[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Mar 13 20:10:25 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d388608 by security tracker role at 2022-03-13T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,18 @@
-CVE-2021-46709 [cross-site-scripting with newRows GET parameter]
+CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in  ...)
+	TODO: check
+CVE-2022-26980
+	RESERVED
+CVE-2022-0942
+	RESERVED
+CVE-2022-0941
+	RESERVED
+CVE-2022-0940
+	RESERVED
+CVE-2022-0939
+	RESERVED
+CVE-2022-0938
+	RESERVED
+CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows para ...)
 	- phpliteadmin 1.9.8.2-2
 	NOTE: https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability
 	NOTE: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows
@@ -1716,7 +1730,7 @@ CVE-2022-26320
 	RESERVED
 CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro Portabl ...)
 	NOT-FOR-US: Trend Micro
-CVE-2022-26318 (Null pointer dereference in WatchGuard Firebox and XTM appliances allo ...)
+CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can  ...)
 	NOT-FOR-US: WatchGuard
 CVE-2022-26317 (A vulnerability has been identified in Mendix Applications using Mendi ...)
 	NOT-FOR-US: Mendix (Siemens)
@@ -3535,6 +3549,7 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
 	NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
 	NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
 CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses containin ...)
+	{DSA-5102-1}
 	- haproxy 2.4.13-1
 	[buster] - haproxy <not-affected> (Vulnerable code introduced later)
 	[stretch] - haproxy <not-affected> (Vulnerable code introduced later)
@@ -5008,7 +5023,7 @@ CVE-2022-25092
 	RESERVED
 CVE-2022-25091
 	RESERVED
-CVE-2022-25090 (Printix Secure Cloud Print Management 1.3.1035.0 creates a temporary f ...)
+CVE-2022-25090 (Printix Secure Cloud Print Management through 1.3.1106.0 creates a tem ...)
 	NOT-FOR-US: Printix Secure Cloud Print Management
 CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly u ...)
 	NOT-FOR-US: Printix Secure Cloud Print Management
@@ -6004,8 +6019,8 @@ CVE-2022-0549
 	NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
 CVE-2022-0548
 	RESERVED
-CVE-2022-24696
-	RESERVED
+CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a ...)
+	TODO: check
 CVE-2022-24695
 	RESERVED
 CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...)
@@ -7736,8 +7751,8 @@ CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows a
 	NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d
 CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...)
 	NOT-FOR-US: Shibboleth identity provider OIDC OP plugin
-CVE-2022-24128
-	RESERVED
+CVE-2022-24128 (Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege esc ...)
+	TODO: check
 CVE-2022-24127
 	RESERVED
 CVE-2022-24126
@@ -30339,7 +30354,7 @@ CVE-2021-41851
 CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...)
 	NOT-FOR-US: firefly-iii
 CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...)
-	{DLA-2912-1}
+	{DSA-5101-1 DLA-2912-1}
 	- libphp-adodb 5.21.4-1 (bug #1004376)
 	NOTE: https://github.com/ADOdb/ADOdb/issues/793
 	NOTE: https://github.com/adodb/adodb/commit/b4d5ce70034c5aac3a1d51d317d93c037a0938d2 (v5.21.4)
@@ -64034,7 +64049,7 @@ CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSR
 	NOT-FOR-US: OWASP CSRFGuard
 CVE-2021-28489
 	RESERVED
-CVE-2021-28488 (Ericsson Network Manager 20.2 has Insecure Permissions. ...)
+CVE-2021-28488 (Ericsson Network Manager (ENM) before 21.2 has incorrect access-contro ...)
 	NOT-FOR-US: Ericsson
 CVE-2021-28487
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3886082572a08981574cd2a8f300c699974fa4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3886082572a08981574cd2a8f300c699974fa4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220313/b5378444/attachment.htm>

More information about the debian-security-tracker-commits mailing list