[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 7 08:10:20 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e4c1c91 by security tracker role at 2022-03-07T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-26532
+	RESERVED
+CVE-2022-26531
+	RESERVED
+CVE-2022-26530
+	RESERVED
+CVE-2022-26529
+	RESERVED
+CVE-2022-26528
+	RESERVED
+CVE-2022-26527
+	RESERVED
+CVE-2022-26526
+	RESERVED
+CVE-2022-26525
+	RESERVED
+CVE-2022-26524
+	RESERVED
+CVE-2022-26523
+	RESERVED
+CVE-2022-26522
+	RESERVED
+CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated administrators to ...)
+	TODO: check
+CVE-2022-26520
+	RESERVED
+CVE-2022-0872
+	RESERVED
 CVE-2022-26019
 	RESERVED
 CVE-2022-24299
@@ -66,11 +94,13 @@ CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.
 	NOTE: https://git.kernel.org/linux/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
 CVE-2022-26486
 	RESERVED
+	{DSA-5090-1}
 	- firefox <unfixed>
 	- firefox-esr 91.6.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26486
 CVE-2022-26485
 	RESERVED
+	{DSA-5090-1}
 	- firefox <unfixed>
 	- firefox-esr 91.6.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26485
@@ -1113,10 +1143,10 @@ CVE-2022-26133
 	RESERVED
 CVE-2022-26132
 	RESERVED
-CVE-2022-0767
-	RESERVED
-CVE-2022-0766
-	RESERVED
+CVE-2022-0767 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
+	TODO: check
+CVE-2022-0766 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
+	TODO: check
 CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...)
 	NOT-FOR-US: Tor Browser (on Windows)
 CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...)
@@ -2847,8 +2877,8 @@ CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privi
 	NOT-FOR-US: Pritunl Client
 CVE-2022-0698
 	RESERVED
-CVE-2022-0697
-	RESERVED
+CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. ...)
+	TODO: check
 CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -3783,8 +3813,8 @@ CVE-2022-25110
 	RESERVED
 CVE-2022-25109
 	RESERVED
-CVE-2022-25108
-	RESERVED
+CVE-2022-25108 (Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 ...)
+	TODO: check
 CVE-2022-25107
 	RESERVED
 CVE-2022-25106 (D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer ov ...)
@@ -7159,7 +7189,7 @@ CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceive
 	NOT-FOR-US: Samsung
 CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...)
 	NOT-FOR-US: Samsung
-CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
+CVE-2022-23993 (/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus bef ...)
 	NOT-FOR-US: pfSense
 CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...)
 	NOT-FOR-US: XCOM Data Transport
@@ -8502,6 +8532,7 @@ CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay
 CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
 	NOT-FOR-US: Cosign
 CVE-2022-23648 (containerd is a container runtime available as a daemon for Linux and  ...)
+	{DSA-5091-1}
 	- containerd 1.6.1~ds1-1
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/02/1
@@ -19033,8 +19064,8 @@ CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP fi
 	NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
 CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...)
 	NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2021-44421
-	RESERVED
+CVE-2021-44421 (The pointer-validation logic in util/mem_util.rs in Occlum before 0.26 ...)
+	TODO: check
 CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
 	- python-django 2:3.2.10-1
 	[bullseye] - python-django 2:2.2.25-1~deb11u1
@@ -20236,8 +20267,8 @@ CVE-2021-44034
 	RESERVED
 CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...)
 	NOT-FOR-US: Ionic Identity Vault
-CVE-2021-44032
-	RESERVED
+CVE-2021-44032 (TP-Link Omada SDN Software Controller before 5.0.15 does not check if  ...)
+	TODO: check
 CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...)
 	NOT-FOR-US: Quest KACE Desktop Authority
 CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...)
@@ -25618,7 +25649,7 @@ CVE-2021-42769
 	RESERVED
 CVE-2021-42768
 	RESERVED
-CVE-2021-42767 (A directory traversal vulnerability in the Apoc plugins in Neo4J Graph ...)
+CVE-2021-42767 (A directory traversal vulnerability in the apoc plugins in Neo4J Graph ...)
 	NOT-FOR-US: neo4j-apoc-procedures
 CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...)
 	NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
@@ -32738,8 +32769,8 @@ CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_
 	NOT-FOR-US: Compro devices
 CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...)
 	NOT-FOR-US: SmarterTools
-CVE-2021-40376
-	RESERVED
+CVE-2021-40376 (otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM acce ...)
+	TODO: check
 CVE-2021-40375
 	RESERVED
 CVE-2021-40374



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4c1c9144e5173bd6de38bec06d2ec65cccd73c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e4c1c9144e5173bd6de38bec06d2ec65cccd73c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220307/8a105e77/attachment.htm>

More information about the debian-security-tracker-commits mailing list