[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 21 20:10:45 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc5f576e by security tracker role at 2022-01-21T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2022-23834
+ RESERVED
+CVE-2022-23833
+ RESERVED
+CVE-2022-23832
+ RESERVED
+CVE-2022-23831
+ RESERVED
+CVE-2022-23830
+ RESERVED
+CVE-2022-23829
+ RESERVED
+CVE-2022-23828
+ RESERVED
+CVE-2022-23827
+ RESERVED
+CVE-2022-23826
+ RESERVED
+CVE-2022-23825
+ RESERVED
+CVE-2022-23824
+ RESERVED
+CVE-2022-23823
+ RESERVED
+CVE-2022-23822
+ RESERVED
+CVE-2022-23821
+ RESERVED
+CVE-2022-23820
+ RESERVED
+CVE-2022-23819
+ RESERVED
+CVE-2022-23818
+ RESERVED
+CVE-2022-23817
+ RESERVED
+CVE-2022-23816
+ RESERVED
+CVE-2022-23815
+ RESERVED
+CVE-2022-23814
+ RESERVED
+CVE-2022-23813
+ RESERVED
+CVE-2022-22146
+ RESERVED
+CVE-2022-21193
+ RESERVED
+CVE-2022-21176
+ RESERVED
+CVE-2022-21143
+ RESERVED
+CVE-2022-21141
+ RESERVED
+CVE-2022-0335
+ RESERVED
+CVE-2022-0334
+ RESERVED
+CVE-2022-0333
+ RESERVED
+CVE-2022-0332
+ RESERVED
+CVE-2022-0331
+ RESERVED
+CVE-2022-0330
+ RESERVED
+CVE-2022-0329 (Code Injection in PyPi loguru prior to and including 0.5.3. ...)
+ TODO: check
+CVE-2022-0328
+ RESERVED
+CVE-2022-0327
+ RESERVED
+CVE-2021-46403
+ RESERVED
+CVE-2021-4208
+ RESERVED
CVE-2022-23809
RESERVED
CVE-2022-23808
@@ -68,18 +144,18 @@ CVE-2022-23780
RESERVED
CVE-2022-21147
RESERVED
-CVE-2022-0323
- RESERVED
+CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
CVE-2022-0322
RESERVED
CVE-2022-0321
RESERVED
CVE-2022-0320
RESERVED
-CVE-2022-0319
- RESERVED
-CVE-2022-0318
- RESERVED
+CVE-2022-0319 (Out-of-bounds Read in Conda vim prior to 8.2. ...)
+ TODO: check
+CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0317
RESERVED
CVE-2022-0316
@@ -188,8 +264,8 @@ CVE-2022-23730
RESERVED
CVE-2022-23729
RESERVED
-CVE-2022-23728
- RESERVED
+CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
+ TODO: check
CVE-2022-23727
RESERVED
CVE-2022-23726
@@ -1168,7 +1244,7 @@ CVE-2022-21801
RESERVED
CVE-2022-21796
RESERVED
-CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NPM cypress-orchardcore prior t ...)
+CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
NOT-FOR-US: Orchard CMS
CVE-2022-0273
RESERVED
@@ -1364,12 +1440,12 @@ CVE-2021-46311
RESERVED
CVE-2021-46310
RESERVED
-CVE-2021-46309
- RESERVED
-CVE-2021-46308
- RESERVED
-CVE-2021-46307
- RESERVED
+CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
+ TODO: check
+CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...)
+ TODO: check
+CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...)
+ TODO: check
CVE-2021-46306
RESERVED
CVE-2021-46305
@@ -1453,7 +1529,7 @@ CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelper
NOT-FOR-US: livehelperchat
CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/or ...)
+CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
TODO: check
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
- apache-log4j1.2 <unfixed>
@@ -1632,8 +1708,8 @@ CVE-2022-23223
RESERVED
CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
TODO: check
-CVE-2022-23220 [usbview polkit policy local root exploit]
- RESERVED
+CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...)
+ {DSA-5052-1}
- usbview 2.0-21-g6fe2f4f-2.1
[stretch] - usbview <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1
@@ -2004,14 +2080,14 @@ CVE-2022-23131 (In the case of instances where the SAML SSO authentication is en
- zabbix <undetermined>
NOTE: https://support.zabbix.com/browse/ZBX-20350
TODO: check, possibly only affecting 5.4.0 onwards
-CVE-2022-23130
- RESERVED
-CVE-2022-23129
- RESERVED
-CVE-2022-23128
- RESERVED
-CVE-2022-23127
- RESERVED
+CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...)
