[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 10 08:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2f788a05 by security tracker role at 2022-03-10T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2022-26849
+ RESERVED
+CVE-2022-26848
+ RESERVED
+CVE-2022-26843
+ RESERVED
+CVE-2022-26832
+ RESERVED
+CVE-2022-26831
+ RESERVED
+CVE-2022-26830
+ RESERVED
+CVE-2022-26829
+ RESERVED
+CVE-2022-26828
+ RESERVED
+CVE-2022-26827
+ RESERVED
+CVE-2022-26826
+ RESERVED
+CVE-2022-26825
+ RESERVED
+CVE-2022-26824
+ RESERVED
+CVE-2022-26823
+ RESERVED
+CVE-2022-26822
+ RESERVED
+CVE-2022-26821
+ RESERVED
+CVE-2022-26820
+ RESERVED
+CVE-2022-26819
+ RESERVED
+CVE-2022-26818
+ RESERVED
+CVE-2022-26817
+ RESERVED
+CVE-2022-26816
+ RESERVED
+CVE-2022-26815
+ RESERVED
+CVE-2022-26814
+ RESERVED
+CVE-2022-26813
+ RESERVED
+CVE-2022-26812
+ RESERVED
+CVE-2022-26811
+ RESERVED
+CVE-2022-26810
+ RESERVED
+CVE-2022-26809
+ RESERVED
+CVE-2022-26808
+ RESERVED
+CVE-2022-26807
+ RESERVED
+CVE-2022-26806
+ RESERVED
+CVE-2022-26805
+ RESERVED
+CVE-2022-26804
+ RESERVED
+CVE-2022-26803
+ RESERVED
+CVE-2022-26802
+ RESERVED
+CVE-2022-26801
+ RESERVED
+CVE-2022-26800
+ RESERVED
+CVE-2022-26799
+ RESERVED
+CVE-2022-26798
+ RESERVED
+CVE-2022-26797
+ RESERVED
+CVE-2022-26796
+ RESERVED
+CVE-2022-26795
+ RESERVED
+CVE-2022-26794
+ RESERVED
+CVE-2022-26793
+ RESERVED
+CVE-2022-26792
+ RESERVED
+CVE-2022-26791
+ RESERVED
+CVE-2022-26790
+ RESERVED
+CVE-2022-26789
+ RESERVED
+CVE-2022-26788
+ RESERVED
+CVE-2022-26787
+ RESERVED
+CVE-2022-26786
+ RESERVED
+CVE-2022-26785
+ RESERVED
+CVE-2022-26784
+ RESERVED
+CVE-2022-26783
+ RESERVED
+CVE-2022-26512
+ RESERVED
+CVE-2022-26425
+ RESERVED
+CVE-2022-26421
+ RESERVED
+CVE-2022-26342
+ RESERVED
+CVE-2022-26076
+ RESERVED
+CVE-2022-26062
+ RESERVED
+CVE-2022-26052
+ RESERVED
+CVE-2022-26032
+ RESERVED
+CVE-2022-26009
+ RESERVED
+CVE-2022-25996
+ RESERVED
+CVE-2022-25987
+ RESERVED
+CVE-2022-25915
+ RESERVED
+CVE-2022-25905
+ RESERVED
+CVE-2022-0910
+ RESERVED
+CVE-2022-0909
+ RESERVED
+CVE-2022-0908
+ RESERVED
+CVE-2022-0907
+ RESERVED
CVE-2022-26782
RESERVED
CVE-2022-26781
@@ -51,8 +191,8 @@ CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in tiffcro
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/380
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/382
-CVE-2022-0890
- RESERVED
+CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2 ...)
+ TODO: check
CVE-2022-26776
RESERVED
CVE-2022-26775
@@ -271,11 +411,13 @@ CVE-2022-0882
RESERVED
CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...)
- peertube <itp> (bug #950821)
-CVE-2022-26847
+CVE-2022-26847 (SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access ...)
