[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 18 20:10:35 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
81a1a6b0 by security tracker role at 2022-03-18T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-27249
+ RESERVED
+CVE-2022-27248
+ RESERVED
+CVE-2022-27247
+ RESERVED
+CVE-2022-27246 (An issue was discovered in MISP before 2.4.156. An SVG org logo (which ...)
+ TODO: check
+CVE-2022-27245 (An issue was discovered in MISP before 2.4.156. app/Model/Server.php d ...)
+ TODO: check
+CVE-2022-27244 (An issue was discovered in MISP before 2.4.156. A malicious site admin ...)
+ TODO: check
+CVE-2022-27243 (An issue was discovered in MISP before 2.4.156. app/View/Users/terms.c ...)
+ TODO: check
+CVE-2022-27242
+ RESERVED
+CVE-2022-27241
+ RESERVED
+CVE-2022-1027
+ RESERVED
+CVE-2022-1026
+ RESERVED
+CVE-2022-1025
+ RESERVED
+CVE-2022-1024
+ RESERVED
+CVE-2022-1023
+ RESERVED
+CVE-2022-1022
+ RESERVED
+CVE-2022-1021
+ RESERVED
+CVE-2022-1020
+ RESERVED
CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...)
- glewlwyd 2.6.1-2
[bullseye] - glewlwyd <no-dsa> (Minor issue)
@@ -40,8 +74,7 @@ CVE-2022-1013
RESERVED
CVE-2022-1012
RESERVED
-CVE-2022-1011 [fuse: fix pipe buffer lifetime for direct_io]
- RESERVED
+CVE-2022-1011 (A flaw use after free in the Linux kernel FUSE filesystem was found in ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8)
CVE-2022-1010
@@ -58,10 +91,10 @@ CVE-2022-1005
RESERVED
CVE-2022-1004
RESERVED
-CVE-2022-1003
- RESERVED
-CVE-2022-1002
- RESERVED
+CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to proper ...)
+ TODO: check
+CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...)
+ TODO: check
CVE-2022-1001
RESERVED
CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...)
@@ -221,51 +254,61 @@ CVE-2022-25347
RESERVED
CVE-2022-0980
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0979
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0978
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0977
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0976
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0975
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0974
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0973
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0972
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0971
RESERVED
+ {DSA-5104-1}
- chromium 99.0.4844.74-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -1940,8 +1983,8 @@ CVE-2022-26504 (Improper authentication in Veeam Backup & Replication 9.5U3,
NOT-FOR-US: Veeam
CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, ...)
NOT-FOR-US: Veeam
-CVE-2022-26502
- RESERVED
+CVE-2022-26502 (**REJECT** Veeam Backup & Replication 10.x and 11.x has an Untrust ...)
+ TODO: check
CVE-2022-26501 (Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4 ...)
NOT-FOR-US: Veeam
CVE-2022-26500 (Improper limitation of path names in Veeam Backup & Replication 9. ...)
@@ -3828,8 +3871,7 @@ CVE-2022-25811
RESERVED
CVE-2022-25810
RESERVED
-CVE-2022-0742 [ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()]
- RESERVED
+CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a rem ...)
- linux 5.16.14-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4350,18 +4392,18 @@ CVE-2022-25609
RESERVED
CVE-2022-25608
RESERVED
-CVE-2022-25607
- RESERVED
+CVE-2022-25607 (Authenticated (author or higher user role) SQL Injection (SQLi) vulner ...)
+ TODO: check
CVE-2022-25606
RESERVED
-CVE-2022-25605
- RESERVED
-CVE-2022-25604
- RESERVED
-CVE-2022-25603
- RESERVED
-CVE-2022-25602
- RESERVED
+CVE-2022-25605 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
+ TODO: check
+CVE-2022-25604 (Authenticated (contributor of higher user role) Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2022-25603 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
+CVE-2022-25602 (Nonce token leak vulnerability leading to arbitrary file upload, theme ...)
+ TODO: check
CVE-2022-25601 (Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25600 (Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marke ...)
