[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 9 20:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
45b7715e by security tracker role at 2022-02-09T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-24699
+ RESERVED
+CVE-2022-24698
+ RESERVED
+CVE-2022-24697
+ RESERVED
+CVE-2022-0551
+ RESERVED
+CVE-2022-0550
+ RESERVED
+CVE-2022-0549
+ RESERVED
+CVE-2022-0548
+ RESERVED
CVE-2022-24696
RESERVED
CVE-2022-24695
@@ -80,14 +94,14 @@ CVE-2022-0541
RESERVED
CVE-2022-0540
RESERVED
-CVE-2022-0539
- RESERVED
-CVE-2022-0538
- RESERVED
+CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
+ TODO: check
+CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
+ TODO: check
CVE-2022-0537
RESERVED
-CVE-2022-0536
- RESERVED
+CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
+ TODO: check
CVE-2022-0535
RESERVED
CVE-2022-0534
@@ -129,15 +143,15 @@ CVE-2022-24666
RESERVED
CVE-2022-0528
RESERVED
-CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...)
+CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
TODO: check
-CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-co ...)
+CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
TODO: check
CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
TODO: check
-CVE-2022-0524 (Business Logic Errors in Rubygems typo prior to 9.2.7. ...)
+CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
TODO: check
-CVE-2022-0523 (Expired Pointer Dereference in NPM radare2.js prior to 5.6.2. ...)
+CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
TODO: check
CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...)
TODO: check
@@ -147,7 +161,7 @@ CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...)
TODO: check
CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...)
TODO: check
-CVE-2022-0518 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.2. ...)
+CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
TODO: check
CVE-2022-0517
RESERVED
@@ -664,7 +678,7 @@ CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimco
NOT-FOR-US: pimcore
CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
-CVE-2022-0508 (Server-Side Request Forgery (SSRF) in NPM @peertube/embed-api prior to ...)
+CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...)
TODO: check
CVE-2022-0507
RESERVED
@@ -4263,8 +4277,8 @@ CVE-2022-23380
RESERVED
CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
NOT-FOR-US: Emlog
-CVE-2022-23378
- RESERVED
+CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...)
+ TODO: check
CVE-2022-23377
RESERVED
CVE-2022-23376
@@ -4495,8 +4509,8 @@ CVE-2021-46362
RESERVED
CVE-2021-46361
RESERVED
-CVE-2021-46360
- RESERVED
+CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
+ TODO: check
CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
NOT-FOR-US: FISCO-BCOS
CVE-2021-46358
@@ -4507,8 +4521,8 @@ CVE-2021-46356
RESERVED
CVE-2021-46355
RESERVED
-CVE-2021-46354
- RESERVED
+CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
+ TODO: check
CVE-2021-46353
RESERVED
CVE-2021-46352
@@ -4655,8 +4669,8 @@ CVE-2021-46306
RESERVED
CVE-2021-46305
RESERVED
-CVE-2022-23312
- RESERVED
+CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ TODO: check
CVE-2022-23311
RESERVED
CVE-2022-23310
@@ -4816,30 +4830,30 @@ CVE-2022-23282
RESERVED
CVE-2022-23281
RESERVED
-CVE-2022-23280
- RESERVED
+CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2022-23279
RESERVED
CVE-2022-23278
RESERVED
CVE-2022-23277
RESERVED
-CVE-2022-23276
- RESERVED
+CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-23275
RESERVED
-CVE-2022-23274
- RESERVED
-CVE-2022-23273
- RESERVED
-CVE-2022-23272
- RESERVED
-CVE-2022-23271
- RESERVED
+CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ TODO: check
CVE-2022-23270
RESERVED
-CVE-2022-23269
- RESERVED
+CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...)
+ TODO: check
CVE-2022-23268
RESERVED
CVE-2022-23267
@@ -4864,16 +4878,16 @@ CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23257
RESERVED
-CVE-2022-23256
- RESERVED
-CVE-2022-23255
- RESERVED
-CVE-2022-23254
- RESERVED
+CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-23253
RESERVED
-CVE-2022-23252
- RESERVED
+CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-23251
RESERVED
CVE-2022-23250
@@ -5389,8 +5403,8 @@ CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non
NOT-FOR-US: Jenkins plugin
CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-23102
- RESERVED
+CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...)
NOT-FOR-US: Reolink
CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...)
