[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 5 09:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6301d55 by security tracker role at 2022-04-05T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,29 @@
+CVE-2022-28660
+ RESERVED
+CVE-2022-28659
+ RESERVED
+CVE-2022-28658
+ RESERVED
+CVE-2022-28657
+ RESERVED
+CVE-2022-28656
+ RESERVED
+CVE-2022-28655
+ RESERVED
+CVE-2022-28654
+ RESERVED
+CVE-2022-28653
+ RESERVED
+CVE-2022-28652
+ RESERVED
+CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...)
+ TODO: check
+CVE-2022-1234
+ RESERVED
+CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository medialize/ ...)
+ TODO: check
CVE-2022-1232
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -583,10 +608,10 @@ CVE-2022-28382
RESERVED
CVE-2022-1214
RESERVED
-CVE-2022-1213
- RESERVED
-CVE-2022-1212
- RESERVED
+CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/li ...)
+ TODO: check
+CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby ...)
+ TODO: check
CVE-2022-28381 (Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflo ...)
NOT-FOR-US: ALLMediaServer
CVE-2022-28380 (The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) all ...)
@@ -1055,12 +1080,12 @@ CVE-2022-28224
RESERVED
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
NOT-FOR-US: livehelperchat
-CVE-2022-1190
- RESERVED
-CVE-2022-1189
- RESERVED
-CVE-2022-1188
- RESERVED
+CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...)
+ TODO: check
+CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2022-1187
RESERVED
CVE-2022-1186
@@ -1073,8 +1098,8 @@ CVE-2022-28221
RESERVED
CVE-2022-28220
RESERVED
-CVE-2022-1185
- RESERVED
+CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...)
+ TODO: check
CVE-2022-1184
RESERVED
CVE-2022-1183
@@ -1093,10 +1118,10 @@ CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub
NOT-FOR-US: OpenEMR
CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...)
NOT-FOR-US: livehelperchat
-CVE-2022-1175
- RESERVED
-CVE-2022-1174
- RESERVED
+CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14.4 be ...)
+ TODO: check
+CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...)
+ TODO: check
CVE-2022-1173
RESERVED
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
@@ -1242,8 +1267,8 @@ CVE-2022-28171
RESERVED
CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...)
NOT-FOR-US: minewebcms
-CVE-2022-1162
- RESERVED
+CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...)
+ TODO: check
CVE-2022-1161
RESERVED
CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...)
@@ -1362,8 +1387,8 @@ CVE-2022-28130
RESERVED
CVE-2022-28129
RESERVED
-CVE-2022-1148
- RESERVED
+CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...)
+ TODO: check
CVE-2022-1147
RESERVED
CVE-2022-1146
@@ -1510,10 +1535,10 @@ CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.
[buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1368
NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
-CVE-2022-1121
- RESERVED
-CVE-2022-1120
- RESERVED
+CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab CE/E ...)
+ TODO: check
+CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...)
+ TODO: check
CVE-2022-1119
RESERVED
CVE-2022-1118
@@ -1530,8 +1555,8 @@ CVE-2022-1113
RESERVED
CVE-2022-1112
RESERVED
-CVE-2022-1111
- RESERVED
+CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...)
+ TODO: check
CVE-2020-36520
RESERVED
CVE-2022-28125
@@ -1957,8 +1982,8 @@ CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby pr
NOTE: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f
NOTE: https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c
TODO: check
-CVE-2022-1105
- RESERVED
+CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...)
+ TODO: check
CVE-2022-1104
RESERVED
CVE-2022-1103
@@ -2051,10 +2076,10 @@ CVE-2022-1102
RESERVED
CVE-2022-1101
RESERVED
-CVE-2022-1100
- RESERVED
-CVE-2022-1099
- RESERVED
+CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
+ TODO: check
+CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE affecti ...)
+ TODO: check
CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vu ...)
NOT-FOR-US: Delta Electronics DIAEnergie
CVE-2021-46742
@@ -2660,16 +2685,13 @@ CVE-2022-27653
CVE-2022-27652
RESERVED
NOT-FOR-US: cri-o
-CVE-2022-27651
- RESERVED
+CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started ...)
- golang-github-containers-buildah <unfixed>
NOTE: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1)
-CVE-2022-27650
- RESERVED
+CVE-2022-27650 (A flaw was found in crun where containers were incorrectly started wit ...)
