[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 18 21:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fbbd3a2d by security tracker role at 2022-04-18T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2022-29456
+ RESERVED
+CVE-2022-29455
+ RESERVED
+CVE-2022-29454
+ RESERVED
+CVE-2022-29453
+ RESERVED
+CVE-2022-29452
+ RESERVED
+CVE-2022-29451
+ RESERVED
+CVE-2022-29450
+ RESERVED
+CVE-2022-29449
+ RESERVED
+CVE-2022-29448
+ RESERVED
+CVE-2022-29447
+ RESERVED
+CVE-2022-29446
+ RESERVED
+CVE-2022-29445
+ RESERVED
+CVE-2022-29444
+ RESERVED
+CVE-2022-29443
+ RESERVED
+CVE-2022-29442
+ RESERVED
+CVE-2022-29441
+ RESERVED
+CVE-2022-29440
+ RESERVED
+CVE-2022-29439
+ RESERVED
+CVE-2022-29438
+ RESERVED
+CVE-2022-29437
+ RESERVED
+CVE-2022-29436
+ RESERVED
+CVE-2022-29435
+ RESERVED
+CVE-2022-29434
+ RESERVED
+CVE-2022-29433
+ RESERVED
+CVE-2022-29432
+ RESERVED
+CVE-2022-29431
+ RESERVED
+CVE-2022-29430
+ RESERVED
+CVE-2022-29429
+ RESERVED
+CVE-2022-29428
+ RESERVED
+CVE-2022-29427
+ RESERVED
+CVE-2022-29426
+ RESERVED
+CVE-2022-29425
+ RESERVED
+CVE-2022-29424
+ RESERVED
+CVE-2022-29423
+ RESERVED
+CVE-2022-29422
+ RESERVED
+CVE-2022-29421
+ RESERVED
+CVE-2022-29420
+ RESERVED
+CVE-2022-29419
+ RESERVED
+CVE-2022-29418
+ RESERVED
+CVE-2022-29417
+ RESERVED
+CVE-2022-29416
+ RESERVED
+CVE-2022-29415
+ RESERVED
+CVE-2022-29414
+ RESERVED
+CVE-2022-29413
+ RESERVED
+CVE-2022-29412
+ RESERVED
+CVE-2022-29411
+ RESERVED
+CVE-2022-29410
+ RESERVED
+CVE-2022-29409
+ RESERVED
+CVE-2022-29408
+ RESERVED
+CVE-2022-29407
+ RESERVED
+CVE-2022-29406
+ RESERVED
+CVE-2022-28717
+ RESERVED
+CVE-2022-27632
+ RESERVED
+CVE-2022-1387
+ RESERVED
+CVE-2022-1386
+ RESERVED
CVE-2022-29405
RESERVED
CVE-2022-1385
@@ -599,8 +709,8 @@ CVE-2022-1343
RESERVED
CVE-2022-1342
RESERVED
-CVE-2022-1341
- RESERVED
+CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...)
+ TODO: check
CVE-2022-1340
RESERVED
CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...)
@@ -1478,8 +1588,8 @@ CVE-2022-28812
RESERVED
CVE-2022-28811
RESERVED
-CVE-2022-28810
- RESERVED
+CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before 6122 allows an authenticat ...)
+ TODO: check
CVE-2022-28809
RESERVED
CVE-2022-28808
@@ -1881,7 +1991,7 @@ CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All vers
NOT-FOR-US: Siemens
CVE-2022-1271
RESERVED
- {DLA-2977-1 DLA-2976-1}
+ {DSA-5123-1 DSA-5122-1 DLA-2977-1 DLA-2976-1}
- xz-utils 5.2.5-2.1 (bug #1009167)
- gzip 1.12-1 (bug #1009168)
NOTE: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
@@ -3579,8 +3689,8 @@ CVE-2022-1114
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f
CVE-2022-1113
RESERVED
-CVE-2022-1112
- RESERVED
+CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...)
+ TODO: check
CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...)
- gitlab <unfixed>
CVE-2020-36520
@@ -4060,8 +4170,8 @@ CVE-2022-27910
RESERVED
CVE-2022-27909
RESERVED
-CVE-2022-27908
- RESERVED
+CVE-2022-27908 (Zoho ManageEngine OpManager before 125588 (and before 125603) is vulne ...)
