[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 17 20:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bfbe0a34 by security tracker role at 2022-02-17T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-25311
+ RESERVED
+CVE-2022-25310
+ RESERVED
+CVE-2022-25309
+ RESERVED
+CVE-2022-25308
+ RESERVED
+CVE-2022-25307
+ RESERVED
+CVE-2022-25306
+ RESERVED
+CVE-2022-25305
+ RESERVED
+CVE-2022-21158
+ RESERVED
+CVE-2022-0674
+ RESERVED
+CVE-2022-0673
+ RESERVED
+CVE-2022-0672
+ RESERVED
+CVE-2022-0671
+ RESERVED
+CVE-2022-0670
+ RESERVED
+CVE-2022-0669
+ RESERVED
+CVE-2022-0668
+ RESERVED
+CVE-2022-0667
+ RESERVED
+CVE-2022-0666
+ RESERVED
+CVE-2022-0665
+ RESERVED
+CVE-2022-0664
+ RESERVED
+CVE-2022-0663
+ RESERVED
+CVE-2022-0662
+ RESERVED
+CVE-2022-0661
+ RESERVED
+CVE-2022-0660
+ RESERVED
+CVE-2022-0659
+ RESERVED
+CVE-2022-0658
+ RESERVED
+CVE-2022-0657
+ RESERVED
+CVE-2022-0656
+ RESERVED
CVE-2022-XXXX [Arbitrary File Write Vulnerability ]
- libpgjava 42.3.3-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
@@ -159,10 +213,10 @@ CVE-2022-0641
RESERVED
CVE-2022-0640
RESERVED
-CVE-2022-0639
- RESERVED
-CVE-2022-0638
- RESERVED
+CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ TODO: check
+CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+ TODO: check
CVE-2022-0637
RESERVED
CVE-2022-0636
@@ -171,16 +225,16 @@ CVE-2022-0635
RESERVED
CVE-2022-0634
RESERVED
-CVE-2022-0633
- RESERVED
+CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
+ TODO: check
CVE-2022-0632
RESERVED
CVE-2022-0631
RESERVED
CVE-2022-0630
RESERVED
-CVE-2022-0629
- RESERVED
+CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0628
RESERVED
CVE-2022-0627
@@ -191,7 +245,8 @@ CVE-2022-0625
RESERVED
CVE-2022-0624
RESERVED
-CVE-2022-25271 [Improper input validation - SA-CORE-2022-003]
+CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...)
+ {DLA-2925-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2022-003
NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712
@@ -1598,8 +1653,8 @@ CVE-2022-24685
CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
- nomad <undetermined>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
-CVE-2022-24683
- RESERVED
+CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
+ TODO: check
CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
NOT-FOR-US: Zimbra
CVE-2022-24681
@@ -5248,8 +5303,8 @@ CVE-2022-23633 (Action Pack is a framework for handling and responding to web re
NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6)
NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1)
NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2)
-CVE-2022-23632
- RESERVED
+CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
+ TODO: check
CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
TODO: check
CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...)
@@ -6057,10 +6112,10 @@ CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on
NOT-FOR-US: XMPie
CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
NOT-FOR-US: XMPie uStore
-CVE-2022-23319
- RESERVED
-CVE-2022-23318
- RESERVED
+CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions >= ...)
+ TODO: check
+CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attac ...)
+ TODO: check
CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the ...)
NOT-FOR-US: CobaltStrike
CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
@@ -6155,8 +6210,8 @@ CVE-2021-46370
RESERVED
CVE-2021-46369
RESERVED
-CVE-2021-46368
- RESERVED
+CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...)
+ TODO: check
CVE-2021-46367
RESERVED
CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
@@ -7547,8 +7602,8 @@ CVE-2022-22914
RESERVED
CVE-2022-22913
RESERVED
-CVE-2022-22912
- RESERVED
+CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...)
+ TODO: check
CVE-2022-22911
RESERVED
CVE-2022-22910
@@ -7573,8 +7628,8 @@ CVE-2022-22901 (There is an Assertion in 'context_p->next_scanner_info_p->
TODO: check
CVE-2022-22900
RESERVED
-CVE-2022-22899
- RESERVED
+CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...)
+ TODO: check
CVE-2022-22898
RESERVED
CVE-2022-22897
@@ -7791,8 +7846,8 @@ CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Sp
TODO: check
CVE-2021-46248
RESERVED
-CVE-2021-46247
- RESERVED
+CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...)
+ TODO: check
CVE-2021-46246
RESERVED
CVE-2021-46245
@@ -14159,8 +14214,8 @@ CVE-2021-44870
RESERVED
CVE-2021-44869
RESERVED
-CVE-2021-44868
- RESERVED
+CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...)
+ TODO: check
CVE-2021-44867
RESERVED
CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
@@ -20781,8 +20836,8 @@ CVE-2022-20752
RESERVED
CVE-2022-20751
RESERVED
-CVE-2022-20750
- RESERVED
+CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
+ TODO: check
CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
NOT-FOR-US: Cisco Small Business RV Series Routers
CVE-2022-20748
@@ -20968,8 +21023,8 @@ CVE-2022-20661
RESERVED
CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
NOT-FOR-US: Cisco
-CVE-2022-20659
- RESERVED
+CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20657
@@ -20980,8 +21035,8 @@ CVE-2022-20655
RESERVED
CVE-2022-20654
RESERVED
-CVE-2022-20653
- RESERVED
+CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...)
+ TODO: check
CVE-2022-20652
RESERVED
CVE-2022-20651
@@ -26388,7 +26443,7 @@ CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815
NOT-FOR-US: ARCHIBUS Web Central
CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
NOT-FOR-US: ARCHIBUS Web Central
-CVE-2021-41552 (CommScope URFboard SBG6950AC2 9.1.103AA23 devices allow Command Inject ...)
+CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...)
NOT-FOR-US: CommScope
CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
NOT-FOR-US: Leostream Connection Broker
@@ -32649,8 +32704,8 @@ CVE-2021-39036
RESERVED
CVE-2021-39035
RESERVED
-CVE-2021-39034
- RESERVED
+CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
+ TODO: check
CVE-2021-39033
RESERVED
CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...)
@@ -86508,7 +86563,7 @@ CVE-2020-28887
RESERVED
CVE-2020-28886
RESERVED
-CVE-2020-28885 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
+CVE-2020-28885 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is ...)
NOT-FOR-US: Liferay
CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
NOT-FOR-US: Liferay
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfbe0a34611bb280a8f054c67ece4707aaaa85d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfbe0a34611bb280a8f054c67ece4707aaaa85d4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220217/bdd202af/attachment.htm>
More information about the debian-security-tracker-commits
mailing list