[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 1 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
311a43e2 by security tracker role at 2022-04-01T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-28327
+ RESERVED
+CVE-2022-28326
+ RESERVED
+CVE-2022-28325
+ RESERVED
+CVE-2022-28324
+ RESERVED
+CVE-2022-28323
+ RESERVED
+CVE-2022-28322
+ RESERVED
+CVE-2022-28321
+ RESERVED
+CVE-2022-28320
+ RESERVED
+CVE-2022-28319
+ RESERVED
+CVE-2022-28318
+ RESERVED
+CVE-2022-28317
+ RESERVED
+CVE-2022-28316
+ RESERVED
+CVE-2022-28315
+ RESERVED
+CVE-2022-28314
+ RESERVED
+CVE-2022-28313
+ RESERVED
+CVE-2022-28312
+ RESERVED
+CVE-2022-28311
+ RESERVED
+CVE-2022-28310
+ RESERVED
+CVE-2022-28309
+ RESERVED
+CVE-2022-28308
+ RESERVED
+CVE-2022-28307
+ RESERVED
+CVE-2022-28306
+ RESERVED
+CVE-2022-28305
+ RESERVED
+CVE-2022-28304
+ RESERVED
+CVE-2022-28303
+ RESERVED
+CVE-2022-28302
+ RESERVED
+CVE-2022-28301
+ RESERVED
+CVE-2022-28300
+ RESERVED
+CVE-2022-27188
+ RESERVED
+CVE-2022-26034
+ RESERVED
+CVE-2022-1200
+ RESERVED
+CVE-2021-4225
+ RESERVED
CVE-2022-28299
RESERVED
CVE-2022-28298
@@ -1016,14 +1080,14 @@ CVE-2022-27968
RESERVED
CVE-2022-27967
RESERVED
-CVE-2022-27966
- RESERVED
-CVE-2022-27965
- RESERVED
-CVE-2022-27964
- RESERVED
-CVE-2022-27963
- RESERVED
+CVE-2022-27966 (Xshell v7.0.0099 and below contains a binary hijack vulnerability whic ...)
+ TODO: check
+CVE-2022-27965 (Xlpd v7.0.0094 and below contains a binary hijack vulnerability which ...)
+ TODO: check
+CVE-2022-27964 (Xmanager v7.0.0096 and below contains a binary hijack vulnerability wh ...)
+ TODO: check
+CVE-2022-27963 (Xftp 7.0.0088p and below contains a binary hijack vulnerability which ...)
+ TODO: check
CVE-2022-27962
RESERVED
CVE-2022-27961
@@ -3408,14 +3472,14 @@ CVE-2022-27054
RESERVED
CVE-2022-27053
RESERVED
-CVE-2022-27052
- RESERVED
+CVE-2022-27052 (FreeFtpd version 1.0.13 and below contains an unquoted service path vu ...)
+ TODO: check
CVE-2022-27051
RESERVED
-CVE-2022-27050
- RESERVED
-CVE-2022-27049
- RESERVED
+CVE-2022-27050 (BitComet Service for Windows before version 1.8.6 contains an unquoted ...)
+ TODO: check
+CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily move log f ...)
+ TODO: check
CVE-2022-27048
RESERVED
CVE-2022-27047
@@ -4635,8 +4699,8 @@ CVE-2022-26548
RESERVED
CVE-2022-26547
RESERVED
-CVE-2022-26546
- RESERVED
+CVE-2022-26546 (Hospital Management System v1.0 was discovered to lack an authorizatio ...)
+ TODO: check
CVE-2022-26545
RESERVED
CVE-2022-26544
@@ -8877,8 +8941,8 @@ CVE-2022-25019
CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary c ...)
- pluxml <unfixed> (bug #1008264)
NOTE: https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf
-CVE-2022-25017
- RESERVED
+CVE-2022-25017 (Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulner ...)
+ TODO: check
CVE-2022-25016 (Home Owners Collection Management System v1.0 was discovered to contai ...)
NOT-FOR-US: Home Owners Collection Management System
CVE-2022-25015 (A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS ...)
@@ -8959,12 +9023,14 @@ CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a rem
CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...)
NOT-FOR-US: JQueryForm.com
CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -8983,18 +9049,21 @@ CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to
CVE-2022-0584
RESERVED
CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html
CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html
CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -9429,32 +9498,32 @@ CVE-2022-24805
RESERVED
CVE-2022-24804
RESERVED
-CVE-2022-24803
- RESERVED
-CVE-2022-24802
- RESERVED
+CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard include proces ...)
+ TODO: check
+CVE-2022-24802 (deepmerge-ts is a typescript library providing functionality to deep m ...)
+ TODO: check
CVE-2022-24801
RESERVED
CVE-2022-24800
RESERVED
CVE-2022-24799
RESERVED
-CVE-2022-24798
- RESERVED
-CVE-2022-24797
- RESERVED
-CVE-2022-24796
- RESERVED
+CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database server, ...)
+ TODO: check
+CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed service mod ...)
+ TODO: check
+CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running ...)
+ TODO: check
CVE-2022-24795
RESERVED
-CVE-2022-24794
- RESERVED
+CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...)
+ TODO: check
CVE-2022-24793
RESERVED
CVE-2022-24792
RESERVED
-CVE-2022-24791
- RESERVED
+CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cran ...)
+ TODO: check
CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...)
- puma <unfixed> (bug #1008723)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
@@ -9552,8 +9621,8 @@ CVE-2022-24760 (Parse Server is an open source http web server backend. In versi
NOT-FOR-US: Parse Server
CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation of noise ...)
