[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 24 20:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f232a1a7 by security tracker role at 2022-02-24T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,533 @@
+CVE-2022-26085
+ RESERVED
+CVE-2022-26068
+ RESERVED
+CVE-2022-26066
+ RESERVED
+CVE-2022-26063
+ RESERVED
+CVE-2022-26060
+ RESERVED
+CVE-2022-26050
+ RESERVED
+CVE-2022-26049
+ RESERVED
+CVE-2022-26048
+ RESERVED
+CVE-2022-26046
+ RESERVED
+CVE-2022-26044
+ RESERVED
+CVE-2022-26040
+ RESERVED
+CVE-2022-26036
+ RESERVED
+CVE-2022-26035
+ RESERVED
+CVE-2022-26033
+ RESERVED
+CVE-2022-26030
+ RESERVED
+CVE-2022-26029
+ RESERVED
+CVE-2022-26025
+ RESERVED
+CVE-2022-26021
+ RESERVED
+CVE-2022-26020
+ RESERVED
+CVE-2022-26018
+ RESERVED
+CVE-2022-26016
+ RESERVED
+CVE-2022-26015
+ RESERVED
+CVE-2022-26014
+ RESERVED
+CVE-2022-26012
+ RESERVED
+CVE-2022-26011
+ RESERVED
+CVE-2022-26010
+ RESERVED
+CVE-2022-26008
+ RESERVED
+CVE-2022-26005
+ RESERVED
+CVE-2022-26004
+ RESERVED
+CVE-2022-26003
+ RESERVED
+CVE-2022-26001
+ RESERVED
+CVE-2022-26000
+ RESERVED
+CVE-2022-25998
+ RESERVED
+CVE-2022-25994
+ RESERVED
+CVE-2022-25993
+ RESERVED
+CVE-2022-25991
+ RESERVED
+CVE-2022-25988
+ RESERVED
+CVE-2022-25985
+ RESERVED
+CVE-2022-25984
+ RESERVED
+CVE-2022-25983
+ RESERVED
+CVE-2022-25982
+ RESERVED
+CVE-2022-25981
+ RESERVED
+CVE-2022-25979
+ RESERVED
+CVE-2022-25978
+ RESERVED
+CVE-2022-25977
+ RESERVED
+CVE-2022-25975
+ RESERVED
+CVE-2022-25974
+ RESERVED
+CVE-2022-25973
+ RESERVED
+CVE-2022-25971
+ RESERVED
+CVE-2022-25970
+ RESERVED
+CVE-2022-25967
+ RESERVED
+CVE-2022-25965
+ RESERVED
+CVE-2022-25964
+ RESERVED
+CVE-2022-25963
+ RESERVED
+CVE-2022-25962
+ RESERVED
+CVE-2022-25961
+ RESERVED
+CVE-2022-25956
+ RESERVED
+CVE-2022-25955
+ RESERVED
+CVE-2022-25954
+ RESERVED
+CVE-2022-25953
+ RESERVED
+CVE-2022-25951
+ RESERVED
+CVE-2022-25950
+ RESERVED
+CVE-2022-25948
+ RESERVED
+CVE-2022-25947
+ RESERVED
+CVE-2022-25945
+ RESERVED
+CVE-2022-25944
+ RESERVED
+CVE-2022-25941
+ RESERVED
+CVE-2022-25940
+ RESERVED
+CVE-2022-25939
+ RESERVED
+CVE-2022-25938
+ RESERVED
+CVE-2022-25937
+ RESERVED
+CVE-2022-25936
+ RESERVED
+CVE-2022-25935
+ RESERVED
+CVE-2022-25934
+ RESERVED
+CVE-2022-25933
+ RESERVED
+CVE-2022-25931
+ RESERVED
+CVE-2022-25930
+ RESERVED
+CVE-2022-25929
+ RESERVED
+CVE-2022-25928
+ RESERVED
+CVE-2022-25927
+ RESERVED
+CVE-2022-25926
+ RESERVED
+CVE-2022-25925
+ RESERVED
+CVE-2022-25924
+ RESERVED
+CVE-2022-25923
+ RESERVED
+CVE-2022-25921
+ RESERVED
+CVE-2022-25919
+ RESERVED
