[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 8 20:10:33 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a4c79b5 by security tracker role at 2022-02-08T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-24671
+ RESERVED
+CVE-2022-24670
+ RESERVED
+CVE-2022-24669
+ RESERVED
+CVE-2022-0547
+ RESERVED
+CVE-2022-0546
+ RESERVED
+CVE-2022-0545
+ RESERVED
+CVE-2022-0544
+ RESERVED
+CVE-2022-0543
+ RESERVED
+CVE-2022-0542
+ RESERVED
+CVE-2022-0541
+ RESERVED
+CVE-2022-0540
+ RESERVED
+CVE-2022-0539
+ RESERVED
+CVE-2022-0538
+ RESERVED
+CVE-2022-0537
+ RESERVED
+CVE-2022-0536
+ RESERVED
+CVE-2022-0535
+ RESERVED
+CVE-2022-0534
+ RESERVED
+CVE-2022-0533
+ RESERVED
+CVE-2022-0532
+ RESERVED
+CVE-2022-0531
+ RESERVED
+CVE-2022-0530
+ RESERVED
+CVE-2022-0529
+ RESERVED
+CVE-2021-46681
+ RESERVED
+CVE-2021-46680
+ RESERVED
+CVE-2021-46679
+ RESERVED
+CVE-2021-46678
+ RESERVED
+CVE-2021-46677
+ RESERVED
+CVE-2021-46676
+ RESERVED
CVE-2022-24668
RESERVED
CVE-2022-24667
@@ -537,20 +593,20 @@ CVE-2022-0511
RESERVED
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511
-CVE-2022-0510
- RESERVED
-CVE-2022-0509
- RESERVED
-CVE-2022-0508
- RESERVED
+CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore pr ...)
+ TODO: check
+CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ TODO: check
+CVE-2022-0508 (Server-Side Request Forgery (SSRF) in NPM @peertube/embed-api prior to ...)
+ TODO: check
CVE-2022-0507
RESERVED
-CVE-2022-0506
- RESERVED
-CVE-2022-0505
- RESERVED
-CVE-2022-0504
- RESERVED
+CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ TODO: check
+CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+ TODO: check
+CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ TODO: check
CVE-2022-0503
RESERVED
CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
@@ -674,8 +730,8 @@ CVE-2022-24385
RESERVED
CVE-2022-24384
RESERVED
-CVE-2022-21241
- RESERVED
+CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
+ TODO: check
CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...)
- linux <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
@@ -899,10 +955,10 @@ CVE-2022-24288
RESERVED
CVE-2022-24287
RESERVED
-CVE-2022-21799
- RESERVED
-CVE-2022-21173
- RESERVED
+CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...)
+ TODO: check
+CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...)
+ TODO: check
CVE-2022-0470
RESERVED
{DSA-5068-1}
@@ -2969,10 +3025,10 @@ CVE-2022-23814
RESERVED
CVE-2022-23813
RESERVED
-CVE-2022-22146
- RESERVED
-CVE-2022-21193
- RESERVED
+CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...)
+ TODO: check
+CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
+ TODO: check
CVE-2022-21176
RESERVED
CVE-2022-21143
@@ -4189,8 +4245,8 @@ CVE-2022-23342
RESERVED
CVE-2022-23341
RESERVED
-CVE-2022-23340
- RESERVED
+CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
+ TODO: check
CVE-2022-23339
RESERVED
CVE-2022-23338
@@ -4207,8 +4263,8 @@ CVE-2022-23333
RESERVED
CVE-2022-23332
RESERVED
-CVE-2022-23331
- RESERVED
+CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...)
+ TODO: check
CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
NOT-FOR-US: jpress
CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
@@ -4605,10 +4661,10 @@ CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserializ
[bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
[buster] - apache-log4j1.2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
-CVE-2022-22142
- RESERVED
-CVE-2022-21805
- RESERVED
+CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...)
+ TODO: check
+CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...)
+ TODO: check
CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
NOT-FOR-US: Crater
CVE-2022-0241
@@ -5150,6 +5206,7 @@ CVE-2022-23136
CVE-2022-23135
RESERVED
CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
+ {DLA-2914-1}
- zabbix <unfixed>
NOTE: https://support.zabbix.com/browse/ZBX-20384
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2)
@@ -6733,8 +6790,8 @@ CVE-2022-22709
RESERVED
CVE-2022-21806
RESERVED
-CVE-2022-0139
- RESERVED
+CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
+ TODO: check
CVE-2022-0138
RESERVED
CVE-2022-0137
@@ -10624,14 +10681,14 @@ CVE-2021-45330
RESERVED
CVE-2021-45329
RESERVED
-CVE-2021-45328
- RESERVED
-CVE-2021-45327
- RESERVED
-CVE-2021-45326
- RESERVED
-CVE-2021-45325
- RESERVED
+CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
+ TODO: check
+CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...)
+ TODO: check
+CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...)
+ TODO: check
+CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...)
+ TODO: check
CVE-2021-45324
RESERVED
CVE-2021-45323
@@ -12064,10 +12121,10 @@ CVE-2021-44959
RESERVED
CVE-2021-44958
RESERVED
-CVE-2021-44957
- RESERVED
-CVE-2021-44956
- RESERVED
+CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...)
+ TODO: check
+CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...)
+ TODO: check
CVE-2021-44955
RESERVED
CVE-2021-44954
@@ -12279,8 +12336,8 @@ CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.
NOT-FOR-US: Online-Movie-Ticket-Booking-System
CVE-2021-44865
RESERVED
-CVE-2021-44864
- RESERVED
+CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...)
+ TODO: check
CVE-2021-44863
RESERVED
CVE-2021-44862
@@ -43810,7 +43867,7 @@ CVE-2021-33627 (A vulnerability exists in SMM (System Management Mode) branch th
NOT-FOR-US: Insyde
CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
NOT-FOR-US: Insyde
-CVE-2021-33625 (An issue was discovered in Kernel 5.x (starting from 5.1) in Insyde In ...)
+CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...)
NOT-FOR-US: Insyde
CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
{DLA-2785-1}
@@ -77413,8 +77470,8 @@ CVE-2021-20879
RESERVED
CVE-2021-20878
RESERVED
-CVE-2021-20877
- RESERVED
+CVE-2021-20877 (Cross-site scripting vulnerability in Canon laser printers and small o ...)
+ TODO: check
CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...)
NOT-FOR-US: GroupSession
CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c79b5efb82cf86c29202705538733d8be803d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c79b5efb82cf86c29202705538733d8be803d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220208/8e07cb9e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list