RESERVED
+CVE-2022-22608
+	RESERVED
+CVE-2022-22607
+	RESERVED
+CVE-2022-22606
+	RESERVED
+CVE-2022-22605
+	RESERVED
+CVE-2022-22604
+	RESERVED
+CVE-2022-22603
+	RESERVED
+CVE-2022-22602
+	RESERVED
+CVE-2022-22601
+	RESERVED
+CVE-2022-22600
+	RESERVED
+CVE-2022-22599
+	RESERVED
+CVE-2022-22598
+	RESERVED
+CVE-2022-22597
+	RESERVED
+CVE-2022-22596
+	RESERVED
+CVE-2022-22595
+	RESERVED
+CVE-2022-22594
+	RESERVED
+CVE-2022-22593
+	RESERVED
+CVE-2022-22592
+	RESERVED
+CVE-2022-22591
+	RESERVED
+CVE-2022-22590
+	RESERVED
+CVE-2022-22589
+	RESERVED
+CVE-2022-22588
+	RESERVED
+CVE-2022-22587
+	RESERVED
+CVE-2022-22586
+	RESERVED
+CVE-2022-22585
+	RESERVED
+CVE-2022-22584
+	RESERVED
+CVE-2022-22583
+	RESERVED
+CVE-2022-22582
+	RESERVED
+CVE-2022-22581
+	RESERVED
+CVE-2022-22580
+	RESERVED
+CVE-2022-22579
+	RESERVED
+CVE-2022-22578
+	RESERVED
+CVE-2022-22577
+	RESERVED
+CVE-2022-22576
+	RESERVED
+CVE-2022-22575
+	RESERVED
+CVE-2022-22574
+	RESERVED
+CVE-2022-22573
+	RESERVED
+CVE-2022-22572
+	RESERVED
+CVE-2022-22571
+	RESERVED
+CVE-2022-22570
+	RESERVED
+CVE-2022-22569
+	RESERVED
+CVE-2022-22568
+	RESERVED
+CVE-2022-0122
+	RESERVED
+CVE-2022-0121
+	RESERVED
 CVE-2022-22567
 	RESERVED
 CVE-2022-22566
@@ -2066,22 +2290,22 @@ CVE-2022-21652
 	RESERVED
 CVE-2022-21651
 	RESERVED
-CVE-2022-21650
-	RESERVED
-CVE-2022-21649
-	RESERVED
-CVE-2022-21648
-	RESERVED
-CVE-2022-21647
-	RESERVED
+CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...)
+	TODO: check
+CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...)
+	TODO: check
+CVE-2022-21648 (Latte is an open source template engine for PHP. Versions since 2.8.0  ...)
+	TODO: check
+CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework. Deserializ ...)
+	TODO: check
 CVE-2022-21646
 	RESERVED
 CVE-2022-21645
 	RESERVED
-CVE-2022-21644
-	RESERVED
-CVE-2022-21643
-	RESERVED
+CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+	TODO: check
+CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+	TODO: check
 CVE-2022-21642
 	RESERVED
 CVE-2022-21641
-- 
cgit v1.2.3