[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 13 21:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f9c1d3a by security tracker role at 2022-04-13T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,237 @@
+CVE-2022-29261
+ RESERVED
+CVE-2022-29260
+ RESERVED
+CVE-2022-29259
+ RESERVED
+CVE-2022-29258
+ RESERVED
+CVE-2022-29257
+ RESERVED
+CVE-2022-29256
+ RESERVED
+CVE-2022-29255
+ RESERVED
+CVE-2022-29254
+ RESERVED
+CVE-2022-29253
+ RESERVED
+CVE-2022-29252
+ RESERVED
+CVE-2022-29251
+ RESERVED
+CVE-2022-29250
+ RESERVED
+CVE-2022-29249
+ RESERVED
+CVE-2022-29248
+ RESERVED
+CVE-2022-29247
+ RESERVED
+CVE-2022-29246
+ RESERVED
+CVE-2022-29245
+ RESERVED
+CVE-2022-29244
+ RESERVED
+CVE-2022-29243
+ RESERVED
+CVE-2022-29242
+ RESERVED
+CVE-2022-29241
+ RESERVED
+CVE-2022-29240
+ RESERVED
+CVE-2022-29239
+ RESERVED
+CVE-2022-29238
+ RESERVED
+CVE-2022-29237
+ RESERVED
+CVE-2022-29236
+ RESERVED
+CVE-2022-29235
+ RESERVED
+CVE-2022-29234
+ RESERVED
+CVE-2022-29233
+ RESERVED
+CVE-2022-29232
+ RESERVED
+CVE-2022-29231
+ RESERVED
+CVE-2022-29230
+ RESERVED
+CVE-2022-29229
+ RESERVED
+CVE-2022-29228
+ RESERVED
+CVE-2022-29227
+ RESERVED
+CVE-2022-29226
+ RESERVED
+CVE-2022-29225
+ RESERVED
+CVE-2022-29224
+ RESERVED
+CVE-2022-29223
+ RESERVED
+CVE-2022-29222
+ RESERVED
+CVE-2022-29221
+ RESERVED
+CVE-2022-29220
+ RESERVED
+CVE-2022-29219
+ RESERVED
+CVE-2022-29218
+ RESERVED
+CVE-2022-29217
+ RESERVED
+CVE-2022-29216
+ RESERVED
+CVE-2022-29215
+ RESERVED
+CVE-2022-29214
+ RESERVED
+CVE-2022-29213
+ RESERVED
+CVE-2022-29212
+ RESERVED
+CVE-2022-29211
+ RESERVED
+CVE-2022-29210
+ RESERVED
+CVE-2022-29209
+ RESERVED
+CVE-2022-29208
+ RESERVED
+CVE-2022-29207
+ RESERVED
+CVE-2022-29206
+ RESERVED
+CVE-2022-29205
+ RESERVED
+CVE-2022-29204
+ RESERVED
+CVE-2022-29203
+ RESERVED
+CVE-2022-29202
+ RESERVED
+CVE-2022-29201
+ RESERVED
+CVE-2022-29200
+ RESERVED
+CVE-2022-29199
+ RESERVED
+CVE-2022-29198
+ RESERVED
+CVE-2022-29197
+ RESERVED
+CVE-2022-29196
+ RESERVED
+CVE-2022-29195
+ RESERVED
+CVE-2022-29194
+ RESERVED
+CVE-2022-29193
+ RESERVED
+CVE-2022-29192
+ RESERVED
+CVE-2022-29191
+ RESERVED
+CVE-2022-29190
+ RESERVED
+CVE-2022-29189
+ RESERVED
+CVE-2022-29188
+ RESERVED
+CVE-2022-29187
+ RESERVED
+CVE-2022-29186
+ RESERVED
+CVE-2022-29185
+ RESERVED
+CVE-2022-29184
+ RESERVED
+CVE-2022-29183
+ RESERVED
+CVE-2022-29182
+ RESERVED
+CVE-2022-29181
+ RESERVED
+CVE-2022-29180
+ RESERVED
+CVE-2022-29179
+ RESERVED
+CVE-2022-29178
+ RESERVED
+CVE-2022-29177
+ RESERVED
+CVE-2022-29176
+ RESERVED
+CVE-2022-29175
+ RESERVED
+CVE-2022-29174
+ RESERVED
+CVE-2022-29173
+ RESERVED
+CVE-2022-29172
+ RESERVED
+CVE-2022-29171
+ RESERVED
+CVE-2022-29170
+ RESERVED
+CVE-2022-29169
+ RESERVED
+CVE-2022-29168
+ RESERVED
+CVE-2022-29167
+ RESERVED
+CVE-2022-29166
+ RESERVED
+CVE-2022-29165
+ RESERVED
+CVE-2022-29164
+ RESERVED
+CVE-2022-29163
+ RESERVED
+CVE-2022-29162
+ RESERVED
+CVE-2022-29161
+ RESERVED
+CVE-2022-29160
+ RESERVED
+CVE-2022-29159
+ RESERVED
+CVE-2022-29158
+ RESERVED
+CVE-2022-1344 (Stored XSS due to no sanitization in the filename in GitHub repository ...)
