[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 22 08:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a8464da by security tracker role at 2022-03-22T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,287 @@
+CVE-2022-27635
+ RESERVED
+CVE-2022-27626
+ RESERVED
+CVE-2022-27625
+ RESERVED
+CVE-2022-27624
+ RESERVED
+CVE-2022-27623
+ RESERVED
+CVE-2022-27622
+ RESERVED
+CVE-2022-27621
+ RESERVED
+CVE-2022-27620
+ RESERVED
+CVE-2022-27619
+ RESERVED
+CVE-2022-27618
+ RESERVED
+CVE-2022-27617
+ RESERVED
+CVE-2022-27616
+ RESERVED
+CVE-2022-27615
+ RESERVED
+CVE-2022-27614
+ RESERVED
+CVE-2022-27613
+ RESERVED
+CVE-2022-27612
+ RESERVED
+CVE-2022-27611
+ RESERVED
+CVE-2022-27610
+ RESERVED
+CVE-2022-27609
+ RESERVED
+CVE-2022-27608
+ RESERVED
+CVE-2022-27607 (Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom ...)
+ TODO: check
+CVE-2022-27606
+ RESERVED
+CVE-2022-27605
+ RESERVED
+CVE-2022-27604
+ RESERVED
+CVE-2022-27603
+ RESERVED
+CVE-2022-27602
+ RESERVED
+CVE-2022-27601
+ RESERVED
+CVE-2022-27600
+ RESERVED
+CVE-2022-27599
+ RESERVED
+CVE-2022-27598
+ RESERVED
+CVE-2022-27597
+ RESERVED
+CVE-2022-27596
+ RESERVED
+CVE-2022-27595
+ RESERVED
+CVE-2022-27594
+ RESERVED
+CVE-2022-27593
+ RESERVED
+CVE-2022-27592
+ RESERVED
+CVE-2022-27591
+ RESERVED
+CVE-2022-27590
+ RESERVED
+CVE-2022-27589
+ RESERVED
+CVE-2022-27588
+ RESERVED
+CVE-2022-27587
+ RESERVED
+CVE-2022-27586
+ RESERVED
+CVE-2022-27585
+ RESERVED
+CVE-2022-27584
+ RESERVED
+CVE-2022-27583
+ RESERVED
+CVE-2022-27582
+ RESERVED
+CVE-2022-27581
+ RESERVED
+CVE-2022-27580
+ RESERVED
+CVE-2022-27579
+ RESERVED
+CVE-2022-27578
+ RESERVED
+CVE-2022-27577
+ RESERVED
+CVE-2022-27576
+ RESERVED
+CVE-2022-27575
+ RESERVED
+CVE-2022-27574
+ RESERVED
+CVE-2022-27573
+ RESERVED
+CVE-2022-27572
+ RESERVED
+CVE-2022-27571
+ RESERVED
+CVE-2022-27570
+ RESERVED
+CVE-2022-27569
+ RESERVED
+CVE-2022-27568
+ RESERVED
+CVE-2022-27567
+ RESERVED
+CVE-2022-27566
+ RESERVED
+CVE-2022-27565
+ RESERVED
+CVE-2022-27564
+ RESERVED
+CVE-2022-27563
+ RESERVED
+CVE-2022-27562
+ RESERVED
+CVE-2022-27561
+ RESERVED
+CVE-2022-27560
+ RESERVED
+CVE-2022-27559
+ RESERVED
+CVE-2022-27558
+ RESERVED
+CVE-2022-27557
+ RESERVED
+CVE-2022-27556
+ RESERVED
+CVE-2022-27555
+ RESERVED
+CVE-2022-27554
+ RESERVED
+CVE-2022-27553
+ RESERVED
+CVE-2022-27552
+ RESERVED
+CVE-2022-27551
+ RESERVED
+CVE-2022-27550
+ RESERVED
+CVE-2022-27549
+ RESERVED
+CVE-2022-27548
+ RESERVED
+CVE-2022-27547
+ RESERVED
+CVE-2022-27546
+ RESERVED
+CVE-2022-27545
+ RESERVED
+CVE-2022-27544
+ RESERVED
+CVE-2022-27543
+ RESERVED
+CVE-2022-27542
+ RESERVED
+CVE-2022-27541
+ RESERVED
+CVE-2022-27540
+ RESERVED
+CVE-2022-27539
+ RESERVED
+CVE-2022-27538
+ RESERVED
+CVE-2022-27537
+ RESERVED
+CVE-2022-27536
+ RESERVED
+CVE-2022-27535
+ RESERVED
