[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 11 20:10:35 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc48ae03 by security tracker role at 2022-03-11T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-26886
+ RESERVED
+CVE-2022-26885
+ RESERVED
+CVE-2022-26884
+ RESERVED
+CVE-2022-0934
+ RESERVED
+CVE-2022-0933
+ RESERVED
+CVE-2022-0932 (Improper Authorization in GitHub repository saleor/saleor prior to 3.1 ...)
+ TODO: check
+CVE-2022-0931
+ RESERVED
+CVE-2022-0930
+ RESERVED
+CVE-2022-0929
+ RESERVED
+CVE-2022-0928 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+ TODO: check
+CVE-2022-0927
+ RESERVED
+CVE-2022-0926
+ RESERVED
+CVE-2022-0925
+ RESERVED
CVE-2022-26883
RESERVED
CVE-2022-26882
@@ -60,8 +86,8 @@ CVE-2022-26852
RESERVED
CVE-2022-26851
RESERVED
-CVE-2022-0924
- RESERVED
+CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers t ...)
+ TODO: check
CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow a rem ...)
TODO: check
CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...)
@@ -76,8 +102,8 @@ CVE-2022-0923
RESERVED
CVE-2022-0922
RESERVED
-CVE-2022-0921
- RESERVED
+CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...)
+ TODO: check
CVE-2022-0920
RESERVED
CVE-2022-0919
@@ -92,10 +118,10 @@ CVE-2022-0915
RESERVED
CVE-2022-0914
RESERVED
-CVE-2022-0913
- RESERVED
-CVE-2022-0912
- RESERVED
+CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...)
+ TODO: check
+CVE-2022-0912 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...)
+ TODO: check
CVE-2022-0911
RESERVED
CVE-2022-26878 (drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a ...)
@@ -238,12 +264,12 @@ CVE-2022-25905
RESERVED
CVE-2022-0910
RESERVED
-CVE-2022-0909
- RESERVED
-CVE-2022-0908
- RESERVED
-CVE-2022-0907
- RESERVED
+CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to ...)
+ TODO: check
+CVE-2022-0908 (Null source pointer passed as an argument to memcpy() function within ...)
+ TODO: check
+CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libt ...)
+ TODO: check
CVE-2022-26782
RESERVED
CVE-2022-26781
@@ -869,10 +895,10 @@ CVE-2022-26019
RESERVED
CVE-2022-24299
RESERVED
-CVE-2022-0871
- RESERVED
-CVE-2022-0870
- RESERVED
+CVE-2022-0871 (Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5. ...)
+ TODO: check
+CVE-2022-0870 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...)
+ TODO: check
CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.1 ...)
NOT-FOR-US: Spirit forum software
CVE-2022-26507
@@ -1129,8 +1155,8 @@ CVE-2022-0862
RESERVED
CVE-2022-0861
RESERVED
-CVE-2022-0860
- RESERVED
+CVE-2022-0860 (Improper Authorization in GitHub repository cobbler/cobbler prior to 3 ...)
+ TODO: check
CVE-2022-0859
RESERVED
CVE-2022-0858
@@ -1145,8 +1171,8 @@ CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository micr
NOT-FOR-US: microweber (whmcs_plugin)
CVE-2022-0854
RESERVED
-CVE-2022-0853
- RESERVED
+CVE-2022-0853 (A flaw was found in JBoss-client. The vulnerability occurs due to a me ...)
+ TODO: check
CVE-2022-0852
RESERVED
CVE-2022-0851
@@ -2551,8 +2577,8 @@ CVE-2022-24437
RESERVED
CVE-2022-24434
RESERVED
-CVE-2022-24433
- RESERVED
+CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...)
+ TODO: check
CVE-2022-24431
RESERVED
CVE-2022-24430
@@ -3239,8 +3265,8 @@ CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
CVE-2022-25622
RESERVED
-CVE-2022-25621
- RESERVED
+CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...)