@@ -6635,12 +6677,12 @@ CVE-2022-24775
RESERVED
CVE-2022-24774
RESERVED
-CVE-2022-24773
- RESERVED
-CVE-2022-24772
- RESERVED
-CVE-2022-24771
- RESERVED
+CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
+ TODO: check
+CVE-2022-24772 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
+ TODO: check
+CVE-2022-24771 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
+ TODO: check
CVE-2022-24770 (`gradio` is an open source framework for building interactive machine ...)
TODO: check
CVE-2022-24769
@@ -6966,8 +7008,8 @@ CVE-2022-24670
RESERVED
CVE-2022-24669
RESERVED
-CVE-2022-0547
- RESERVED
+CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass ...)
+ TODO: check
CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...)
- blender <unfixed>
NOTE: Issue: https://developer.blender.org/T94572
@@ -7107,8 +7149,8 @@ CVE-2022-24657
RESERVED
CVE-2022-24656
RESERVED
-CVE-2022-24655
- RESERVED
+CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear ...)
+ TODO: check
CVE-2022-24654
RESERVED
CVE-2022-24653
@@ -7143,8 +7185,8 @@ CVE-2022-24639
RESERVED
CVE-2022-24638
RESERVED
-CVE-2022-24637
- RESERVED
+CVE-2022-24637 (Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote ...)
+ TODO: check
CVE-2022-24636
RESERVED
CVE-2022-24635
@@ -7240,8 +7282,8 @@ CVE-2022-24597
RESERVED
CVE-2022-24596
RESERVED
-CVE-2022-24595
- RESERVED
+CVE-2022-24595 (Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0. ...)
+ TODO: check
CVE-2022-24594 (In waline 1.6.1, an attacker can submit messages using X-Forwarded-For ...)
NOT-FOR-US: waline
CVE-2022-24593
@@ -8842,10 +8884,10 @@ CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and
NOT-FOR-US: Adobe
CVE-2022-24093
RESERVED
-CVE-2022-24092
- RESERVED
-CVE-2022-24091
- RESERVED
+CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ TODO: check
+CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ TODO: check
CVE-2022-24090 (Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-24089
@@ -10805,6 +10847,7 @@ CVE-2022-23608 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
NOTE: https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
+ {DLA-2954-1}
- python-treq <unfixed> (bug #1005041)
NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc
NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0)
@@ -12285,8 +12328,8 @@ CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in
NOT-FOR-US: WordPress plugin
CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-44760
- RESERVED
+CVE-2021-44760 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
+ TODO: check
CVE-2021-4207
RESERVED
CVE-2021-4206
@@ -12299,12 +12342,12 @@ CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-23209
- RESERVED
+CVE-2021-23209 (Multiple Authenticated (admin user role) Persistent Cross-Site Scripti ...)
+ TODO: check
CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-23150
- RESERVED
+CVE-2021-23150 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
NOT-FOR-US: Apache Traffic Control
CVE-2022-23205
@@ -14283,110 +14326,109 @@ CVE-2022-22673
RESERVED
CVE-2022-22672
RESERVED
-CVE-2022-22671
- RESERVED
-CVE-2022-22670
- RESERVED
-CVE-2022-22669
- RESERVED
+CVE-2022-22671 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2022-22670 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
+CVE-2022-22669 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
CVE-2022-22668
RESERVED
-CVE-2022-22667
- RESERVED
-CVE-2022-22666
- RESERVED
-CVE-2022-22665
- RESERVED
-CVE-2022-22664
- RESERVED
+CVE-2022-22667 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2022-22666 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2022-22665 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
CVE-2022-22663
RESERVED
CVE-2022-22662
RESERVED
-CVE-2022-22661
- RESERVED
-CVE-2022-22660
- RESERVED
-CVE-2022-22659
- RESERVED
+CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...)
+ TODO: check
+CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ TODO: check
+CVE-2022-22659 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2022-22658
RESERVED
-CVE-2022-22657
- RESERVED
-CVE-2022-22656
- RESERVED
+CVE-2022-22657 (A memory initialization issue was addressed with improved memory handl ...)
+ TODO: check
+CVE-2022-22656 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
CVE-2022-22655
RESERVED
-CVE-2022-22654
- RESERVED
-CVE-2022-22653
- RESERVED
-CVE-2022-22652
- RESERVED
-CVE-2022-22651
- RESERVED
-CVE-2022-22650
- RESERVED
+CVE-2022-22654 (A user interface issue was addressed. This issue is fixed in watchOS 8 ...)