+CVE-2022-25918
+ RESERVED
+CVE-2022-25916
+ RESERVED
+CVE-2022-25914
+ RESERVED
+CVE-2022-25913
+ RESERVED
+CVE-2022-25912
+ RESERVED
+CVE-2022-25911
+ RESERVED
+CVE-2022-25910
+ RESERVED
+CVE-2022-25908
+ RESERVED
+CVE-2022-25907
+ RESERVED
+CVE-2022-25906
+ RESERVED
+CVE-2022-25904
+ RESERVED
+CVE-2022-25903
+ RESERVED
+CVE-2022-25902
+ RESERVED
+CVE-2022-25901
+ RESERVED
+CVE-2022-25900
+ RESERVED
+CVE-2022-25898
+ RESERVED
+CVE-2022-25897
+ RESERVED
+CVE-2022-25896
+ RESERVED
+CVE-2022-25895
+ RESERVED
+CVE-2022-25894
+ RESERVED
+CVE-2022-25893
+ RESERVED
+CVE-2022-25892
+ RESERVED
+CVE-2022-25891
+ RESERVED
+CVE-2022-25890
+ RESERVED
+CVE-2022-25888
+ RESERVED
+CVE-2022-25887
+ RESERVED
+CVE-2022-25886
+ RESERVED
+CVE-2022-25885
+ RESERVED
+CVE-2022-25884
+ RESERVED
+CVE-2022-25883
+ RESERVED
+CVE-2022-25882
+ RESERVED
+CVE-2022-25881
+ RESERVED
+CVE-2022-25879
+ RESERVED
+CVE-2022-25878
+ RESERVED
+CVE-2022-25877
+ RESERVED
+CVE-2022-25876
+ RESERVED
+CVE-2022-25875
+ RESERVED
+CVE-2022-25874
+ RESERVED
+CVE-2022-25873
+ RESERVED
+CVE-2022-25872
+ RESERVED
+CVE-2022-25871
+ RESERVED
+CVE-2022-25869
+ RESERVED
+CVE-2022-25867
+ RESERVED
+CVE-2022-25866
+ RESERVED
+CVE-2022-25865
+ RESERVED
+CVE-2022-25863
+ RESERVED
+CVE-2022-25862
+ RESERVED
+CVE-2022-25861
+ RESERVED
+CVE-2022-25860
+ RESERVED
+CVE-2022-25859
+ RESERVED
+CVE-2022-25858
+ RESERVED
+CVE-2022-25857
+ RESERVED
+CVE-2022-25856
+ RESERVED
+CVE-2022-25855
+ RESERVED
+CVE-2022-25854
+ RESERVED
+CVE-2022-25853
+ RESERVED
+CVE-2022-25852
+ RESERVED
+CVE-2022-25851
+ RESERVED
+CVE-2022-25850
+ RESERVED
+CVE-2022-25849
+ RESERVED
+CVE-2022-25848
+ RESERVED
+CVE-2022-25847
+ RESERVED
+CVE-2022-25846
+ RESERVED
+CVE-2022-25845
+ RESERVED
+CVE-2022-25844
+ RESERVED
+CVE-2022-25843
+ RESERVED
+CVE-2022-25842
+ RESERVED
+CVE-2022-25840
+ RESERVED
+CVE-2022-25839
+ RESERVED
+CVE-2022-25767
+ RESERVED
+CVE-2022-25766
+ RESERVED
+CVE-2022-25765
+ RESERVED
+CVE-2022-25764
+ RESERVED
+CVE-2022-25761
+ RESERVED
+CVE-2022-25760
+ RESERVED
+CVE-2022-25759
+ RESERVED
+CVE-2022-25758
+ RESERVED
+CVE-2022-25648
+ RESERVED
+CVE-2022-25647
+ RESERVED
+CVE-2022-25646
+ RESERVED
+CVE-2022-25645
+ RESERVED
+CVE-2022-25644
+ RESERVED
+CVE-2022-25354
+ RESERVED
+CVE-2022-25353
+ RESERVED
+CVE-2022-25352
+ RESERVED
+CVE-2022-25351
+ RESERVED
+CVE-2022-25350
+ RESERVED
+CVE-2022-25349
+ RESERVED
+CVE-2022-25346
+ RESERVED
+CVE-2022-25345
+ RESERVED
+CVE-2022-25324
+ RESERVED
+CVE-2022-25304
+ RESERVED
+CVE-2022-25303
+ RESERVED
+CVE-2022-25302
+ RESERVED
+CVE-2022-25301
