[Git][security-tracker-team/security-tracker][master] automatic update

Wed Mar 16 08:10:25 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a65d3a98 by security tracker role at 2022-03-16T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...)
+	TODO: check
+CVE-2022-27224
+	RESERVED
+CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16 ...)
+	TODO: check
+CVE-2022-27222
+	RESERVED
+CVE-2022-0993
+	RESERVED
+CVE-2022-0992
+	RESERVED
+CVE-2022-0991
+	RESERVED
+CVE-2022-0990
+	RESERVED
+CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...)
+	TODO: check
 CVE-2022-27221
 	RESERVED
 CVE-2022-27220
@@ -609,38 +627,38 @@ CVE-2022-27007
 	RESERVED
 CVE-2022-27006
 	RESERVED
-CVE-2022-27005
-	RESERVED
-CVE-2022-27004
-	RESERVED
-CVE-2022-27003
-	RESERVED
-CVE-2022-27002
-	RESERVED
-CVE-2022-27001
-	RESERVED
-CVE-2022-27000
-	RESERVED
-CVE-2022-26999
-	RESERVED
-CVE-2022-26998
-	RESERVED
-CVE-2022-26997
-	RESERVED
-CVE-2022-26996
-	RESERVED
-CVE-2022-26995
-	RESERVED
-CVE-2022-26994
-	RESERVED
-CVE-2022-26993
-	RESERVED
-CVE-2022-26992
-	RESERVED
-CVE-2022-26991
-	RESERVED
-CVE-2022-26990
-	RESERVED
+CVE-2022-27005 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...)
+	TODO: check
+CVE-2022-27004 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...)
+	TODO: check
+CVE-2022-27003 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...)
+	TODO: check
+CVE-2022-27002 (Arris TR3300 v1.0.13 were discovered to contain a command injection vu ...)
+	TODO: check
+CVE-2022-27001 (Arris TR3300 v1.0.13 were discovered to contain a command injection vu ...)
+	TODO: check
+CVE-2022-27000 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...)
+	TODO: check
+CVE-2022-26999 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...)
+	TODO: check
+CVE-2022-26998 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...)
+	TODO: check
+CVE-2022-26997 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...)
+	TODO: check
+CVE-2022-26996 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...)
+	TODO: check
+CVE-2022-26995 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...)
+	TODO: check
+CVE-2022-26994 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...)
+	TODO: check
+CVE-2022-26993 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...)
+	TODO: check
+CVE-2022-26992 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...)
+	TODO: check
+CVE-2022-26991 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...)
+	TODO: check
+CVE-2022-26990 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...)
+	TODO: check
 CVE-2022-26989
 	RESERVED
 CVE-2022-26988
@@ -2302,7 +2320,8 @@ CVE-2022-0823
 	RESERVED
 CVE-2022-26352
 	RESERVED
-CVE-2022-26351 (Canon imagePROGRAF and imageRUNNER devices through 2022-03-14 generate ...)
+CVE-2022-26351
+	REJECTED
 	NOT-FOR-US: Canon
 CVE-2022-26350
 	RESERVED
@@ -2411,7 +2430,7 @@ CVE-2022-26322
 	RESERVED
 CVE-2022-26321
 	RESERVED
-CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm ( ...)
+CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in cert ...)
 	NOT-FOR-US: Fujifilm
 CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro Portabl ...)
 	NOT-FOR-US: Trend Micro
@@ -2617,24 +2636,24 @@ CVE-2022-26216
 	RESERVED
 CVE-2022-26215
 	RESERVED
-CVE-2022-26214
-	RESERVED
-CVE-2022-26213
-	RESERVED
-CVE-2022-26212
-	RESERVED
-CVE-2022-26211
-	RESERVED
-CVE-2022-26210
-	RESERVED
-CVE-2022-26209
-	RESERVED
-CVE-2022-26208
-	RESERVED
-CVE-2022-26207
-	RESERVED
-CVE-2022-26206
-	RESERVED
+CVE-2022-26214 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
+CVE-2022-26213 (Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to cont ...)
+	TODO: check
+CVE-2022-26212 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
+CVE-2022-26211 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
+CVE-2022-26210 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
+CVE-2022-26209 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
+CVE-2022-26208 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
+CVE-2022-26207 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
+CVE-2022-26206 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...)