+ TODO: check
+CVE-2022-22653 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2022-22652 (The GSMA authentication panel could be presented on the lock screen. T ...)
+ TODO: check
+CVE-2022-22651 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2022-22650 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2022-22649
RESERVED
-CVE-2022-22648
- RESERVED
-CVE-2022-22647
- RESERVED
+CVE-2022-22648 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2022-22647 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2022-22646
RESERVED
CVE-2022-22645
RESERVED
-CVE-2022-22644
- RESERVED
-CVE-2022-22643
- RESERVED
-CVE-2022-22642
- RESERVED
-CVE-2022-22641
- RESERVED
-CVE-2022-22640
- RESERVED
-CVE-2022-22639
- RESERVED
-CVE-2022-22638
- RESERVED
+CVE-2022-22644 (A privacy issue existed in the handling of Contact cards. This was add ...)
+ TODO: check
+CVE-2022-22643 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2022-22642 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2022-22641 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2022-22640 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2022-22639 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2022-22638 (A null pointer dereference was addressed with improved validation. Thi ...)
+ TODO: check
CVE-2022-22637
RESERVED
-CVE-2022-22636
- RESERVED
-CVE-2022-22635
- RESERVED
-CVE-2022-22634
- RESERVED
-CVE-2022-22633
- RESERVED
-CVE-2022-22632
- RESERVED
-CVE-2022-22631
- RESERVED
+CVE-2022-22636 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2022-22635 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2022-22634 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2022-22633 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2022-22632 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
CVE-2022-22630
RESERVED
CVE-2022-22629
RESERVED
CVE-2022-22628
RESERVED
-CVE-2022-22627
- RESERVED
-CVE-2022-22626
- RESERVED
-CVE-2022-22625
- RESERVED
+CVE-2022-22627 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22625 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2022-22624
RESERVED
-CVE-2022-22623
- RESERVED
-CVE-2022-22622
- RESERVED
-CVE-2022-22621
- RESERVED
-CVE-2022-22620 [A use after free issue was addressed with improved memory management]
- RESERVED
+CVE-2022-22623 (Multiple issues were addressed by updating to curl version 7.79.1. Thi ...)
+ TODO: check
+CVE-2022-22622 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2022-22621 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2022-22620 (A use after free issue was addressed with improved memory management. ...)
{DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.6-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -14394,94 +14436,92 @@ CVE-2022-22620 [A use after free issue was addressed with improved memory manage
NOTE: https://webkitgtk.org/security/WSA-2022-0003.html
CVE-2022-22619
RESERVED
-CVE-2022-22618
- RESERVED
-CVE-2022-22617
- RESERVED
+CVE-2022-22618 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2022-22617 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2022-22616
RESERVED
-CVE-2022-22615
- RESERVED
-CVE-2022-22614
- RESERVED
-CVE-2022-22613
- RESERVED
-CVE-2022-22612
- RESERVED
-CVE-2022-22611
- RESERVED
+CVE-2022-22615 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2022-22614 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2022-22613 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2022-22612 (A memory consumption issue was addressed with improved memory handling ...)
+ TODO: check
+CVE-2022-22611 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2022-22610
RESERVED
-CVE-2022-22609
- RESERVED
-CVE-2022-22608
- RESERVED
-CVE-2022-22607
- RESERVED
-CVE-2022-22606
- RESERVED
-CVE-2022-22605
- RESERVED
-CVE-2022-22604
- RESERVED
-CVE-2022-22603
- RESERVED
-CVE-2022-22602
- RESERVED
-CVE-2022-22601
- RESERVED
-CVE-2022-22600
- RESERVED
-CVE-2022-22599
- RESERVED
-CVE-2022-22598
- RESERVED
-CVE-2022-22597
- RESERVED
-CVE-2022-22596
- RESERVED
+CVE-2022-22609 (The issue was addressed with additional permissions checks. This issue ...)
+ TODO: check
+CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22607 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22606 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22605 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22604 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22603 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22602 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22601 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2022-22600 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2022-22599 (Description: A permissions issue was addressed with improved validatio ...)
