[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 23 08:10:27 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25c5d33d by security tracker role at 2022-02-23T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2022-25809 (Improper Neutralization of audio output from 3rd and 4th Generation Am ...)
+ TODO: check
+CVE-2022-25808
+ RESERVED
+CVE-2022-25807
+ RESERVED
+CVE-2022-25806
+ RESERVED
+CVE-2022-25805
+ RESERVED
+CVE-2022-25804
+ RESERVED
+CVE-2022-25803
+ RESERVED
+CVE-2022-25802
+ RESERVED
+CVE-2022-25801
+ RESERVED
+CVE-2022-25800
+ RESERVED
+CVE-2022-25799
+ RESERVED
+CVE-2022-25798
+ RESERVED
+CVE-2022-25797
+ RESERVED
+CVE-2022-25796
+ RESERVED
+CVE-2022-25795
+ RESERVED
+CVE-2022-25794
+ RESERVED
+CVE-2022-25793
+ RESERVED
+CVE-2022-25792
+ RESERVED
+CVE-2022-25791
+ RESERVED
+CVE-2022-25790
+ RESERVED
+CVE-2022-25789
+ RESERVED
+CVE-2022-25788
+ RESERVED
+CVE-2022-25787
+ RESERVED
+CVE-2022-25786
+ RESERVED
+CVE-2022-25785
+ RESERVED
+CVE-2022-25784
+ RESERVED
+CVE-2022-25783
+ RESERVED
+CVE-2022-25782
+ RESERVED
+CVE-2022-25781
+ RESERVED
+CVE-2022-25780
+ RESERVED
+CVE-2022-25779
+ RESERVED
+CVE-2022-25778
+ RESERVED
+CVE-2022-25777
+ RESERVED
+CVE-2022-25776
+ RESERVED
+CVE-2022-25775
+ RESERVED
+CVE-2022-25774
+ RESERVED
+CVE-2022-25773
+ RESERVED
+CVE-2022-25772
+ RESERVED
+CVE-2022-25771
+ RESERVED
+CVE-2022-25770
+ RESERVED
+CVE-2022-25769
+ RESERVED
+CVE-2022-25768
+ RESERVED
+CVE-2022-25763
+ RESERVED
+CVE-2022-21182
+ RESERVED
+CVE-2022-0734
+ RESERVED
+CVE-2022-0733
+ RESERVED
+CVE-2022-0732
+ RESERVED
+CVE-2022-0731
+ RESERVED
CVE-2022-XXXX [Account Takeover via Email of OpenOffice file containing XSS exploit]
- php-horde-mime-viewer <unfixed>
NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
@@ -260,8 +356,7 @@ CVE-2022-0719
RESERVED
CVE-2022-0718
RESERVED
-CVE-2022-25643 [seatd-launch: remove files with escalated privileges with SUID]
- RESERVED
+CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with es ...)
- seatd <unfixed> (bug #1006308)
NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
CVE-2022-25642
@@ -312,16 +407,16 @@ CVE-2022-21219
RESERVED
CVE-2022-21124
RESERVED
-CVE-2022-0717
- RESERVED
+CVE-2022-0717 (Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. ...)
+ TODO: check
CVE-2022-0716
RESERVED
CVE-2022-0715
RESERVED
-CVE-2022-0714
- RESERVED
-CVE-2022-0713
- RESERVED
+CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...)
+ TODO: check
+CVE-2022-0713 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
+ TODO: check
CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -765,16 +860,16 @@ CVE-2022-25420
RESERVED
CVE-2022-25419
RESERVED
-CVE-2022-25418
- RESERVED
-CVE-2022-25417
- RESERVED
+CVE-2022-25418 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2022-25417 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...)
+ TODO: check
CVE-2022-25416
RESERVED
CVE-2022-25415
RESERVED
-CVE-2022-25414
- RESERVED
+CVE-2022-25414 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...)
+ TODO: check
CVE-2022-25413
RESERVED
CVE-2022-25412
@@ -1057,14 +1152,17 @@ CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2
CVE-2022-0675
RESERVED
CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
+ {DSA-5085-1}
- expat 2.4.5-1
NOTE: https://github.com/libexpat/libexpat/pull/559
NOTE: https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9
CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
+ {DSA-5085-1}
- expat 2.4.5-1
NOTE: https://github.com/libexpat/libexpat/pull/560
NOTE: https://github.com/libexpat/libexpat/commit/efcb347440ade24b9f1054671e6bd05e60b4cafd
CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex ...)
