[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 28 20:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d831bb26 by security tracker role at 2022-01-28T20:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2022-24112
+ RESERVED
+CVE-2022-0406
+ RESERVED
+CVE-2022-0405
+ RESERVED
+CVE-2022-0404
+ RESERVED
+CVE-2022-0403
+ RESERVED
+CVE-2022-0402
+ RESERVED
+CVE-2022-0401
+ RESERVED
+CVE-2022-0400
+ RESERVED
+CVE-2022-0399
+ RESERVED
+CVE-2022-0398
+ RESERVED
+CVE-2022-0397
+ RESERVED
+CVE-2018-25030
+ RESERVED
+CVE-2017-20016
+ RESERVED
+CVE-2017-20015
+ RESERVED
+CVE-2017-20014
+ RESERVED
+CVE-2017-20013
+ RESERVED
+CVE-2017-20012
+ RESERVED
+CVE-2017-20011
+ RESERVED
+CVE-2015-10002
+ RESERVED
+CVE-2010-10001
+ RESERVED
+CVE-2008-10001
+ RESERVED
+CVE-2005-10001
+ RESERVED
+CVE-2003-5003
+ RESERVED
+CVE-2003-5002
+ RESERVED
+CVE-2003-5001
+ RESERVED
CVE-2022-24111
RESERVED
CVE-2022-24110
@@ -78,16 +128,16 @@ CVE-2022-24073
RESERVED
CVE-2022-24072
RESERVED
-CVE-2022-24071
- RESERVED
+CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
+ TODO: check
CVE-2022-24070
RESERVED
CVE-2022-0396
RESERVED
CVE-2022-0395
RESERVED
-CVE-2022-0394
- RESERVED
+CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ TODO: check
CVE-2022-0393
RESERVED
CVE-2022-24069
@@ -1161,8 +1211,8 @@ CVE-2021-46404
RESERVED
CVE-2022-23864
RESERVED
-CVE-2022-23863
- RESERVED
+CVE-2022-23863 (Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authen ...)
+ TODO: check
CVE-2022-23862
RESERVED
CVE-2022-23861
@@ -3547,16 +3597,13 @@ CVE-2022-23100
RESERVED
CVE-2022-23099
RESERVED
-CVE-2022-23098 [TCP Receive Path Triggers 100 % CPU loop if DNS server does not Send Back Data]
- RESERVED
+CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
- connman <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
-CVE-2022-23097 [Possibly invalid memory reference in strnlen() call in forward_dns_reply()]
- RESERVED
+CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...)
- connman <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
-CVE-2022-23096 [TCP Receive Path does not Check for Presence of Sufficient Header Data]
- RESERVED
+CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
- connman <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...)
@@ -3806,8 +3853,8 @@ CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...)
NOT-FOR-US: snipe-it
CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
NOT-FOR-US: snipe-it
-CVE-2022-0177 (Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js ...)
- TODO: check
+CVE-2022-0177
+ REJECTED
CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
RESERVED
- linux <unfixed>
@@ -4076,8 +4123,8 @@ CVE-2022-22870
RESERVED
CVE-2022-22869
RESERVED
-CVE-2022-22868
- RESERVED
+CVE-2022-22868 (Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting ( ...)
+ TODO: check
CVE-2022-22867
RESERVED
CVE-2022-22866
@@ -6019,8 +6066,8 @@ CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0
NOT-FOR-US: Sourcecodester
CVE-2022-22295
RESERVED
-CVE-2022-22294
- RESERVED
+CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attack ...)
+ TODO: check
CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: Node uppy
CVE-2022-0085
@@ -6911,12 +6958,12 @@ CVE-2021-45901
RESERVED
CVE-2021-45900
RESERVED
-CVE-2021-45899
- RESERVED
-CVE-2021-45898
- RESERVED
-CVE-2021-45897
- RESERVED
+CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...)
+ TODO: check
+CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...)
+ TODO: check
+CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...)
+ TODO: check
CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...)
NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices
CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...)
@@ -8537,8 +8584,8 @@ CVE-2021-45437
RESERVED
CVE-2021-45436
RESERVED
-CVE-2021-45435
- RESERVED
+CVE-2021-45435 (An SQL Injection vulnerability exists in Sourcecodester Simple Cold St ...)
+ TODO: check
CVE-2021-45434
RESERVED
CVE-2021-45433
@@ -10185,8 +10232,8 @@ CVE-2021-44973
RESERVED
CVE-2021-44972
RESERVED
-CVE-2021-44971
- RESERVED
+CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...)
+ TODO: check
CVE-2021-44970
RESERVED
CVE-2021-44969
@@ -12225,8 +12272,8 @@ CVE-2021-44251
RESERVED
CVE-2021-44250
RESERVED
-CVE-2021-44249
- RESERVED
+CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...)
+ TODO: check
CVE-2021-44248
RESERVED
CVE-2021-44247
@@ -13282,10 +13329,10 @@ CVE-2022-21722 (PJSIP is a free and open source multimedia communication library
TODO: check
CVE-2022-21721
RESERVED
-CVE-2022-21720
- RESERVED
-CVE-2022-21719
- RESERVED
+CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...)
+ TODO: check
+CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...)
+ TODO: check
CVE-2022-21718
RESERVED
CVE-2022-21717
@@ -18267,8 +18314,8 @@ CVE-2021-42793
RESERVED
CVE-2021-42792
RESERVED
-CVE-2021-42791
- RESERVED
+CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...)
+ TODO: check
CVE-2021-42790
RESERVED
CVE-2021-42789
@@ -22361,10 +22408,10 @@ CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
NOT-FOR-US: openwhyd
CVE-2021-41610
REJECTED
-CVE-2021-41609
- RESERVED
-CVE-2021-41608
- RESERVED
+CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...)
+ TODO: check
+CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...)
+ TODO: check
CVE-2021-41607
RESERVED
CVE-2021-41606
@@ -25347,7 +25394,7 @@ CVE-2021-40397
CVE-2021-40396
RESERVED
CVE-2021-40395
- RESERVED
+ REJECTED
CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
- gerbv 2.8.1-1
[bullseye] - gerbv <no-dsa> (Minor issue)
@@ -40690,8 +40737,8 @@ CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, th
NOT-FOR-US: Artica Pandora FMS
CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remot ...)
NOT-FOR-US: PandoraFMS
-CVE-2021-34073
- RESERVED
+CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...)
+ TODO: check
CVE-2021-34072
RESERVED
CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
@@ -82515,10 +82562,10 @@ CVE-2020-28887
RESERVED
CVE-2020-28886
RESERVED
-CVE-2020-28885
- RESERVED
-CVE-2020-28884
- RESERVED
+CVE-2020-28885 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
+ TODO: check
+CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
+ TODO: check
CVE-2020-28883
RESERVED
CVE-2020-28882
@@ -93040,8 +93087,8 @@ CVE-2020-25907
RESERVED
CVE-2020-25906
RESERVED
-CVE-2020-25905
- RESERVED
+CVE-2020-25905 (An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop Sys ...)
+ TODO: check
CVE-2020-25904
RESERVED
CVE-2020-25903
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d831bb2617e83d5cc7421bd6e0d98e4cae3df2ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d831bb2617e83d5cc7421bd6e0d98e4cae3df2ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220128/17e9fa94/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list