[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 3 20:10:28 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b6e3446 by security tracker role at 2022-03-03T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-26387
+ RESERVED
+CVE-2022-26386
+ RESERVED
+CVE-2022-26385
+ RESERVED
+CVE-2022-26384
+ RESERVED
+CVE-2022-26383
+ RESERVED
+CVE-2022-26382
+ RESERVED
+CVE-2022-26381
+ RESERVED
+CVE-2022-26380
+ RESERVED
+CVE-2022-26379
+ RESERVED
+CVE-2022-26378
+ RESERVED
+CVE-2022-26377
+ RESERVED
+CVE-2022-26073
+ RESERVED
+CVE-2022-25989
+ RESERVED
+CVE-2022-0844
+ RESERVED
+CVE-2022-0843
+ RESERVED
+CVE-2022-0842
+ RESERVED
+CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile prior to ...)
+ TODO: check
+CVE-2022-0840
+ RESERVED
+CVE-2022-0839
+ RESERVED
+CVE-2022-0838
+ RESERVED
+CVE-2022-0837
+ RESERVED
+CVE-2022-0836
+ RESERVED
CVE-2022-26365
RESERVED
CVE-2022-26364
@@ -716,16 +760,16 @@ CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to inf
CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...)
- linux <unfixed>
NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884
-CVE-2022-26129
- RESERVED
-CVE-2022-26128
- RESERVED
-CVE-2022-26127
- RESERVED
-CVE-2022-26126
- RESERVED
-CVE-2022-26125
- RESERVED
+CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
+ TODO: check
+CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...)
+ TODO: check
+CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...)
+ TODO: check
+CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
+ TODO: check
+CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...)
+ TODO: check
CVE-2022-26122
RESERVED
CVE-2022-26121
@@ -1330,8 +1374,8 @@ CVE-2022-0755
RESERVED
CVE-2022-0754
RESERVED
-CVE-2022-0753
- RESERVED
+CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
+ TODO: check
CVE-2022-0752
RESERVED
CVE-2022-0751
@@ -3298,8 +3342,8 @@ CVE-2022-25140
RESERVED
CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...)
NOT-FOR-US: njs
-CVE-2022-25138
- RESERVED
+CVE-2022-25138 (Axelor Open Suite v5.0 was discovered to contain a stored cross-site s ...)
+ TODO: check
CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...)
NOT-FOR-US: TOTOLINK
CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...)
@@ -3324,8 +3368,8 @@ CVE-2022-25127
RESERVED
CVE-2022-25126
RESERVED
-CVE-2022-25125
- RESERVED
+CVE-2022-25125 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
CVE-2022-25124
RESERVED
CVE-2022-25123
@@ -3518,8 +3562,8 @@ CVE-2022-25033
RESERVED
CVE-2022-25032
RESERVED
-CVE-2022-25031
- RESERVED
+CVE-2022-25031 (Remote Desktop Commander Suite Agent before v4.8 contains an unquoted ...)
+ TODO: check
CVE-2022-25030
RESERVED
CVE-2022-25029 (Home Owners Collection Management System v1.0 was discovered to contai ...)
@@ -5170,8 +5214,7 @@ CVE-2022-21233
RESERVED
CVE-2022-21128
RESERVED
-CVE-2022-0492 [cgroup-v1: Require capabilities to set release_agent]
- RESERVED
+CVE-2022-0492 (A vulnerability was found in the Linux kernel’s cgroup_release_a ...)
- linux 5.16.7-1
NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1
NOTE: https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af
@@ -6813,7 +6856,7 @@ CVE-2022-23961
CVE-2022-23960
RESERVED
CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...)
- {DLA-2920-1}
+ {DSA-5088-1 DLA-2920-1}
- varnish <unfixed> (bug #1004433)
NOTE: https://varnish-cache.org/security/VSV00008.html
NOTE: https://docs.varnish-software.com/security/VSV00008/
@@ -7028,10 +7071,10 @@ CVE-2022-23901
RESERVED
CVE-2022-23900
RESERVED
-CVE-2022-23899
- RESERVED
-CVE-2022-23898
- RESERVED
+CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
CVE-2022-23897
RESERVED
CVE-2022-23896
@@ -8050,8 +8093,7 @@ CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay
NOT-FOR-US: Netmaker
CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
NOT-FOR-US: Cosign
-CVE-2022-23648
- RESERVED
+CVE-2022-23648 (containerd is a container runtime available as a daemon for Linux and ...)
