[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 10 20:10:25 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b72e26b9 by security tracker role at 2022-03-10T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-26850
+ RESERVED
+CVE-2022-0923
+ RESERVED
+CVE-2022-0922
+ RESERVED
+CVE-2022-0921
+ RESERVED
+CVE-2022-0920
+ RESERVED
+CVE-2022-0919
+ RESERVED
+CVE-2022-0918
+ RESERVED
+CVE-2022-0917
+ RESERVED
+CVE-2022-0916
+ RESERVED
+CVE-2022-0915
+ RESERVED
+CVE-2022-0914
+ RESERVED
+CVE-2022-0913
+ RESERVED
+CVE-2022-0912
+ RESERVED
+CVE-2022-0911
+ RESERVED
CVE-2022-26849
RESERVED
CVE-2022-26848
@@ -146,10 +174,10 @@ CVE-2022-26780
RESERVED
CVE-2022-26779
RESERVED
-CVE-2022-0906
- RESERVED
-CVE-2022-0905
- RESERVED
+CVE-2022-0906 (Unrestricted file upload leads to stored XSS in GitHub repository micr ...)
+ TODO: check
+CVE-2022-0905 (Improper Authorization in GitHub repository go-gitea/gitea prior to 1. ...)
+ TODO: check
CVE-2022-0904 (A stack overflow bug in the document extractor in Mattermost Server in ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost serv ...)
@@ -168,8 +196,8 @@ CVE-2022-0897
RESERVED
CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template Engine ...)
NOT-FOR-US: microweber
-CVE-2022-0895
- RESERVED
+CVE-2022-0895 (Static Code Injection in GitHub repository microweber/microweber prior ...)
+ TODO: check
CVE-2022-0894
RESERVED
CVE-2022-0893
@@ -446,11 +474,13 @@ CVE-2022-26664
CVE-2022-26663
RESERVED
CVE-2022-26662 (An XML Entity Expansion (XEE) issue was discovered in Tryton Applicati ...)
+ {DSA-5099-1 DSA-5098-1}
- tryton-proteus 6.0.5-1
- tryton-server 6.0.16-1
NOTE: https://bugs.tryton.org/issue11244
NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Server) 5. ...)
+ {DSA-5099-1 DSA-5098-1}
- tryton-proteus 6.0.5-1
- tryton-server 6.0.16-1
NOTE: https://bugs.tryton.org/issue11219
@@ -797,6 +827,7 @@ CVE-2022-26496 (In nbd-server in nbd before 3.24, there is a stack-based buffer
NOTE: https://lists.debian.org/nbd/2022/01/msg00036.html
NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html
CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow with a ...)
+ {DLA-2944-1}
- nbd 1:3.24-1 (bug #1006915)
NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html
CVE-2022-26494
@@ -5856,10 +5887,10 @@ CVE-2022-24654
RESERVED
CVE-2022-24653
RESERVED
-CVE-2022-24652
- RESERVED
-CVE-2022-24651
- RESERVED
+CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads ...)
+ TODO: check
+CVE-2022-24651 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads ...)
+ TODO: check
CVE-2022-24650
RESERVED
CVE-2022-24649
@@ -8847,6 +8878,7 @@ CVE-2022-23839
CVE-2022-23838
RESERVED
CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...)
+ {DLA-2943-1}
- ruby-sidekiq <unfixed> (bug #1004193)
NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)
CVE-2022-23836
@@ -12351,8 +12383,8 @@ CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initial
- pillow 9.0.0-1
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0)
-CVE-2022-22814
- RESERVED
+CVE-2022-22814 (The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege ...)
+ TODO: check
CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...)
- node-follow-redirects 1.14.7+~1.13.1-1
[bullseye] - node-follow-redirects <no-dsa> (Minor issue)
@@ -19142,8 +19174,8 @@ CVE-2021-4071
RESERVED
CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...)
NOT-FOR-US: Open-AudIT
-CVE-2021-44673
- RESERVED
+CVE-2021-44673 (A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via ...)
+ TODO: check
CVE-2021-44672
RESERVED
CVE-2021-44671
@@ -20246,8 +20278,8 @@ CVE-2021-44271
RESERVED
CVE-2021-44270
RESERVED
-CVE-2021-44269
- RESERVED
+CVE-2021-44269 (An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV f ...)
+ TODO: check
CVE-2021-44268
RESERVED
CVE-2021-44267
@@ -38743,8 +38775,8 @@ CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow
NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4
NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A
NOTE: https://github.com/golang/go/issues/48797
-CVE-2021-38296
- RESERVED
+CVE-2021-38296 (Apache Spark supports end-to-end encryption of RPC connections via "sp ...)
+ TODO: check
CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...)
- couchdb <removed>
CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...)
@@ -48863,8 +48895,8 @@ CVE-2021-34124
RESERVED
CVE-2021-34123
RESERVED
-CVE-2021-34122
- RESERVED
+CVE-2021-34122 (The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NU ...)
+ TODO: check
CVE-2021-34121
RESERVED
CVE-2021-34120
@@ -50885,8 +50917,8 @@ CVE-2021-33295
RESERVED
CVE-2021-33294
RESERVED
-CVE-2021-33293
- RESERVED
+CVE-2021-33293 (Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-b ...)
+ TODO: check
CVE-2021-33292
RESERVED
CVE-2021-33291
@@ -53168,12 +53200,12 @@ CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers t
[stretch] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e (v2.0.0)
NOTE: https://github.com/gpac/gpac/issues/1770
-CVE-2021-32436
- RESERVED
-CVE-2021-32435
- RESERVED
-CVE-2021-32434
- RESERVED
+CVE-2021-32436 (An out-of-bounds read in the function write_title() in subs.c of abcm2 ...)
+ TODO: check
+CVE-2021-32435 (Stack-based buffer overflow in the function get_key in parse.c of abcm ...)
+ TODO: check
+CVE-2021-32434 (abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in th ...)
+ TODO: check
CVE-2021-32433
RESERVED
CVE-2021-32432
@@ -59397,6 +59429,7 @@ CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x t
NOTE: https://phabricator.wikimedia.org/T270713
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
+ {DLA-2943-1}
- ruby-sidekiq <unfixed> (bug #987354)
[bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
[buster] - ruby-sidekiq <no-dsa> (Minor issue)
@@ -80642,8 +80675,8 @@ CVE-2020-36125 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affec
NOT-FOR-US: Pax Technology PAXSTORE
CVE-2020-36124 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
NOT-FOR-US: Pax Technology PAXSTORE
-CVE-2020-36123
- RESERVED
+CVE-2020-36123 (saitoha libsixel v1.8.6 was discovered to contain a double free via th ...)
+ TODO: check
CVE-2020-36122
RESERVED
CVE-2020-36121
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b72e26b969f8daee63350a4b573fbd597b14e658
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b72e26b969f8daee63350a4b573fbd597b14e658
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220310/6458ce59/attachment.htm>
More information about the debian-security-tracker-commits
mailing list