[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 26 20:10:29 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18b291a1 by security tracker role at 2022-01-26T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2022-24004
+ RESERVED
+CVE-2022-24003
+ RESERVED
+CVE-2022-24002
+ RESERVED
+CVE-2022-24001
+ RESERVED
+CVE-2022-24000
+ RESERVED
+CVE-2022-23999
+ RESERVED
+CVE-2022-23998
+ RESERVED
+CVE-2022-23997
+ RESERVED
+CVE-2022-23996
+ RESERVED
+CVE-2022-23995
+ RESERVED
+CVE-2022-23994
+ RESERVED
+CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
+ TODO: check
+CVE-2022-23992
+ RESERVED
+CVE-2022-23991
+ RESERVED
+CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...)
+ TODO: check
+CVE-2022-23989
+ RESERVED
+CVE-2022-23988
+ RESERVED
+CVE-2022-23987
+ RESERVED
+CVE-2022-23984
+ RESERVED
+CVE-2022-23983
+ RESERVED
+CVE-2022-23982
+ RESERVED
+CVE-2022-23981
+ RESERVED
+CVE-2022-23980
+ RESERVED
+CVE-2022-23979
+ RESERVED
+CVE-2022-23978
+ RESERVED
+CVE-2022-23977
+ RESERVED
+CVE-2022-23976
+ RESERVED
+CVE-2022-23975
+ RESERVED
+CVE-2022-23974
+ RESERVED
+CVE-2022-23103
+ RESERVED
+CVE-2022-0383
+ RESERVED
+CVE-2022-0382
+ RESERVED
+CVE-2022-0381
+ RESERVED
+CVE-2022-0380
+ RESERVED
+CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ TODO: check
+CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+ TODO: check
+CVE-2022-0377
+ RESERVED
+CVE-2022-0376
+ RESERVED
+CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ TODO: check
+CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ TODO: check
+CVE-2022-0373
+ RESERVED
+CVE-2022-0372
+ RESERVED
+CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
+ TODO: check
+CVE-2018-25029
+ RESERVED
+CVE-2013-20003
+ RESERVED
CVE-2022-23973
RESERVED
CVE-2022-23972
@@ -80,8 +170,8 @@ CVE-2022-23942
RESERVED
CVE-2022-21184
RESERVED
-CVE-2022-0368
- RESERVED
+CVE-2022-0368 (Out-of-bounds Read in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0367
RESERVED
CVE-2022-0366
@@ -92,14 +182,14 @@ CVE-2022-0364
RESERVED
CVE-2022-0363
RESERVED
-CVE-2022-0362
- RESERVED
-CVE-2022-0361
- RESERVED
+CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
+ TODO: check
+CVE-2022-0361 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0360
RESERVED
-CVE-2022-0359
- RESERVED
+CVE-2022-0359 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...)
+ TODO: check
CVE-2022-0358
RESERVED
- qemu <unfixed>
@@ -170,7 +260,7 @@ CVE-2022-21201
RESERVED
CVE-2022-21178
RESERVED
-CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM hiep ...)
+CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...)
TODO: check
CVE-2022-0354
RESERVED
@@ -2036,14 +2126,14 @@ CVE-2021-46388
RESERVED
CVE-2021-46387
RESERVED
-CVE-2021-46386
- RESERVED
-CVE-2021-46385
- RESERVED
+CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...)
+ TODO: check
+CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
+ TODO: check
CVE-2021-46384
RESERVED
-CVE-2021-46383
- RESERVED
+CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...)
+ TODO: check
CVE-2021-46382
RESERVED
CVE-2021-46381
@@ -2285,8 +2375,8 @@ CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input
NOT-FOR-US: livehelperchat
CVE-2022-0252
RESERVED
-CVE-2022-0251
- RESERVED
+CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
CVE-2022-0250
RESERVED
CVE-2022-0249
@@ -2760,8 +2850,8 @@ CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt pro
NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039807
-CVE-2022-0203
- RESERVED
+CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crater pri ...)
+ TODO: check
CVE-2022-0202
RESERVED
CVE-2022-0201
@@ -3357,8 +3447,7 @@ CVE-2022-22934
RESERVED
CVE-2022-22933
RESERVED
-CVE-2022-22932
- RESERVED
+CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...)