+ TODO: check
CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To ...)
@@ -4185,14 +4295,14 @@ CVE-2022-1093
RESERVED
CVE-2022-1092
RESERVED
-CVE-2022-1091
- RESERVED
-CVE-2022-1090
- RESERVED
+CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...)
+ TODO: check
+CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does not sa ...)
+ TODO: check
CVE-2022-1089
RESERVED
-CVE-2022-1088
- RESERVED
+CVE-2022-1088 (The Page Security & Membership WordPress plugin through 1.5.15 doe ...)
+ TODO: check
CVE-2022-1087 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: htmly
CVE-2022-1086 (A vulnerability was found in DolphinPHP up to 1.5.0 and classified as ...)
@@ -4262,8 +4372,8 @@ CVE-2022-27855
RESERVED
CVE-2022-27854
RESERVED
-CVE-2022-27853
- RESERVED
+CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
+ TODO: check
CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27851 (Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) & ...)
@@ -4288,8 +4398,8 @@ CVE-2022-1065
RESERVED
CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...)
NOT-FOR-US: forkcms
-CVE-2022-1063
- RESERVED
+CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...)
+ TODO: check
CVE-2022-1062
RESERVED
CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...)
@@ -4719,8 +4829,7 @@ CVE-2022-28352 (WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 befor
NOTE: weechat.network.gnutls_ca_system/gnutls_ca_user introduced by: https://github.com/weechat/weechat/commit/c588ee21bc8fd33678893d5c67616033281032e3 (v3.2-rc1)
CVE-2022-27653
RESERVED
-CVE-2022-27652
- RESERVED
+CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly started w ...)
NOT-FOR-US: cri-o
CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started ...)
- golang-github-containers-buildah <unfixed>
@@ -4757,8 +4866,8 @@ CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter tha
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (5.17-rc3)
-CVE-2022-1054
- RESERVED
+CVE-2022-1054 (The RSVP and Event Management Plugin WordPress plugin before 2.7.8 doe ...)
+ TODO: check
CVE-2022-1053
RESERVED
CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...)
@@ -5004,18 +5113,18 @@ CVE-2022-27532
RESERVED
CVE-2022-27531
RESERVED
-CVE-2022-27530
- RESERVED
-CVE-2022-27529
- RESERVED
+CVE-2022-27530 (A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, ...)
+ TODO: check
+CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2 ...)
+ TODO: check
CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 c ...)
NOT-FOR-US: Autodesk
CVE-2022-27527
RESERVED
-CVE-2022-27526
- RESERVED
-CVE-2022-27525
- RESERVED
+CVE-2022-27526 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...)
+ TODO: check
+CVE-2022-27525 (A malicious crafted .dwf file when consumed through DesignReview.exe a ...)
+ TODO: check
CVE-2022-27524 (An out-of-bounds read can be exploited in Autodesk TrueView 2022 may l ...)
NOT-FOR-US: Autodesk
CVE-2022-27523 (A buffer over-read can be exploited in Autodesk TrueView 2022 may lead ...)
@@ -5683,8 +5792,8 @@ CVE-2022-26022 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an
NOT-FOR-US: Omron CX-Position
CVE-2022-25959 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory c ...)
NOT-FOR-US: Omron CX-Position
-CVE-2022-1037
- RESERVED
+CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that images ad ...)
+ TODO: check
CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
NOT-FOR-US: microweber
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
@@ -5758,8 +5867,8 @@ CVE-2022-1022
RESERVED
CVE-2022-1021
RESERVED
-CVE-2022-1020
- RESERVED
+CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...)
+ TODO: check
CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...)
- glewlwyd 2.6.1-2
[bullseye] - glewlwyd 2.5.2-2+deb11u3
@@ -5837,8 +5946,8 @@ CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to p
- mattermost-server <itp> (bug #823556)
CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-1001
- RESERVED
+CVE-2022-1001 (The WP Downgrade WordPress plugin before 1.2.3 only perform client sid ...)
+ TODO: check
CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...)
NOT-FOR-US: prasathmani/tinyfilemanager
CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...)
@@ -5874,8 +5983,8 @@ CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux k
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786
-CVE-2022-0994
- RESERVED
+CVE-2022-0994 (The Hummingbird WordPress plugin before 3.3.2 does not sanitise and es ...)
