[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 25 08:10:23 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a1f9497 by security tracker role at 2022-02-25T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-26111
+ RESERVED
+CVE-2022-26110
+ RESERVED
+CVE-2022-26109
+ RESERVED
+CVE-2022-26108
+ RESERVED
+CVE-2022-26107
+ RESERVED
+CVE-2022-26106
+ RESERVED
+CVE-2022-26105
+ RESERVED
+CVE-2022-26104
+ RESERVED
+CVE-2022-26103
+ RESERVED
+CVE-2022-26102
+ RESERVED
+CVE-2022-26101
+ RESERVED
+CVE-2022-26100
+ RESERVED
+CVE-2022-26099
+ RESERVED
+CVE-2022-26098
+ RESERVED
+CVE-2022-26097
+ RESERVED
+CVE-2022-26096
+ RESERVED
+CVE-2022-26095
+ RESERVED
+CVE-2022-26094
+ RESERVED
+CVE-2022-26093
+ RESERVED
+CVE-2022-26092
+ RESERVED
+CVE-2022-26091
+ RESERVED
+CVE-2022-26090
+ RESERVED
+CVE-2022-26089
+ RESERVED
+CVE-2022-26088
+ RESERVED
+CVE-2022-0761
+ RESERVED
+CVE-2022-0760
+ RESERVED
+CVE-2022-0759
+ RESERVED
CVE-2022-26085
RESERVED
CVE-2022-26068
@@ -3407,8 +3461,8 @@ CVE-2022-24711
RESERVED
CVE-2022-24710
RESERVED
-CVE-2022-24709
- RESERVED
+CVE-2022-24709 (@awsui/components-react is the main AWS UI package which contains Reac ...)
+ TODO: check
CVE-2022-24708 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
TODO: check
CVE-2022-24707 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -5460,20 +5514,20 @@ CVE-2022-24054
RESERVED
CVE-2022-24053
RESERVED
-CVE-2022-24052 (This vulnerability allows local attackers to escalate privileges on af ...)
+CVE-2022-24052 (MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Es ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
-CVE-2022-24051 (This vulnerability allows local attackers to escalate privileges on af ...)
+CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege Escalation Vuln ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
-CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges on af ...)
+CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vul ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -5481,7 +5535,7 @@ CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Sonos One Speaker
-CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...)
+CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege E ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -5709,7 +5763,7 @@ CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive
NOT-FOR-US: Bentley
CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Bentley
-CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+CVE-2021-46614 (Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds ...)
NOT-FOR-US: Bentley
CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Bentley
@@ -6671,8 +6725,8 @@ CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit
NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)
CVE-2022-23836
RESERVED
-CVE-2022-23835
- RESERVED
+CVE-2022-23835 (** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02 ...)
+ TODO: check
CVE-2022-0337
RESERVED
CVE-2022-0336 [Samba AD users with permission to write to an account can impersonate arbitrary services]
@@ -7073,8 +7127,8 @@ CVE-2022-23703
RESERVED
CVE-2022-23702
RESERVED
-CVE-2022-23701
- RESERVED
+CVE-2022-23701 (A potential remote host header injection security vulnerability has be ...)
+ TODO: check
CVE-2022-23700
RESERVED
CVE-2022-23699
@@ -16926,10 +16980,10 @@ CVE-2021-44667
RESERVED
CVE-2021-44666
RESERVED
-CVE-2021-44665
- RESERVED
-CVE-2021-44664
- RESERVED
+CVE-2021-44665 (A Directory Traversal vulnerability exists in the Xerte Project Xerte ...)
+ TODO: check
+CVE-2021-44664 (An Authenticated Remote Code Exection (RCE) vulnerability exists in Xe ...)
+ TODO: check
CVE-2021-44663 (A Remote Code Execution (RCE) vulnerability exists in the Xerte Projec ...)
NOT-FOR-US: Xerte
CVE-2021-44662 (A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte ...)
@@ -17160,11 +17214,11 @@ CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libs
NOTE: https://github.com/openSUSE/libsolv/issues/425
NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44567 (An SQL Injection vulnerability exits in RosarioSIS before 7.6.1 via th ...)
+CVE-2021-44567 (An unauthenticated SQL Injection vulnerability exists in RosarioSIS be ...)
NOT-FOR-US: RosarioSIS
-CVE-2021-44566 (A Cross Site Scripting vulnerability exists RosarioSIS before 4.3 via ...)
+CVE-2021-44566 (A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before ...)
NOT-FOR-US: RosarioSIS
-CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7 ...)
+CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before ...)
NOT-FOR-US: RosarioSIS
CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...)
NOT-FOR-US: SYNC2101
@@ -20772,8 +20826,8 @@ CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpda
NOT-FOR-US: Bitdefender
CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
NOT-FOR-US: iPack SCADA Automation
-CVE-2021-43745
- RESERVED
+CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the ...)
+ TODO: check
CVE-2021-43744
RESERVED
CVE-2021-43743
@@ -33769,10 +33823,10 @@ CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS c
- grilo 0.3.13-1.1 (bug #992971)
NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
-CVE-2021-39364
- RESERVED
-CVE-2021-39363
- RESERVED
+CVE-2021-39364 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...)
+ TODO: check
+CVE-2021-39363 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...)
+ TODO: check
CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...)
{DLA-2826-1}
- mbedtls 2.16.9-0.1
@@ -46076,12 +46130,12 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows
NOTE: https://github.com/nvbn/thefuck/pull/1206
CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...)
NOT-FOR-US: QNAP
-CVE-2021-34361
- RESERVED
+CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
CVE-2021-34360
RESERVED
-CVE-2021-34359
- RESERVED
+CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...)
NOT-FOR-US: QNAP
CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
@@ -59554,16 +59608,16 @@ CVE-2021-29222
RESERVED
CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erlang/OT ...)
- erlang <not-affected> (Windows-specific)
-CVE-2021-29220
- RESERVED
+CVE-2021-29220 (Multiple buffer overflow security vulnerabilities have been identified ...)
+ TODO: check
CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
NOT-FOR-US: HPE
CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
NOT-FOR-US: HPE
-CVE-2021-29217
- RESERVED
-CVE-2021-29216
- RESERVED
+CVE-2021-29217 (A remote URL redirection vulnerability was discovered in HPE OneView G ...)
+ TODO: check
+CVE-2021-29216 (A remote cross-site scripting vulnerability was discovered in HPE OneV ...)
+ TODO: check
CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
NOT-FOR-US: HPE
CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1f949727176abbc708d493e0c3fca0d1953b34
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1f949727176abbc708d493e0c3fca0d1953b34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220225/f3b04771/attachment.htm>
More information about the debian-security-tracker-commits
mailing list