+ TODO: check
+CVE-2022-1343
+ RESERVED
+CVE-2022-1342
+ RESERVED
+CVE-2022-1341
+ RESERVED
+CVE-2022-1340
+ RESERVED
+CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...)
+ TODO: check
+CVE-2022-1338
+ RESERVED
+CVE-2022-1337 (The image proxy component in Mattermost version 6.4.1 and earlier allo ...)
+ TODO: check
+CVE-2022-1336
+ RESERVED
+CVE-2022-1335
+ RESERVED
+CVE-2022-1334
+ RESERVED
+CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...)
+ TODO: check
+CVE-2015-20107 (In Python (aka CPython) through 3.10.4, the mailcap module does not ad ...)
+ TODO: check
CVE-2022-29157
RESERVED
CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16 ...)
@@ -154,8 +388,8 @@ CVE-2022-29083
RESERVED
CVE-2022-29082
RESERVED
-CVE-2022-1332
- RESERVED
+CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...)
+ TODO: check
CVE-2022-1331
RESERVED
CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...)
@@ -1157,8 +1391,7 @@ CVE-2022-1282
RESERVED
CVE-2022-1281
RESERVED
-CVE-2022-1280 [concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources]
- RESERVED
+CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
CVE-2022-1279
@@ -1227,7 +1460,7 @@ CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has
CVE-2022-1247
RESERVED
CVE-2022-1246
- RESERVED
+ REJECTED
CVE-2022-1245
RESERVED
CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...)
@@ -3091,8 +3324,8 @@ CVE-2022-28054
RESERVED
CVE-2022-28053
RESERVED
-CVE-2022-28052
- RESERVED
+CVE-2022-28052 (Directory Traversal vulnerability in file cn/roothub/store/FileSystemS ...)
+ TODO: check
CVE-2022-28051
RESERVED
CVE-2022-28050
@@ -3632,10 +3865,10 @@ CVE-2022-27849
RESERVED
CVE-2022-27848
RESERVED
-CVE-2022-27847
- RESERVED
-CVE-2022-27846
- RESERVED
+CVE-2022-27847 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...)
+ TODO: check
+CVE-2022-27846 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...)
+ TODO: check
CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, S ...)
@@ -4370,10 +4603,10 @@ CVE-2022-27526
RESERVED
CVE-2022-27525
RESERVED
-CVE-2022-27524
- RESERVED
-CVE-2022-27523
- RESERVED
+CVE-2022-27524 (An out-of-bounds read can be exploited in Autodesk TrueView 2022 may l ...)
+ TODO: check
+CVE-2022-27523 (A buffer over-read can be exploited in Autodesk TrueView 2022 may lead ...)
+ TODO: check
CVE-2022-27522
RESERVED
CVE-2022-27521
@@ -4406,14 +4639,14 @@ CVE-2022-27508
RESERVED
CVE-2022-27507
RESERVED
-CVE-2022-27506
- RESERVED
-CVE-2022-27505
- RESERVED
+CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...)
+ TODO: check
+CVE-2022-27505 (Reflected cross site scripting (XSS) ...)
+ TODO: check
CVE-2022-27504
RESERVED
-CVE-2022-27503
- RESERVED
+CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects ...)