+ RESERVED
+CVE-2022-25300
+ RESERVED
+CVE-2022-25233
+ RESERVED
+CVE-2022-25232
+ RESERVED
+CVE-2022-25231
+ RESERVED
+CVE-2022-25171
+ RESERVED
+CVE-2022-24913
+ RESERVED
+CVE-2022-24912
+ RESERVED
+CVE-2022-24909
+ RESERVED
+CVE-2022-24441
+ RESERVED
+CVE-2022-24440
+ RESERVED
+CVE-2022-24439
+ RESERVED
+CVE-2022-24438
+ RESERVED
+CVE-2022-24437
+ RESERVED
+CVE-2022-24434
+ RESERVED
+CVE-2022-24433
+ RESERVED
+CVE-2022-24431
+ RESERVED
+CVE-2022-24430
+ RESERVED
+CVE-2022-24429
+ RESERVED
+CVE-2022-24381
+ RESERVED
+CVE-2022-24377
+ RESERVED
+CVE-2022-24376
+ RESERVED
+CVE-2022-24375
+ RESERVED
+CVE-2022-24373
+ RESERVED
+CVE-2022-24298
+ RESERVED
+CVE-2022-24279
+ RESERVED
+CVE-2022-24278
+ RESERVED
+CVE-2022-24068
+ RESERVED
+CVE-2022-24066
+ RESERVED
+CVE-2022-24065
+ RESERVED
+CVE-2022-23923
+ RESERVED
+CVE-2022-23920
+ RESERVED
+CVE-2022-23915
+ RESERVED
+CVE-2022-23812
+ RESERVED
+CVE-2022-23811
+ RESERVED
+CVE-2022-22984
+ RESERVED
+CVE-2022-22143
+ RESERVED
+CVE-2022-22138
+ RESERVED
+CVE-2022-21811
+ RESERVED
+CVE-2022-21810
+ RESERVED
+CVE-2022-21803
+ RESERVED
+CVE-2022-21802
+ RESERVED
+CVE-2022-21797
+ RESERVED
+CVE-2022-21235
+ RESERVED
+CVE-2022-21232
+ RESERVED
+CVE-2022-21231
+ RESERVED
+CVE-2022-21230
+ RESERVED
+CVE-2022-21227
+ RESERVED
+CVE-2022-21223
+ RESERVED
+CVE-2022-21222
+ RESERVED
+CVE-2022-21221
+ RESERVED
+CVE-2022-21213
+ RESERVED
+CVE-2022-21211
+ RESERVED
+CVE-2022-21208
+ RESERVED
+CVE-2022-21195
+ RESERVED
+CVE-2022-21192
+ RESERVED
+CVE-2022-21191
+ RESERVED
+CVE-2022-21190
+ RESERVED
+CVE-2022-21189
+ RESERVED
+CVE-2022-21187
+ RESERVED
+CVE-2022-21186
+ RESERVED
+CVE-2022-21169
+ RESERVED
+CVE-2022-21167
+ RESERVED
+CVE-2022-21165
+ RESERVED
+CVE-2022-21164
+ RESERVED
+CVE-2022-21149
+ RESERVED
+CVE-2022-21144
+ RESERVED
+CVE-2022-21129
+ RESERVED
+CVE-2022-21126
+ RESERVED
+CVE-2022-21122
+ RESERVED
+CVE-2022-0758
+ RESERVED
+CVE-2022-0757
+ RESERVED
+CVE-2022-0756
+ RESERVED
+CVE-2022-0755
+ RESERVED
+CVE-2022-0754
+ RESERVED
+CVE-2022-0753
+ RESERVED
+CVE-2022-0752
+ RESERVED
+CVE-2022-0751
+ RESERVED
+CVE-2022-0750
+ RESERVED
+CVE-2022-0749
+ RESERVED
+CVE-2022-0748
+ RESERVED
+CVE-2022-0747
+ RESERVED
+CVE-2022-0746
+ RESERVED
+CVE-2022-0745
+ RESERVED
+CVE-2022-0744
+ RESERVED
CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time window, ...)
NOT-FOR-US: Laravel Fortify
CVE-2022-25837
@@ -173,8 +703,8 @@ CVE-2022-0734
RESERVED
CVE-2022-0733
RESERVED
-CVE-2022-0732
- RESERVED
+CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monitoring ...)