+ TODO: check
CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...)
NOT-FOR-US: Gradle Enterprise
CVE-2022-27224
@@ -5982,7 +6091,7 @@ CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entit
NOT-FOR-US: CVRF-CSAF-Converter
CVE-2022-27192 (The Reporting module in Aseco Lietuva document management system DVS A ...)
NOT-FOR-US: Aseco
-CVE-2022-27191 (golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go ...)
+CVE-2022-27191 (The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1 ...)
- golang-go.crypto 1:0.0~git20220315.3147a52-1
NOTE: https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
NOTE: https://github.com/golang/crypto/commit/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d
@@ -7420,8 +7529,8 @@ CVE-2022-26669
RESERVED
CVE-2022-26668
RESERVED
-CVE-2022-26665
- RESERVED
+CVE-2022-26665 (An Insecure Direct Object Reference issue exists in the Tyler Odyssey ...)
+ TODO: check
CVE-2022-26664
RESERVED
CVE-2022-26663
@@ -7502,8 +7611,8 @@ CVE-2022-26633
RESERVED
CVE-2022-26632
RESERVED
-CVE-2022-26631
- RESERVED
+CVE-2022-26631 (Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQ ...)
+ TODO: check
CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an arbitrary file ...)
NOT-FOR-US: Jellycms
CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...)
@@ -7702,8 +7811,8 @@ CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site sc
NOT-FOR-US: Alist
CVE-2022-25960
RESERVED
-CVE-2022-0879
- RESERVED
+CVE-2022-0879 (The Caldera Forms WordPress plugin before 1.9.7 does not validate and ...)
+ TODO: check
CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging System ( ...)
NOT-FOR-US: Combined Charging System
CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...)
@@ -8888,8 +8997,8 @@ CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin befor
NOT-FOR-US: WordPress plugin
CVE-2022-0786
RESERVED
-CVE-2022-0785
- RESERVED
+CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not sani ...)
+ TODO: check
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0783
@@ -8898,8 +9007,8 @@ CVE-2022-0782
RESERVED
CVE-2022-0781
RESERVED
-CVE-2022-0780
- RESERVED
+CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...)
+ TODO: check
CVE-2022-0779
RESERVED
CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...)
@@ -9028,8 +9137,8 @@ CVE-2022-26002
RESERVED
CVE-2022-25995
RESERVED
-CVE-2022-0765
- RESERVED
+CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not properly rem ...)
+ TODO: check
CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...)
NOT-FOR-US: strapi
CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
@@ -9719,8 +9828,8 @@ CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly
CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
-CVE-2022-0737
- RESERVED
+CVE-2022-0737 (The Text Hover WordPress plugin before 4.2 does not sanitize and escap ...)
+ TODO: check
CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...)
NOT-FOR-US: mlflow
CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -9757,7 +9866,7 @@ CVE-2022-25797 (A Memory Corruption Vulnerability in Autodesk TrueView 2022 and
TODO: check
CVE-2022-25796 (A Double Free vulnerability allows remote malicious actors to execute ...)
TODO: check
-CVE-2022-25795 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+CVE-2022-25795 (A maliciously crafted PDF file can be used to dereference for a write ...)
TODO: check
CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...)
TODO: check
@@ -10266,10 +10375,10 @@ CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of
- mattermost-server <itp> (bug #823556)
NOTE: MMSA-2022-0082
NOTE: https://mattermost.com/security-updates/
-CVE-2022-0707
- RESERVED
-CVE-2022-0706
- RESERVED
+CVE-2022-0707 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not hav ...)
+ TODO: check
+CVE-2022-0706 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not san ...)
+ TODO: check
CVE-2022-0705 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -11058,8 +11167,8 @@ CVE-2022-0663
RESERVED
CVE-2022-0662
RESERVED
-CVE-2022-0661
- RESERVED
+CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...)
+ TODO: check
CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
NOT-FOR-US: microweber
CVE-2022-0659 (The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some ...)
@@ -11350,8 +11459,8 @@ CVE-2022-25228
RESERVED
CVE-2022-25227
RESERVED
-CVE-2022-25226
- RESERVED
+CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass the aut ...)
+ TODO: check
CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin user to in ...)