- crun <unfixed>
NOTE: https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562 (1.4.4)
-CVE-2022-27649
- RESERVED
+CVE-2022-27649 (A flaw was found in Podman, where containers were started incorrectly ...)
- libpod <unfixed>
NOTE: https://github.com/containers/podman/releases/tag/v4.0.3
NOTE: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 (main)
@@ -2783,10 +2805,10 @@ CVE-2022-27611
RESERVED
CVE-2022-27610
RESERVED
-CVE-2022-27609
- RESERVED
-CVE-2022-27608
- RESERVED
+CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...)
+ TODO: check
+CVE-2022-27608 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...)
+ TODO: check
CVE-2022-27607 (Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom ...)
NOT-FOR-US: Bento4
CVE-2022-27606
@@ -3131,10 +3153,10 @@ CVE-2022-27444
RESERVED
CVE-2022-27443
RESERVED
-CVE-2022-27442
- RESERVED
-CVE-2022-27441
- RESERVED
+CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log directory and o ...)
+ TODO: check
+CVE-2022-27441 (A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows ...)
+ TODO: check
CVE-2022-27440
RESERVED
CVE-2022-27439
@@ -5345,16 +5367,16 @@ CVE-2022-26621
RESERVED
CVE-2022-26620
REJECTED
-CVE-2022-26619
- RESERVED
+CVE-2022-26619 (Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbi ...)
+ TODO: check
CVE-2022-26618
RESERVED
CVE-2022-26617
RESERVED
CVE-2022-26616 (PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to pe ...)
TODO: check
-CVE-2022-26615
- RESERVED
+CVE-2022-26615 (A cross-site scripting (XSS) vulnerability in College Website Content ...)
+ TODO: check
CVE-2022-26614
RESERVED
CVE-2022-26613
@@ -5413,8 +5435,8 @@ CVE-2022-26587
RESERVED
CVE-2022-26586
RESERVED
-CVE-2022-26585
- RESERVED
+CVE-2022-26585 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
CVE-2022-26584
RESERVED
CVE-2022-26583
@@ -6267,8 +6289,8 @@ CVE-2022-26283 (Simple Subscription Website v1.0 was discovered to contain a SQL
NOT-FOR-US: Simple Subscription Website
CVE-2022-26282
RESERVED
-CVE-2022-26281
- RESERVED
+CVE-2022-26281 (BigAnt Server v5.6.06 was discovered to contain an incorrect access co ...)
+ TODO: check
CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds read via ...)
- libarchive <unfixed> (bug #1008953)
[bullseye] - libarchive <no-dsa> (Minor issue)
@@ -6548,57 +6570,49 @@ CVE-2022-0812 [NFS over RDMA random memory leakage]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058955
CVE-2022-0810
RESERVED
-CVE-2022-0809
- RESERVED
+CVE-2022-0809 (Out of bounds memory access in WebXR in Google Chrome prior to 99.0.48 ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0808
- RESERVED
+CVE-2022-0808 (Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0807
- RESERVED
+CVE-2022-0807 (Inappropriate implementation in Autofill in Google Chrome prior to 99. ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0806
- RESERVED
+CVE-2022-0806 (Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a r ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0805
- RESERVED
+CVE-2022-0805 (Use after free in Browser Switcher in Google Chrome prior to 99.0.4844 ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0804
- RESERVED
+CVE-2022-0804 (Inappropriate implementation in Full screen mode in Google Chrome on A ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0803
- RESERVED
+CVE-2022-0803 (Inappropriate implementation in Permissions in Google Chrome prior to ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0802
- RESERVED
+CVE-2022-0802 (Inappropriate implementation in Full screen mode in Google Chrome on A ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -6611,85 +6625,73 @@ CVE-2022-0801
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0800
- RESERVED
+CVE-2022-0800 (Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0799
- RESERVED
+CVE-2022-0799 (Insufficient policy enforcement in Installer in Google Chrome on Windo ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0798
- RESERVED
+CVE-2022-0798 (Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 a ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0797
- RESERVED
+CVE-2022-0797 (Out of bounds memory access in Mojo in Google Chrome prior to 99.0.484 ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0796
- RESERVED
+CVE-2022-0796 (Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0795
- RESERVED
+CVE-2022-0795 (Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0794
- RESERVED
+CVE-2022-0794 (Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allo ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0793
- RESERVED
+CVE-2022-0793 (Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0792
- RESERVED
+CVE-2022-0792 (Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 all ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0791
- RESERVED
+CVE-2022-0791 (Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allow ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0790
- RESERVED
+CVE-2022-0790 (Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allow ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0789
- RESERVED
+CVE-2022-0789 (Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 a ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -7525,8 +7527,8 @@ CVE-2022-0741 (Improper input validation in all versions of GitLab CE/EE using s
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
-CVE-2022-0740
- RESERVED
+CVE-2022-0740 (Incorrect authorization in the Asana integration's branch restriction ...)