+ TODO: check
CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...)
- dolibarr <removed>
CVE-2022-XXXX [Account Takeover via Email of OpenOffice file containing XSS exploit]
@@ -583,8 +1113,8 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
CVE-2022-0711
RESERVED
-CVE-2022-0710
- RESERVED
+CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vu ...)
+ TODO: check
CVE-2022-0709
RESERVED
CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
@@ -1074,16 +1604,16 @@ CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428)
-CVE-2022-0695
- RESERVED
+CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
+ TODO: check
CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...)
NOT-FOR-US: PreMiD
CVE-2022-25371
RESERVED
CVE-2022-25370
RESERVED
-CVE-2022-25355
- RESERVED
+CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handl ...)
+ TODO: check
CVE-2022-0694
RESERVED
CVE-2022-0693
@@ -1225,10 +1755,10 @@ CVE-2022-25326
NOTE: https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41
CVE-2022-23183
RESERVED
-CVE-2022-21179
- RESERVED
-CVE-2022-0683
- RESERVED
+CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mai ...)
+ TODO: check
+CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulnerable ...)
+ TODO: check
CVE-2022-0682
RESERVED
CVE-2022-0681
@@ -1292,12 +1822,12 @@ CVE-2022-25309
RESERVED
CVE-2022-25308
RESERVED
-CVE-2022-25307
- RESERVED
-CVE-2022-25306
- RESERVED
-CVE-2022-25305
- RESERVED
+CVE-2022-25307 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...)
+ TODO: check
+CVE-2022-25306 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...)
+ TODO: check
+CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...)
+ TODO: check
CVE-2022-21158
RESERVED
CVE-2022-0674
@@ -1435,12 +1965,12 @@ CVE-2022-0655
RESERVED
CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: Node request-retry
-CVE-2022-0653
- RESERVED
+CVE-2022-0653 (The Profile Builder – User Profile & User Registration Forms ...)
+ TODO: check
CVE-2022-0652
RESERVED
-CVE-2022-0651
- RESERVED
+CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
+ TODO: check
CVE-2022-0650
RESERVED
CVE-2022-0649
@@ -1479,14 +2009,14 @@ CVE-2022-25247
RESERVED
CVE-2022-25246
RESERVED
-CVE-2022-24374
- RESERVED
-CVE-2022-23916
- RESERVED
-CVE-2022-23810
- RESERVED
-CVE-2022-21142
- RESERVED
+CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...)
+ TODO: check
+CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...)
+ TODO: check
+CVE-2022-23810 (Template injection (Improper Neutralization of Special Elements Used i ...)
+ TODO: check
+CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x series ver ...)
+ TODO: check
CVE-2022-0648
RESERVED
CVE-2022-0647
@@ -1658,10 +2188,10 @@ CVE-2022-25168
RESERVED
CVE-2022-25167
RESERVED
-CVE-2022-24435
- RESERVED
-CVE-2022-23986
- RESERVED
+CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and earlier all ...)
+ TODO: check
+CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier allows ...)
+ TODO: check
CVE-2022-21159
RESERVED
CVE-2022-0618
@@ -1794,10 +2324,10 @@ CVE-2022-25151
RESERVED
CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...)
NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
-CVE-2022-25149
- RESERVED
-CVE-2022-25148
- RESERVED
+CVE-2022-25149 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
+ TODO: check
+CVE-2022-25148 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
+ TODO: check
CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
@@ -2192,10 +2722,10 @@ CVE-2022-25006
RESERVED
CVE-2022-25005
RESERVED
-CVE-2022-25004
- RESERVED
-CVE-2022-25003
- RESERVED
+CVE-2022-25004 (Hospital Patient Record Management System v1.0 was discovered to conta ...)
+ TODO: check
+CVE-2022-25003 (Hospital Patient Record Management System v1.0 was discovered to conta ...)
+ TODO: check
CVE-2022-25002
RESERVED
CVE-2022-25001
@@ -2884,10 +3414,10 @@ CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a m
NOT-FOR-US: ACCEL-PPP
CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...)
NOT-FOR-US: ACCEL-PPP
-CVE-2022-23922
- RESERVED
-CVE-2022-23104
- RESERVED
+CVE-2022-23922 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...)
+ TODO: check
+CVE-2022-23104 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...)
+ TODO: check
CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...)
