[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 8 08:10:27 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3fdb8d06 by security tracker role at 2022-03-08T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-26676
+ RESERVED
+CVE-2022-26675
+ RESERVED
+CVE-2022-26674
+ RESERVED
+CVE-2022-26673
+ RESERVED
+CVE-2022-26672
+ RESERVED
+CVE-2022-26671
+ RESERVED
+CVE-2022-26670
+ RESERVED
+CVE-2022-26669
+ RESERVED
+CVE-2022-26668
+ RESERVED
+CVE-2022-26665
+ RESERVED
+CVE-2022-26664
+ RESERVED
+CVE-2022-26663
+ RESERVED
+CVE-2022-26662 (An XML Entity Expansion (XEE) issue was discovered in Tryton Applicati ...)
+ TODO: check
+CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Server) 5. ...)
+ TODO: check
+CVE-2022-26660
+ RESERVED
+CVE-2022-26659
+ RESERVED
+CVE-2022-26658
+ RESERVED
+CVE-2022-26657
+ RESERVED
+CVE-2022-26656
+ RESERVED
+CVE-2022-26655
+ RESERVED
+CVE-2022-26654
+ RESERVED
+CVE-2022-26653
+ RESERVED
+CVE-2022-26652
+ RESERVED
+CVE-2022-26651
+ RESERVED
+CVE-2022-25943
+ RESERVED
+CVE-2022-0880
+ RESERVED
CVE-2022-26650
RESERVED
CVE-2022-26649
@@ -335,8 +387,8 @@ CVE-2021-46704 (In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerab
NOT-FOR-US: GenieACS
CVE-2021-46703 (** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component o ...)
NOT-FOR-US: Antaris RazorEngine
-CVE-2020-36517
- RESERVED
+CVE-2020-36517 (An information leak in Nabu Casa Home Assistant Operating System and H ...)
+ TODO: check
CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. ...)
NOT-FOR-US: Node urijs
CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...)
@@ -616,8 +668,7 @@ CVE-2022-26389
RESERVED
CVE-2022-26388
RESERVED
-CVE-2022-0847
- RESERVED
+CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe buffer ...)
{DSA-5092-1}
- linux 5.16.11-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -849,8 +900,8 @@ CVE-2022-26313
RESERVED
CVE-2022-26312
RESERVED
-CVE-2022-26311
- RESERVED
+CVE-2022-26311 (Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to ...)
+ TODO: check
CVE-2022-26310
RESERVED
CVE-2022-26309
@@ -3418,7 +3469,7 @@ CVE-2022-0657
RESERVED
CVE-2022-0656
RESERVED
-CVE-2022-26520 [Arbitrary File Write Vulnerability]
+CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the ...)
- libpgjava 42.3.3-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
@@ -3647,10 +3698,10 @@ CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contrib
NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712
CVE-2022-25245
RESERVED
-CVE-2022-25244
- RESERVED
-CVE-2022-25243
- RESERVED
+CVE-2022-25244 (Vault Enterprise clusters using the tokenization transform feature can ...)
+ TODO: check
+CVE-2022-25243 ("Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the ...)
+ TODO: check
CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...)
NOT-FOR-US: FileCloud
CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...)
@@ -3703,20 +3754,20 @@ CVE-2022-25221
RESERVED
CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...)
NOT-FOR-US: PeteReport
-CVE-2022-25219
- RESERVED
-CVE-2022-25218
- RESERVED
-CVE-2022-25217
- RESERVED
+CVE-2022-25219 (A null byte interaction error has been discovered in the code that the ...)
+ TODO: check
+CVE-2022-25218 (The use of the RSA algorithm without OAEP, or any other padding scheme ...)
+ TODO: check
+CVE-2022-25217 (Use of a hard-coded cryptographic key pair by the telnetd_startup serv ...)
+ TODO: check
CVE-2022-25216
RESERVED
-CVE-2022-25215
- RESERVED
-CVE-2022-25214
- RESERVED
-CVE-2022-25213
- RESERVED
+CVE-2022-25215 (Improper access control on the LocalMACConfig.asp interface allows an ...)
+ TODO: check
+CVE-2022-25214 (Improper access control on the LocalClientList.asp interface allows an ...)
+ TODO: check
+CVE-2022-25213 (Improper physical access control and use of hard-coded credentials in ...)
+ TODO: check
CVE-2022-24915
RESERVED
CVE-2022-24432
@@ -4934,10 +4985,10 @@ CVE-2022-24740
RESERVED
CVE-2022-24739
RESERVED
-CVE-2022-24738
- RESERVED
-CVE-2022-24737
- RESERVED
+CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...)
+ TODO: check
+CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical concept ...)
