[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 18 08:10:39 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f003b387 by security tracker role at 2022-02-18T08:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,34 @@
-CVE-2022-25315 [integer overflow in storeRawNames]
+CVE-2022-25323
+ RESERVED
+CVE-2022-25322
+ RESERVED
+CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
+ TODO: check
+CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
+ TODO: check
+CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...)
+ TODO: check
+CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...)
+ TODO: check
+CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...)
+ TODO: check
+CVE-2022-25316
+ RESERVED
+CVE-2022-25312
+ RESERVED
+CVE-2022-21132
+ RESERVED
+CVE-2022-0676
+ RESERVED
+CVE-2022-0675
+ RESERVED
+CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
- expat <unfixed>
NOTE: https://github.com/libexpat/libexpat/pull/559
-CVE-2022-25314 [integer overflow in copyString]
+CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
- expat <unfixed>
NOTE: https://github.com/libexpat/libexpat/pull/560
-CVE-2022-25313 [stack exhaustion in build_model]
+CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex ...)
- expat <unfixed>
NOTE: https://github.com/libexpat/libexpat/pull/558
CVE-2022-25311
@@ -506,48 +530,56 @@ CVE-2022-25147
RESERVED
CVE-2022-0610
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0609
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0608
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0607
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0606
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0605
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0604
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
CVE-2022-0603
RESERVED
+ {DSA-5079-1}
- chromium 98.0.4758.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -5284,8 +5316,8 @@ CVE-2022-23648
RESERVED
CVE-2022-23647
RESERVED
-CVE-2022-23646
- RESERVED
+CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
+ TODO: check
CVE-2022-23645
RESERVED
CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
@@ -6369,18 +6401,18 @@ CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to c
NOT-FOR-US: Tenda
CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked se ...)
NOT-FOR-US: OpenZeppelin
-CVE-2021-46319
- RESERVED
+CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...)
+ TODO: check
CVE-2021-46318
RESERVED
CVE-2021-46317
RESERVED
CVE-2021-46316
RESERVED
-CVE-2021-46315
- RESERVED
-CVE-2021-46314
- RESERVED
+CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...)
+ TODO: check
+CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...)
+ TODO: check
CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
@@ -7603,8 +7635,8 @@ CVE-2022-22924
RESERVED
CVE-2022-22923
RESERVED
-CVE-2022-22922
- RESERVED
+CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...)
+ TODO: check
CVE-2022-22921
RESERVED
CVE-2022-22920
@@ -7615,12 +7647,12 @@ CVE-2022-22918
RESERVED
CVE-2022-22917
RESERVED
-CVE-2022-22916
- RESERVED
+CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...)
+ TODO: check
CVE-2022-22915
RESERVED
-CVE-2022-22914
- RESERVED
+CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...)
+ TODO: check
CVE-2022-22913
RESERVED
CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...)
@@ -9825,8 +9857,8 @@ CVE-2021-46110
RESERVED
CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...)
NOT-FOR-US: ASUS
-CVE-2021-46108
- RESERVED
+CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...)
+ TODO: check
CVE-2021-46107
RESERVED
CVE-2021-46106
@@ -12448,8 +12480,8 @@ CVE-2021-45384
RESERVED
CVE-2021-45383
RESERVED
-CVE-2021-45382
- RESERVED
+CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...)
+ TODO: check
CVE-2021-45381
RESERVED
CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...)
@@ -13561,8 +13593,7 @@ CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and
NOT-FOR-US: Adobe
CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
NOT-FOR-US: Adobe
-CVE-2021-4120
- RESERVED
+CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...)
- snapd <unfixed>
NOTE: https://bugs.launchpad.net/snapd/+bug/1949368
CVE-2021-45050
@@ -14784,12 +14815,10 @@ CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory
- mbedtls 2.28.0-0.3 (bug #1002631)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
-CVE-2021-44731
- RESERVED
+CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...)
- snapd <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
-CVE-2021-44730
- RESERVED
+CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
- snapd <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
CVE-2021-44729
@@ -26349,8 +26378,8 @@ CVE-2021-41601
RESERVED
CVE-2021-41600
RESERVED
-CVE-2021-41599
- RESERVED
+CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ TODO: check
CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...)
@@ -67736,8 +67765,7 @@ CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result
NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89
NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783
NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3
-CVE-2021-3155
- RESERVED
+CVE-2021-3155 (snapd 2.54.2 and earlier created ~/snap directories in user home direc ...)
- snapd 2.54-1
NOTE: https://github.com/snapcore/snapd/pull/9841
NOTE: https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 (2.52)
@@ -384099,8 +384127,8 @@ CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtim
NOTE: webkit not covered by security support
CVE-2014-8599
RESERVED
-CVE-2014-8597
- RESERVED
+CVE-2014-8597 (A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.0 ...)
+ TODO: check
CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...)
NOT-FOR-US: PHP-Fusion
CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f003b38711d163db5d0171bd335adab0f3d4d4e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f003b38711d163db5d0171bd335adab0f3d4d4e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220218/0789422b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list