NOT-FOR-US: chainsafe/libp2p-noise
-CVE-2022-24758
- RESERVED
+CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for interacti ...)
+ TODO: check
CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
- jupyter-server <unfixed> (bug #1008319)
NOTE: https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a (v1.15.4)
@@ -12897,8 +12966,8 @@ CVE-2021-46441
RESERVED
CVE-2021-46440
RESERVED
-CVE-2021-46439
- RESERVED
+CVE-2021-46439 (The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers fro ...)
+ TODO: check
CVE-2021-46438
RESERVED
CVE-2021-46437
@@ -19168,12 +19237,14 @@ CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allow
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -19194,6 +19265,7 @@ CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -21807,8 +21879,8 @@ CVE-2022-21949
RESERVED
CVE-2022-21948
RESERVED
-CVE-2022-21947
- RESERVED
+CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of SUSE all ...)
+ TODO: check
CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers configura ...)
NOT-FOR-US: SUSE cscreen
CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE Factory ...)
@@ -27413,8 +27485,8 @@ CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS
NOT-FOR-US: Subrion CMS
CVE-2021-43723
RESERVED
-CVE-2021-43722
- RESERVED
+CVE-2021-43722 (D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main ...)
+ TODO: check
CVE-2021-43721 (Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markd ...)
NOT-FOR-US: Leanote
CVE-2021-43720
@@ -27443,8 +27515,8 @@ CVE-2021-43709
RESERVED
CVE-2021-43708
RESERVED
-CVE-2021-43707
- RESERVED
+CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link ...)
+ TODO: check
CVE-2021-43706
RESERVED
CVE-2021-43705
@@ -50979,12 +51051,12 @@ CVE-2021-35119
RESERVED
CVE-2021-35118
RESERVED
-CVE-2021-35117
- RESERVED
+CVE-2021-35117 (An Out of Bounds read may potentially occur while processing an IBSS b ...)
+ TODO: check
CVE-2021-35116
RESERVED
-CVE-2021-35115
- RESERVED
+CVE-2021-35115 (Improper handling of multiple session supported by PVM backend can lea ...)
+ TODO: check
CVE-2021-35114
RESERVED
CVE-2021-35113
@@ -50993,22 +51065,22 @@ CVE-2021-35112
RESERVED
CVE-2021-35111
RESERVED
-CVE-2021-35110
- RESERVED
+CVE-2021-35110 (Possible buffer overflow to improper validation of hash segment of fil ...)
+ TODO: check
CVE-2021-35109
RESERVED
CVE-2021-35108
RESERVED
CVE-2021-35107
RESERVED
-CVE-2021-35106
- RESERVED
-CVE-2021-35105
- RESERVED
+CVE-2021-35106 (Possible out of bound read due to improper length calculation of WMI m ...)
+ TODO: check
+CVE-2021-35105 (Possible out of bounds access due to improper input validation during ...)
+ TODO: check
CVE-2021-35104
RESERVED
-CVE-2021-35103
- RESERVED
+CVE-2021-35103 (Possible out of bound write due to improper validation of number of ti ...)
+ TODO: check
CVE-2021-35102
RESERVED
CVE-2021-35101
@@ -51035,10 +51107,10 @@ CVE-2021-35091
RESERVED
CVE-2021-35090
RESERVED
-CVE-2021-35089
- RESERVED
-CVE-2021-35088
- RESERVED
+CVE-2021-35089 (Possible buffer overflow due to lack of input IB amount validation whi ...)
+ TODO: check
+CVE-2021-35088 (Possible out of bound read due to improper validation of IE length dur ...)
+ TODO: check
CVE-2021-35087
RESERVED
CVE-2021-35086
@@ -63321,18 +63393,18 @@ CVE-2021-30335 (Possible assertion in QOS request due to improper validation whe
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30334
RESERVED
-CVE-2021-30333
- RESERVED
-CVE-2021-30332
- RESERVED
-CVE-2021-30331
- RESERVED
+CVE-2021-30333 (Improper validation of buffer size input to the EFS file can lead to m ...)
+ TODO: check
+CVE-2021-30332 (Possible assertion due to improper validation of OTA configuration in ...)
+ TODO: check
+CVE-2021-30331 (Possible buffer overflow due to improper data validation of external c ...)
+ TODO: check
CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30329
- RESERVED
-CVE-2021-30328
- RESERVED
+CVE-2021-30329 (Possible assertion due to improper validation of TCI configuration in ...)
+ TODO: check
+CVE-2021-30328 (Possible assertion due to improper validation of invalid NR CSI-IM res ...)
+ TODO: check
CVE-2021-30327
RESERVED
CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
@@ -83257,6 +83329,7 @@ CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions st
CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...)
+ {DLA-2967-1}
- wireshark 3.4.4-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
@@ -92714,8 +92787,8 @@ CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of r
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1951
RESERVED
-CVE-2021-1950
- RESERVED
+CVE-2021-1950 (Improper cleaning of secure memory between authenticated users can lea ...)
+ TODO: check
CVE-2021-1949 (Possible integer overflow due to improper check of batch count value w ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...)
@@ -92730,8 +92803,8 @@ CVE-2021-1944
RESERVED
CVE-2021-1943 (Possible buffer out of bound read can occur due to improper validation ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1942
- RESERVED
+CVE-2021-1942 (Improper handling of permissions of a shared memory region can lead to ...)
+ TODO: check
CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311a43e2d35382874df2373de9e4ad3512bd32be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311a43e2d35382874df2373de9e4ad3512bd32be
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220401/0a86445f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list