NOT-FOR-US: Network Olympus
CVE-2022-25224
@@ -12365,16 +12474,16 @@ CVE-2022-24865
RESERVED
CVE-2022-24864
RESERVED
-CVE-2022-24863
- RESERVED
+CVE-2022-24863 (http-swagger is an open source wrapper to automatically generate RESTf ...)
+ TODO: check
CVE-2022-24862
RESERVED
CVE-2022-24861
RESERVED
CVE-2022-24860
RESERVED
-CVE-2022-24859
- RESERVED
+CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
+ TODO: check
CVE-2022-24858
RESERVED
CVE-2022-24857 (django-mfa3 is a library that implements multi factor authentication f ...)
@@ -15355,10 +15464,10 @@ CVE-2022-23978
RESERVED
CVE-2022-23977
RESERVED
-CVE-2022-23976
- RESERVED
-CVE-2022-23975
- RESERVED
+CVE-2022-23976 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 ...)
+ TODO: check
+CVE-2022-23975 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 ...)
+ TODO: check
CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path allowed ...)
NOT-FOR-US: Apache Pinot
CVE-2022-23103
@@ -21368,8 +21477,8 @@ CVE-2021-46124
RESERVED
CVE-2021-46123
RESERVED
-CVE-2021-46122
- RESERVED
+CVE-2021-46122 (Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 ...)
+ TODO: check
CVE-2021-46121
RESERVED
CVE-2021-46120
@@ -34020,16 +34129,16 @@ CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-9
NOT-FOR-US: D-Link
CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...)
NOT-FOR-US: D-Link
-CVE-2021-42782
- RESERVED
-CVE-2021-42781
- RESERVED
-CVE-2021-42780
- RESERVED
-CVE-2021-42779
- RESERVED
-CVE-2021-42778
- RESERVED
+CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...)
+ TODO: check
+CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...)
+ TODO: check
+CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in ...)
+ TODO: check
+CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0 ...)
+ TODO: check
+CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in ...)
+ TODO: check
CVE-2021-42777
RESERVED
CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...)
@@ -41739,7 +41848,7 @@ CVE-2021-40169
RESERVED
CVE-2021-40168
RESERVED
-CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
+CVE-2021-40167 (A Memory Corruption Vulnerability may lead to remote code execution th ...)
NOT-FOR-US: Autodesk
CVE-2021-40166
RESERVED
@@ -41753,7 +41862,7 @@ CVE-2021-40162
RESERVED
CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...)
NOT-FOR-US: Autodesk
-CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
+CVE-2021-40160 (PDFTron prior to 9.0.7 version may be forced to read beyond allocated ...)
NOT-FOR-US: Autodesk
CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
NOT-FOR-US: Autodesk
@@ -47501,8 +47610,7 @@ CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow En
NOT-FOR-US: Huntflow Enterprise
CVE-2021-37932
RESERVED
-CVE-2021-3681
- RESERVED
+CVE-2021-3681 (A flaw was found in Ansible Galaxy Collections. When collections are b ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407
TODO: check, needs verifying the affected ansible/ansible-base components
CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
@@ -50280,8 +50388,7 @@ CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android,
NOTE: https://mtpsym.github.io/
CVE-2021-36768
RESERVED
-CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed]
- RESERVED
+CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...)
- 389-ds-base 1.4.4.17-1 (bug #991405)
[bullseye] - 389-ds-base <no-dsa> (Minor issue)
[buster] - 389-ds-base <no-dsa> (Minor issue)
@@ -53205,8 +53312,7 @@ CVE-2021-35527 (Password autocomplete vulnerability in the web application passw
NOT-FOR-US: Hitachi ABB Power Grids eSOMS
CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...)
NOT-FOR-US: Hitachi ABB Power Grids System Data Manager
-CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()]
- RESERVED
+CVE-2021-3624 (There is an integer overflow vulnerability in dcraw. When the victim r ...)
- dcraw 9.28-3 (bug #984761)
[bullseye] - dcraw <no-dsa> (Minor issue)
[buster] - dcraw <no-dsa> (Minor issue)
@@ -63370,8 +63476,7 @@ CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20.
- hivex 1.3.20-1 (bug #988024)
NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
-CVE-2021-3503
- RESERVED
+CVE-2021-3503 (A flaw was found in Wildfly where insufficient RBAC restrictions may l ...)
