[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 12 20:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54b8ab80 by security tracker role at 2022-01-12T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2022-23205
+ RESERVED
+CVE-2022-23204
+ RESERVED
+CVE-2022-23203
+ RESERVED
+CVE-2022-23202
+ RESERVED
+CVE-2022-23201
+ RESERVED
+CVE-2022-23200
+ RESERVED
+CVE-2022-23199
+ RESERVED
+CVE-2022-23198
+ RESERVED
+CVE-2022-23197
+ RESERVED
+CVE-2022-23196
+ RESERVED
+CVE-2022-23195
+ RESERVED
+CVE-2022-23194
+ RESERVED
+CVE-2022-23193
+ RESERVED
+CVE-2022-23192
+ RESERVED
+CVE-2022-23191
+ RESERVED
+CVE-2022-23190
+ RESERVED
+CVE-2022-23189
+ RESERVED
+CVE-2022-23188
+ RESERVED
+CVE-2022-23187
+ RESERVED
+CVE-2022-23186
+ RESERVED
+CVE-2022-23185
+ RESERVED
+CVE-2022-23184
+ RESERVED
+CVE-2022-23181
+ RESERVED
+CVE-2022-23180
+ RESERVED
+CVE-2022-23179
+ RESERVED
+CVE-2022-21199
+ RESERVED
+CVE-2022-0210
+ RESERVED
+CVE-2022-0209
+ RESERVED
+CVE-2022-0208
+ RESERVED
+CVE-2022-0207
+ RESERVED
+CVE-2022-0206
+ RESERVED
+CVE-2022-0205
+ RESERVED
+CVE-2022-0204
+ RESERVED
+CVE-2022-0203
+ RESERVED
+CVE-2022-0202
+ RESERVED
+CVE-2022-0201
+ RESERVED
+CVE-2022-0200
+ RESERVED
+CVE-2022-0199
+ RESERVED
CVE-2022-23178
RESERVED
CVE-2022-23177
@@ -132,34 +208,34 @@ CVE-2022-23120
RESERVED
CVE-2022-23119
RESERVED
-CVE-2022-23118
- RESERVED
-CVE-2022-23117
- RESERVED
-CVE-2022-23116
- RESERVED
-CVE-2022-23115
- RESERVED
-CVE-2022-23114
- RESERVED
-CVE-2022-23113
- RESERVED
-CVE-2022-23112
- RESERVED
-CVE-2022-23111
- RESERVED
-CVE-2022-23110
- RESERVED
-CVE-2022-23109
- RESERVED
-CVE-2022-23108
- RESERVED
-CVE-2022-23107
- RESERVED
-CVE-2022-23106
- RESERVED
-CVE-2022-23105
- RESERVED
+CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...)
+ TODO: check
+CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
+ TODO: check
+CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
+ TODO: check
+CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch tas ...)
+ TODO: check
+CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unenc ...)
+ TODO: check
+CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation ...)
+ TODO: check
+CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and ...)
+ TODO: check
+CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...)
+ TODO: check
+CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the S ...)
+ TODO: check
+CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault c ...)
+ TODO: check
+CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the description a ...)
+ TODO: check
+CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not re ...)
+ TODO: check
+CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non-const ...)
+ TODO: check
+CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...)
+ TODO: check
CVE-2022-23102
RESERVED
CVE-2022-21236
@@ -2879,7 +2955,7 @@ CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm chec
NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...)
- {DSA-5037-1}
+ {DSA-5037-1 DLA-2878-1}
- roundcube <unfixed> (bug #1003027)
NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
@@ -3030,6 +3106,7 @@ CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25
CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
+ {DLA-2877-1}
[experimental] - gdal 3.4.1~rc1+dfsg-1~exp1
- gdal <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
@@ -3347,14 +3424,14 @@ CVE-2022-0017
RESERVED
CVE-2022-0016
RESERVED
-CVE-2022-0015
- RESERVED
-CVE-2022-0014
- RESERVED
-CVE-2022-0013
- RESERVED
-CVE-2022-0012
- RESERVED
+CVE-2022-0015 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
+ TODO: check
+CVE-2022-0014 (An untrusted search path vulnerability exists in the Palo Alto Network ...)
+ TODO: check
+CVE-2022-0013 (A file information exposure vulnerability exists in the Palo Alto Netw ...)
+ TODO: check
+CVE-2022-0012 (An improper link resolution before file access vulnerability exists in ...)
+ TODO: check
CVE-2022-0011
RESERVED
CVE-2021-45918
@@ -4102,7 +4179,7 @@ CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an
NOT-FOR-US: Netgear
CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
NOT-FOR-US: Netgear
-CVE-2021-45608 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...)
NOT-FOR-US: Netgear
CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
NOT-FOR-US: Netgear
@@ -4972,8 +5049,8 @@ CVE-2021-45447
RESERVED
CVE-2021-45446
RESERVED
-CVE-2021-45445
- RESERVED
+CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
+ TODO: check
CVE-2021-45444
RESERVED
CVE-2021-45443
@@ -5050,8 +5127,8 @@ CVE-2021-45413
RESERVED
CVE-2021-45412
RESERVED
-CVE-2021-45411
- RESERVED
+CVE-2021-45411 (In Sourcecodetester Printable Staff ID Card Creator System 1.0 after c ...)
+ TODO: check
CVE-2021-45410
RESERVED
CVE-2021-45409
@@ -5097,7 +5174,7 @@ CVE-2021-45390
CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...)
NOT-FOR-US: StarWind
CVE-2021-45388
- RESERVED
+ REJECTED
CVE-2021-45387
RESERVED
CVE-2021-45386
@@ -6071,21 +6148,25 @@ CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code ex
CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...)
NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
- epiphany-browser 41.2-1
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
- epiphany-browser 41.2-1
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
- epiphany-browser 41.2-1
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
- epiphany-browser 41.2-1
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
@@ -7306,8 +7387,8 @@ CVE-2021-44454
RESERVED
CVE-2021-43351
RESERVED
-CVE-2021-4080
- RESERVED
+CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
+ TODO: check
CVE-2021-26946
RESERVED
CVE-2021-26254
@@ -7552,16 +7633,16 @@ CVE-2021-44654
RESERVED
CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...)
NOT-FOR-US: Online Magazine Management System
-CVE-2021-44652
- RESERVED
-CVE-2021-44651
- RESERVED
-CVE-2021-44650
- RESERVED
-CVE-2021-44649
- RESERVED
-CVE-2021-44648
- RESERVED
+CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...)
+ TODO: check
+CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...)
+ TODO: check
+CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...)
+ TODO: check
+CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
+ TODO: check
+CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
+ TODO: check
CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...)
TODO: check
CVE-2021-44646
@@ -9508,8 +9589,8 @@ CVE-2021-43962
RESERVED
CVE-2021-43961
RESERVED
-CVE-2021-43960
- RESERVED
+CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...)
+ TODO: check
CVE-2021-3974 (vim is vulnerable to Use After Free ...)
- vim 2:8.2.3995-1 (bug #1001897)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -9669,10 +9750,10 @@ CVE-2022-21678
RESERVED
CVE-2022-21677
RESERVED
-CVE-2022-21676
- RESERVED
-CVE-2022-21675
- RESERVED
+CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
+ TODO: check
+CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...)
+ TODO: check
CVE-2022-21674
RESERVED
CVE-2022-21673
@@ -11934,8 +12015,8 @@ CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attack
NOT-FOR-US: iResturant
CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...)
NOT-FOR-US: sourcecodetester Engineers Online Portal
-CVE-2021-43436
- RESERVED
+CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...)
+ TODO: check
CVE-2021-43435
RESERVED
CVE-2021-43434
@@ -13822,26 +13903,26 @@ CVE-2021-43063 (A improper neutralization of input during web page generation ('
NOT-FOR-US: FortiGuard
CVE-2021-43062
RESERVED
-CVE-2022-20621
- RESERVED
-CVE-2022-20620
- RESERVED
-CVE-2022-20619
- RESERVED
-CVE-2022-20618
- RESERVED
-CVE-2022-20617
- RESERVED
-CVE-2022-20616
- RESERVED
-CVE-2022-20615
- RESERVED
-CVE-2022-20614
- RESERVED
-CVE-2022-20613
- RESERVED
-CVE-2022-20612
- RESERVED
+CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...)
+ TODO: check
+CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...)
+ TODO: check
+CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...)
+ TODO: check
+CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source Plugin 7 ...)
+ TODO: check
+CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the n ...)
+ TODO: check
+CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a ...)
+ TODO: check
+CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML me ...)
+ TODO: check
+CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4 ...)
+ TODO: check
+CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Pl ...)
+ TODO: check
+CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...)
+ TODO: check
CVE-2021-43061
RESERVED
CVE-2021-43060
@@ -15012,16 +15093,16 @@ CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvclo
NOT-FOR-US: NI Service Locator
CVE-2021-3893
RESERVED
-CVE-2021-42562
- RESERVED
-CVE-2021-42561
- RESERVED
-CVE-2021-42560
- RESERVED
+CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...)
+ TODO: check
+CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...)
+ TODO: check
+CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...)
+ TODO: check
CVE-2021-42559
RESERVED
-CVE-2021-42558
- RESERVED
+CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...)
+ TODO: check
CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
NOT-FOR-US: Jeedom
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
@@ -17906,8 +17987,8 @@ CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Templ
NOT-FOR-US: MyBB
CVE-2021-3853
RESERVED
-CVE-2021-3852
- RESERVED
+CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
+ TODO: check
CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
- nomad <not-affected> (Only affects 1.1.x)
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
@@ -25184,8 +25265,8 @@ CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a
NOT-FOR-US: IBM
CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
NOT-FOR-US: IBM
-CVE-2021-38892
- RESERVED
+CVE-2021-38892 (IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQ ...)
+ TODO: check
CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...)
NOT-FOR-US: IBM
CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...)
@@ -31198,8 +31279,8 @@ CVE-2021-36419
RESERVED
CVE-2021-36418
RESERVED
-CVE-2021-36417
- RESERVED
+CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
+ TODO: check
CVE-2021-36416
RESERVED
CVE-2021-36415
@@ -33448,8 +33529,8 @@ CVE-2021-3620
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
- ansible-base <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
-CVE-2021-35500
- RESERVED
+CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...)
+ TODO: check
CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...)
NOT-FOR-US: TIBCO
CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
@@ -51434,10 +51515,10 @@ CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP
NOT-FOR-US: Vesta Control Panel
CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...)
- gitea <removed>
-CVE-2021-28377
- RESERVED
-CVE-2021-28376
- RESERVED
+CVE-2021-28377 (ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary fi ...)
+ TODO: check
+CVE-2021-28376 (ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary f ...)
+ TODO: check
CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03- ...)
- tt-rss <not-affected> (Vulnerable code introduced later)
NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502
@@ -159175,7 +159256,7 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug
NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)
- {DLA-1984-1}
+ {DLA-2877-1 DLA-1984-1}
- gdal 2.4.2+dfsg-2 (low)
[buster] - gdal <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b8ab80c74c47ca0c7682a910675745474c9a27
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54b8ab80c74c47ca0c7682a910675745474c9a27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220112/139372c6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list