[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 11 08:10:25 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61f5ca38 by security tracker role at 2022-03-11T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2022-26883
+ RESERVED
+CVE-2022-26882
+ RESERVED
+CVE-2022-26881
+ RESERVED
+CVE-2022-26880
+ RESERVED
+CVE-2022-26879
+ RESERVED
+CVE-2022-26877
+ RESERVED
+CVE-2022-26876
+ RESERVED
+CVE-2022-26875
+ RESERVED
+CVE-2022-26873
+ RESERVED
+CVE-2022-26872
+ RESERVED
+CVE-2022-26871
+ RESERVED
+CVE-2022-26870
+ RESERVED
+CVE-2022-26869
+ RESERVED
+CVE-2022-26868
+ RESERVED
+CVE-2022-26867
+ RESERVED
+CVE-2022-26866
+ RESERVED
+CVE-2022-26865
+ RESERVED
+CVE-2022-26864
+ RESERVED
+CVE-2022-26863
+ RESERVED
+CVE-2022-26862
+ RESERVED
+CVE-2022-26861
+ RESERVED
+CVE-2022-26860
+ RESERVED
+CVE-2022-26859
+ RESERVED
+CVE-2022-26858
+ RESERVED
+CVE-2022-26857
+ RESERVED
+CVE-2022-26856
+ RESERVED
+CVE-2022-26855
+ RESERVED
+CVE-2022-26854
+ RESERVED
+CVE-2022-26853
+ RESERVED
+CVE-2022-26852
+ RESERVED
+CVE-2022-26851
+ RESERVED
+CVE-2022-0924
+ RESERVED
+CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow a rem ...)
+ TODO: check
+CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...)
+ TODO: check
+CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct spoof ...)
+ TODO: check
CVE-2022-26850
RESERVED
CVE-2022-0923
@@ -26,7 +96,7 @@ CVE-2022-0912
RESERVED
CVE-2022-0911
RESERVED
-CVE-2022-26878 [Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle()]
+CVE-2022-26878 (drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a ...)
- linux 5.16.7-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -480,13 +550,13 @@ CVE-2022-26664
CVE-2022-26663
RESERVED
CVE-2022-26662 (An XML Entity Expansion (XEE) issue was discovered in Tryton Applicati ...)
- {DSA-5099-1 DSA-5098-1}
+ {DSA-5099-1 DSA-5098-1 DLA-2946-1 DLA-2945-1}
- tryton-proteus 6.0.5-1
- tryton-server 6.0.16-1
NOTE: https://bugs.tryton.org/issue11244
NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Server) 5. ...)
- {DSA-5099-1 DSA-5098-1}
+ {DSA-5099-1 DSA-5098-1 DLA-2946-1 DLA-2945-1}
- tryton-proteus 6.0.5-1
- tryton-server 6.0.16-1
NOTE: https://bugs.tryton.org/issue11219
@@ -1347,12 +1417,12 @@ CVE-2022-25870
RESERVED
CVE-2022-25864
RESERVED
-CVE-2022-0822
- RESERVED
-CVE-2022-0821
- RESERVED
-CVE-2022-0820
- RESERVED
+CVE-2022-0822 (Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms ...)
+ TODO: check
+CVE-2022-0821 (Improper Authorization in GitHub repository orchardcms/orchardcore pri ...)
+ TODO: check
+CVE-2022-0820 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/or ...)
+ TODO: check
CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. ...)
- dolibarr <removed>
CVE-2022-0818
@@ -1361,8 +1431,8 @@ CVE-2022-0817
RESERVED
CVE-2022-0816
RESERVED
-CVE-2022-0815
- RESERVED
+CVE-2022-0815 (Improper access control vulnerability in McAfee WebAdvisor Chrome and ...)
+ TODO: check
CVE-2022-0814
RESERVED
CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially ...)
@@ -2807,7 +2877,7 @@ CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monit
NOT-FOR-US: Various vendors for Mobile device monitoring services
CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...)
- dolibarr <removed>
-CVE-2022-26874 [Account Takeover via Email of OpenOffice file containing XSS exploit]
+CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows ...)
- php-horde-mime-viewer 2.2.4+debian0-1
NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28
@@ -3421,20 +3491,20 @@ CVE-2022-25514
RESERVED
CVE-2022-25513
RESERVED
-CVE-2022-25512
- RESERVED
-CVE-2022-25511
- RESERVED
-CVE-2022-25510
- RESERVED
+CVE-2022-25512 (FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Webso ...)
