[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 23 20:10:28 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50d49a3d by security tracker role at 2022-02-23T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-25813
+	RESERVED
+CVE-2022-25812
+	RESERVED
+CVE-2022-25811
+	RESERVED
+CVE-2022-25810
+	RESERVED
+CVE-2022-0742
+	RESERVED
+CVE-2022-0741
+	RESERVED
+CVE-2022-0740
+	RESERVED
+CVE-2022-0739
+	RESERVED
+CVE-2022-0738
+	RESERVED
+CVE-2022-0737
+	RESERVED
+CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...)
+	TODO: check
+CVE-2022-0735
+	RESERVED
+CVE-2021-4223
+	RESERVED
 CVE-2022-25809 (Improper Neutralization of audio output from 3rd and 4th Generation Am ...)
 	NOT-FOR-US: Amazon Echo Dot devices
 CVE-2022-25808
@@ -92,8 +118,8 @@ CVE-2022-0733
 	RESERVED
 CVE-2022-0732
 	RESERVED
-CVE-2022-0731
-	RESERVED
+CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr  ...)
+	TODO: check
 CVE-2022-XXXX [Account Takeover via Email of OpenOffice file containing XSS exploit]
 	- php-horde-mime-viewer <unfixed>
 	NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
@@ -332,28 +358,28 @@ CVE-2022-21209
 	RESERVED
 CVE-2022-0730
 	RESERVED
-CVE-2022-0729
-	RESERVED
+CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
+	TODO: check
 CVE-2022-0728
 	RESERVED
-CVE-2022-0727
-	RESERVED
-CVE-2022-0726
-	RESERVED
+CVE-2022-0727 (Improper Access Control in GitHub repository chocobozzz/peertube prior ...)
+	TODO: check
+CVE-2022-0726 (Improper Authorization in GitHub repository chocobozzz/peertube prior  ...)
+	TODO: check
 CVE-2022-0725
 	RESERVED
-CVE-2022-0724
-	RESERVED
+CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository microwe ...)
+	TODO: check
 CVE-2022-0723
 	RESERVED
 CVE-2022-0722
 	RESERVED
-CVE-2022-0721
-	RESERVED
+CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...)
+	TODO: check
 CVE-2022-0720
 	RESERVED
-CVE-2022-0719
-	RESERVED
+CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
+	TODO: check
 CVE-2022-0718
 	RESERVED
 CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with es ...)
@@ -3124,8 +3150,8 @@ CVE-2022-24622
 	RESERVED
 CVE-2022-24621
 	RESERVED
-CVE-2022-24620
-	RESERVED
+CVE-2022-24620 (Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XS ...)
+	TODO: check
 CVE-2022-24619
 	RESERVED
 CVE-2022-24618
@@ -3241,8 +3267,8 @@ CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side
 	NOT-FOR-US: Novel-plus
 CVE-2022-24567
 	RESERVED
-CVE-2022-24566
-	RESERVED
+CVE-2022-24566 (In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 f ...)
+	TODO: check
 CVE-2022-24565 (Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixe ...)
 	- check-mk <removed>
 CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerabil ...)
@@ -3618,8 +3644,7 @@ CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array,
 	[buster] - atftp <no-dsa> (Minor issue)
 	[stretch] - atftp <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
-CVE-2022-24407 [SQL injection]
-	RESERVED
+CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does  ...)
 	- cyrus-sasl2 <unfixed>
 	NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28)
 	NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480 (master)
@@ -3895,8 +3920,8 @@ CVE-2022-0478
 	RESERVED
 CVE-2022-0477
 	RESERVED
-CVE-2022-0476
-	RESERVED
+CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
+	TODO: check
 CVE-2022-0475
 	RESERVED
 CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...)
@@ -16384,10 +16409,10 @@ CVE-2021-44610
 	RESERVED
 CVE-2021-44609
 	RESERVED
-CVE-2021-44608
-	RESERVED
-CVE-2021-44607
-	RESERVED
+CVE-2021-44608 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxC ...)
+	TODO: check
+CVE-2021-44607 (A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in ...)
+	TODO: check
 CVE-2021-44606
 	RESERVED
 CVE-2021-44605
@@ -18518,8 +18543,8 @@ CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts a
 	NOT-FOR-US: wasmCloud Host Runtime
 CVE-2022-21706
 	RESERVED
-CVE-2022-21705
-	RESERVED
+CVE-2022-21705 (Octobercms is a self-hosted CMS platform based on the Laravel PHP Fram ...)
+	TODO: check
 CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...)
 	- node-log4js 6.4.1+~cs8.3.5-1
 	[bullseye] - node-log4js <no-dsa> (Minor issue)
@@ -20154,8 +20179,8 @@ CVE-2021-43726
 	RESERVED
 CVE-2021-43725
 	RESERVED
-CVE-2021-43724
-	RESERVED
+CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS throug ...)
+	TODO: check
 CVE-2021-43723
 	RESERVED
 CVE-2021-43722
@@ -22395,8 +22420,8 @@ CVE-2022-20652
 	RESERVED
 CVE-2022-20651
 	RESERVED
-CVE-2022-20650
-	RESERVED
+CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
+	TODO: check
 CVE-2022-20649
 	RESERVED
 CVE-2022-20648
@@ -22445,12 +22470,12 @@ CVE-2022-20627
 	RESERVED
 CVE-2022-20626
 	RESERVED
-CVE-2022-20625
-	RESERVED
-CVE-2022-20624
-	RESERVED
-CVE-2022-20623
-	RESERVED
+CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS  ...)
+	TODO: check
+CVE-2022-20624 (A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature  ...)
+	TODO: check
+CVE-2022-20623 (A vulnerability in the rate limiter for Bidirectional Forwarding Detec ...)
+	TODO: check
 CVE-2022-20622
 	RESERVED
 CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d49a3d60da33ab1bd14a6428579661c91c4c12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d49a3d60da33ab1bd14a6428579661c91c4c12
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220223/9fb78ffe/attachment.htm>

More information about the debian-security-tracker-commits mailing list