+CVE-2022-27534
+ RESERVED
+CVE-2022-27533
+ RESERVED
+CVE-2022-27532
+ RESERVED
+CVE-2022-27531
+ RESERVED
+CVE-2022-27530
+ RESERVED
+CVE-2022-27529
+ RESERVED
+CVE-2022-27528
+ RESERVED
+CVE-2022-27527
+ RESERVED
+CVE-2022-27526
+ RESERVED
+CVE-2022-27525
+ RESERVED
+CVE-2022-27524
+ RESERVED
+CVE-2022-27523
+ RESERVED
+CVE-2022-27522
+ RESERVED
+CVE-2022-27521
+ RESERVED
+CVE-2022-27520
+ RESERVED
+CVE-2022-27519
+ RESERVED
+CVE-2022-27518
+ RESERVED
+CVE-2022-27517
+ RESERVED
+CVE-2022-27516
+ RESERVED
+CVE-2022-27515
+ RESERVED
+CVE-2022-27514
+ RESERVED
+CVE-2022-27513
+ RESERVED
+CVE-2022-27512
+ RESERVED
+CVE-2022-27511
+ RESERVED
+CVE-2022-27510
+ RESERVED
+CVE-2022-27509
+ RESERVED
+CVE-2022-27508
+ RESERVED
+CVE-2022-27507
+ RESERVED
+CVE-2022-27506
+ RESERVED
+CVE-2022-27505
+ RESERVED
+CVE-2022-27504
+ RESERVED
+CVE-2022-27503
+ RESERVED
+CVE-2022-27502
+ RESERVED
+CVE-2022-27501
+ RESERVED
+CVE-2022-27500
+ RESERVED
+CVE-2022-27233
+ RESERVED
+CVE-2022-27229
+ RESERVED
+CVE-2022-27183
+ RESERVED
+CVE-2022-27180
+ RESERVED
+CVE-2022-26889
+ RESERVED
+CVE-2022-26888
+ RESERVED
+CVE-2022-26840
+ RESERVED
+CVE-2022-26070
+ RESERVED
+CVE-2022-26024
+ RESERVED
+CVE-2022-26017
+ RESERVED
+CVE-2022-25841
+ RESERVED
+CVE-2022-1040
+ RESERVED
+CVE-2022-1039
+ RESERVED
+CVE-2022-1038
+ RESERVED
CVE-2022-27492
RESERVED
CVE-2022-27491
@@ -316,8 +600,8 @@ CVE-2022-27335
RESERVED
CVE-2022-27334
RESERVED
-CVE-2022-27333
- RESERVED
+CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...)
+ TODO: check
CVE-2022-27332
RESERVED
CVE-2022-27331
@@ -1126,8 +1410,8 @@ CVE-2022-27092
RESERVED
CVE-2022-27091
RESERVED
-CVE-2022-27090
- RESERVED
+CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...)
+ TODO: check
CVE-2022-27089
RESERVED
CVE-2022-27088
@@ -3174,12 +3458,12 @@ CVE-2022-26287
RESERVED
CVE-2022-26286
RESERVED
-CVE-2022-26285
- RESERVED
-CVE-2022-26284
- RESERVED
-CVE-2022-26283
- RESERVED
+CVE-2022-26285 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
+CVE-2022-26284 (Simple Client Management System v1.0 was discovered to contain a SQL i ...)
+ TODO: check
+CVE-2022-26283 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-26282
RESERVED
CVE-2022-26281
@@ -3376,10 +3660,10 @@ CVE-2022-26186
RESERVED
CVE-2022-26185
RESERVED
-CVE-2022-26184
- RESERVED
-CVE-2022-26183
- RESERVED
+CVE-2022-26184 (Poetry v1.1.9 and below was discovered to contain an untrusted search ...)
+ TODO: check
+CVE-2022-26183 (PNPM v6.15.1 and below was discovered to contain an untrusted search p ...)
+ TODO: check
CVE-2022-26182
RESERVED
CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-bu ...)
@@ -3397,8 +3681,8 @@ CVE-2022-26176
RESERVED
CVE-2022-26175
RESERVED
-CVE-2022-26174
- RESERVED
+CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 ...)