@@ -5438,6 +5452,7 @@ CVE-2022-23100
CVE-2022-23099
RESERVED
CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
+ {DLA-2915-1}
- connman <unfixed> (bug #1004935)
[bullseye] - connman <no-dsa> (Minor issue)
[buster] - connman <no-dsa> (Minor issue)
@@ -5446,6 +5461,7 @@ CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5
CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...)
+ {DLA-2915-1}
- connman <unfixed> (bug #1004935)
[bullseye] - connman <no-dsa> (Minor issue)
[buster] - connman <no-dsa> (Minor issue)
@@ -5453,6 +5469,7 @@ CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40
NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
+ {DLA-2915-1}
- connman <unfixed> (bug #1004935)
[bullseye] - connman <no-dsa> (Minor issue)
[buster] - connman <no-dsa> (Minor issue)
@@ -6570,12 +6587,14 @@ CVE-2022-22765
RESERVED
CVE-2022-22764
RESERVED
+ {DSA-5069-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764
CVE-2022-22763
RESERVED
+ {DSA-5069-1 DLA-2916-1}
- firefox-esr 91.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763
CVE-2022-22762
@@ -6584,18 +6603,21 @@ CVE-2022-22762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762
CVE-2022-22761
RESERVED
+ {DSA-5069-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761
CVE-2022-22760
RESERVED
+ {DSA-5069-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760
CVE-2022-22759
RESERVED
+ {DSA-5069-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22759
@@ -6611,6 +6633,7 @@ CVE-2022-22757
TODO: check if WebDriver enabled, if not demote severity to unimportant
CVE-2022-22756
RESERVED
+ {DSA-5069-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756
@@ -6621,6 +6644,7 @@ CVE-2022-22755
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755
CVE-2022-22754
RESERVED
+ {DSA-5069-1 DLA-2916-1}
- firefox 97.0-1
- firefox-esr 91.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754
@@ -6781,7 +6805,7 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <unfixed>
CVE-2022-0150
RESERVED
-CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...)
+CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...)
NOT-FOR-US: WordPress plugin
@@ -6793,28 +6817,28 @@ CVE-2022-0145
RESERVED
CVE-2021-46162
RESERVED
-CVE-2021-46161
- RESERVED
-CVE-2021-46160
- RESERVED
-CVE-2021-46159
- RESERVED
-CVE-2021-46158
- RESERVED
-CVE-2021-46157
- RESERVED
-CVE-2021-46156
- RESERVED
-CVE-2021-46155
- RESERVED
-CVE-2021-46154
- RESERVED
-CVE-2021-46153
- RESERVED
-CVE-2021-46152
- RESERVED
-CVE-2021-46151
- RESERVED
+CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
+CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ TODO: check
CVE-2022-22732
RESERVED
CVE-2022-22731
@@ -6865,26 +6889,26 @@ CVE-2022-22720
RESERVED
CVE-2022-22719
RESERVED
-CVE-2022-22718
- RESERVED
-CVE-2022-22717
- RESERVED
-CVE-2022-22716
- RESERVED
-CVE-2022-22715
- RESERVED
+CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-22714
RESERVED
CVE-2022-22713
RESERVED
-CVE-2022-22712
- RESERVED
+CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2022-22711
RESERVED
-CVE-2022-22710
- RESERVED
-CVE-2022-22709
- RESERVED
+CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-21806
RESERVED
CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
@@ -10780,10 +10804,10 @@ CVE-2021-45333
RESERVED
CVE-2021-45332
RESERVED
-CVE-2021-45331
- RESERVED
-CVE-2021-45330
- RESERVED
+CVE-2021-45331 (An Authentication Bypass vulnerability exists in Gitea before 1.5.0, w ...)
+ TODO: check
+CVE-2021-45330 (An issue exsits in Gitea through 1.15.7, which could let a malicious u ...)
+ TODO: check
CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...)
TODO: check
CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
@@ -11134,56 +11158,56 @@ CVE-2022-22007
RESERVED
CVE-2022-22006
RESERVED
-CVE-2022-22005
- RESERVED
-CVE-2022-22004
- RESERVED
-CVE-2022-22003
- RESERVED
-CVE-2022-22002
- RESERVED
-CVE-2022-22001
- RESERVED
-CVE-2022-22000
- RESERVED
-CVE-2022-21999
- RESERVED
-CVE-2022-21998
- RESERVED
-CVE-2022-21997
- RESERVED
-CVE-2022-21996
- RESERVED
-CVE-2022-21995
- RESERVED
-CVE-2022-21994
- RESERVED
-CVE-2022-21993
- RESERVED
-CVE-2022-21992
- RESERVED
-CVE-2022-21991
- RESERVED
+CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ TODO: check
+CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
+CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ TODO: check
+CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ TODO: check
+CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...)