+ TODO: check
+CVE-2022-22598 (An issue with app access to camera metadata was addressed with improve ...)
+ TODO: check
+CVE-2022-22597 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2022-22596 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
CVE-2022-22595
RESERVED
-CVE-2022-22594 [A cross-origin issue in the IndexDB API was addressed with improved input validation]
- RESERVED
+CVE-2022-22594 (A cross-origin issue in the IndexDB API was addressed with improved in ...)
{DSA-5061-1 DSA-5060-1}
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.4-1
NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
-CVE-2022-22593
- RESERVED
-CVE-2022-22591
- RESERVED
-CVE-2022-22589 [A validation issue was addressed with improved input sanitization]
- RESERVED
+CVE-2022-22593 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2022-22591 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2022-22589 (A validation issue was addressed with improved input sanitization. Thi ...)
{DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.5-1
NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
-CVE-2022-22588
- RESERVED
-CVE-2022-22587
- RESERVED
-CVE-2022-22586
- RESERVED
-CVE-2022-22585
- RESERVED
-CVE-2022-22584
- RESERVED
-CVE-2022-22583
- RESERVED
+CVE-2022-22588 (A resource exhaustion issue was addressed with improved input validati ...)
+ TODO: check
+CVE-2022-22587 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2022-22586 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2022-22585 (An issue existed within the path validation logic for symlinks. This i ...)
+ TODO: check
+CVE-2022-22584 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2022-22583 (A permissions issue was addressed with improved validation. This issue ...)
+ TODO: check
CVE-2022-22582
RESERVED
CVE-2022-22581
RESERVED
CVE-2022-22580
RESERVED
-CVE-2022-22579
- RESERVED
-CVE-2022-22578
- RESERVED
+CVE-2022-22579 (An information disclosure issue was addressed with improved state mana ...)
+ TODO: check
+CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
CVE-2022-22577
RESERVED
CVE-2022-22576
@@ -16357,10 +16397,10 @@ CVE-2021-45837
RESERVED
CVE-2021-45836
RESERVED
-CVE-2021-45835
- RESERVED
-CVE-2021-45834
- RESERVED
+CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated attacker to ...)
+ TODO: check
+CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to the Ope ...)
+ TODO: check
CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
- hdf5 <undetermined>
NOTE: https://github.com/HDFGroup/hdf5/issues/1313
@@ -21676,8 +21716,8 @@ CVE-2021-44236
CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...)
- linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7)
NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
-CVE-2021-4031
- RESERVED
+CVE-2021-4031 (Syltek application before its 10.22.00 version, does not correctly che ...)
+ TODO: check
CVE-2021-4030 (A cross-site request forgery vulnerability in the HTTP daemon of the Z ...)
NOT-FOR-US: Zyxel
CVE-2021-4029 (A command injection vulnerability in the CGI program of the Zyxel ARMO ...)
@@ -38336,8 +38376,8 @@ CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack
NOT-FOR-US: IBM
CVE-2021-39047
RESERVED
-CVE-2021-39046
- RESERVED
+CVE-2021-39046 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Bu ...)
+ TODO: check
CVE-2021-39045
RESERVED
CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...)
@@ -58827,8 +58867,8 @@ CVE-2021-30773 (An issue in code signature validation was addressed with improve
NOT-FOR-US: Apple
CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2021-30771
- RESERVED
+CVE-2021-30771 (An out-of-bounds write was addressed with improved input validation. T ...)
+ TODO: check
CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...)
@@ -61514,8 +61554,8 @@ CVE-2021-29901
RESERVED
CVE-2021-29900
RESERVED
-CVE-2021-29899
- RESERVED
+CVE-2021-29899 (IBM Engineering Requirements Quality Assistant prior to 3.1.3 could al ...)
+ TODO: check
CVE-2021-29898
RESERVED
CVE-2021-29897
@@ -66778,8 +66818,8 @@ CVE-2021-27791 (The function that is used to parse the Authentication header in
NOT-FOR-US: Brocade Fabric OS
CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9 ...)
NOT-FOR-US: Brocade Fabric OS
-CVE-2021-27789
- RESERVED
+CVE-2021-27789 (The Web application of Brocade Fabric OS before versions Brocade Fabri ...)