- apache-karaf <itp> (bug #881297)
CVE-2022-22931
RESERVED
@@ -3546,12 +3635,12 @@ CVE-2022-22854
RESERVED
CVE-2022-22853
RESERVED
-CVE-2022-22852
- RESERVED
-CVE-2022-22851
- RESERVED
-CVE-2022-22850
- RESERVED
+CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ TODO: check
+CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ TODO: check
+CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ TODO: check
CVE-2022-22849
RESERVED
CVE-2022-22149
@@ -4434,13 +4523,13 @@ CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3,
NOTE: https://github.com/libexpat/libexpat/pull/538
NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b
CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
- {DLA-2883-1}
+ {DSA-5063-1 DLA-2883-1}
- uriparser 0.9.6+dfsg-1
NOTE: https://github.com/uriparser/uriparser/issues/122
NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6)
NOTE: https://github.com/uriparser/uriparser/pull/124
CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
- {DLA-2883-1}
+ {DSA-5063-1 DLA-2883-2 DLA-2883-1}
- uriparser 0.9.6+dfsg-1
NOTE: https://github.com/uriparser/uriparser/issues/121
NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6)
@@ -5480,16 +5569,16 @@ CVE-2021-46120
RESERVED
CVE-2021-46119
RESERVED
-CVE-2021-46118
- RESERVED
-CVE-2021-46117
- RESERVED
-CVE-2021-46116
- RESERVED
-CVE-2021-46115
- RESERVED
-CVE-2021-46114
- RESERVED
+CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ TODO: check
+CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ TODO: check
+CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...)
+ TODO: check
+CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...)
+ TODO: check
+CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...)
+ TODO: check
CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...)
NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source
CVE-2021-46112
@@ -5836,8 +5925,8 @@ CVE-2021-45977
RESERVED
CVE-2021-45976
RESERVED
-CVE-2021-45975
- RESERVED
+CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...)
+ TODO: check
CVE-2021-45974
RESERVED
CVE-2021-45973
@@ -8966,8 +9055,8 @@ CVE-2022-21946
RESERVED
CVE-2022-21945
RESERVED
-CVE-2022-21944
- RESERVED
+CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...)
+ TODO: check
CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)
{DSA-5024-1 DLA-2852-1}
- apache-log4j2 2.17.0-1 (bug #1001891)
@@ -10477,8 +10566,8 @@ CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
NOTE: https://github.com/latchset/tang/pull/81
NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8)
NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11)
-CVE-2021-44692
- RESERVED
+CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...)
+ TODO: check
CVE-2021-44691
RESERVED
CVE-2021-44690
@@ -12139,18 +12228,18 @@ CVE-2021-44125
RESERVED
CVE-2021-44124
RESERVED
-CVE-2021-44123
- RESERVED
-CVE-2021-44122
- RESERVED
+CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...)
+ TODO: check
+CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...)
+ TODO: check
CVE-2021-44121
RESERVED
-CVE-2021-44120
- RESERVED
+CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2021-44119
RESERVED
-CVE-2021-44118
- RESERVED
+CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...)
+ TODO: check
CVE-2021-44117
RESERVED
CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...)
@@ -15373,8 +15462,8 @@ CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF f
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43335
RESERVED
-CVE-2021-43334
- RESERVED
+CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...)
+ TODO: check
CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
NOT-FOR-US: Datalogic
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
@@ -21416,8 +21505,7 @@ CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a priva
NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6
CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...)
NOT-FOR-US: openwhyd
-CVE-2021-41766
- RESERVED
+CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...)
- apache-karaf <itp> (bug #881297)
CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...)
- dbeaver <itp> (bug #680987)
@@ -51332,10 +51420,10 @@ CVE-2021-29848
RESERVED
CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...)
NOT-FOR-US: IBM
-CVE-2021-29846
- RESERVED
-CVE-2021-29845
- RESERVED
+CVE-2021-29846 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ TODO: check
+CVE-2021-29845 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ TODO: check
CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...)
NOT-FOR-US: IBM
CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...)
@@ -51348,8 +51436,8 @@ CVE-2021-29840
RESERVED
CVE-2021-29839
RESERVED
-CVE-2021-29838
- RESERVED
+CVE-2021-29838 (IBM Security Guardium Insights 3.0 could allow a remote attacker to ob ...)
+ TODO: check
CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
NOT-FOR-US: IBM
CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...)
@@ -68974,8 +69062,8 @@ CVE-2021-22602
RESERVED
CVE-2021-22601
RESERVED
-CVE-2021-22600
- RESERVED
+CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...)
+ TODO: check
CVE-2021-22599
RESERVED
CVE-2021-22598
@@ -69034,8 +69122,8 @@ CVE-2021-22572
RESERVED
CVE-2021-22571
RESERVED
-CVE-2021-22570
- RESERVED
+CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
+ TODO: check
CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
[experimental] - protobuf 3.19.3-1
- protobuf <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b291a1db6a6764ac1116288f1b4134d7d7b6ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18b291a1db6a6764ac1116288f1b4134d7d7b6ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220126/c6939ab1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list