+ {DSA-5093-1}
- spip 4.0.5-1
NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
-CVE-2022-26846
+CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated ed ...)
+ {DSA-5093-1}
- spip 4.0.5-1
NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
@@ -329,8 +471,8 @@ CVE-2022-26654
RESERVED
CVE-2022-26653
RESERVED
-CVE-2022-26652
- RESERVED
+CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...)
+ TODO: check
CVE-2022-26651
RESERVED
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...)
@@ -977,12 +1119,14 @@ CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-ligh
NOT-FOR-US: pytorchlightning
CVE-2022-26387
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26387
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26387
CVE-2022-26386
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox-esr 91.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386
CVE-2022-26385
@@ -991,12 +1135,14 @@ CVE-2022-26385
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385
CVE-2022-26384
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26384
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384
CVE-2022-26383
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26383
@@ -1007,6 +1153,7 @@ CVE-2022-26382
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382
CVE-2022-26381
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26381
@@ -2950,8 +3097,8 @@ CVE-2022-0717 (Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.
NOTE: https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76
CVE-2022-0716
RESERVED
-CVE-2022-0715
- RESERVED
+CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that could cau ...)
+ TODO: check
CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -4133,8 +4280,8 @@ CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier
NOT-FOR-US: phpUploader
CVE-2022-21159
RESERVED
-CVE-2022-0618
- RESERVED
+CVE-2022-0618 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ TODO: check
CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...)
{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.7-1
@@ -4963,12 +5110,12 @@ CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 all
NOTE: https://github.com/golang/go/commit/ac071634c487eb6ac5422652de3c7c18fba7c522 (go1.17.8)
CVE-2022-24920
RESERVED
-CVE-2022-24919
- RESERVED
-CVE-2022-24918
- RESERVED
-CVE-2022-24917
- RESERVED
+CVE-2022-24919 (An authenticated user can create a link with reflected Javascript code ...)
+ TODO: check
+CVE-2022-24918 (An authenticated user can create a link with reflected Javascript code ...)
+ TODO: check
+CVE-2022-24917 (An authenticated user can create a link with reflected Javascript code ...)
+ TODO: check
CVE-2022-24911
RESERVED
CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...)
@@ -5285,8 +5432,8 @@ CVE-2022-24755
RESERVED
CVE-2022-24754
RESERVED
-CVE-2022-24753
- RESERVED
+CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platform. A ...)
+ TODO: check
CVE-2022-24752
RESERVED
CVE-2022-24751
@@ -5295,22 +5442,22 @@ CVE-2022-24750
RESERVED
CVE-2022-24749
RESERVED
-CVE-2022-24748
- RESERVED
-CVE-2022-24747
- RESERVED
-CVE-2022-24746
- RESERVED
-CVE-2022-24745
- RESERVED
-CVE-2022-24744
- RESERVED
+CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
+ TODO: check
+CVE-2022-24747 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
+ TODO: check
+CVE-2022-24746 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
+ TODO: check
+CVE-2022-24745 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
+ TODO: check
+CVE-2022-24744 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
+ TODO: check
CVE-2022-24743
RESERVED
CVE-2022-24742
RESERVED
-CVE-2022-24741
- RESERVED
+CVE-2022-24741 (Nextcloud server is an open source, self hosted cloud style services p ...)
+ TODO: check
CVE-2022-24740
RESERVED
CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior to 3.0. ...)
@@ -5323,12 +5470,12 @@ CVE-2022-24736
RESERVED
CVE-2022-24735
RESERVED
-CVE-2022-24734
- RESERVED
+CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...)
+ TODO: check
CVE-2022-24733
RESERVED
-CVE-2022-24732
- RESERVED
+CVE-2022-24732 (Maddy Mail Server is an open source SMTP compatible email server. Vers ...)