+ TODO: check
CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -8016,8 +8018,8 @@ CVE-2022-25620 (Improper Neutralization of Script-Related HTML Tags in a Web Pag
NOT-FOR-US: Profelis IT Consultancy SambaBox
CVE-2022-25619 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
NOT-FOR-US: Profelis IT Consultancy SambaBox
-CVE-2022-25618
- RESERVED
+CVE-2022-25618 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2022-25617
RESERVED
CVE-2022-25616
@@ -8026,8 +8028,8 @@ CVE-2022-25615
RESERVED
CVE-2022-25614
RESERVED
-CVE-2022-25613
- RESERVED
+CVE-2022-25613 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in F ...)
+ TODO: check
CVE-2022-25612 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25611 (Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planne ...)
@@ -8123,8 +8125,8 @@ CVE-2022-25586
RESERVED
CVE-2022-25585
RESERVED
-CVE-2022-25584
- RESERVED
+CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3 ...)
+ TODO: check
CVE-2022-25583
RESERVED
CVE-2022-25582 (A stored cross-site scripting (XSS) vulnerability in the Column module ...)
@@ -8658,8 +8660,8 @@ CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler
NOT-FOR-US: awful-salmonella-tar
CVE-2022-25357
RESERVED
-CVE-2022-25356
- RESERVED
+CVE-2022-25356 (ALIN MDaemon Security Gateway through 8.5.0 allows XML Injection. ...)
+ TODO: check
CVE-2022-25344
RESERVED
CVE-2022-25343
@@ -9351,8 +9353,8 @@ CVE-2022-25156 (Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-
NOT-FOR-US: Mitsubishi
CVE-2022-25155 (Use of Password Hash Instead of Password for Authentication vulnerabil ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-25154
- RESERVED
+CVE-2022-25154 (A DLL hijacking vulnerability in Samsung portable SSD T5 PC software b ...)
+ TODO: check
CVE-2022-25153
RESERVED
CVE-2022-25152
@@ -9373,57 +9375,49 @@ CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modif
NOT-FOR-US: Corda
CVE-2022-25147
RESERVED
-CVE-2022-0610
- RESERVED
+CVE-2022-0610 (Inappropriate implementation in Gamepad API in Google Chrome prior to ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0609
- RESERVED
+CVE-2022-0609 (Use after free in Animation in Google Chrome prior to 98.0.4758.102 al ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0608
- RESERVED
+CVE-2022-0608 (Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allow ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0607
- RESERVED
+CVE-2022-0607 (Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0606
- RESERVED
+CVE-2022-0606 (Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowe ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0605
- RESERVED
+CVE-2022-0605 (Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0604
- RESERVED
+CVE-2022-0604 (Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758 ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
-CVE-2022-0603
- RESERVED
+CVE-2022-0603 (Use after free in File Manager in Google Chrome on Chrome OS prior to ...)
{DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -11816,116 +11810,97 @@ CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300F
NOT-FOR-US: ELECOM
CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...)
NOT-FOR-US: ELECOM
-CVE-2022-0470
- RESERVED
+CVE-2022-0470 (Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758. ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0469
- RESERVED
+CVE-2022-0469 (Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0468
- RESERVED
+CVE-2022-0468 (Use after free in Payments in Google Chrome prior to 98.0.4758.80 allo ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0467
- RESERVED
+CVE-2022-0467 (Inappropriate implementation in Pointer Lock in Google Chrome on Windo ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0466
- RESERVED
+CVE-2022-0466 (Inappropriate implementation in Extensions Platform in Google Chrome p ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0465
- RESERVED
+CVE-2022-0465 (Use after free in Extensions in Google Chrome prior to 98.0.4758.80 al ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0464
- RESERVED
+CVE-2022-0464 (Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0463
- RESERVED
+CVE-2022-0463 (Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0462
- RESERVED
+CVE-2022-0462 (Inappropriate implementation in Scroll in Google Chrome prior to 98.0. ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0461
- RESERVED
+CVE-2022-0461 (Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0460
- RESERVED
+CVE-2022-0460 (Use after free in Window Dialogue in Google Chrome prior to 98.0.4758. ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0459
- RESERVED
+CVE-2022-0459 (Use after free in Screen Capture in Google Chrome prior to 98.0.4758.8 ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0458
- RESERVED
+CVE-2022-0458 (Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4 ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0457
- RESERVED
+CVE-2022-0457 (Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0456
- RESERVED
+CVE-2022-0456 (Use after free in Web Search in Google Chrome prior to 98.0.4758.80 al ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0455
- RESERVED
+CVE-2022-0455 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0454
- RESERVED
+CVE-2022-0454 (Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 a ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0453
- RESERVED
+CVE-2022-0453 (Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 a ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0452
- RESERVED
+CVE-2022-0452 (Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 ...)
