[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 26 08:10:21 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb75f822 by security tracker role at 2022-02-26T08:10:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-26148
+ RESERVED
+CVE-2022-26147
+ RESERVED
+CVE-2022-26146
+ RESERVED
+CVE-2022-26145
+ RESERVED
+CVE-2022-26144
+ RESERVED
+CVE-2022-26143
+ RESERVED
+CVE-2022-26142
+ RESERVED
+CVE-2022-26141
+ RESERVED
+CVE-2022-26140
+ RESERVED
+CVE-2022-26139
+ RESERVED
+CVE-2022-26138
+ RESERVED
+CVE-2022-26137
+ RESERVED
+CVE-2022-26136
+ RESERVED
+CVE-2022-26135
+ RESERVED
+CVE-2022-26134
+ RESERVED
+CVE-2022-26133
+ RESERVED
+CVE-2022-26132
+ RESERVED
+CVE-2022-0767
+ RESERVED
+CVE-2022-0766
+ RESERVED
+CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...)
+ TODO: check
+CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...)
+ TODO: check
CVE-2022-26129
RESERVED
CVE-2022-26128
@@ -1777,8 +1819,8 @@ CVE-2022-25361
RESERVED
CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...)
NOT-FOR-US: WatchGuard
-CVE-2022-25359
- RESERVED
+CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...)
+ TODO: check
CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...)
NOT-FOR-US: awful-salmonella-tar
CVE-2022-25357
@@ -2056,18 +2098,18 @@ CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may ha
NOTE: https://github.com/x0reaxeax/exec-prot-bypass
NOTE: Not considered a security flaw. If desired because no need for backward compatibility
NOTE: can be mitigated through a LSM.
-CVE-2022-25264
- RESERVED
-CVE-2022-25263
- RESERVED
-CVE-2022-25262
- RESERVED
-CVE-2022-25261
- RESERVED
-CVE-2022-25260
- RESERVED
-CVE-2022-25259
- RESERVED
+CVE-2022-25264 (In JetBrains TeamCity before 2021.2.3, environment variables of the "p ...)
+ TODO: check
+CVE-2022-25263 (JetBrains TeamCity before 2021.2.3 was vulnerable to OS command inject ...)
+ TODO: check
+CVE-2022-25262 (In JetBrains Hub before 2022.1.14434, SAML request takeover was possib ...)
+ TODO: check
+CVE-2022-25261 (JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. ...)
+ TODO: check
+CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side ...)
+ TODO: check
+CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. ...)
+ TODO: check
CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...)
- linux 5.16.10-1
NOTE: https://github.com/szymonh/d-os-descriptor
@@ -2649,12 +2691,12 @@ CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to insuffici
NOT-FOR-US: ECTouch
CVE-2022-25097
RESERVED
-CVE-2022-25096
- RESERVED
-CVE-2022-25095
- RESERVED
-CVE-2022-25094
- RESERVED
+CVE-2022-25096 (Home Owners Collection Management System v1.0 was discovered to contai ...)
+ TODO: check
+CVE-2022-25095 (Home Owners Collection Management System v1.0 allows unauthenticated a ...)
+ TODO: check
+CVE-2022-25094 (Home Owners Collection Management System v1.0 was discovered to contai ...)
+ TODO: check
CVE-2022-25093
RESERVED
CVE-2022-25092
@@ -2713,16 +2755,16 @@ CVE-2022-25066
RESERVED
CVE-2022-25065
RESERVED
-CVE-2022-25064
- RESERVED
+CVE-2022-25064 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote ...)
+ TODO: check
CVE-2022-25063
RESERVED
-CVE-2022-25062
- RESERVED
-CVE-2022-25061
- RESERVED
-CVE-2022-25060
- RESERVED
+CVE-2022-25062 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an intege ...)
+ TODO: check
+CVE-2022-25061 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...)
+ TODO: check
+CVE-2022-25060 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...)
+ TODO: check
CVE-2022-25059
RESERVED
CVE-2022-25058
@@ -2869,8 +2911,7 @@ CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an
NOT-FOR-US: galois_2p8
CVE-2022-24987
RESERVED
-CVE-2022-24986
- RESERVED
+CVE-2022-24986 (KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, b ...)
- kcron <unfixed>
[bullseye] - kcron <no-dsa> (Minor issue)
[buster] - kcron <no-dsa> (Minor issue)
@@ -3519,8 +3560,8 @@ CVE-2022-24712
RESERVED
CVE-2022-24711
RESERVED
-CVE-2022-24710
- RESERVED
+CVE-2022-24710 (Weblate is a copyleft software web-based continuous localization syste ...)
+ TODO: check
CVE-2022-24709 (@awsui/components-react is the main AWS UI package which contains Reac ...)
NOT-FOR-US: Node components-react
CVE-2022-24708 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
@@ -4250,8 +4291,8 @@ CVE-2022-24444
RESERVED
CVE-2022-24443
RESERVED
-CVE-2022-24442
- RESERVED
+CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server- ...)
+ TODO: check
CVE-2022-24428
RESERVED
CVE-2022-24427
@@ -4379,6 +4420,7 @@ CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array,
[stretch] - atftp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does ...)
+ {DSA-5087-1}
[experimental] - cyrus-sasl2 2.1.28+dfsg-1
- cyrus-sasl2 2.1.28+dfsg-2
NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28)
@@ -8449,8 +8491,8 @@ CVE-2022-23310
RESERVED
CVE-2022-23309
RESERVED
-CVE-2022-23308
- RESERVED
+CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...)
+ TODO: check
CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...)
NOT-FOR-US: livehelperchat
CVE-2022-0265
@@ -18662,8 +18704,8 @@ CVE-2021-44134
RESERVED
CVE-2021-44133
RESERVED
-CVE-2021-44132
- RESERVED
+CVE-2021-44132 (A command injection vulnerability in the function formImportOMCIShell ...)
+ TODO: check
CVE-2021-44131
RESERVED
CVE-2021-44130
@@ -19293,8 +19335,8 @@ CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In v
NOTE: https://github.com/graph-gophers/graphql-go/pull/492
CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...)
NOT-FOR-US: wasmCloud Host Runtime
-CVE-2022-21706
- RESERVED
+CVE-2022-21706 (Zulip is an open-source team collaboration tool with topic-based threa ...)
+ TODO: check
CVE-2022-21705 (Octobercms is a self-hosted CMS platform based on the Laravel PHP Fram ...)
NOT-FOR-US: October CMS
CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...)
@@ -23980,8 +24022,8 @@ CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from
NOT-FOR-US: Zoho
CVE-2021-42953
RESERVED
-CVE-2021-42952
- RESERVED
+CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vuln ...)
+ TODO: check
CVE-2021-42951
RESERVED
CVE-2021-42950
@@ -73606,8 +73648,8 @@ CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allow
NOT-FOR-US: Node strikeentco/set
CVE-2021-23496
RESERVED
-CVE-2021-23495
- RESERVED
+CVE-2021-23495 (The package karma before 6.3.16 are vulnerable to Open Redirect due to ...)
+ TODO: check
CVE-2021-23494
RESERVED
CVE-2021-23493
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb75f822e922337d73435fd896089bda90f6c9f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb75f822e922337d73435fd896089bda90f6c9f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220226/c6574f8e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list