+ TODO: check
CVE-2021-27788
RESERVED
CVE-2021-27787
@@ -73294,6 +73334,7 @@ CVE-2021-25221
RESERVED
CVE-2021-25220 [DNS forwarders - cache poisoning vulnerability]
RESERVED
+ {DSA-5105-1}
- bind9 1:9.18.1-1
NOTE: https://kb.isc.org/docs/cve-2021-25220
NOTE: Fixed by https://gitlab.isc.org/isc-projects/bind9/-/commit/fc9cb6cf91c1a36b797ffef0a277dbb3989d43dc
@@ -79327,8 +79368,7 @@ CVE-2021-22592
RESERVED
CVE-2021-22591
RESERVED
-CVE-2022-22590 [A use after free issue was addressed with improved memory management]
- RESERVED
+CVE-2022-22590 (A use after free issue was addressed with improved memory management. ...)
{DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -79370,8 +79410,8 @@ CVE-2021-22573
RESERVED
CVE-2021-22572
RESERVED
-CVE-2021-22571
- RESERVED
+CVE-2021-22571 (A local attacker could read files from some other users' SA360 reports ...)
+ TODO: check
CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
[experimental] - protobuf 3.17.1-1
- protobuf <unfixed>
@@ -104834,16 +104874,16 @@ CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WEC
NOT-FOR-US: WECON LeviStudioU
CVE-2020-25198 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
-CVE-2020-25197
- RESERVED
+CVE-2020-25197 (A code injection vulnerability exists in one of the webpages in GE Rea ...)
+ TODO: check
CVE-2020-25196 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...)
NOT-FOR-US: Host Engineering
CVE-2020-25194 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
-CVE-2020-25193
- RESERVED
+CVE-2020-25193 (By having access to the hard-coded cryptographic key for GE Reason RT4 ...)
+ TODO: check
CVE-2020-25192 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...)
@@ -104860,24 +104900,24 @@ CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 201
NOT-FOR-US: LeviStudioU Release
CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer ...)
NOT-FOR-US: Paradox IP150
-CVE-2020-25184
- RESERVED
+CVE-2020-25184 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the pa ...)
+ TODO: check
CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...)
NOT-FOR-US: Medtronic MyCareLink Smart 25000
-CVE-2020-25182
- RESERVED
+CVE-2020-25182 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for ...)
+ TODO: check
CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...)
NOT-FOR-US: WECON PLC Editor
-CVE-2020-25180
- RESERVED
+CVE-2020-25180 (Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the ...)
+ TODO: check
CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
-CVE-2020-25178
- RESERVED
+CVE-2020-25178 (ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtim ...)
+ TODO: check
CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer ove ...)
NOT-FOR-US: WECON PLC Editor
-CVE-2020-25176
- RESERVED
+CVE-2020-25176 (Some commands used by the Rockwell Automation ISaGRAF Runtime Versions ...)
+ TODO: check
CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3 ...)
@@ -110573,8 +110613,7 @@ CVE-2020-22594
RESERVED
CVE-2020-22593
RESERVED
-CVE-2022-22592 [A logic issue was addressed with improved state management]
- RESERVED
+CVE-2022-22592 (A logic issue was addressed with improved state management. This issue ...)
{DSA-5084-1 DSA-5083-1}
- webkit2gtk 2.34.5-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -124098,8 +124137,8 @@ CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer
NOT-FOR-US: PLC WinProladder
CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
NOT-FOR-US: CodeMeter
-CVE-2020-16232
- RESERVED
+CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...)
+ TODO: check
CVE-2020-16231
RESERVED
CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
@@ -126492,8 +126531,8 @@ CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-f
- openjpeg2 2.4.0-1 (bug #965220)
NOTE: https://github.com/uclouvain/openjpeg/issues/1261
NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 (v2.4.0)
-CVE-2020-15388
- RESERVED
+CVE-2020-15388 (A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0 ...)
+ TODO: check
CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...)
NOT-FOR-US: Brocade
CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a1a6b053d5e05e95d3b644e1fa629e10b678af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81a1a6b053d5e05e95d3b644e1fa629e10b678af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220318/4599d2b3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list