- wildfly <itp> (bug #752018)
CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Vector 35 Binary Ninja
@@ -74753,15 +74858,15 @@ CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the a
NOT-FOR-US: Autodesk
CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...)
NOT-FOR-US: Autodesk
-CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, ...)
+CVE-2021-27039 (A maliciously crafted TIFF and PCX file can be forced to read and writ ...)
NOT-FOR-US: Autodesk
CVE-2021-27038 (A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2 ...)
NOT-FOR-US: Autodesk
CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2 ...)
NOT-FOR-US: Autodesk
-CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...)
+CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can b ...)
NOT-FOR-US: Autodesk
-CVE-2021-27035 (A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design ...)
+CVE-2021-27035 (A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk D ...)
NOT-FOR-US: Autodesk
CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT, PCX, RCL ...)
NOT-FOR-US: Autodesk
@@ -79861,8 +79966,8 @@ CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat ve
NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63)
CVE-2021-25121
RESERVED
-CVE-2021-25120
- RESERVED
+CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do no ...)
+ TODO: check
CVE-2021-25119
RESERVED
CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full internal ...)
@@ -83968,12 +84073,12 @@ CVE-2021-23288 (The vulnerability exists due to insufficient validation of input
NOT-FOR-US: Eaton Intelligent Power Protector (IPP)
CVE-2021-23287 (The vulnerability exists due to insufficient validation of input of ce ...)
NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
-CVE-2021-23286
- RESERVED
-CVE-2021-23285
- RESERVED
-CVE-2021-23284
- RESERVED
+CVE-2021-23286 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) ve ...)
+ TODO: check
+CVE-2021-23285 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) ve ...)
+ TODO: check
+CVE-2021-23284 (Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) ve ...)
+ TODO: check
CVE-2021-23283
RESERVED
CVE-2021-23282
@@ -89682,14 +89787,14 @@ CVE-2020-35633 (A code execution vulnerability exists in the Nef polygon-parsing
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
-CVE-2020-35632
- RESERVED
-CVE-2020-35631
- RESERVED
-CVE-2020-35630
- RESERVED
-CVE-2020-35629
- RESERVED
+CVE-2020-35632 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-35631 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-35630 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-35629 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
{DLA-2649-1}
- cgal 5.2-3 (bug #985671)
@@ -92535,8 +92640,7 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma
CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
- apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
-CVE-2021-20324
- RESERVED
+CVE-2021-20324 (A flaw was found in WildFly Elytron. A variation to the use of a sessi ...)
NOT-FOR-US: WildFly Elytron
CVE-2021-20323 (A POST based reflected Cross Site Scripting vulnerability on has been ...)
NOT-FOR-US: Keycloak
@@ -100071,74 +100175,74 @@ CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing
- cgal 5.2-3 (bug #985671)
[buster] - cgal <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
-CVE-2020-28635
- RESERVED
-CVE-2020-28634
- RESERVED
-CVE-2020-28633
- RESERVED
-CVE-2020-28632
- RESERVED
-CVE-2020-28631
- RESERVED
-CVE-2020-28630
- RESERVED
-CVE-2020-28629
- RESERVED
-CVE-2020-28628
- RESERVED
-CVE-2020-28627
- RESERVED
-CVE-2020-28626
- RESERVED
-CVE-2020-28625
- RESERVED
-CVE-2020-28624
- RESERVED
-CVE-2020-28623
- RESERVED
-CVE-2020-28622
- RESERVED
-CVE-2020-28621
- RESERVED
-CVE-2020-28620
- RESERVED
-CVE-2020-28619
- RESERVED
-CVE-2020-28618
- RESERVED
-CVE-2020-28617
- RESERVED
-CVE-2020-28616
- RESERVED
-CVE-2020-28615
- RESERVED
-CVE-2020-28614
- RESERVED
-CVE-2020-28613
- RESERVED
-CVE-2020-28612
- RESERVED
-CVE-2020-28611
- RESERVED
-CVE-2020-28610
- RESERVED
-CVE-2020-28609
- RESERVED
-CVE-2020-28608
- RESERVED
-CVE-2020-28607
- RESERVED
-CVE-2020-28606
- RESERVED
-CVE-2020-28605
- RESERVED
-CVE-2020-28604
- RESERVED
-CVE-2020-28603
- RESERVED
-CVE-2020-28602
- RESERVED
+CVE-2020-28635 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28634 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28633 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28632 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28631 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28630 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28629 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28628 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28627 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28626 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28625 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28624 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28623 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28622 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28621 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28620 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28619 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28618 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28617 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28616 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28615 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28614 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28613 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28612 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28611 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28610 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28609 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28608 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28607 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28606 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28605 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28604 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28603 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
+CVE-2020-28602 (Multiple code execution vulnerabilities exists in the Nef polygon-pars ...)