+ TODO: check
CVE-2022-24731
RESERVED
CVE-2022-24730
@@ -6427,8 +6574,8 @@ CVE-2022-24351
RESERVED
CVE-2022-24350
RESERVED
-CVE-2022-24349
- RESERVED
+CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...)
+ TODO: check
CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...)
NOT-FOR-US: Argo CD
CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS vi ...)
@@ -6507,10 +6654,10 @@ CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
TODO: check, possibly only introduced with dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc
CVE-2022-24324
RESERVED
-CVE-2022-24323
- RESERVED
-CVE-2022-24322
- RESERVED
+CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
+CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ TODO: check
CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
@@ -10138,7 +10285,8 @@ CVE-2021-46390
RESERVED
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
NOT-FOR-US: IIPImage High Resolution Streaming Image Server
-CVE-2021-46388 (** DISPUTED ** WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05. ...)
+CVE-2021-46388
+ REJECTED
NOT-FOR-US: WAGO
CVE-2021-46387 (ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross S ...)
NOT-FOR-US: ZyXEL
@@ -12031,7 +12179,7 @@ CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses]
NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4)
CVE-2021-4202
RESERVED
- {DLA-2940-1}
+ {DSA-5096-1 DLA-2940-1}
- linux 5.15.5-1 (unimportant)
[bullseye] - linux 5.10.84-1
NOTE: CONFIG_NFC_NCI not enabled in Debian
@@ -12200,10 +12348,10 @@ CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains
NOT-FOR-US: Schneider Electric
CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
NOT-FOR-US: Schneider Electric
-CVE-2022-22806
- RESERVED
-CVE-2022-22805
- RESERVED
+CVE-2022-22806 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...)
+ TODO: check
+CVE-2022-22805 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...)
+ TODO: check
CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
NOT-FOR-US: Schneider Electric
CVE-2022-22803
@@ -13295,8 +13443,8 @@ CVE-2022-22513
RESERVED
CVE-2022-22512
RESERVED
-CVE-2022-22511
- RESERVED
+CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...)
+ TODO: check
CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
NOT-FOR-US: Codesys
CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...)
@@ -19061,28 +19209,28 @@ CVE-2021-44634
RESERVED
CVE-2021-44633
RESERVED
-CVE-2021-44632
- RESERVED
-CVE-2021-44631
- RESERVED
-CVE-2021-44630
- RESERVED
-CVE-2021-44629
- RESERVED
-CVE-2021-44628
- RESERVED
-CVE-2021-44627
- RESERVED
-CVE-2021-44626
- RESERVED
-CVE-2021-44625
- RESERVED
+CVE-2021-44632 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
+CVE-2021-44631 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
+CVE-2021-44630 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
+CVE-2021-44629 (A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2. ...)
+ TODO: check
+CVE-2021-44628 (A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
+CVE-2021-44627 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
+CVE-2021-44626 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
+CVE-2021-44625 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
CVE-2021-44624
RESERVED
-CVE-2021-44623
- RESERVED
-CVE-2021-44622
- RESERVED
+CVE-2021-44623 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
+CVE-2021-44622 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...)
+ TODO: check
CVE-2021-44621
RESERVED
CVE-2021-44620
@@ -54057,8 +54205,8 @@ CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477
CVE-2021-32026
RESERVED
-CVE-2021-32025
- RESERVED
+CVE-2021-32025 (An elevation of privilege vulnerability in the QNX Neutrino Kernel of ...)
+ TODO: check
CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...)
NOT-FOR-US: BlackBerry
CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...)
@@ -77216,8 +77364,8 @@ CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could
NOT-FOR-US: Schneider Electric
CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22783
- RESERVED
+CVE-2021-22783 (A CWE-200: Information Exposure vulnerability exists which could allow ...)
+ TODO: check
CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in EcoStruxu ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22781 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f788a059217a0634c5dd8b44216ee69c1bde841
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f788a059217a0634c5dd8b44216ee69c1bde841
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220310/1fe3f09e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list