+ TODO: check
+CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...)
+ TODO: check
+CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...)
+ TODO: check
+CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...)
+ TODO: check
CVE-2022-23126
RESERVED
CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
@@ -2812,14 +2888,14 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v
NOT-FOR-US: Taocms
CVE-2021-46202
RESERVED
-CVE-2021-46201
- RESERVED
-CVE-2021-46200
- RESERVED
+CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...)
+ TODO: check
+CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...)
+ TODO: check
CVE-2021-46199
RESERVED
-CVE-2021-46198
- RESERVED
+CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...)
+ TODO: check
CVE-2021-46197
RESERVED
CVE-2021-46196
@@ -3012,14 +3088,17 @@ CVE-2022-22819
CVE-2022-22818
RESERVED
CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...)
+ {DSA-5053-1}
- pillow 9.0.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0)
CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...)
+ {DSA-5053-1}
- pillow 9.0.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0)
CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...)
+ {DSA-5053-1}
- pillow 9.0.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0)
@@ -6449,7 +6528,7 @@ CVE-2021-4159
RESERVED
CVE-2021-45464
RESERVED
-CVE-2021-45463 (GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allo ...)
+CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...)
- gegl 1:0.4.34-1 (bug #1002661)
[bullseye] - gegl <no-dsa> (Minor issue)
[buster] - gegl <no-dsa> (Minor issue)
@@ -8269,8 +8348,8 @@ CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross
NOT-FOR-US: DIAEnergie
CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
NOT-FOR-US: DIAEnergie
-CVE-2022-21933
- RESERVED
+CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...)
+ TODO: check
CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
NOT-FOR-US: Microsoft
CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
@@ -9725,8 +9804,8 @@ CVE-2021-44595
RESERVED
CVE-2021-44594
RESERVED
-CVE-2021-44593
- RESERVED
+CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
+ TODO: check
CVE-2021-44592
RESERVED
CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
@@ -10211,8 +10290,8 @@ CVE-2021-23223
RESERVED
CVE-2021-23179
RESERVED
-CVE-2021-44464
- RESERVED
+CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...)
+ TODO: check
CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
NOT-FOR-US: mySCADA myPRO
CVE-2021-44451
@@ -10259,30 +10338,30 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version
NOT-FOR-US: Siemens
CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2021-43355
- RESERVED
-CVE-2021-41835
- RESERVED
+CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ TODO: check
+CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
+ TODO: check
CVE-2021-4035
RESERVED
-CVE-2021-33848
- RESERVED
-CVE-2021-33846
- RESERVED
-CVE-2021-33843
- RESERVED
-CVE-2021-31562
- RESERVED
-CVE-2021-23236
- RESERVED
-CVE-2021-23233
- RESERVED
-CVE-2021-23207
- RESERVED
-CVE-2021-23196
- RESERVED
-CVE-2021-23195
- RESERVED
+CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ TODO: check
+CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ TODO: check
+CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...)
+ TODO: check
+CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...)
+ TODO: check
+CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...)
+ TODO: check
+CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...)
+ TODO: check
+CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...)
+ TODO: check
+CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...)
+ TODO: check
+CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ TODO: check
CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...)
NOT-FOR-US: Serva
CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...)
@@ -10688,8 +10767,7 @@ CVE-2021-44237
RESERVED
CVE-2021-44236
RESERVED
-CVE-2021-4032 [kvm: mishandling of memory error during VCPU construction can lead to DoS]
- RESERVED
+CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...)
- linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7)
NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
CVE-2021-4031
@@ -10953,8 +11031,8 @@ CVE-2021-44197
RESERVED
CVE-2021-44196
RESERVED
-CVE-2021-4016
- RESERVED
+CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
+ TODO: check
CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...)
@@ -11250,8 +11328,7 @@ CVE-2021-44081
RESERVED
CVE-2021-44080
RESERVED
-CVE-2021-4001 [race condition when the EBPF map is frozen]
- RESERVED
+CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -22572,8 +22649,8 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca
NOT-FOR-US: Auerswald COMpact 5500R devices
CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...)