+ TODO: check
CVE-2022-26173
RESERVED
CVE-2022-26172
@@ -3652,8 +3936,8 @@ CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/a
NOT-FOR-US: rudloff/alltube
CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated administr ...)
NOT-FOR-US: MODX Revolution
-CVE-2022-26148
- RESERVED
+CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...)
+ TODO: check
CVE-2022-26147
RESERVED
CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...)
@@ -5855,8 +6139,8 @@ CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in Git
NOT-FOR-US: Node request-retry
CVE-2022-0653 (The Profile Builder – User Profile & User Registration Forms ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0652
- RESERVED
+CVE-2022-0652 (Confd log files contain local users', including root’s, SHA512cr ...)
+ TODO: check
CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0650
@@ -9703,8 +9987,8 @@ CVE-2022-24005
RESERVED
CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0386
- RESERVED
+CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...)
+ TODO: check
CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17 does n ...)
@@ -10089,6 +10373,7 @@ CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. Th
CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
NOT-FOR-US: Apache ShenYu Admin
CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...)
+ {DLA-2960-1}
- apache2 2.4.53-1
[bullseye] - apache2 <no-dsa> (Minor issue)
[buster] - apache2 <no-dsa> (Minor issue)
@@ -12102,22 +12387,22 @@ CVE-2022-23354
RESERVED
CVE-2022-23353
RESERVED
-CVE-2022-23352
- RESERVED
+CVE-2022-23352 (An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial ...)
+ TODO: check
CVE-2022-23351
RESERVED
-CVE-2022-23350
- RESERVED
-CVE-2022-23349
- RESERVED
-CVE-2022-23348
- RESERVED
-CVE-2022-23347
- RESERVED
-CVE-2022-23346
- RESERVED
-CVE-2022-23345
- RESERVED
+CVE-2022-23350 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cros ...)
+ TODO: check
+CVE-2022-23349 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cros ...)
+ TODO: check
+CVE-2022-23348 (BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak p ...)
+ TODO: check
+CVE-2022-23347 (BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable ...)
+ TODO: check
+CVE-2022-23346 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...)
+ TODO: check
+CVE-2022-23345 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...)
+ TODO: check
CVE-2022-23344
RESERVED
CVE-2022-23343
@@ -12230,8 +12515,8 @@ CVE-2021-46392
RESERVED
CVE-2021-46391
RESERVED
-CVE-2021-46390
- RESERVED
+CVE-2021-46390 (An access control issue in the authentication module of Lexar_F35 v1.0 ...)
+ TODO: check
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
NOT-FOR-US: IIPImage High Resolution Streaming Image Server
CVE-2021-46388
@@ -14711,18 +14996,21 @@ CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerabil
CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
NOT-FOR-US: Schneider Electric
CVE-2022-22721 (If LimitXMLRequestBody is set to allow request bodies larger than 350M ...)
+ {DLA-2960-1}
- apache2 2.4.53-1
[bullseye] - apache2 <no-dsa> (Minor issue)
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721
NOTE: Fixed by: https://svn.apache.org/r1898693
CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ...)
+ {DLA-2960-1}
- apache2 2.4.53-1
[bullseye] - apache2 <no-dsa> (Minor issue)
[buster] - apache2 <no-dsa> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
NOTE: Fixed by: https://svn.apache.org/r1898692
CVE-2022-22719 (A carefully crafted request body can cause a read to a random memory a ...)
+ {DLA-2960-1}
- apache2 2.4.53-1
[bullseye] - apache2 <no-dsa> (Minor issue)
[buster] - apache2 <no-dsa> (Minor issue)
@@ -34903,8 +35191,8 @@ CVE-2021-40664
RESERVED
CVE-2021-40663
RESERVED
-CVE-2021-40662
- RESERVED
+CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...)
+ TODO: check
CVE-2021-40661
RESERVED
CVE-2021-40660
@@ -39589,8 +39877,8 @@ CVE-2021-38747
RESERVED
CVE-2021-38746
RESERVED
-CVE-2021-38745
- RESERVED
+CVE-2021-38745 (Chamilo LMS v1.11.14 was discovered to contain a zero click code injec ...)
+ TODO: check
CVE-2021-38744
RESERVED
CVE-2021-38743
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a8464da811a0e71c216f08872bd6e968ad3b3e1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a8464da811a0e71c216f08872bd6e968ad3b3e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220322/54e2a7bc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list