[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Feb 20 20:10:28 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
751c6f77 by security tracker role at 2022-02-20T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-25371
+	RESERVED
+CVE-2022-25370
+	RESERVED
+CVE-2022-25355
+	RESERVED
+CVE-2022-0694
+	RESERVED
+CVE-2022-0693
+	RESERVED
+CVE-2022-0692
+	RESERVED
+CVE-2022-0691
+	RESERVED
 CVE-2022-25369
 	RESERVED
 CVE-2022-25368
@@ -6,14 +20,14 @@ CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/mi
 	NOT-FOR-US: microweber
 CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...)
 	NOT-FOR-US: microweber
-CVE-2022-0688
-	RESERVED
+CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+	TODO: check
 CVE-2022-0687
 	RESERVED
-CVE-2022-0686
-	RESERVED
-CVE-2022-0685
-	RESERVED
+CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+	TODO: check
+CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
+	TODO: check
 CVE-2022-0684
 	RESERVED
 CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
@@ -4931,8 +4945,8 @@ CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...
 	NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
 	NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
 	NOTE: loguru documents security considerations and best practices to follow
-CVE-2022-23848
-	RESERVED
+CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the input str ...)
+	TODO: check
 CVE-2022-23847
 	RESERVED
 CVE-2022-23846
@@ -7484,10 +7498,10 @@ CVE-2022-23056
 	RESERVED
 CVE-2022-23055
 	RESERVED
-CVE-2022-23054
-	RESERVED
-CVE-2022-23053
-	RESERVED
+CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via  ...)
+	TODO: check
+CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via  ...)
+	TODO: check
 CVE-2022-23052
 	RESERVED
 CVE-2022-23051
@@ -12253,8 +12267,8 @@ CVE-2022-22128
 	RESERVED
 CVE-2022-22127
 	RESERVED
-CVE-2022-22126
-	RESERVED
+CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via  ...)
+	TODO: check
 CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored  ...)
 	NOT-FOR-US: Halo
 CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored  ...)
@@ -13640,12 +13654,12 @@ CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x b
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
 CVE-2021-45084
 	RESERVED
-CVE-2021-45083
-	RESERVED
-CVE-2021-45082 (An issue was discovered in Cobbler through 3.3.0. In the templar.py fi ...)
+CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...)
+	TODO: check
+CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...)
 	- cobbler <removed>
-CVE-2021-45081
-	RESERVED
+CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several  ...)
+	TODO: check
 CVE-2021-45080
 	RESERVED
 CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...)
@@ -14101,8 +14115,8 @@ CVE-2021-45009
 	RESERVED
 CVE-2021-45008
 	RESERVED
-CVE-2021-45007
-	RESERVED
+CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...)
+	TODO: check
 CVE-2021-45006
 	RESERVED
 CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...)
@@ -19424,7 +19438,7 @@ CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail
 	- atmailopen <removed>
 CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
 	NOT-FOR-US: Realtek
-CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (ecdsa-pyth ...)
+CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...)
 	NOT-FOR-US: Stark bank libraries
 CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...)
 	NOT-FOR-US: Stark bank libraries
@@ -336031,7 +336045,7 @@ CVE-2016-1000103
 	REJECTED
 CVE-2016-1000102
 	REJECTED
-CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
+CVE-2016-1000027 (Pivotal Spring Framework through 5.3.16 suffers from a potential remot ...)
 	- libspring-java 4.2.7-1 (unimportant)
 	NOTE: https://www.tenable.com/security/research/tra-2016-20
 	NOTE: This is not a vulnerability in Spring itself, just how applications are using it



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/751c6f7714bc3c311aa737171e736c421a53fa37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/751c6f7714bc3c311aa737171e736c421a53fa37
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220220/a407beb9/attachment.htm>

More information about the debian-security-tracker-commits mailing list