+ TODO: check
CVE-2022-24736
RESERVED
CVE-2022-24735
@@ -5324,8 +5375,8 @@ CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL
NOT-FOR-US: Hospital Management System
CVE-2022-24645
RESERVED
-CVE-2022-24644
- RESERVED
+CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code e ...)
+ TODO: check
CVE-2022-24643
RESERVED
CVE-2022-24642
@@ -6692,8 +6743,8 @@ CVE-2022-24179
RESERVED
CVE-2022-24178
RESERVED
-CVE-2022-24177
- RESERVED
+CVE-2022-24177 (A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej ...)
+ TODO: check
CVE-2022-24176
RESERVED
CVE-2022-24175
@@ -11684,10 +11735,10 @@ CVE-2022-22837
RESERVED
CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file creatio ...)
NOT-FOR-US: CoreFTP
-CVE-2022-22835
- RESERVED
-CVE-2022-22834
- RESERVED
+CVE-2022-22835 (An issue was discovered in OverIT Geocall before version 8.0. An authe ...)
+ TODO: check
+CVE-2022-22834 (An issue was discovered in OverIT Geocall before 8.0. An authenticated ...)
+ TODO: check
CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...)
NOT-FOR-US: Servisnet Tessa
CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...)
@@ -14231,10 +14282,13 @@ CVE-2021-4187 (vim is vulnerable to Use After Free ...)
NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923)
CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ {DLA-2937-1}
- gif2apng <removed> (bug #1002687)
CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ {DLA-2937-1}
- gif2apng <removed> (bug #1002667)
CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ {DLA-2937-1}
- gif2apng <removed> (bug #1002668)
CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
- gif2apng <removed> (bug #1002669; unimportant)
@@ -19078,8 +19132,8 @@ CVE-2021-44521 (When running Apache Cassandra with the following configuration:
- cassandra <itp> (bug #585905)
CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
NOT-FOR-US: TCMAN GIM
-CVE-2021-4045
- RESERVED
+CVE-2021-4045 (TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, ...)
+ TODO: check
CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
[experimental] - openssl 3.0.1-1
- openssl <not-affected> (Vulnerable code not present)
@@ -20692,10 +20746,10 @@ CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSetti
NOT-FOR-US: SysAid ITIL
CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...)
NOT-FOR-US: SysAid ITIL
-CVE-2021-43970
- RESERVED
-CVE-2021-43969
- RESERVED
+CVE-2021-43970 (An arbitrary file upload vulnerability exists in albumimages.jsp in Qu ...)
+ TODO: check
+CVE-2021-43969 (The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected b ...)
+ TODO: check
CVE-2021-43968
RESERVED
CVE-2021-43967
@@ -21087,8 +21141,8 @@ CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2021-43945 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2021-43944
- RESERVED
+CVE-2021-43944 (This issue exists to document that a security improvement in the way t ...)
+ TODO: check
CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server and Data ...)
NOT-FOR-US: Atlassian
CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -29873,8 +29927,8 @@ CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1
NOT-FOR-US: Sourcecodester
CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-41657
- RESERVED
+CVE-2021-41657 (SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulne ...)
+ TODO: check
CVE-2021-41656
RESERVED
CVE-2021-41655
@@ -41884,8 +41938,8 @@ CVE-2021-36811
REJECTED
CVE-2021-36810
REJECTED
-CVE-2021-36809
- RESERVED
+CVE-2021-36809 (A local attacker can overwrite arbitrary files on the system with VPN ...)
+ TODO: check
CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...)
NOT-FOR-US: Sophos
CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...)
@@ -47769,24 +47823,19 @@ CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not p
NOTE: https://github.com/bluez/bluez/issues/70
NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (5.56)
-CVE-2021-34342
- RESERVED
+CVE-2021-34342 (Ming 0.4.8 has an out-of-bounds read vulnerability in the function new ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/205
-CVE-2021-34341
- RESERVED
+CVE-2021-34341 (Ming 0.4.8 has an out-of-bounds read vulnerability in the function dec ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/204
-CVE-2021-34340
- RESERVED
+CVE-2021-34340 (Ming 0.4.8 has an out-of-bounds buffer access issue in the function de ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/203
-CVE-2021-34339
- RESERVED
+CVE-2021-34339 (Ming 0.4.8 has an out-of-bounds buffer access issue in the function ge ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/202
-CVE-2021-34338
- RESERVED
+CVE-2021-34338 (Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/201
CVE-2021-34337 [password checking timing attack in administrative REST API]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fdb8d06ad036c80e4bd7d6f30dfc0fdbd604c80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fdb8d06ad036c80e4bd7d6f30dfc0fdbd604c80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220308/cbc1ed04/attachment.htm>
More information about the debian-security-tracker-commits
mailing list