[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 21 08:10:18 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a006d95 by security tracker role at 2022-03-21T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-1031
+	RESERVED
 CVE-2022-27258
 	RESERVED
 CVE-2022-27257
@@ -4676,8 +4678,8 @@ CVE-2022-25507 (FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross
 	NOT-FOR-US: FreeTAKServer
 CVE-2022-25506 (FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vuln ...)
 	NOT-FOR-US: FreeTAKServer
-CVE-2022-25505
-	RESERVED
+CVE-2022-25505 (Taocms v3.0.2 was discovered to contain a SQL injection vulnerability  ...)
+	TODO: check
 CVE-2022-25504
 	RESERVED
 CVE-2022-25503
@@ -4724,8 +4726,8 @@ CVE-2022-25483
 	RESERVED
 CVE-2022-25482
 	RESERVED
-CVE-2022-25481
-	RESERVED
+CVE-2022-25481 (ThinkPHP Framework v5.0.24 was discovered to be configured without the ...)
+	TODO: check
 CVE-2022-25480
 	RESERVED
 CVE-2022-25479
@@ -4762,8 +4764,8 @@ CVE-2022-25464 (A stored cross-site scripting (XSS) vulnerability in the compone
 	NOT-FOR-US: DoraCMS
 CVE-2022-25463
 	RESERVED
-CVE-2022-25462
-	RESERVED
+CVE-2022-25462 (Yafu v2.0 contains a segmentation fault via the component /factor/avx- ...)
+	TODO: check
 CVE-2022-25461 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...)
 	NOT-FOR-US: Tenda
 CVE-2022-25460 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...)
@@ -30561,8 +30563,8 @@ CVE-2021-42196
 	RESERVED
 CVE-2021-42195
 	RESERVED
-CVE-2021-42194
-	RESERVED
+CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V1.5.4- ...)
+	TODO: check
 CVE-2021-42193
 	RESERVED
 CVE-2021-42192
@@ -37456,10 +37458,10 @@ CVE-2021-39386
 	RESERVED
 CVE-2021-39385
 	RESERVED
-CVE-2021-39384
-	RESERVED
-CVE-2021-39383
-	RESERVED
+CVE-2021-39384 (DWSurvey v3.2.0 was discovered to contain an arbitrary file write vuln ...)
+	TODO: check
+CVE-2021-39383 (DWSurvey v3.2.0 was discovered to contain a remote command execution ( ...)
+	TODO: check
 CVE-2021-39382
 	RESERVED
 CVE-2021-39381
@@ -39498,6 +39500,7 @@ CVE-2021-3701
 	NOTE: https://github.com/ansible/ansible-runner/issues/738
 	NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
 CVE-2021-3700 (A use-after-free vulnerability was found in usbredir in versions prior ...)
+	{DLA-2958-1}
 	- usbredir 0.11.0-1
 	[bullseye] - usbredir <no-dsa> (Minor issue)
 	[buster] - usbredir <no-dsa> (Minor issue)
@@ -102785,10 +102788,10 @@ CVE-2020-26010
 	RESERVED
 CVE-2020-26009
 	RESERVED
-CVE-2020-26008
-	RESERVED
-CVE-2020-26007
-	RESERVED
+CVE-2020-26008 (The PluginsUpload function in application/service/PluginsAdminService. ...)
+	TODO: check
+CVE-2020-26007 (An arbitrary file upload vulnerability in the upload payment plugin of ...)
+	TODO: check
 CVE-2020-26006 (Project Worlds Online Examination System 1.0 is affected by Cross Site ...)
 	NOT-FOR-US: Project Worlds Online Examination System
 CVE-2020-26005
@@ -135163,11 +135166,13 @@ CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote at
 CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
 	NOT-FOR-US: iSmartgate PRO
 CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
+	{DLA-2936-1}
 	- libgit2 0.28.4+dfsg.1-2
 	[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
 	[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
 	NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
+	{DLA-2936-1}
 	- libgit2 0.28.4+dfsg.1-2
 	[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
 	[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a006d95fbf2dfdc3cf2387c5d544d8e55baef88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a006d95fbf2dfdc3cf2387c5d544d8e55baef88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220321/ad1ff89a/attachment.htm>

More information about the debian-security-tracker-commits mailing list