{DSA-5068-1}
- chromium 98.0.4758.80-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -12200,8 +12175,8 @@ CVE-2022-24233
RESERVED
CVE-2022-24232 (A local file inclusion in Hospital Patient Record Management System v1 ...)
NOT-FOR-US: Hospital Patient Record Management System
-CVE-2022-24231
- RESERVED
+CVE-2022-24231 (Simple Student Information System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-24230
RESERVED
CVE-2022-24229
@@ -13410,8 +13385,8 @@ CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 d
NOT-FOR-US: WordPress plugin
CVE-2022-23910
RESERVED
-CVE-2022-23909
- RESERVED
+CVE-2022-23909 (There is an unquoted service path in Sherpa Connector Service (SherpaC ...)
+ TODO: check
CVE-2022-23908
RESERVED
CVE-2022-23907 (CMS Made Simple v2.2.15 was discovered to contain a reflected cross-si ...)
@@ -14303,8 +14278,8 @@ CVE-2022-23734
RESERVED
CVE-2022-23733
RESERVED
-CVE-2022-23732
- RESERVED
+CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...)
NOT-FOR-US: LG
CVE-2022-23730 (The public API error causes for the attacker to be able to bypass API ...)
@@ -14367,14 +14342,14 @@ CVE-2022-23702
RESERVED
CVE-2022-23701 (A potential remote host header injection security vulnerability has be ...)
NOT-FOR-US: HPE
-CVE-2022-23700
- RESERVED
-CVE-2022-23699
- RESERVED
-CVE-2022-23698
- RESERVED
-CVE-2022-23697
- RESERVED
+CVE-2022-23700 (A local unauthorized read access to files vulnerability was discovered ...)
+ TODO: check
+CVE-2022-23699 (A local authentication restriction bypass vulnerability was discovered ...)
+ TODO: check
+CVE-2022-23698 (A remote unauthenticated disclosure of information vulnerability was d ...)
+ TODO: check
+CVE-2022-23697 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...)
+ TODO: check
CVE-2022-23696
RESERVED
CVE-2022-23695
@@ -20028,14 +20003,14 @@ CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation
NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices
CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...)
NOT-FOR-US: Netgen Tags Bundle
-CVE-2021-45894
- RESERVED
-CVE-2021-45893
- RESERVED
-CVE-2021-45892
- RESERVED
-CVE-2021-45891
- RESERVED
+CVE-2021-45894 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...)
+ TODO: check
+CVE-2021-45893 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...)
+ TODO: check
+CVE-2021-45892 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...)
+ TODO: check
+CVE-2021-45891 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that all ...)
+ TODO: check
CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...)
NOT-FOR-US: AuthGuard
CVE-2021-45889 (An issue was discovered in PONTON X/P Messenger before 3.11.2. Several ...)
@@ -26073,10 +26048,10 @@ CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via dow
NOT-FOR-US: S-Cart
CVE-2021-44110
RESERVED
-CVE-2021-44109
- RESERVED
-CVE-2021-44108
- RESERVED
+CVE-2021-44109 (A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier al ...)
+ TODO: check
+CVE-2021-44108 (A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 ...)
+ TODO: check
CVE-2021-44107
RESERVED
CVE-2021-44106
@@ -31265,8 +31240,8 @@ CVE-2021-43010
RESERVED
CVE-2021-43009
RESERVED
-CVE-2021-43008
- RESERVED
+CVE-2021-43008 (Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in ...)
+ TODO: check
CVE-2021-43007
RESERVED
CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
@@ -34104,8 +34079,8 @@ CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the nam
NOTE: https://www.redmine.org/projects/redmine/repository/revisions/21209
CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...)
NOT-FOR-US: Froxlor
-CVE-2021-42324
- RESERVED
+CVE-2021-42324 (An issue was discovered on DCN (Digital China Networks) S4600-10P-SI d ...)