+ TODO: check
CVE-2022-27502
RESERVED
CVE-2022-27501
@@ -4482,8 +4715,8 @@ CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file u
NOT-FOR-US: Newbee-Mall
CVE-2022-27476 (A cross-site scripting (XSS) vulnerability at /admin/goods/update in N ...)
NOT-FOR-US: Newbee-Mall
-CVE-2022-27475
- RESERVED
+CVE-2022-27475 (Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-syste ...)
+ TODO: check
CVE-2022-27474
RESERVED
CVE-2022-27473 (SQL injection vulnerability in Topics Searching feature of Roothub 2.6 ...)
@@ -4954,8 +5187,8 @@ CVE-2022-27258
RESERVED
CVE-2022-27257
RESERVED
-CVE-2022-27256
- RESERVED
+CVE-2022-27256 (An open redirect vulnerability in Hubzilla before version 7.2 allows r ...)
+ TODO: check
CVE-2022-27255
RESERVED
CVE-2022-27254 (The remote keyless system on Honda Civic 2018 vehicles sends the same ...)
@@ -6717,8 +6950,8 @@ CVE-2022-26645 (A remote code execution (RCE) vulnerability in Online Banking Sy
NOT-FOR-US: Sourcecodester Banking System
CVE-2022-26644 (Online Banking System Protect v1.0 was discovered to contain multiple ...)
NOT-FOR-US: Sourcecodester Banking System
-CVE-2022-26643
- RESERVED
+CVE-2022-26643 (An issue in EasyIO CPT Graphics v0.8 allows attackers to discover vali ...)
+ TODO: check
CVE-2022-26642 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...)
NOT-FOR-US: TP-Link
CVE-2022-26641 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...)
@@ -7690,6 +7923,7 @@ CVE-2022-26293 (Online Project Time Management System v1.0 was discovered to con
CVE-2022-26292
RESERVED
CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...)
+ {DLA-2981-1}
- lrzip 0.650-1
[bullseye] - lrzip <no-dsa> (Minor issue)
[buster] - lrzip <no-dsa> (Minor issue)
@@ -8178,8 +8412,8 @@ CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticate
NOT-FOR-US: Tricentis qTest
CVE-2022-26145
RESERVED
-CVE-2022-26144
- RESERVED
+CVE-2022-26144 (An XSS issue was discovered in MantisBT before 2.25.3. Improper escapi ...)
+ TODO: check
CVE-2022-26143 (The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 F ...)
NOT-FOR-US: Mitel
CVE-2022-26142
@@ -8993,12 +9227,12 @@ CVE-2022-25799
RESERVED
CVE-2022-25798
RESERVED
-CVE-2022-25797
- RESERVED
+CVE-2022-25797 (A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 m ...)
+ TODO: check
CVE-2022-25796 (A Double Free vulnerability allows remote malicious actors to execute ...)
TODO: check
-CVE-2022-25795
- RESERVED
+CVE-2022-25795 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+ TODO: check
CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...)
TODO: check
CVE-2022-25793
@@ -12418,7 +12652,7 @@ CVE-2022-24617
RESERVED
CVE-2022-24616
RESERVED
-CVE-2022-24615 (zip4j up to 2.9.0 can throw various uncaught exceptions while parsing ...)
+CVE-2022-24615 (zip4j up to v2.10.0 can throw various uncaught exceptions while parsin ...)
- zip4j <unfixed>
[bullseye] - zip4j <no-dsa> (Minor issue)
NOTE: https://github.com/srikanth-lingala/zip4j/issues/377
@@ -13228,8 +13462,8 @@ CVE-2022-0474 (Full list of recipients from customer users in a contact field co
CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...)
NOT-FOR-US: OTRS
NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian
-CVE-2022-24308
- RESERVED
+CVE-2022-24308 (Automox Agent prior to version 37 on Windows and Linux and Version 36 ...)
+ TODO: check
CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
NOT-FOR-US: Mastodon
CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows account t ...)
@@ -18256,20 +18490,20 @@ CVE-2022-22963 (In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsuppo
NOT-FOR-US: Spring Cloud Function
CVE-2022-22962 (VMware Horizon Client for Linux (prior to 22.x) contains a local privi ...)