+ TODO: check
CVE-2022-21990
RESERVED
-CVE-2022-21989
- RESERVED
-CVE-2022-21988
- RESERVED
-CVE-2022-21987
- RESERVED
-CVE-2022-21986
- RESERVED
-CVE-2022-21985
- RESERVED
-CVE-2022-21984
- RESERVED
+CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
+ TODO: check
+CVE-2022-21986 (.NET Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ TODO: check
+CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-21983
RESERVED
CVE-2022-21982
RESERVED
-CVE-2022-21981
- RESERVED
+CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ TODO: check
CVE-2022-21980
RESERVED
CVE-2022-21979
@@ -11196,26 +11220,26 @@ CVE-2022-21976
RESERVED
CVE-2022-21975
RESERVED
-CVE-2022-21974
- RESERVED
+CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...)
+ TODO: check
CVE-2022-21973
RESERVED
CVE-2022-21972
RESERVED
-CVE-2022-21971
- RESERVED
+CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
NOT-FOR-US: Microsoft
-CVE-2022-21968
- RESERVED
+CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...)
+ TODO: check
CVE-2022-21967
RESERVED
CVE-2022-21966
RESERVED
-CVE-2022-21965
- RESERVED
+CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
@@ -11230,8 +11254,8 @@ CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulne
NOT-FOR-US: Microsoft
CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-21957
- RESERVED
+CVE-2022-21957 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ TODO: check
CVE-2022-21956
RESERVED
CVE-2022-21955
@@ -11488,8 +11512,8 @@ CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before
NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26)
-CVE-2021-45106
- RESERVED
+CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...)
+ TODO: check
CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
NOT-FOR-US: Emerson
CVE-2021-44462
@@ -11836,10 +11860,10 @@ CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil
NOT-FOR-US: Microsoft
CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-21927
- RESERVED
-CVE-2022-21926
- RESERVED
+CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
+CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...)
@@ -12002,8 +12026,8 @@ CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. T
NOT-FOR-US: Microsoft
CVE-2022-21845
RESERVED
-CVE-2022-21844
- RESERVED
+CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ TODO: check
CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability. ...)
@@ -12345,10 +12369,10 @@ CVE-2021-44914
RESERVED
CVE-2021-44913
RESERVED
-CVE-2021-44912
- RESERVED
-CVE-2021-44911
- RESERVED
+CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...)
+ TODO: check
+CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...)
+ TODO: check
CVE-2021-44910
RESERVED
CVE-2021-44909
@@ -15139,12 +15163,12 @@ CVE-2021-3978
RESERVED
CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: invoiceninja
-CVE-2021-44018
- RESERVED
+CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ TODO: check
CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: Siemens
-CVE-2021-44016
- RESERVED
+CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ TODO: check
CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: Siemens
CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
@@ -15175,8 +15199,8 @@ CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions <
NOT-FOR-US: Siemens
CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
NOT-FOR-US: Siemens
-CVE-2021-44000
- RESERVED
+CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ TODO: check
CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
- guacamole-client <unfixed>
[stretch] - guacamole-client <not-affected> (SAML is not supported)
@@ -24910,10 +24934,10 @@ CVE-2021-41444
RESERVED
CVE-2021-41443
RESERVED
-CVE-2021-41442
- RESERVED
-CVE-2021-41441
- RESERVED
+CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...)
+ TODO: check
+CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...)
+ TODO: check
CVE-2021-41440
RESERVED
CVE-2021-41439
@@ -25176,8 +25200,8 @@ CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of O
NOT-FOR-US: fabiocaccamo/utils.js
CVE-2021-3814
RESERVED
-CVE-2021-3813
- RESERVED
+CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...)
+ TODO: check
CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
NOT-FOR-US: NETGEAR
CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
@@ -26393,8 +26417,8 @@ CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite
NOTE: https://github.com/aresch/rencode/pull/29
CVE-2021-40838
RESERVED
-CVE-2021-40837
- RESERVED
+CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...)
