[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 12 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79d38c5b by security tracker role at 2022-03-12T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2022-26946
+ RESERVED
+CVE-2022-26945
+ RESERVED
+CVE-2022-26944
+ RESERVED
+CVE-2022-26943
+ RESERVED
+CVE-2022-26942
+ RESERVED
+CVE-2022-26941
+ RESERVED
+CVE-2022-26940
+ RESERVED
+CVE-2022-26939
+ RESERVED
+CVE-2022-26938
+ RESERVED
+CVE-2022-26937
+ RESERVED
+CVE-2022-26936
+ RESERVED
+CVE-2022-26935
+ RESERVED
+CVE-2022-26934
+ RESERVED
+CVE-2022-26933
+ RESERVED
+CVE-2022-26932
+ RESERVED
+CVE-2022-26931
+ RESERVED
+CVE-2022-26930
+ RESERVED
+CVE-2022-26929
+ RESERVED
+CVE-2022-26928
+ RESERVED
+CVE-2022-26927
+ RESERVED
+CVE-2022-26926
+ RESERVED
+CVE-2022-26925
+ RESERVED
+CVE-2022-26924
+ RESERVED
+CVE-2022-26923
+ RESERVED
+CVE-2022-26922
+ RESERVED
+CVE-2022-26921
+ RESERVED
+CVE-2022-26920
+ RESERVED
+CVE-2022-26919
+ RESERVED
+CVE-2022-26918
+ RESERVED
+CVE-2022-26917
+ RESERVED
+CVE-2022-26916
+ RESERVED
+CVE-2022-26915
+ RESERVED
+CVE-2022-26914
+ RESERVED
+CVE-2022-26913
+ RESERVED
+CVE-2022-26912
+ RESERVED
+CVE-2022-26911
+ RESERVED
+CVE-2022-26910
+ RESERVED
+CVE-2022-26909
+ RESERVED
+CVE-2022-26908
+ RESERVED
+CVE-2022-26907
+ RESERVED
+CVE-2022-26906
+ RESERVED
+CVE-2022-26905
+ RESERVED
+CVE-2022-26904
+ RESERVED
+CVE-2022-26903
+ RESERVED
+CVE-2022-26902
+ RESERVED
+CVE-2022-26901
+ RESERVED
+CVE-2022-26900
+ RESERVED
+CVE-2022-26899
+ RESERVED
+CVE-2022-26898
+ RESERVED
+CVE-2022-26897
+ RESERVED
+CVE-2022-26896
+ RESERVED
+CVE-2022-26895
+ RESERVED
+CVE-2022-26894
+ RESERVED
+CVE-2022-26893
+ RESERVED
+CVE-2022-26892
+ RESERVED
+CVE-2022-26891
+ RESERVED
+CVE-2022-26061
+ RESERVED
+CVE-2022-25972
+ RESERVED
+CVE-2022-25942
+ RESERVED
+CVE-2022-0935
+ RESERVED
CVE-2022-26886
RESERVED
CVE-2022-26885
@@ -622,8 +742,8 @@ CVE-2022-26651
RESERVED
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...)
NOT-FOR-US: WPS Office for Windows
-CVE-2022-0880
- RESERVED
+CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
+ TODO: check
CVE-2022-26650
RESERVED
CVE-2022-26649
@@ -858,8 +978,8 @@ CVE-2022-26535
RESERVED
CVE-2022-26534
RESERVED
-CVE-2022-26533
- RESERVED
+CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site scriptin ...)
+ TODO: check
CVE-2022-25960
RESERVED
CVE-2022-0879
@@ -1512,7 +1632,7 @@ CVE-2022-26320
RESERVED
CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro Portabl ...)
NOT-FOR-US: Trend Micro
-CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can ...)
+CVE-2022-26318 (Null pointer dereference in WatchGuard Firebox and XTM appliances allo ...)
NOT-FOR-US: WatchGuard
CVE-2022-26317 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Mendix (Siemens)
@@ -1590,8 +1710,8 @@ CVE-2022-26278
RESERVED
CVE-2022-26277
RESERVED
-CVE-2022-26276
- RESERVED
+CVE-2022-26276 (An issue in index.php of OneNav v0.9.14 allows attackers to perform di ...)
+ TODO: check
CVE-2022-26275
RESERVED
CVE-2022-26274
@@ -2506,8 +2626,8 @@ CVE-2022-25842
RESERVED
CVE-2022-25840
RESERVED
-CVE-2022-25839
- RESERVED
+CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper Input Valid ...)
+ TODO: check
CVE-2022-25767
RESERVED
CVE-2022-25766
@@ -3159,6 +3279,7 @@ CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypass
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/issues/4562
CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -3259,6 +3380,7 @@ CVE-2022-0716
CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that could cau ...)
