[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 21 20:10:33 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce1a7f37 by security tracker role at 2022-02-21T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2022-25622
+ RESERVED
+CVE-2022-25621
+ RESERVED
+CVE-2022-25620
+ RESERVED
+CVE-2022-25619
+ RESERVED
+CVE-2022-25618
+ RESERVED
+CVE-2022-25617
+ RESERVED
+CVE-2022-25616
+ RESERVED
+CVE-2022-25615
+ RESERVED
+CVE-2022-25614
+ RESERVED
+CVE-2022-25613
+ RESERVED
+CVE-2022-25612
+ RESERVED
+CVE-2022-25611
+ RESERVED
+CVE-2022-25610
+ RESERVED
+CVE-2022-25609
+ RESERVED
+CVE-2022-25608
+ RESERVED
+CVE-2022-25607
+ RESERVED
+CVE-2022-25606
+ RESERVED
+CVE-2022-25605
+ RESERVED
+CVE-2022-25604
+ RESERVED
+CVE-2022-25603
+ RESERVED
+CVE-2022-25602
+ RESERVED
+CVE-2022-25601
+ RESERVED
+CVE-2022-25600
+ RESERVED
+CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...)
+ TODO: check
+CVE-2022-25598
+ RESERVED
+CVE-2022-0712
+ RESERVED
+CVE-2022-0711
+ RESERVED
+CVE-2022-0710
+ RESERVED
+CVE-2022-0709
+ RESERVED
+CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
+ TODO: check
+CVE-2022-0707
+ RESERVED
+CVE-2022-0706
+ RESERVED
+CVE-2022-0705
+ RESERVED
+CVE-2022-0704
+ RESERVED
+CVE-2022-0703
+ RESERVED
+CVE-2022-0702
+ RESERVED
+CVE-2022-0701
+ RESERVED
+CVE-2022-0700
+ RESERVED
+CVE-2022-0699
+ RESERVED
CVE-2022-25597
RESERVED
CVE-2022-25596
@@ -472,10 +550,10 @@ CVE-2022-0694
RESERVED
CVE-2022-0693
RESERVED
-CVE-2022-0692
- RESERVED
-CVE-2022-0691
- RESERVED
+CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
+ TODO: check
+CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ TODO: check
CVE-2022-25369
RESERVED
CVE-2022-25368
@@ -712,8 +790,8 @@ CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe
TODO: check
CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...)
NOT-FOR-US: webcc
-CVE-2022-25297
- RESERVED
+CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...)
+ TODO: check
CVE-2022-25296
RESERVED
CVE-2022-25295
@@ -1822,8 +1900,8 @@ CVE-2022-24917
RESERVED
CVE-2022-24911
RESERVED
-CVE-2022-0564
- RESERVED
+CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...)
+ TODO: check
CVE-2022-24916 (Optimism before @eth-optimism/l2geth at 0.5.11 allows economic griefing b ...)
NOT-FOR-US: Optimism
CVE-2022-24908
@@ -2715,8 +2793,8 @@ CVE-2022-24555
RESERVED
CVE-2022-24554
RESERVED
-CVE-2022-24553
- RESERVED
+CVE-2022-24553 (An issue was found in Zfaka <= 1.4.5. The verification of the backg ...)
+ TODO: check
CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...)
NOT-FOR-US: StarWind
CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...)
@@ -3371,8 +3449,8 @@ CVE-2022-24302
RESERVED
CVE-2022-24296
RESERVED
-CVE-2022-24295
- RESERVED
+CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...)
+ TODO: check
CVE-2022-22986
RESERVED
CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
@@ -4649,10 +4727,10 @@ CVE-2022-23988
RESERVED
CVE-2022-23987
RESERVED
-CVE-2022-23984
- RESERVED
-CVE-2022-23983
- RESERVED
+CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...)
+ TODO: check
+CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...)
+ TODO: check
CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
NOT-FOR-US: WordPress plugin
CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
@@ -5550,8 +5628,8 @@ CVE-2022-0327
RESERVED
CVE-2021-46403
RESERVED
-CVE-2021-4208
- RESERVED
+CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...)
+ TODO: check
CVE-2022-23809
RESERVED
CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...)
@@ -6371,8 +6449,8 @@ CVE-2022-23457
RESERVED
CVE-2022-0314
RESERVED
-CVE-2022-0313
- RESERVED
+CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...)
+ TODO: check
CVE-2022-0312
RESERVED
CVE-2022-0299
@@ -6542,8 +6620,8 @@ CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.46
- chromium 97.0.4692.99-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-0288
- RESERVED
+CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...)
+ TODO: check
CVE-2022-0287
RESERVED
CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
@@ -6567,8 +6645,8 @@ CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Pac
NOT-FOR-US: microweber
CVE-2022-0280
RESERVED
-CVE-2022-0279
- RESERVED
+CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...)
+ TODO: check
CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
NOT-FOR-US: microweber
CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
@@ -7139,14 +7217,14 @@ CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During
NOT-FOR-US: pimcore
CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: pimcore
-CVE-2022-0255
- RESERVED
+CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...)
+ TODO: check
CVE-2022-0254
RESERVED
CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0252
- RESERVED
+CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...)
+ TODO: check
CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0250
@@ -7391,8 +7469,8 @@ CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to
[bullseye] - node-fetch <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1)
-CVE-2022-0234
- RESERVED
+CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...)
+ TODO: check
CVE-2022-0233 (The ProfileGrid – User Profiles, Memberships, Groups and Communi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is v ...)
@@ -7403,8 +7481,8 @@ CVE-2022-0230
RESERVED
CVE-2022-0229
RESERVED
-CVE-2022-0228
- RESERVED
+CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
+ TODO: check
CVE-2021-46304
RESERVED
CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
@@ -7522,8 +7600,8 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074)
CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0211
- RESERVED
+CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...)
