[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 17 20:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6ecaf9d by security tracker role at 2022-03-17T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-27172
+ RESERVED
+CVE-2022-1017
+ RESERVED
+CVE-2022-1016
+ RESERVED
+CVE-2022-1015
+ RESERVED
+CVE-2022-1014
+ RESERVED
+CVE-2022-1013
+ RESERVED
+CVE-2022-1012
+ RESERVED
+CVE-2022-1011
+ RESERVED
+CVE-2022-1010
+ RESERVED
+CVE-2022-1009
+ RESERVED
+CVE-2022-1008
+ RESERVED
+CVE-2022-1007
+ RESERVED
+CVE-2022-1006
+ RESERVED
+CVE-2022-1005
+ RESERVED
+CVE-2022-1004
+ RESERVED
+CVE-2022-1003
+ RESERVED
+CVE-2022-1002
+ RESERVED
+CVE-2022-1001
+ RESERVED
+CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...)
+ TODO: check
CVE-2022-27228
RESERVED
CVE-2022-27227
@@ -266,16 +304,16 @@ CVE-2022-27167
RESERVED
CVE-2022-27166
RESERVED
-CVE-2022-26511
- RESERVED
+CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...)
+ TODO: check
CVE-2022-26510
RESERVED
CVE-2022-26303
RESERVED
CVE-2022-26082
RESERVED
-CVE-2022-26081
- RESERVED
+CVE-2022-26081 (The installer of WPS Office Version 10.8.0.5745 insecurely load shcore ...)
+ TODO: check
CVE-2022-26077
RESERVED
CVE-2022-26067
@@ -284,10 +322,10 @@ CVE-2022-26043
RESERVED
CVE-2022-26026
RESERVED
-CVE-2022-25969
- RESERVED
-CVE-2022-25949
- RESERVED
+CVE-2022-25969 (The installer of WPS Office Version 10.8.0.6186 insecurely load VERSIO ...)
+ TODO: check
+CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Ve ...)
+ TODO: check
CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...)
TODO: check
CVE-2022-0969
@@ -1835,8 +1873,8 @@ CVE-2022-26528
RESERVED
CVE-2022-26527
RESERVED
-CVE-2022-26526
- RESERVED
+CVE-2022-26526 (Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 ...)
+ TODO: check
CVE-2022-26525
RESERVED
CVE-2022-26524
@@ -1871,8 +1909,8 @@ CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1
NOTE: https://www.openwall.com/lists/oss-security/2022/03/03/1
CVE-2022-26504
RESERVED
-CVE-2022-26503
- RESERVED
+CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, ...)
+ TODO: check
CVE-2022-26502
RESERVED
CVE-2022-26501
@@ -2980,7 +3018,7 @@ CVE-2022-0780
CVE-2022-0779
RESERVED
CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...)
- {DSA-5103-1}
+ {DSA-5103-1 DLA-2953-1 DLA-2952-1}
- openssl 1.1.1n-1
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20220315.txt
@@ -3483,8 +3521,8 @@ CVE-2022-25764
RESERVED
CVE-2022-25761
RESERVED
-CVE-2022-25760
- RESERVED
+CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...)
+ TODO: check
CVE-2022-25759
RESERVED
CVE-2022-25758
@@ -3499,12 +3537,12 @@ CVE-2022-25645
RESERVED
CVE-2022-25644
RESERVED
-CVE-2022-25354
- RESERVED
+CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution ...)
+ TODO: check
CVE-2022-25353
RESERVED
-CVE-2022-25352
- RESERVED
+CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype Polluti ...)
+ TODO: check
CVE-2022-25351
RESERVED
CVE-2022-25350
@@ -3623,8 +3661,8 @@ CVE-2022-21223
RESERVED
CVE-2022-21222
RESERVED
-CVE-2022-21221
- RESERVED
+CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...)
+ TODO: check
CVE-2022-21213
RESERVED
CVE-2022-21211
@@ -3684,10 +3722,10 @@ CVE-2022-0751
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0750
RESERVED
-CVE-2022-0749
- RESERVED
-CVE-2022-0748
- RESERVED
+CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The socket cli ...)
+ TODO: check
+CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Ex ...)
+ TODO: check
CVE-2022-0747
RESERVED
CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...)
@@ -4884,8 +4922,8 @@ CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, althou
NOT-FOR-US: Cryptomator
CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...)
NOT-FOR-US: Docker Desktop
-CVE-2022-25364
- RESERVED
+CVE-2022-25364 (In Gradle Enterprise before 2021.4.2, the default built-in build cache ...)
+ TODO: check
CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...)
NOT-FOR-US: WatchGuard
CVE-2022-25362
@@ -5117,8 +5155,8 @@ CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is pos
NOT-FOR-US: webcc
CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...)