+ {DSA-5085-1}
- expat 2.4.5-1
NOTE: https://github.com/libexpat/libexpat/pull/558
NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
@@ -1213,8 +1311,8 @@ CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the
NOTE: https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4)
CVE-2022-0655
RESERVED
-CVE-2022-0654
- RESERVED
+CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
CVE-2022-0653
RESERVED
CVE-2022-0652
@@ -1360,12 +1458,14 @@ CVE-2022-25238
CVE-2022-25237
RESERVED
CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
+ {DSA-5085-1}
- expat 2.4.5-1 (bug #1005895)
NOTE: https://github.com/libexpat/libexpat/pull/561
NOTE: https://github.com/libexpat/libexpat/commit/6881a4fc8596307ab9ff2e85e605afa2e413ab71
NOTE: https://github.com/libexpat/libexpat/commit/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4
NOTE: https://github.com/libexpat/libexpat/commit/2de077423fb22750ebea599677d523b53cb93b1d
CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...)
+ {DSA-5085-1}
- expat 2.4.5-1 (bug #1005894)
NOTE: https://github.com/libexpat/libexpat/pull/562
NOTE: https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da
@@ -1810,32 +1910,32 @@ CVE-2022-25086
RESERVED
CVE-2022-25085
RESERVED
-CVE-2022-25084
- RESERVED
-CVE-2022-25083
- RESERVED
-CVE-2022-25082
- RESERVED
-CVE-2022-25081
- RESERVED
-CVE-2022-25080
- RESERVED
-CVE-2022-25079
- RESERVED
-CVE-2022-25078
- RESERVED
-CVE-2022-25077
- RESERVED
-CVE-2022-25076
- RESERVED
-CVE-2022-25075
- RESERVED
-CVE-2022-25074
- RESERVED
-CVE-2022-25073
- RESERVED
-CVE-2022-25072
- RESERVED
+CVE-2022-25084 (TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command i ...)
+ TODO: check
+CVE-2022-25083 (TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-25082 (TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were ...)
+ TODO: check
+CVE-2022-25081 (TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command ...)
+ TODO: check
+CVE-2022-25080 (TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a comman ...)
+ TODO: check
+CVE-2022-25079 (TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-25078 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...)
+ TODO: check
+CVE-2022-25077 (TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a co ...)
+ TODO: check
+CVE-2022-25076 (TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a com ...)
+ TODO: check
+CVE-2022-25075 (TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a comm ...)
+ TODO: check
+CVE-2022-25074 (TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a ...)
+ TODO: check
+CVE-2022-25073 (TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack ...)
+ TODO: check
+CVE-2022-25072 (TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to ...)
+ TODO: check
CVE-2022-25071
RESERVED
CVE-2022-25070
@@ -6384,12 +6484,12 @@ CVE-2022-23656
RESERVED
CVE-2022-23655
RESERVED
-CVE-2022-23654
- RESERVED
+CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions an authen ...)
+ TODO: check
CVE-2022-23653
RESERVED
-CVE-2022-23652
- RESERVED
+CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which provides m ...)
+ TODO: check
CVE-2022-23651
RESERVED
CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...)
@@ -6428,8 +6528,8 @@ CVE-2022-23637 (K-Box is a web-based application to manage documents, images, vi
NOT-FOR-US: K-Box
CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. Prior t ...)
NOT-FOR-US: wasmtime
-CVE-2022-23635
- RESERVED
+CVE-2022-23635 (Istio is an open platform to connect, manage, and secure microservices ...)
+ TODO: check
CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...)
- puma <unfixed> (bug #1005391)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
@@ -6495,22 +6595,21 @@ CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32
NOTE: Introduced by: https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be (v0.9.17)
NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
-CVE-2022-23612
- RESERVED
+CVE-2022-23612 (OpenMRS is a patient-based medical record system focusing on giving pr ...)