- util-linux <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
@@ -2971,8 +3501,8 @@ CVE-2022-24689
RESERVED
CVE-2022-24688
RESERVED
-CVE-2022-24687
- RESERVED
+CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, a ...)
+ TODO: check
CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
- nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
@@ -3024,18 +3554,15 @@ CVE-2022-24669
RESERVED
CVE-2022-0547
RESERVED
-CVE-2022-0546 [Out-of-bounds memory access due to malformed HDR image file]
- RESERVED
+CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...)
- blender <unfixed>
NOTE: Issue: https://developer.blender.org/T94572
NOTE: Patch: https://developer.blender.org/D11952
-CVE-2022-0545 [Out-of-bounds memory access in IMB_flipy() due to large image dimensions]
- RESERVED
+CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads to a w ...)
- blender <unfixed>
NOTE: Issue: https://developer.blender.org/T94629
NOTE: Patch: https://developer.blender.org/D13744
-CVE-2022-0544 [Out-of-bounds memory access due to malformed DDS image file]
- RESERVED
+CVE-2022-0544 (An integer underflow in the DDS loader of Blender leads to an out-of-b ...)
- blender <unfixed>
NOTE: Issue: https://developer.blender.org/T94661
NOTE: https://developer.blender.org/rB0ac83d05d7cccec436bb939e0aa768f6a3d77d72
@@ -3077,11 +3604,11 @@ CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O
NOT-FOR-US: cri-o
CVE-2022-0531
RESERVED
-CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
+CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...)
- unzip <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
NOTE: Crash in CLI tool, no security impact
-CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
+CVE-2022-0529 (A flaw was found in Unzip. The vulnerability occurs during the convers ...)
- unzip <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402
CVE-2021-46681
@@ -3243,18 +3770,18 @@ CVE-2022-24617
RESERVED
CVE-2022-24616
RESERVED
-CVE-2022-24615
- RESERVED
-CVE-2022-24614
- RESERVED
-CVE-2022-24613
- RESERVED
+CVE-2022-24615 (zip4j up to 2.9.0 can throw various uncaught exceptions while parsing ...)
+ TODO: check
+CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor up to 2 ...)
+ TODO: check
+CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught exceptions ...)
+ TODO: check
CVE-2022-24612
RESERVED
CVE-2022-24611
RESERVED
-CVE-2022-24610
- RESERVED
+CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...)
+ TODO: check
CVE-2022-24609
RESERVED
CVE-2022-24608
@@ -4427,8 +4954,8 @@ CVE-2022-24234
RESERVED
CVE-2022-24233
RESERVED
-CVE-2022-24232
- RESERVED
+CVE-2022-24232 (A local file inclusion in Hospital Patient Record Management System v1 ...)
+ TODO: check
CVE-2022-24231
RESERVED
CVE-2022-24230
@@ -8432,8 +8959,8 @@ CVE-2022-23137
RESERVED
CVE-2022-23136
RESERVED
-CVE-2022-23135
- RESERVED
+CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...)
+ TODO: check
CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
{DLA-2914-1}
- zabbix <unfixed>
@@ -9645,10 +10172,10 @@ CVE-2022-22796
RESERVED
CVE-2022-22795
RESERVED
-CVE-2022-22794
- RESERVED
-CVE-2022-22793
- RESERVED
+CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker c ...)
+ TODO: check
+CVE-2022-22793 (Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a ...)
+ TODO: check
CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...)
NOT-FOR-US: MobiSoft
CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code ...)
@@ -11040,8 +11567,8 @@ CVE-2022-22351
RESERVED
CVE-2022-22350
RESERVED
-CVE-2022-22349
- RESERVED
+CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0. ...)
+ TODO: check
CVE-2022-22348
RESERVED
CVE-2022-22347
@@ -16381,10 +16908,10 @@ CVE-2021-44665
RESERVED
CVE-2021-44664
RESERVED
-CVE-2021-44663
- RESERVED
-CVE-2021-44662
- RESERVED
+CVE-2021-44663 (A Remote Code Execution (RCE) vulnerability exists in the Xerte Projec ...)
+ TODO: check
+CVE-2021-44662 (A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte ...)
+ TODO: check
CVE-2021-44661
RESERVED
CVE-2021-44660
@@ -16800,28 +17327,24 @@ CVE-2021-44536
RESERVED
CVE-2021-44535
RESERVED
-CVE-2022-21824 [Prototype pollution via console.table properties]
- RESERVED
+CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it was n ...)