+ TODO: check
CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
NOT-FOR-US: F-Secure
CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
@@ -27581,14 +27605,14 @@ CVE-2021-40365
RESERVED
CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
NOT-FOR-US: Siemens
-CVE-2021-40363
- RESERVED
+CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ TODO: check
CVE-2021-40362
RESERVED
CVE-2021-40361
RESERVED
-CVE-2021-40360
- RESERVED
+CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ TODO: check
CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
NOT-FOR-US: Siemens
CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
@@ -33957,17 +33981,17 @@ CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipb
CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
- mattermost-server <itp> (bug #823556)
CVE-2021-37858
- RESERVED
+ REJECTED
CVE-2021-37857
- RESERVED
+ REJECTED
CVE-2021-37856
- RESERVED
+ REJECTED
CVE-2021-37855
- RESERVED
+ REJECTED
CVE-2021-37854
- RESERVED
+ REJECTED
CVE-2021-37853
- RESERVED
+ REJECTED
CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...)
TODO: check
CVE-2021-37851
@@ -35507,10 +35531,10 @@ CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (
NOT-FOR-US: Siemens
CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
NOT-FOR-US: Siemens
-CVE-2021-37205
- RESERVED
-CVE-2021-37204
- RESERVED
+CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
+CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
NOT-FOR-US: Siemens
CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
@@ -35521,16 +35545,16 @@ CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions &
NOT-FOR-US: Siemens
CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...)
NOT-FOR-US: Siemens
-CVE-2021-37198 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
NOT-FOR-US: Siemens
-CVE-2021-37197 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
NOT-FOR-US: Siemens
-CVE-2021-37196 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
NOT-FOR-US: Siemens
-CVE-2021-37195 (A vulnerability has been identified in COMOS (All versions < V10.4. ...)
+CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
NOT-FOR-US: Siemens
-CVE-2021-37194
- RESERVED
+CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ TODO: check
CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -35547,8 +35571,8 @@ CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-0
NOT-FOR-US: Digi TransPort devices
CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2021-37185
- RESERVED
+CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ TODO: check
CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...)
NOT-FOR-US: Siemens
CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -43439,6 +43463,7 @@ CVE-2021-33835
CVE-2021-33834
RESERVED
CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
+ {DLA-2915-1}
- connman 1.36-2.2 (bug #989662)
[buster] - connman 1.36-2.1~deb10u2
NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1
@@ -63778,8 +63803,8 @@ CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.
NOT-FOR-US: Node deep-override
CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
- arangodb <itp> (bug #761817)
-CVE-2021-25939
- RESERVED
+CVE-2021-25939 (In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...)
+ TODO: check
CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
- arangodb <itp> (bug #761817)
CVE-2021-25937
@@ -80045,33 +80070,33 @@ CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWal
CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...)
NOT-FOR-US: SonicWall
CVE-2021-20015
- RESERVED
+ REJECTED
CVE-2021-20014
- RESERVED
+ REJECTED
CVE-2021-20013
- RESERVED
+ REJECTED
CVE-2021-20012
- RESERVED
+ REJECTED
CVE-2021-20011
- RESERVED
+ REJECTED
CVE-2021-20010
- RESERVED
+ REJECTED
CVE-2021-20009
- RESERVED
+ REJECTED
CVE-2021-20008
- RESERVED
+ REJECTED
CVE-2021-20007
- RESERVED
+ REJECTED
CVE-2021-20006
- RESERVED
+ REJECTED
CVE-2021-20005
- RESERVED
+ REJECTED
CVE-2021-20004
- RESERVED
+ REJECTED
CVE-2021-20003
- RESERVED
+ REJECTED
CVE-2021-20002
- RESERVED
+ REJECTED
CVE-2021-20001
RESERVED
- debian-edu-config 2.12.16
@@ -177022,7 +177047,7 @@ CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: Siemens
CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Siemens
-CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...)
+CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...)
NOT-FOR-US: Siemens
@@ -199250,7 +199275,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv
NOT-FOR-US: Siemens
CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...)
NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...)
+CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, S ...)
NOT-FOR-US: Siemens
CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
@@ -226386,7 +226411,7 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
NOT-FOR-US: PDF-XChange Editor
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
NOT-FOR-US: MediaComm Zip-n-Go
-CVE-2018-16301
+CVE-2018-16301 (The command-line argument parser in tcpdump before 4.99.0 has a buffer ...)
- tcpdump 4.99.0-1
NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd
@@ -316874,7 +316899,7 @@ CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/
NOT-FOR-US: Siemens
CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a Denial- ...)
+CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial ...)
NOT-FOR-US: Siemens
CVE-2017-2679
REJECTED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45b7715ea658f1816bb22ba51f701945f70bb735
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45b7715ea658f1816bb22ba51f701945f70bb735
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220209/544782dd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list