+ TODO: check
CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
{DLA-2649-1}
- cgal 5.2-3 (bug #985671)
@@ -111203,16 +111307,16 @@ CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect da
NOT-FOR-US: Reolink P2P products
CVE-2020-25168 (Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L ...)
TODO: check
-CVE-2020-25167
- RESERVED
+CVE-2020-25167 (OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose informat ...)
+ TODO: check
CVE-2020-25166 (An improper verification of the cryptographic signature of firmware up ...)
TODO: check
CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alar ...)
NOT-FOR-US: BD Alaris PC Unit
CVE-2020-25164 (A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 ...)
TODO: check
-CVE-2020-25163
- RESERVED
+CVE-2020-25163 (A remote attacker with write access to PI ProcessBook files could inje ...)
+ TODO: check
CVE-2020-25162 (A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom ...)
TODO: check
CVE-2020-25161 (The WADashboard component of WebAccess/SCADA Versions 9.0 and prior ma ...)
@@ -137920,8 +138024,8 @@ CVE-2020-13592 (An exploitable SQL injection vulnerability exists in "global_lis
NOT-FOR-US: Rukovoditel Project Management App
CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access_rules ...)
NOT-FOR-US: Rukovoditel Project Management App
-CVE-2020-13590
- RESERVED
+CVE-2020-13590 (Multiple exploitable SQL injection vulnerabilities exist in the 'entit ...)
+ TODO: check
CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
NOT-FOR-US: Rukovoditel Project Management App
CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
@@ -137986,8 +138090,8 @@ CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL fu
NOT-FOR-US: OpenEMR
CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...)
NOT-FOR-US: phpGACL
-CVE-2020-13567
- RESERVED
+CVE-2020-13567 (Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A speci ...)
+ TODO: check
CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...)
NOT-FOR-US: phpGACL
CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...)
@@ -138144,8 +138248,8 @@ CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
NOT-FOR-US: Pixar OpenUSD
-CVE-2020-13495
- RESERVED
+CVE-2020-13495 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
+ TODO: check
CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...)
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
@@ -158754,8 +158858,8 @@ CVE-2020-6101 (An exploitable code execution vulnerability exists in the Shader
NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll
CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atidxx64. ...)
NOT-FOR-US: AMD
-CVE-2020-6099
- RESERVED
+CVE-2020-6099 (An exploitable code execution vulnerability exists in the file format ...)
+ TODO: check
CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
- freediameter 1.2.1-8 (bug #985088)
[buster] - freediameter 1.2.1-7+deb10u1
@@ -454801,8 +454905,7 @@ CVE-2011-4919 (mpack 1.6 has information disclosure via eavesdropping on mails s
NOTE: http://openwall.com/lists/oss-security/2011/12/31/1
CVE-2011-4918 (Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009. ...)
NOT-FOR-US: Elxis CMS, Aphrodite
-CVE-2011-4917
- RESERVED
+CVE-2011-4917 (In the Linux kernel through 3.1 there is an information disclosure iss ...)
- linux <unfixed> (unimportant)
- linux-2.6 <removed> (unimportant)
NOTE: Minor info leak, unlikely to be fixed upstream
@@ -464711,8 +464814,8 @@ CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish functi
[lenny] - exim4 <not-affected> (vulnerable code not present)
CVE-2011-1763 (The get_free_port function in Xen allows local authenticated DomU user ...)
- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
-CVE-2011-1762
- RESERVED
+CVE-2011-1762 (A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'sc ...)
+ TODO: check
CVE-2011-1761 (Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) ...)
{DSA-2415-1}
- libmodplug 1:0.8.8.4-1 (low; bug #625966)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbbd3a2df2f83ca70aa33441060849f73c22ac1e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbbd3a2df2f83ca70aa33441060849f73c22ac1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220418/76e3cd94/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list