+ TODO: check
CVE-2022-25620
RESERVED
CVE-2022-25619
@@ -3279,10 +3305,10 @@ CVE-2022-25603
RESERVED
CVE-2022-25602
RESERVED
-CVE-2022-25601
- RESERVED
-CVE-2022-25600
- RESERVED
+CVE-2022-25601 (Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter ...)
+ TODO: check
+CVE-2022-25600 (Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marke ...)
+ TODO: check
CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25598
@@ -4362,8 +4388,8 @@ CVE-2022-25218 (The use of the RSA algorithm without OAEP, or any other padding
TODO: check
CVE-2022-25217 (Use of a hard-coded cryptographic key pair by the telnetd_startup serv ...)
TODO: check
-CVE-2022-25216
- RESERVED
+CVE-2022-25216 (An absolute path traversal vulnerability allows a remote attacker to d ...)
+ TODO: check
CVE-2022-25215 (Improper access control on the LocalMACConfig.asp interface allows an ...)
TODO: check
CVE-2022-25214 (Improper access control on the LocalClientList.asp interface allows an ...)
@@ -6751,26 +6777,26 @@ CVE-2022-24326
RESERVED
CVE-2022-24325
RESERVED
-CVE-2022-23402
- RESERVED
-CVE-2022-23401
- RESERVED
-CVE-2022-22729
- RESERVED
-CVE-2022-22151
- RESERVED
-CVE-2022-22148
- RESERVED
-CVE-2022-22145
- RESERVED
-CVE-2022-22141
- RESERVED
-CVE-2022-21808
- RESERVED
-CVE-2022-21194
- RESERVED
-CVE-2022-21177
- RESERVED
+CVE-2022-23402 (The following Yokogawa Electric products hard-code the password for CA ...)
+ TODO: check
+CVE-2022-23401 (The following Yokogawa Electric products contain insecure DLL loading ...)
+ TODO: check
+CVE-2022-22729 (CAMS for HIS Server contained in the following Yokogawa Electric produ ...)
+ TODO: check
+CVE-2022-22151 (CAMS for HIS Log Server contained in the following Yokogawa Electric p ...)
+ TODO: check
+CVE-2022-22148 ('Root Service' service implemented in the following Yokogawa Electric ...)
+ TODO: check
+CVE-2022-22145 (CAMS for HIS Log Server contained in the following Yokogawa Electric p ...)
+ TODO: check
+CVE-2022-22141 ('Long-term Data Archive Package' service implemented in the following ...)
+ TODO: check
+CVE-2022-21808 (Path traversal vulnerability exists in CAMS for HIS Server contained i ...)
+ TODO: check
+CVE-2022-21194 (The following Yokogawa Electric products do not change the passwords o ...)
+ TODO: check
+CVE-2022-21177 (There is a path traversal vulnerability in CAMS for HIS Log Server con ...)
+ TODO: check
CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
- mruby <unfixed>
[bullseye] - mruby <no-dsa> (Minor issue)
@@ -7654,22 +7680,22 @@ CVE-2022-24099
RESERVED
CVE-2022-24098
RESERVED
-CVE-2022-24097
- RESERVED
-CVE-2022-24096
- RESERVED
-CVE-2022-24095
- RESERVED
-CVE-2022-24094
- RESERVED
+CVE-2022-24097 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
+ TODO: check
+CVE-2022-24096 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
+ TODO: check
+CVE-2022-24095 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
+ TODO: check
+CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
+ TODO: check
CVE-2022-24093
RESERVED
CVE-2022-24092
RESERVED
CVE-2022-24091
RESERVED
-CVE-2022-24090
- RESERVED
+CVE-2022-24090 (Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) ...)