+ TODO: check
CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
NOT-FOR-US: WordPress plugin
CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...)
@@ -7540,8 +7618,8 @@ CVE-2021-4205
RESERVED
CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-26256
- RESERVED
+CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ TODO: check
CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
NOT-FOR-US: WordPress plugin
CVE-2021-23209
@@ -7653,8 +7731,8 @@ CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Per
NOT-FOR-US: WordPress plugin
CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0199
- RESERVED
+CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+ TODO: check
CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...)
NOT-FOR-US: Crestron devices
CVE-2022-23177
@@ -7854,8 +7932,8 @@ CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not
NOT-FOR-US: WordPress plugin
CVE-2022-0187
RESERVED
-CVE-2022-0186
- RESERVED
+CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...)
+ TODO: check
CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...)
{DSA-5050-1}
- linux 5.15.15-1
@@ -8497,8 +8575,8 @@ CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to
NOT-FOR-US: McAfee
CVE-2022-0165
RESERVED
-CVE-2022-0164
- RESERVED
+CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+ TODO: check
CVE-2022-0163
RESERVED
CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...)
@@ -9371,8 +9449,8 @@ CVE-2022-0135 [out-of-bounds write in read_transfer_data()]
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec
TODO: Check introducing information for issue
-CVE-2022-0134
- RESERVED
+CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...)
+ TODO: check
CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...)
- peertube <itp> (bug #950821)
CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...)
@@ -14616,8 +14694,8 @@ CVE-2021-45010
RESERVED
CVE-2021-45009
RESERVED
-CVE-2021-45008
- RESERVED
+CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...)
+ TODO: check
CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...)
NOT-FOR-US: Plesk
CVE-2021-45006
@@ -15886,8 +15964,8 @@ CVE-2021-44570
RESERVED
CVE-2021-44569
RESERVED
-CVE-2021-44568
- RESERVED
+CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...)
+ TODO: check
CVE-2021-44567
RESERVED
CVE-2021-44566
@@ -17248,8 +17326,7 @@ CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to
[buster] - isync <not-affected> (Vulnerable code introduced later)
[stretch] - isync <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2
-CVE-2021-44142 [Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution]
- RESERVED
+CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...)
{DSA-5071-1}
- samba <unfixed> (bug #1004693)
NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html
@@ -17257,8 +17334,7 @@ CVE-2021-44142 [Out-of-bounds heap read/write vulnerability in VFS module vfs_fr
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/
-CVE-2021-44141 [Information leak via symlinks of existance of files or directories outside of the exported share]
- RESERVED
+CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...)
- samba <unfixed> (bug #1004692)
[bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
[buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
@@ -61862,10 +61938,10 @@ CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator
NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
CVE-2021-27798
RESERVED
-CVE-2021-27797
- RESERVED
-CVE-2021-27796
- RESERVED
+CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...)
+ TODO: check
+CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...)
+ TODO: check
CVE-2021-27795
RESERVED
CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...)
@@ -61946,12 +62022,12 @@ CVE-2021-27757
RESERVED
CVE-2021-27756
RESERVED
-CVE-2021-27755
- RESERVED
+CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...)
+ TODO: check
CVE-2021-27754
RESERVED
-CVE-2021-27753
- RESERVED
+CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...)
+ TODO: check
CVE-2021-27752
RESERVED
CVE-2021-27751
@@ -68688,12 +68764,12 @@ CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2021-25102
RESERVED
-CVE-2021-25101
- RESERVED
-CVE-2021-25100
- RESERVED
-CVE-2021-25099
- RESERVED
+CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
+ TODO: check
+CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...)
+ TODO: check
+CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape ...)
+ TODO: check
CVE-2021-25098
RESERVED
CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
@@ -68726,8 +68802,8 @@ CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Adva
NOT-FOR-US: WordPress plugin
CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25082
- RESERVED
+CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
+ TODO: check
CVE-2021-25081
RESERVED
CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...)
@@ -68740,8 +68816,8 @@ CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2
NOT-FOR-US: WordPress plugin
CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25075
- RESERVED
+CVE-2021-25075 (The Duplicate Page or Post WordPress plugin before 1.5.1 does not have ...)
+ TODO: check
CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 contains a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...)
@@ -68752,8 +68828,8 @@ CVE-2021-25071
RESERVED
CVE-2021-25070
RESERVED
-CVE-2021-25069
- RESERVED
+CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...)
+ TODO: check
CVE-2021-25068
RESERVED
CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
@@ -68770,18 +68846,18 @@ CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.
NOT-FOR-US: WordPress plugin
CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25060
- RESERVED
+CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...)
+ TODO: check
CVE-2021-25059
RESERVED
-CVE-2021-25058
- RESERVED
-CVE-2021-25057
- RESERVED
+CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...)
+ TODO: check
+CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
+ TODO: check
CVE-2021-25056
RESERVED
-CVE-2021-25055
- RESERVED
+CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...)
+ TODO: check
CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25053 (The WP Coder WordPress plugin before 2.5.2 within the wow-company admi ...)
@@ -69048,8 +69124,8 @@ CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sen
NOT-FOR-US: WordPress plugin
CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24921
- RESERVED
+CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...)
+ TODO: check
CVE-2021-24920
RESERVED
CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...)
@@ -69156,8 +69232,8 @@ CVE-2021-24869
RESERVED
CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24867
- RESERVED
+CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...)
+ TODO: check
CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1a7f37896d3ec68095a959970648d0da25cb46
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1a7f37896d3ec68095a959970648d0da25cb46
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220221/0e8c113b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list