NOT-FOR-US: Schneider Electric
CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -3871,6 +3993,7 @@ CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse
NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8)
CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -5582,8 +5705,8 @@ CVE-2022-24762
RESERVED
CVE-2022-24761
RESERVED
-CVE-2022-24760
- RESERVED
+CVE-2022-24760 (Parse Server is an open source http web server backend. In versions pr ...)
+ TODO: check
CVE-2022-24759
RESERVED
CVE-2022-24758
@@ -5594,8 +5717,8 @@ CVE-2022-24756
RESERVED
CVE-2022-24755
RESERVED
-CVE-2022-24754
- RESERVED
+CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platform. A ...)
TODO: check
CVE-2022-24752
@@ -5762,6 +5885,7 @@ CVE-2022-0556
CVE-2022-0555
RESERVED
CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -6464,20 +6588,20 @@ CVE-2022-24423
RESERVED
CVE-2022-24422
RESERVED
-CVE-2022-24421
- RESERVED
-CVE-2022-24420
- RESERVED
-CVE-2022-24419
- RESERVED
+CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-24419 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-24418
RESERVED
CVE-2022-24417
RESERVED
-CVE-2022-24416
- RESERVED
-CVE-2022-24415
- RESERVED
+CVE-2022-24416 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-24414
RESERVED
CVE-2022-24413
@@ -7598,6 +7722,7 @@ CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned
CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...)
NOT-FOR-US: ShowDoc
CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -8337,6 +8462,7 @@ CVE-2022-23942
CVE-2022-21184
RESERVED
CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -8355,6 +8481,7 @@ CVE-2022-0363
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
NOT-FOR-US: ShowDoc
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -8363,6 +8490,7 @@ CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -9221,6 +9349,7 @@ CVE-2022-0321
CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -11103,6 +11232,7 @@ CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock noti
CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2947-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -14709,12 +14839,14 @@ CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation
CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
NOT-FOR-US: bookstack
CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950)
CVE-2021-4192 (vim is vulnerable to Use After Free ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -19592,6 +19724,7 @@ CVE-2021-4070 (Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4
CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...)
NOT-FOR-US: Apache Sling
CVE-2021-4069 (vim is vulnerable to Use After Free ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -20680,6 +20813,7 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input D
NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
NOTE: Issues only in janus-demos built from src:janus
CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -21225,6 +21359,7 @@ CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlle
CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
NOT-FOR-US: kimai2
CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1 (bug #1001896)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -21453,12 +21588,14 @@ CVE-2021-43961
CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...)
NOT-FOR-US: Lorensbergs Connect2
CVE-2021-3974 (vim is vulnerable to Use After Free ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1 (bug #1001897)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612)
CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1 (bug #1001899)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -24240,12 +24377,14 @@ CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allow
CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
NOT-FOR-US: Sunnet eHRD
CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2947-1}
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -27110,8 +27249,8 @@ CVE-2021-42579
RESERVED
CVE-2021-42578
RESERVED
-CVE-2021-42577
- RESERVED
+CVE-2021-42577 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malfo ...)
+ TODO: check
CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...)
- golang-github-microcosm-cc-bluemonday 1.0.16-1
[bullseye] - golang-github-microcosm-cc-bluemonday <no-dsa> (Minor issue)
@@ -29114,8 +29253,8 @@ CVE-2021-3880
REJECTED
CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
-CVE-2021-42262
- RESERVED
+CVE-2021-42262 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. An inva ...)
+ TODO: check
CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...)
NOT-FOR-US: Revisor Video Management System (VMS)
CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...)
@@ -29469,6 +29608,7 @@ CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Mic
CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
NOT-FOR-US: Trend Micro
CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2947-1}
- vim 2:8.2.3565-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -30112,12 +30252,12 @@ CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository ad
NOTE: https://github.com/ADOdb/ADOdb/issues/793
CVE-2021-3849
RESERVED
-CVE-2021-41850
- RESERVED
-CVE-2021-41849
- RESERVED
-CVE-2021-41848
- RESERVED
+CVE-2021-41850 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A p ...)
+ TODO: check
+CVE-2021-41849 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...)
+ TODO: check
+CVE-2021-41848 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...)
+ TODO: check
CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...)
NOT-FOR-US: 3xLogic
CVE-2021-41846
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79d38c5b8f2f77e7607b43287f7d045c2e9a2a4c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79d38c5b8f2f77e7607b43287f7d045c2e9a2a4c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220312/f9f3bb82/attachment.htm>
More information about the debian-security-tracker-commits
mailing list