- nodejs <unfixed> (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x)
CVE-2021-44534
RESERVED
-CVE-2021-44533 [Incorrect handling of certificate subject and issuer fields]
- RESERVED
+CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did ...)
- nodejs <unfixed> (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533
NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x)
-CVE-2021-44532 [Certificate Verification Bypass via String Injection]
- RESERVED
+CVE-2021-44532 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 conv ...)
- nodejs <unfixed> (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532
NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x)
-CVE-2021-44531 [Improper handling of URI Subject Alternative Names]
- RESERVED
+CVE-2021-44531 (Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI ...)
- nodejs <unfixed> (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531
@@ -17731,8 +18254,7 @@ CVE-2021-44222
RESERVED
CVE-2021-44221
RESERVED
-CVE-2021-4021
- RESERVED
+CVE-2021-4021 (A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/19436
CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
@@ -20713,7 +21235,7 @@ CVE-2021-3941
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153
NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed
CVE-2021-3940
- RESERVED
+ REJECTED
CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...)
NOT-FOR-US: FATEK WinProladder
CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...)
@@ -20879,7 +21401,7 @@ CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file d
CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
CVE-2021-3937
- RESERVED
+ REJECTED
CVE-2021-3936
RESERVED
CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...)
@@ -24204,7 +24726,7 @@ CVE-2021-42564 (An open redirect through HTML injection in confidential messages
CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...)
NOT-FOR-US: NI Service Locator
CVE-2021-3893
- RESERVED
+ REJECTED
CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...)
NOT-FOR-US: CALDERA
CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...)
@@ -24316,7 +24838,7 @@ CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/
NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8)
CVE-2021-3887
- RESERVED
+ REJECTED
CVE-2022-20611
RESERVED
CVE-2022-20610
@@ -25758,7 +26280,7 @@ CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strl
NOTE: https://github.com/OpenRC/openrc/pull/462
NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204
CVE-2021-3886
- RESERVED
+ REJECTED
CVE-2021-3885
RESERVED
CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
@@ -25772,9 +26294,9 @@ CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1
NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72)
NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak.
CVE-2021-3884
- RESERVED
+ REJECTED
CVE-2021-3883
- RESERVED
+ REJECTED
CVE-2020-36484
RESERVED
CVE-2020-36483
@@ -26159,7 +26681,7 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...)
NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/
NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8)
CVE-2021-3880
- RESERVED
+ REJECTED
CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
CVE-2021-42262
@@ -26405,7 +26927,7 @@ CVE-2021-42149
CVE-2021-42148
RESERVED
CVE-2021-3877
- RESERVED
+ REJECTED
CVE-2021-42147
RESERVED
CVE-2021-42146
@@ -26435,7 +26957,7 @@ CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may hav
CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...)
NOT-FOR-US: Django Unicorn, different from src:unicorn
CVE-2021-3876
- RESERVED
+ REJECTED
CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3565-1 (bug #996593)
[bullseye] - vim <not-affected> (Vulnerable feature and code introduced later)
@@ -26497,7 +27019,7 @@ CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windo
CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
NOT-FOR-US: bookstack
CVE-2021-3873
- RESERVED
+ REJECTED
CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
NOT-FOR-US: VITEC Exterity IPTV products
CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...)
@@ -26524,9 +27046,9 @@ CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b
CVE-2021-3871
- RESERVED
+ REJECTED
CVE-2021-3870
- RESERVED
+ REJECTED
CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...)
{DSA-4984-1}
- flatpak 1.12.1-1 (bug #995935)
@@ -26641,9 +27163,9 @@ CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization ch
CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...)
NOT-FOR-US: SAP
CVE-2021-3868
- RESERVED
+ REJECTED
CVE-2021-3867
- RESERVED
+ REJECTED
CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...)
- zulip-server <itp> (bug #800052)
NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
@@ -34169,8 +34691,8 @@ CVE-2021-39040
RESERVED
CVE-2021-39039
RESERVED
-CVE-2021-39038
- RESERVED
+CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere Application Ser ...)