- containerd 1.6.1~ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
NOTE: https://www.openwall.com/lists/oss-security/2022/03/02/1
@@ -11503,8 +11545,8 @@ CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded
[stretch] - lighttpd <not-affected> (Vulnerable code not present; the issue was introduced in later versions)
NOTE: https://redmine.lighttpd.net/issues/3134
NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
-CVE-2022-22706
- RESERVED
+CVE-2022-22706 (An Arm product family through 2022-01-03 has an Exposed Dangerous Meth ...)
+ TODO: check
CVE-2022-22705
RESERVED
CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
@@ -11515,8 +11557,8 @@ CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload
NOT-FOR-US: PartKeepr
CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...)
NOT-FOR-US: PartKeepr
-CVE-2022-22700
- RESERVED
+CVE-2022-22700 (CyberArk Identity versions up to and including 22.1 in the 'StartAuthe ...)
+ TODO: check
CVE-2022-22699
RESERVED
CVE-2022-22698
@@ -13721,8 +13763,8 @@ CVE-2021-45821
RESERVED
CVE-2021-45820
RESERVED
-CVE-2021-45819
- RESERVED
+CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service ...)
+ TODO: check
CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...)
NOT-FOR-US: SAFARI Montage
CVE-2021-45817
@@ -20720,8 +20762,8 @@ CVE-2021-3966
RESERVED
CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
NOT-FOR-US: HP
-CVE-2021-43774
- RESERVED
+CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 ...)
+ TODO: check
CVE-2021-43773
RESERVED
CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...)
@@ -31583,12 +31625,12 @@ CVE-2021-40639 (Improper access control in Jfinal CMS 5.1.0 allows attackers to
NOT-FOR-US: Jfinal CMS
CVE-2021-40638
RESERVED
-CVE-2021-40637
- RESERVED
-CVE-2021-40636
- RESERVED
-CVE-2021-40635
- RESERVED
+CVE-2021-40637 (OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCh ...)
+ TODO: check
+CVE-2021-40636 (OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.p ...)
+ TODO: check
+CVE-2021-40635 (OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ...)
+ TODO: check
CVE-2021-40634
RESERVED
CVE-2021-40633
@@ -41407,6 +41449,7 @@ CVE-2021-36728
CVE-2021-36727
RESERVED
CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...)
+ {DSA-5088-1}
- varnish 6.5.2-1 (bug #991040)
[stretch] - varnish <ignored> (HTTP/2 support is marked experimental in 5.0 and enabling is not recommended, code is quite different)
NOTE: https://varnish-cache.org/security/VSV00007.html
@@ -44316,8 +44359,7 @@ CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91)
-CVE-2021-3620
- RESERVED
+CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, where ...)
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -45373,8 +45415,7 @@ CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySe
NOTE: Issue did affect only the experimental version and fixed in 2:3.2.5-1
CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...)
NOT-FOR-US: FISCO-BCOS
-CVE-2021-3609
- RESERVED
+CVE-2021-3609 (.A flaw was found in the CAN BCM networking protocol in the Linux kern ...)
{DSA-4941-1 DLA-2714-1 DLA-2713-1}
- linux 5.10.46-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1
@@ -46136,8 +46177,7 @@ CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can resu
[stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA)
NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0)
-CVE-2021-3602 [Host environment variables leaked in build container when using chroot isolation]
- RESERVED
+CVE-2021-3602 (An information disclosure flaw was found in Buildah, when building con ...)
- golang-github-containers-buildah <unfixed>
[bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue)
NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b6e3446e9226b264e3331f9ccf103893dd5e94b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b6e3446e9226b264e3331f9ccf103893dd5e94b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220303/f7003636/attachment.htm>
More information about the debian-security-tracker-commits
mailing list