+ TODO: check
CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23610
RESERVED
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
-CVE-2022-23608
- RESERVED
+CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
- python-treq <unfixed> (bug #1005041)
NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc
NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0)
-CVE-2022-23606
- RESERVED
+CVE-2022-23606 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
NOT-FOR-US: Wire webapp
@@ -8457,8 +8556,8 @@ CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject pers
NOT-FOR-US: PhpIPAM
CVE-2022-23044
RESERVED
-CVE-2022-23043
- RESERVED
+CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file ...)
+ TODO: check
CVE-2022-23042
RESERVED
CVE-2022-23041
@@ -15063,9 +15162,9 @@ CVE-2021-45010
RESERVED
CVE-2021-45009
RESERVED
-CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...)
+CVE-2021-45008 (** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permission ...)
NOT-FOR-US: Plesk CMS
-CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...)
+CVE-2021-45007 (** DISPUTED ** Plesk 18.0.37 is affected by a Cross Site Request Forge ...)
NOT-FOR-US: Plesk
CVE-2021-45006
RESERVED
@@ -15157,8 +15256,8 @@ CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (
NOT-FOR-US: Taocms
CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...)
NOT-FOR-US: IOBit Advanced SystemCare
-CVE-2021-44967
- RESERVED
+CVE-2021-44967 (A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 ...)
+ TODO: check
CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
NOT-FOR-US: PHPGURUKUL Employee Record Management System
CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...)
@@ -16362,12 +16461,12 @@ CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libs
NOTE: https://github.com/openSUSE/libsolv/issues/425
NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44567
- RESERVED
-CVE-2021-44566
- RESERVED
-CVE-2021-44565
- RESERVED
+CVE-2021-44567 (An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via th ...)
+ TODO: check
+CVE-2021-44566 (A Cross Site Scripting vulnerability exists RosarioSIS before 4.3 via ...)
+ TODO: check
+CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7 ...)
+ TODO: check
CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...)
NOT-FOR-US: SYNC2101
CVE-2021-44563
@@ -18560,17 +18659,13 @@ CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language d
[stretch] - rustc <no-dsa> (Minor issue)
NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1
-CVE-2022-21657
- RESERVED
+CVE-2022-21657 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
-CVE-2022-21656
- RESERVED
+CVE-2022-21656 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
-CVE-2022-21655
- RESERVED
+CVE-2022-21655 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
-CVE-2022-21654
- RESERVED
+CVE-2022-21654 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...)
- jawn <not-affected> (Vulnerable code not uploaded)
@@ -18898,14 +18993,11 @@ CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Sec
NOT-FOR-US: PatrOwl
CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...)
NOT-FOR-US: discourse-footnote
-CVE-2021-43826
- RESERVED
+CVE-2021-43826 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
-CVE-2021-43825
- RESERVED
+CVE-2021-43825 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
-CVE-2021-43824
- RESERVED
+CVE-2021-43824 (Envoy is an open source edge and service proxy, designed for cloud-nat ...)
- envoyproxy <itp> (bug #987544)
CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...)
NOT-FOR-US: Sourcegraph
@@ -28296,7 +28388,7 @@ CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side a
NOT-FOR-US: Omikron MultiCash Desktop
CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...)
NOT-FOR-US: NervJS Taro
-CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...)
+CVE-2016-20012 (** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a ...)
- openssh <unfixed> (unimportant)
NOTE: https://github.com/openssh/openssh-portable/pull/270
NOTE: Negligible impact, not treated as a security issue by upstream
@@ -67811,8 +67903,7 @@ CVE-2021-25638
RESERVED
CVE-2021-25637
RESERVED
-CVE-2021-25636 [Incorrect trust validation of signature with ambiguous KeyInfo children]
- RESERVED
+CVE-2021-25636 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
- libreoffice 1:7.3.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056955
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636
@@ -94816,8 +94907,8 @@ CVE-2020-27469
RESERVED
CVE-2020-27468
RESERVED
-CVE-2020-27467
- RESERVED
+CVE-2020-27467 (A Directory Traversal vulnerability exits in Processwire CMS before 2. ...)
+ TODO: check
CVE-2020-27466 (An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemp ...)
NOT-FOR-US: rConfig
CVE-2020-27465
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c5d33d906d4c4f56a0f9517b5f67605d22d4db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25c5d33d906d4c4f56a0f9517b5f67605d22d4db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220223/ad1268ef/attachment.htm>
More information about the debian-security-tracker-commits
mailing list