NOT-FOR-US: drogon
-CVE-2022-25296
- RESERVED
+CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype Pollution v ...)
+ TODO: check
CVE-2022-25295
RESERVED
CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...)
@@ -6592,12 +6630,12 @@ CVE-2022-24763
RESERVED
CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...)
TODO: check
-CVE-2022-24761
- RESERVED
+CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...)
+ TODO: check
CVE-2022-24760 (Parse Server is an open source http web server backend. In versions pr ...)
TODO: check
-CVE-2022-24759
- RESERVED
+CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation of noise ...)
+ TODO: check
CVE-2022-24758
RESERVED
CVE-2022-24757
@@ -16368,14 +16406,14 @@ CVE-2021-45796
RESERVED
CVE-2021-45795
RESERVED
-CVE-2021-45794
- RESERVED
-CVE-2021-45793
- RESERVED
-CVE-2021-45792
- RESERVED
-CVE-2021-45791
- RESERVED
+CVE-2021-45794 (Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/sys ...)
+ TODO: check
+CVE-2021-45793 (Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.ph ...)
+ TODO: check
+CVE-2021-45792 (Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admi ...)
+ TODO: check
+CVE-2021-45791 (Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bib ...)
+ TODO: check
CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...)
NOT-FOR-US: Metersphere
CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...)
@@ -19595,12 +19633,12 @@ CVE-2021-44910
RESERVED
CVE-2021-44909
RESERVED
-CVE-2021-44908
- RESERVED
+CVE-2021-44908 (SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via c ...)
+ TODO: check
CVE-2021-44907
RESERVED
-CVE-2021-44906
- RESERVED
+CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via file inde ...)
+ TODO: check
CVE-2021-44905
RESERVED
CVE-2021-44904
@@ -21531,14 +21569,14 @@ CVE-2021-44264
RESERVED
CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...)
NOT-FOR-US: Gurock TestRail
-CVE-2021-44262
- RESERVED
-CVE-2021-44261
- RESERVED
-CVE-2021-44260
- RESERVED
-CVE-2021-44259
- RESERVED
+CVE-2021-44262 (A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, vers ...)
+ TODO: check
+CVE-2021-44261 (A vulnerability is in the 'BRS_top.html' page of the Netgear W104, ver ...)
+ TODO: check
+CVE-2021-44260 (A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, ...)
+ TODO: check
+CVE-2021-44259 (A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, versio ...)
+ TODO: check
CVE-2021-44258
RESERVED
CVE-2021-44257
@@ -76482,8 +76520,8 @@ CVE-2021-23773
RESERVED
CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...)
NOT-FOR-US: iris Go web framework
-CVE-2021-23771
- RESERVED
+CVE-2021-23771 (This affects all versions of package notevil; all versions of package ...)
+ TODO: check
CVE-2021-23770
RESERVED
CVE-2021-23769
@@ -76765,8 +76803,8 @@ CVE-2021-23634
RESERVED
CVE-2021-23633
RESERVED
-CVE-2021-23632
- RESERVED
+CVE-2021-23632 (All versions of package git are vulnerable to Remote Code Execution (R ...)
+ TODO: check
CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...)
NOT-FOR-US: Node convert-svg
CVE-2021-23630
@@ -76919,8 +76957,8 @@ CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Poll
NOT-FOR-US: Node bmoor
CVE-2021-23557
RESERVED
-CVE-2021-23556
- RESERVED
+CVE-2021-23556 (The package guake before 3.8.5 are vulnerable to Exposed Dangerous Met ...)
+ TODO: check
CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...)
NOT-FOR-US: Node vm2
CVE-2021-23554
@@ -125884,8 +125922,8 @@ CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC
NOT-FOR-US: SteelCentral Aternity Agent
CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...)
NOT-FOR-US: SteelCentral Aternity Agent
-CVE-2020-15591
- RESERVED
+CVE-2020-15591 (fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 a ...)
+ TODO: check
CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...)
NOT-FOR-US: Private Internet Access client for Linux
CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, InternetSen ...)
@@ -221806,7 +221844,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can f
- openssl1.0 <not-affected> (Windows-specific)
NOTE: https://www.openssl.org/news/secadv/20190730.txt
CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...)
- {DSA-4855-1 DSA-4594-1}
+ {DSA-4855-1 DSA-4594-1 DLA-2952-1}
- openssl 1.1.1e-1 (low; bug #947949)
[jessie] - openssl <not-affected> (Affected modules are not present in Jessie)
- openssl1.0 <removed> (low)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ecaf9d85d320efc7c8e24aec810faa669d4174
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ecaf9d85d320efc7c8e24aec810faa669d4174
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220317/9df86a19/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list