TODO: check
-CVE-2022-22961
- RESERVED
-CVE-2022-22960
- RESERVED
-CVE-2022-22959
- RESERVED
-CVE-2022-22958
- RESERVED
-CVE-2022-22957
- RESERVED
-CVE-2022-22956
- RESERVED
-CVE-2022-22955
- RESERVED
+CVE-2022-22961 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-22960 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-22959 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-22958 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-22957 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-22956 (VMware Workspace ONE Access has two authentication bypass vulnerabilit ...)
+ TODO: check
+CVE-2022-22955 (VMware Workspace ONE Access has two authentication bypass vulnerabilit ...)
+ TODO: check
CVE-2022-22954 (VMware Workspace ONE Access and Identity Manager contain a remote code ...)
TODO: check
CVE-2022-22953
@@ -18813,8 +19047,8 @@ CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerab
NOT-FOR-US: Modex
CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...)
NOT-FOR-US: Spin
-CVE-2021-46167
- RESERVED
+CVE-2021-46167 (An access control issue in the authentication module of wizplat PD065 ...)
+ TODO: check
CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...)
NOT-FOR-US: Lens
CVE-2021-4203 (A use-after-free read flaw was found in sock_getsockopt() in net/core/ ...)
@@ -29746,10 +29980,10 @@ CVE-2021-43744
RESERVED
CVE-2021-43743
RESERVED
-CVE-2021-43742
- RESERVED
-CVE-2021-43741
- RESERVED
+CVE-2021-43742 (CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file ...)
+ TODO: check
+CVE-2021-43741 (CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability e ...)
+ TODO: check
CVE-2021-43740
RESERVED
CVE-2021-43739
@@ -35999,8 +36233,8 @@ CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon
NOT-FOR-US: SafeNet
CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...)
- zammad <itp> (bug #841355)
-CVE-2021-42136
- RESERVED
+CVE-2021-42136 (A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data ...)
+ TODO: check
CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...)
NOT-FOR-US: HashiCorp Vault
CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...)
@@ -44756,7 +44990,7 @@ CVE-2021-38595
RESERVED
CVE-2021-38594
RESERVED
-CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::c ...)
+CVE-2021-38593 (Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write ...)
- qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
- qtbase-opensource-src-gles <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566
@@ -73268,6 +73502,7 @@ CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a
CVE-2021-27348
RESERVED
CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...)
+ {DLA-2981-1}
- lrzip 0.640-1 (unimportant; bug #990583)
NOTE: https://github.com/ckolivas/lrzip/issues/165
NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640)
@@ -73276,6 +73511,7 @@ CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Ir
CVE-2021-27346
RESERVED
CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...)
+ {DLA-2981-1}
- lrzip 0.640-1 (unimportant)
NOTE: https://github.com/ckolivas/lrzip/issues/164
NOTE: https://github.com/ckolivas/lrzip/commit/be884d09e09b00fbddd31b75dc1f4736d72006a8 (v0.640)
@@ -95083,8 +95319,8 @@ CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master be
NOT-FOR-US: RT-AC88U Download Master
CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that lea ...)
NOT-FOR-US: Western Digital Dashboard
-CVE-2020-29653
- RESERVED
+CVE-2020-29653 (Froxlor through 0.10.22 does not perform validation on user input pass ...)
+ TODO: check
CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...)
- golang-go.crypto 1:0.0~git20201221.eec23a3-1
[buster] - golang-go.crypto <not-affected> (Vulnerable code not present)
@@ -109716,6 +109952,7 @@ CVE-2020-25469
CVE-2020-25468
RESERVED
CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...)
+ {DLA-2981-1}
- lrzip 0.640-1
NOTE: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
NOTE: https://github.com/ckolivas/lrzip/issues/163
@@ -268725,6 +268962,7 @@ CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG
CVE-2017-18044 (A Command Injection issue was discovered in ContentStore/Base/CVDataPi ...)
NOT-FOR-US: Commvault
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
+ {DLA-2981-1}
- lrzip 0.651-2 (bug #888506)
[bullseye] - lrzip <no-dsa> (Minor issue)
[buster] - lrzip <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f9c1d3a738373a442386397d90e2eac2c2c8875
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f9c1d3a738373a442386397d90e2eac2c2c8875
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220413/d7b9a2d9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list