+ TODO: check
CVE-2022-24089
RESERVED
CVE-2022-24088
@@ -8375,28 +8401,28 @@ CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $fil
[buster] - libimage-exiftool-perl <no-dsa> (Minor issue)
[stretch] - libimage-exiftool-perl <no-dsa> (Minor issue)
NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38)
-CVE-2022-23934
- RESERVED
-CVE-2022-23933
- RESERVED
-CVE-2022-23932
- RESERVED
-CVE-2022-23931
- RESERVED
-CVE-2022-23930
- RESERVED
-CVE-2022-23929
- RESERVED
-CVE-2022-23928
- RESERVED
-CVE-2022-23927
- RESERVED
-CVE-2022-23926
- RESERVED
-CVE-2022-23925
- RESERVED
-CVE-2022-23924
- RESERVED
+CVE-2022-23934 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23933 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23932 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23931 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23930 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23929 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23928 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23927 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23926 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23925 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-23924 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
CVE-2022-23919
RESERVED
CVE-2022-23918
@@ -9318,10 +9344,10 @@ CVE-2022-23733
RESERVED
CVE-2022-23732
RESERVED
-CVE-2022-23731
- RESERVED
-CVE-2022-23730
- RESERVED
+CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...)
+ TODO: check
+CVE-2022-23730 (The public API error causes for the attacker to be able to bypass API ...)
+ TODO: check
CVE-2022-23729 (When the device is in factory state, it can be access the shell withou ...)
NOT-FOR-US: LGE
CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
@@ -9556,8 +9582,8 @@ CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of
NOT-FOR-US: ArchiSteamFarm
CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
NOT-FOR-US: m1k1o/blog
-CVE-2022-23625
- RESERVED
+CVE-2022-23625 (Wire-ios is a messaging application using the wire protocol on apple's ...)
+ TODO: check
CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
NOT-FOR-US: Frourio-express
CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
@@ -11139,8 +11165,8 @@ CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and
NOT-FOR-US: Adobe
CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
NOT-FOR-US: Adobe
-CVE-2022-23187
- RESERVED
+CVE-2022-23187 (Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer ...)
+ TODO: check
CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-23185
@@ -18802,8 +18828,8 @@ CVE-2022-21821
RESERVED
CVE-2022-21820
RESERVED
-CVE-2022-21819
- RESERVED
+CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an ...)
+ TODO: check
CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
NOT-FOR-US: NVIDIA License System
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
@@ -19274,8 +19300,8 @@ CVE-2021-44669
RESERVED
CVE-2021-44668
RESERVED
-CVE-2021-44667
- RESERVED
+CVE-2021-44667 (A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in au ...)
+ TODO: check
CVE-2021-44666
RESERVED
CVE-2021-44665 (A Directory Traversal vulnerability exists in the Xerte Project Xerte ...)
@@ -19379,12 +19405,12 @@ CVE-2021-44622 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 201908
NOT-FOR-US: TP-Link
CVE-2021-44621
RESERVED
-CVE-2021-44620
- RESERVED
+CVE-2021-44620 (A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2 ...)
+ TODO: check
CVE-2021-44619
RESERVED
-CVE-2021-44618
- RESERVED
+CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists in Nystud ...)
+ TODO: check
CVE-2021-44617
RESERVED
CVE-2021-44616
@@ -27148,15 +27174,13 @@ CVE-2022-0004
RESERVED
CVE-2022-0003
RESERVED
-CVE-2022-0002
- RESERVED
+CVE-2022-0002 (Non-transparent sharing of branch predictor within a context in some I ...)
{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.12-1
NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html
-CVE-2022-0001
- RESERVED
+CVE-2022-0001 (Non-transparent sharing of branch predictor selectors between contexts ...)
{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.12-1
NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/
@@ -49603,9 +49627,9 @@ CVE-2021-33854
RESERVED
CVE-2021-33853
RESERVED
-CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (javascri ...)
+CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
TODO: check
-CVE-2021-33851 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
+CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...)
TODO: check
CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...)
NOT-FOR-US: Microsoft
@@ -50116,8 +50140,8 @@ CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to o
NOT-FOR-US: SAP
CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
-CVE-2021-33658
- RESERVED
+CVE-2021-33658 (atune before 0.3-0.8 log in as a local user and run the curl command t ...)
