[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 22 20:10:25 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
417749a0 by security tracker role at 2022-03-22T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2022-27653
+ RESERVED
+CVE-2022-27652
+ RESERVED
+CVE-2022-27651
+ RESERVED
+CVE-2022-27650
+ RESERVED
+CVE-2022-27649
+ RESERVED
+CVE-2022-27648
+ RESERVED
+CVE-2022-27647
+ RESERVED
+CVE-2022-27646
+ RESERVED
+CVE-2022-27645
+ RESERVED
+CVE-2022-27644
+ RESERVED
+CVE-2022-27643
+ RESERVED
+CVE-2022-27642
+ RESERVED
+CVE-2022-27641
+ RESERVED
+CVE-2022-27640
+ RESERVED
+CVE-2022-1055
+ RESERVED
+CVE-2022-1054
+ RESERVED
+CVE-2022-1053
+ RESERVED
+CVE-2022-1052
+ RESERVED
+CVE-2022-1051
+ RESERVED
+CVE-2022-1050
+ RESERVED
+CVE-2022-1049
+ RESERVED
+CVE-2022-1048
+ RESERVED
+CVE-2022-1047
+ RESERVED
+CVE-2022-1046
+ RESERVED
+CVE-2022-1045
+ RESERVED
+CVE-2022-1044
+ RESERVED
+CVE-2022-1043
+ RESERVED
+CVE-2022-1042
+ RESERVED
+CVE-2022-1041
+ RESERVED
CVE-2022-27635
RESERVED
CVE-2022-27626
@@ -768,14 +826,14 @@ CVE-2022-25959
RESERVED
CVE-2022-1037
RESERVED
-CVE-2022-1036
- RESERVED
+CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...)
+ TODO: check
CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
- gpac <unfixed>
NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243
-CVE-2022-1034
- RESERVED
+CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10. ...)
+ TODO: check
CVE-2022-1033
RESERVED
CVE-2022-1032
@@ -907,8 +965,8 @@ CVE-2022-1001
RESERVED
CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...)
TODO: check
-CVE-2022-27228
- RESERVED
+CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...)
+ TODO: check
CVE-2022-27227
RESERVED
CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 ...)
@@ -3143,7 +3201,7 @@ CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-ligh
NOT-FOR-US: pytorchlightning
CVE-2022-26387
RESERVED
- {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -3152,7 +3210,7 @@ CVE-2022-26387
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387
CVE-2022-26386
RESERVED
- {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386
@@ -3163,7 +3221,7 @@ CVE-2022-26385
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385
CVE-2022-26384
RESERVED
- {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -3172,7 +3230,7 @@ CVE-2022-26384
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384
CVE-2022-26383
RESERVED
- {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -3185,7 +3243,7 @@ CVE-2022-26382
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382
CVE-2022-26381
RESERVED
- {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -3508,8 +3566,8 @@ CVE-2022-26262
RESERVED
CVE-2022-26261
RESERVED
-CVE-2022-26260
- RESERVED
+CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollution vu ...)
+ TODO: check
CVE-2022-26259
RESERVED
CVE-2022-26258
@@ -5435,8 +5493,8 @@ CVE-2022-25519
RESERVED
CVE-2022-25518
RESERVED
-CVE-2022-25517
- RESERVED
+CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...)
+ TODO: check
CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...)
- libstb <unfixed> (unimportant)
NOTE: https://github.com/nothings/stb/issues/1287
@@ -5513,8 +5571,8 @@ CVE-2022-25486 (CuppaCMS v1.0 was discovered to contain a local file inclusion v
NOT-FOR-US: CuppaCMS
CVE-2022-25485 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...)
NOT-FOR-US: CuppaCMS
-CVE-2022-25484
- RESERVED
+CVE-2022-25484 (tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in pac ...)
+ TODO: check
CVE-2022-25483
RESERVED
CVE-2022-25482
@@ -6008,8 +6066,7 @@ CVE-2022-0669
RESERVED
CVE-2022-0668
RESERVED
-CVE-2022-0667 [Assertion failure on delayed DS lookup]
- RESERVED
+CVE-2022-0667 (When the vulnerability is triggered the BIND process will exit. BIND 9 ...)
- bind9 1:9.18.1-1
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -7505,8 +7562,8 @@ CVE-2022-24776
RESERVED
CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...)
TODO: check
-CVE-2022-24774
- RESERVED
+CVE-2022-24774 (CycloneDX BOM Repository Server is a bill of materials (BOM) repositor ...)
+ TODO: check
CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
- node-node-forge <unfixed>
NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr
@@ -7533,8 +7590,8 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
NOTE: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b (v8.0.0)
CVE-2022-24765
RESERVED
-CVE-2022-24764
- RESERVED
+CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-24763
RESERVED
CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...)
@@ -17322,10 +17379,10 @@ CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross
NOT-FOR-US: NUUO Network Video Recorder NVRsolo
CVE-2021-45811
RESERVED
-CVE-2021-45810
- RESERVED
-CVE-2021-45809
- RESERVED
+CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by incorre ...)
+ TODO: check
+CVE-2021-45809 (Multiple versions of GlobalProtect-openconnect are affected by incorre ...)
+ TODO: check
CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...)
NOT-FOR-US: jpress
CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
@@ -23657,8 +23714,8 @@ CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior t
CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-21718
- RESERVED
+CVE-2022-21718 (Electron is a framework for writing cross-platform desktop application ...)
+ TODO: check
CVE-2022-21717
RESERVED
CVE-2022-21716 (Twisted is an event-based framework for internet applications, support ...)
@@ -25485,8 +25542,8 @@ CVE-2021-43652
RESERVED
CVE-2021-43651
RESERVED
-CVE-2021-43650
- RESERVED
+CVE-2021-43650 (WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter u ...)
+ TODO: check
CVE-2021-43649
RESERVED
CVE-2021-43648
@@ -32580,8 +32637,8 @@ CVE-2021-41738
RESERVED
CVE-2021-41737
RESERVED
-CVE-2021-41736
- RESERVED
+CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the ...)
+ TODO: check
CVE-2021-41735
RESERVED
CVE-2021-41734
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417749a0f807da4765c58771cbea12df5cd365b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417749a0f807da4765c58771cbea12df5cd365b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220322/3e55b854/attachment.htm>
More information about the debian-security-tracker-commits
mailing list