+ TODO: check
CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
NOT-FOR-US: Microsoft
CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability ...)
@@ -42143,8 +42118,8 @@ CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...)
NOT-FOR-US: Atlassian
-CVE-2021-39114
- RESERVED
+CVE-2021-39114 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+ TODO: check
CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
NOT-FOR-US: Atlassian
CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -47732,8 +47707,8 @@ CVE-2021-36853
RESERVED
CVE-2021-36852
RESERVED
-CVE-2021-36851
- RESERVED
+CVE-2021-36851 (Authenticated (editor or higher user role) Cross-Site Scripting (XSS) ...)
+ TODO: check
CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36849
@@ -47782,8 +47757,8 @@ CVE-2021-36828
RESERVED
CVE-2021-36827
RESERVED
-CVE-2021-36826
- RESERVED
+CVE-2021-36826 (Authenticated (subscriber or higher user role if allowed to access pro ...)
+ TODO: check
CVE-2021-36825
RESERVED
CVE-2021-36824
@@ -56407,8 +56382,8 @@ CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. T
NOT-FOR-US: Fimer Aurora
CVE-2021-33208 (The "Register an Ehcache Configuration File" admin feature in MashZone ...)
NOT-FOR-US: Software AG MashZone
-CVE-2021-33207
- RESERVED
+CVE-2021-33207 (The HTTP client in MashZone NextGen through 10.7 GA deserializes untru ...)
+ TODO: check
CVE-2021-33206
RESERVED
CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...)
@@ -56962,12 +56937,12 @@ CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remo
NOT-FOR-US: Rockwell
CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...)
NOT-FOR-US: JTEKT Corporation
-CVE-2021-33010
- RESERVED
+CVE-2021-33010 (An exception is thrown from a function in AVEVA System Platform versio ...)
+ TODO: check
CVE-2021-33009
RESERVED
-CVE-2021-33008
- RESERVED
+CVE-2021-33008 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not perfo ...)
+ TODO: check
CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...)
NOT-FOR-US: Delta Electronics
CVE-2021-33006
@@ -56994,8 +56969,8 @@ CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to
NOT-FOR-US: FANUC
CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
NOT-FOR-US: Cscape
-CVE-2021-32994
- RESERVED
+CVE-2021-32994 (Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 t ...)
+ TODO: check
CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...)
NOT-FOR-US: Philips
CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...)
@@ -57010,26 +56985,26 @@ CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulner
NOT-FOR-US: FATEK Automation WinProladder
CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...)
NOT-FOR-US: Suitelink
-CVE-2021-32986
- RESERVED
-CVE-2021-32985
- RESERVED
-CVE-2021-32984
- RESERVED
+CVE-2021-32986 (After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmwar ...)
+ TODO: check
+CVE-2021-32985 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not prope ...)
+ TODO: check
+CVE-2021-32984 (All programming connections receive the same unlocked privileges, whic ...)
+ TODO: check
CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
NOT-FOR-US: Delta Electronics
-CVE-2021-32982
- RESERVED
-CVE-2021-32981
- RESERVED
-CVE-2021-32980
- RESERVED
+CVE-2021-32982 (Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prio ...)
+ TODO: check
+CVE-2021-32981 (AVEVA System Platform versions 2017 through 2020 R2 P01 uses external ...)
+ TODO: check
+CVE-2021-32980 (Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prio ...)
+ TODO: check
CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...)
NOT-FOR-US: Suitelink
-CVE-2021-32978
- RESERVED
-CVE-2021-32977
- RESERVED
+CVE-2021-32978 (The programming protocol allows for a previously entered password and ...)
+ TODO: check
+CVE-2021-32977 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not verif ...)
+ TODO: check
CVE-2021-32976 (Five buffer overflows in the built-in web server in Moxa NPort IAW5000 ...)
NOT-FOR-US: Moxa
CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
@@ -99403,7 +99378,7 @@ CVE-2021-0708 (In runDumpHeap of ActivityManagerShellCommand.java, there is a po
NOT-FOR-US: Android
CVE-2021-0707
RESERVED
- - linux 5.10.9-1
+ - linux 5.10.9-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/05cd84691eafcd7959a1e120d5e72c0dd98c5d91 (5.11-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6301d5596546342560e83be7c7c970382e625e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6301d5596546342560e83be7c7c970382e625e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220405/9260928d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list