+ TODO: check
CVE-2021-39037
RESERVED
CVE-2021-39036
@@ -34255,10 +34777,10 @@ CVE-2021-38997
RESERVED
CVE-2021-38996
RESERVED
-CVE-2021-38995
- RESERVED
-CVE-2021-38994
- RESERVED
+CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
+ TODO: check
+CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
+ TODO: check
CVE-2021-38993
RESERVED
CVE-2021-38992
@@ -35219,8 +35741,7 @@ CVE-2021-3701
- ansible-runner 2.1.1-1
NOTE: https://github.com/ansible/ansible-runner/issues/738
NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
-CVE-2021-3700
- RESERVED
+CVE-2021-3700 (A use-after-free vulnerability was found in usbredir in versions prior ...)
- usbredir 0.11.0-1
[bullseye] - usbredir <no-dsa> (Minor issue)
[buster] - usbredir <no-dsa> (Minor issue)
@@ -43920,8 +44441,7 @@ CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542
NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0)
NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-philmd@redhat.com/
-CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
- RESERVED
+CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...)
- imagemagick <not-affected> (Specific to Imagemagick 7)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...)
@@ -44400,15 +44920,13 @@ CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute
NOT-FOR-US: D-Link
CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: D-Link
-CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
- RESERVED
+CVE-2021-3608 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
- qemu 1:5.2+dfsg-11 (bug #990563)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3
-CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()]
- RESERVED
+CVE-2021-3607 (An integer overflow was found in the QEMU implementation of VMWare's p ...)
- qemu 1:5.2+dfsg-11 (bug #990564)
[buster] - qemu <no-dsa> (Minor issue)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -45033,8 +45551,7 @@ CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contain
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may ...)
NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
-CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c]
- RESERVED
+CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in versions p ...)
- imagemagick 8:6.9.11.57+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
@@ -56485,8 +57002,7 @@ CVE-2021-26259
NOTE: https://github.com/michaelrsweet/htmldoc/issues/417
NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5
NOTE: Crash in CLI tool, no security impact
-CVE-2021-26252
- RESERVED
+CVE-2021-26252 (A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_ ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/412
@@ -124400,12 +124916,12 @@ CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri
NOT-FOR-US: Philips
CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...)
NOT-FOR-US: Advantech
-CVE-2020-14504
- RESERVED
+CVE-2020-14504 (The web interface of the 1734-AENTR communication module mishandles au ...)
+ TODO: check
CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...)
NOT-FOR-US: Advantech
-CVE-2020-14502
- RESERVED
+CVE-2020-14502 (The web interface of the 1734-AENTR communication module is vulnerable ...)
+ TODO: check
CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...)
NOT-FOR-US: Advantech
CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...)
@@ -124446,14 +124962,14 @@ CVE-2020-14483 (A timeout during a TLS handshake can result in the connection fa
NOT-FOR-US: Niagara
CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
NOT-FOR-US: Delta Industrial Automation DOPSoft
-CVE-2020-14481
- RESERVED
-CVE-2020-14480
- RESERVED
+CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak encryp ...)
+ TODO: check
+CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access ...)
+ TODO: check
CVE-2020-14479
RESERVED
-CVE-2020-14478
- RESERVED
+CVE-2020-14478 (A local, authenticated attacker could use an XML External Entity (XXE) ...)
+ TODO: check
CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
NOT-FOR-US: Philips
CVE-2020-14476
@@ -136798,24 +137314,24 @@ CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.11.00 and prior
NOT-FOR-US: Rockwell
CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...)
NOT-FOR-US: Inductive Automation
-CVE-2020-10640
- RESERVED
+CVE-2020-10640 (Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to ...)
+ TODO: check
CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
NOT-FOR-US: Eaton HMiSoft VU3
CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
NOT-FOR-US: Eaton HMiSoft VU3
-CVE-2020-10636
- RESERVED
-CVE-2020-10635
- RESERVED
+CVE-2020-10636 (Inadequate encryption may allow the passwords for Emerson OpenEnterpri ...)
+ TODO: check
+CVE-2020-10635 (Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server ...)
+ TODO: check
CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted ...)
NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit
CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...)
NOT-FOR-US: eWON Flexy and Cosy
-CVE-2020-10632
- RESERVED
+CVE-2020-10632 (Inadequate folder security permissions in Emerson OpenEnterprise versi ...)
+ TODO: check
CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f232a1a73f016e356e36723332fca9e117246230
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f232a1a73f016e356e36723332fca9e117246230
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220224/5706f310/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list