+ TODO: check
+CVE-2022-25511 (An issue in the ?filename= argument of the route /DataPackageTable in ...)
+ TODO: check
+CVE-2022-25510 (FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows ...)
+ TODO: check
CVE-2022-25509
RESERVED
-CVE-2022-25508
- RESERVED
-CVE-2022-25507
- RESERVED
-CVE-2022-25506
- RESERVED
+CVE-2022-25508 (An access control issue in the component /ManageRoute/postRoute of Fre ...)
+ TODO: check
+CVE-2022-25507 (FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site ...)
+ TODO: check
+CVE-2022-25506 (FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vuln ...)
+ TODO: check
CVE-2022-25505
RESERVED
CVE-2022-25504
@@ -5489,8 +5559,8 @@ CVE-2022-24752
RESERVED
CVE-2022-24751
RESERVED
-CVE-2022-24750
- RESERVED
+CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. A vulner ...)
+ TODO: check
CVE-2022-24749
RESERVED
CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php Framewo ...)
@@ -5537,8 +5607,7 @@ CVE-2022-24728
RESERVED
CVE-2022-24727 (Weblate is a web based localization tool with tight version control in ...)
- weblate <itp> (bug #745661)
-CVE-2022-24726
- RESERVED
+CVE-2022-24726 (Istio is an open platform to connect, manage, and secure microservices ...)
NOT-FOR-US: Istio
CVE-2022-24725 (Shescape is a shell escape package for JavaScript. An issue in version ...)
NOT-FOR-US: Node shescape
@@ -10030,8 +10099,8 @@ CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11
NOT-FOR-US: microweber
CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
NOT-FOR-US: microweber
-CVE-2022-0280
- RESERVED
+CVE-2022-0280 (A race condition vulnerability exists in the QuickClean feature of McA ...)
+ TODO: check
CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
@@ -11485,32 +11554,25 @@ CVE-2022-23044
RESERVED
CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file ...)
NOT-FOR-US: Zenario CMS
-CVE-2022-23042
- RESERVED
+CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
-CVE-2022-23041
- RESERVED
+CVE-2022-23041 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
-CVE-2022-23040
- RESERVED
+CVE-2022-23040 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
-CVE-2022-23039
- RESERVED
+CVE-2022-23039 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
-CVE-2022-23038
- RESERVED
+CVE-2022-23038 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
-CVE-2022-23037
- RESERVED
+CVE-2022-23037 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
-CVE-2022-23036
- RESERVED
+CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-396.html
CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
@@ -19351,8 +19413,8 @@ CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 sy
NOT-FOR-US: Online Enrollment Management System
CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
NOT-FOR-US: Attendance Management System
-CVE-2021-44597
- RESERVED
+CVE-2021-44597 (An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider ...)
+ TODO: check
CVE-2021-44596
RESERVED
CVE-2021-44595
@@ -19377,8 +19439,8 @@ CVE-2021-44587
RESERVED
CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...)
NOT-FOR-US: dst-admin
-CVE-2021-44585
- RESERVED
+CVE-2021-44585 (A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in ...)
+ TODO: check
CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
NOT-FOR-US: emlog
CVE-2021-44583
@@ -31517,8 +31579,8 @@ CVE-2021-41235
RESERVED
CVE-2021-41234
RESERVED
-CVE-2021-41233
- RESERVED
+CVE-2021-41233 (Nextcloud text is a collaborative document editing using Markdown buil ...)
+ TODO: check
CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...)
NOT-FOR-US: Thunderdome
CVE-2021-41231
@@ -37052,14 +37114,14 @@ CVE-2021-39027
RESERVED
CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
NOT-FOR-US: IBM
-CVE-2021-39025
- RESERVED
+CVE-2021-39025 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose ...)
+ TODO: check
CVE-2021-39024
RESERVED
CVE-2021-39023
RESERVED
-CVE-2021-39022
- RESERVED
+CVE-2021-39022 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-prov ...)
+ TODO: check
CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
NOT-FOR-US: IBM
CVE-2021-39020
@@ -37282,8 +37344,8 @@ CVE-2021-38912
RESERVED
CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...)
NOT-FOR-US: IBM
-CVE-2021-38910
- RESERVED
+CVE-2021-38910 (IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote ...)
+ TODO: check
CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
CVE-2021-38908
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f5ca3891b61cb6b9d61e9623a874051d761c44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f5ca3891b61cb6b9d61e9623a874051d761c44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220311/46e99c44/attachment.htm>
More information about the debian-security-tracker-commits
mailing list