+	TODO: check
 CVE-2022-26205
 	RESERVED
 CVE-2022-26204
@@ -4480,34 +4499,34 @@ CVE-2022-25500
 	RESERVED
 CVE-2022-25499
 	RESERVED
-CVE-2022-25498
-	RESERVED
-CVE-2022-25497
-	RESERVED
+CVE-2022-25498 (CuppaCMS v1.0 was discovered to contain a remote code execution (RCE)  ...)
+	TODO: check
+CVE-2022-25497 (CuppaCMS v1.0 was discovered to contain an arbitrary file read via the ...)
+	TODO: check
 CVE-2022-25496
 	RESERVED
-CVE-2022-25495
-	RESERVED
-CVE-2022-25494
-	RESERVED
-CVE-2022-25493
-	RESERVED
-CVE-2022-25492
-	RESERVED
-CVE-2022-25491
-	RESERVED
-CVE-2022-25490
-	RESERVED
-CVE-2022-25489
-	RESERVED
-CVE-2022-25488
-	RESERVED
-CVE-2022-25487
-	RESERVED
-CVE-2022-25486
-	RESERVED
-CVE-2022-25485
-	RESERVED
+CVE-2022-25495 (The component /jquery_file_upload/server/php/index.php of CuppaCMS v1. ...)
+	TODO: check
+CVE-2022-25494 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
+CVE-2022-25493 (HMS v1.0 was discovered to contain a reflected cross-site scripting (X ...)
+	TODO: check
+CVE-2022-25492 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...)
+	TODO: check
+CVE-2022-25491 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...)
+	TODO: check
+CVE-2022-25490 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...)
+	TODO: check
+CVE-2022-25489 (Atom CMS v2.0 was discovered to contain a reflected cross-site scripti ...)
+	TODO: check
+CVE-2022-25488 (Atom CMS v2.0 was discovered to contain a SQL injection vulnerability  ...)
+	TODO: check
+CVE-2022-25487 (Atom CMS v2.0 was discovered to contain a remote code execution (RCE)  ...)
+	TODO: check
+CVE-2022-25486 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...)
+	TODO: check
+CVE-2022-25485 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...)
+	TODO: check
 CVE-2022-25484
 	RESERVED
 CVE-2022-25483
@@ -9156,8 +9175,8 @@ CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the
 	NOTE: https://github.com/libexpat/libexpat/pull/551
 	NOTE: Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4)
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4)
-CVE-2022-23989
-	RESERVED
+CVE-2022-23989 (In Stormshield Network Security (SNS) 3.7.6 through 3.7.24, 3.11.1 thr ...)
+	TODO: check
 CVE-2022-23988 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-23987 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...)
@@ -16134,8 +16153,8 @@ CVE-2021-45850
 	RESERVED
 CVE-2021-45849
 	RESERVED
-CVE-2021-45848
-	RESERVED
+CVE-2021-45848 (Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later all ...)
+	TODO: check
 CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...)
 	- slic3r <unfixed>
 	NOTE: https://github.com/slic3r/Slic3r/issues/5118
@@ -22806,14 +22825,14 @@ CVE-2022-21642 (Discourse is an open source platform for community discussion. I
 	NOT-FOR-US: Discourse
 CVE-2021-43959
 	RESERVED
-CVE-2021-43958
-	RESERVED
-CVE-2021-43957
-	RESERVED
-CVE-2021-43956
-	RESERVED
-CVE-2021-43955
-	RESERVED
+CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 4.8.9 al ...)
+	TODO: check
+CVE-2021-43957 (Affected versions of Atlassian Fisheye & Crucible allowed remote a ...)
+	TODO: check
+CVE-2021-43956 (The jQuery deserialize library in Fisheye and Crucible before version  ...)
+	TODO: check
+CVE-2021-43955 (The /rest-service-fecru/server-v1 resource in Fisheye and Crucible bef ...)
+	TODO: check
 CVE-2021-43954 (The DefaultRepositoryAdminService class in Fisheye and Crucible before ...)
 	NOT-FOR-US: Atlassian
 CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
@@ -63214,8 +63233,8 @@ CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power Manageme
 	NOT-FOR-US: Lenovo
 CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management Driver ...)
 	NOT-FOR-US: Lenovo
-CVE-2021-29134
-	RESERVED
+CVE-2021-29134 (The avatar middleware in Gitea before 1.13.6 allows Directory Traversa ...)
+	TODO: check
 CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux Configurat ...)
 	NOT-FOR-US: haserl (Alpine), different from src:haserl
 CVE-2021-29132



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65d3a98f6123fdb5ada082756cb5a93210af5aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65d3a98f6123fdb5ada082756cb5a93210af5aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220316/21dbad7c/attachment.htm>