+ TODO: check
CVE-2021-33657
RESERVED
CVE-2021-33656
@@ -51413,8 +51437,8 @@ CVE-2021-33152
RESERVED
CVE-2021-33151
RESERVED
-CVE-2021-33150
- RESERVED
+CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime for some ...)
+ TODO: check
CVE-2021-33149
RESERVED
CVE-2021-33148
@@ -53176,20 +53200,20 @@ CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack
NOTE: https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/
CVE-2021-32479
RESERVED
-CVE-2021-32478
- RESERVED
-CVE-2021-32477
- RESERVED
-CVE-2021-32476
- RESERVED
-CVE-2021-32475
- RESERVED
-CVE-2021-32474
- RESERVED
-CVE-2021-32473
- RESERVED
-CVE-2021-32472
- RESERVED
+CVE-2021-32478 (The redirect URI in the LTI authorization endpoint required extra sani ...)
+ TODO: check
+CVE-2021-32477 (The last time a user accessed the mobile app is displayed on their pro ...)
+ TODO: check
+CVE-2021-32476 (A denial-of-service risk was identified in the draft files area, due t ...)
+ TODO: check
+CVE-2021-32475 (ID numbers displayed in the quiz grading report required additional sa ...)
+ TODO: check
+CVE-2021-32474 (An SQL injection risk existed on sites with MNet enabled and configure ...)
+ TODO: check
+CVE-2021-32473 (It was possible for a student to view their quiz grade before it had b ...)
+ TODO: check
+CVE-2021-32472 (Teachers exporting a forum in CSV format could receive a CSV of forums ...)
+ TODO: check
CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implementation ...)
NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine
CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...)
@@ -54402,8 +54426,8 @@ CVE-2021-32011
RESERVED
CVE-2021-32010
RESERVED
-CVE-2021-32009
- RESERVED
+CVE-2021-32009 (Cross-site Scripting (XSS) vulnerability in firmware section of Secome ...)
+ TODO: check
CVE-2021-32008 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...)
NOT-FOR-US: Secomea GateManager
CVE-2021-32007
@@ -66314,12 +66338,12 @@ CVE-2021-27418
RESERVED
CVE-2021-27417
RESERVED
-CVE-2021-27416
- RESERVED
+CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB Power Grid ...)
+ TODO: check
CVE-2021-27415
RESERVED
-CVE-2021-27414
- RESERVED
+CVE-2021-27414 (An attacker could trick a user of Hitachi ABB Power Grids Ellipse Ente ...)
+ TODO: check
CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...)
NOT-FOR-US: Omron CX-One
CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
@@ -68792,8 +68816,7 @@ CVE-2021-26403
RESERVED
CVE-2021-26402
RESERVED
-CVE-2021-26401
- RESERVED
+CVE-2021-26401 (LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-57 ...)
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
NOTE: https://xenbits.xen.org/xsa/advisory-398.html
TODO: check if we need to track mitigations in src:linux
@@ -68915,8 +68938,7 @@ CVE-2021-26343
RESERVED
CVE-2021-26342
RESERVED
-CVE-2021-26341
- RESERVED
+CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional direct bran ...)
NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
NOTE: https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
NOTE: https://xenbits.xen.org/xsa/advisory-398.html
@@ -76472,8 +76494,8 @@ CVE-2021-23248
RESERVED
CVE-2021-23247
RESERVED
-CVE-2021-23246
- RESERVED
+CVE-2021-23246 (In ACE2 ColorOS11, the attacker can obtain the foreground package name ...)
+ TODO: check
CVE-2021-23245
RESERVED
CVE-2021-23244 (ColorOS pregrant dangerous permissions to apps which are listed in a w ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc48ae03d33f323f77f35468c2e312de69463b42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc48ae03d33f323f77f35468c2e312de69463b42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220311/8e2fa721/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list