NOT-FOR-US: Auerswald
-CVE-2021-40855
- RESERVED
+CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...)
+ TODO: check
CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
NOT-FOR-US: AnyDesk
CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
@@ -22950,16 +23027,16 @@ CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 R
NOT-FOR-US: Adobe
CVE-2021-40696
RESERVED
-CVE-2021-40695
- RESERVED
-CVE-2021-40694
- RESERVED
-CVE-2021-40693
- RESERVED
-CVE-2021-40692
- RESERVED
-CVE-2021-40691
- RESERVED
+CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...)
+ TODO: check
+CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...)
+ TODO: check
+CVE-2021-40693 (An authentication bypass risk was identified in the external database ...)
+ TODO: check
+CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...)
+ TODO: check
+CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...)
+ TODO: check
CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
{DSA-5010-1 DLA-2767-1}
- libxml-security-java 2.1.7-1 (bug #994569)
@@ -23179,8 +23256,8 @@ CVE-2021-40597
RESERVED
CVE-2021-40596
RESERVED
-CVE-2021-40595
- RESERVED
+CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...)
+ TODO: check
CVE-2021-40594
RESERVED
CVE-2021-40593
@@ -24080,8 +24157,8 @@ CVE-2021-40249
RESERVED
CVE-2021-40248
RESERVED
-CVE-2021-40247
- RESERVED
+CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...)
+ TODO: check
CVE-2021-40246
RESERVED
CVE-2021-40245
@@ -36897,10 +36974,10 @@ CVE-2021-35006
RESERVED
CVE-2021-35005
RESERVED
-CVE-2021-35004
- RESERVED
-CVE-2021-35003
- RESERVED
+CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2021-35002
RESERVED
CVE-2021-35001
@@ -39229,8 +39306,8 @@ CVE-2021-33968
RESERVED
CVE-2021-33967
RESERVED
-CVE-2021-33966
- RESERVED
+CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...)
+ TODO: check
CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
NOT-FOR-US: China Mobile An Lianbao WF-1 router
CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
@@ -41288,7 +41365,7 @@ CVE-2021-33180 (Improper neutralization of special elements used in an SQL comma
NOT-FOR-US: Synology
CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
NOT-FOR-US: Nagios XI
-CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...)
+CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...)
- nagvis 1:1.9.29-1
[bullseye] - nagvis <no-dsa> (Minor issue)
[buster] - nagvis <no-dsa> (Minor issue)
@@ -96236,7 +96313,7 @@ CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of
NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be84216c53a4ed81573c82320e9c4a20e9b349d9 (n4.3.1)
CVE-2020-23905
RESERVED
-CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...)
+CVE-2020-23904 (** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 all ...)
- speex <unfixed>
[bullseye] - speex <no-dsa> (Minor issue)
[buster] - speex <no-dsa> (Minor issue)
@@ -104823,14 +104900,14 @@ CVE-2020-19863
RESERVED
CVE-2020-19862
RESERVED
-CVE-2020-19861
- RESERVED
-CVE-2020-19860
- RESERVED
+CVE-2020-19861 (When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt ...)
+ TODO: check
+CVE-2020-19860 (When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_ ...)
+ TODO: check
CVE-2020-19859
RESERVED
-CVE-2020-19858
- RESERVED
+CVE-2020-19858 (Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...)
+ TODO: check
CVE-2020-19857
RESERVED
CVE-2020-19856
@@ -144161,16 +144238,16 @@ CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtai
NOT-FOR-US: IBM
CVE-2020-4880
RESERVED
-CVE-2020-4879
- RESERVED
+CVE-2020-4879 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote ...)
+ TODO: check
CVE-2020-4878
RESERVED
-CVE-2020-4877
- RESERVED
-CVE-2020-4876
- RESERVED
-CVE-2020-4875
- RESERVED
+CVE-2020-4877 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable t ...)
+ TODO: check
+CVE-2020-4876 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...)
+ TODO: check
+CVE-2020-4875 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...)
+ TODO: check
CVE-2020-4874
RESERVED
CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc5f576e0030abb7017d2c0b14b8f736726518ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc5f576e0030abb7017d2c0b14b8f736726518ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220121/64248218/attachment.htm>
More information about the debian-security-tracker-commits
mailing list