[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 23 20:10:32 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c4e8615f by security tracker role at 2022-03-23T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,243 @@
+CVE-2022-27782
+ RESERVED
+CVE-2022-27781
+ RESERVED
+CVE-2022-27780
+ RESERVED
+CVE-2022-27779
+ RESERVED
+CVE-2022-27778
+ RESERVED
+CVE-2022-27777
+ RESERVED
+CVE-2022-27776
+ RESERVED
+CVE-2022-27775
+ RESERVED
+CVE-2022-27774
+ RESERVED
+CVE-2022-27773
+ RESERVED
+CVE-2022-27772
+ RESERVED
+CVE-2022-27771
+ RESERVED
+CVE-2022-27770
+ RESERVED
+CVE-2022-27769
+ RESERVED
+CVE-2022-27768
+ RESERVED
+CVE-2022-27767
+ RESERVED
+CVE-2022-27766
+ RESERVED
+CVE-2022-27765
+ RESERVED
+CVE-2022-27764
+ RESERVED
+CVE-2022-27763
+ RESERVED
+CVE-2022-27762
+ RESERVED
+CVE-2022-27761
+ RESERVED
+CVE-2022-27760
+ RESERVED
+CVE-2022-27759
+ RESERVED
+CVE-2022-27758
+ RESERVED
+CVE-2022-27757
+ RESERVED
+CVE-2022-27756
+ RESERVED
+CVE-2022-27755
+ RESERVED
+CVE-2022-27754
+ RESERVED
+CVE-2022-27753
+ RESERVED
+CVE-2022-27752
+ RESERVED
+CVE-2022-27751
+ RESERVED
+CVE-2022-27750
+ RESERVED
+CVE-2022-27749
+ RESERVED
+CVE-2022-27748
+ RESERVED
+CVE-2022-27747
+ RESERVED
+CVE-2022-27746
+ RESERVED
+CVE-2022-27745
+ RESERVED
+CVE-2022-27744
+ RESERVED
+CVE-2022-27743
+ RESERVED
+CVE-2022-27742
+ RESERVED
+CVE-2022-27741
+ RESERVED
+CVE-2022-27740
+ RESERVED
+CVE-2022-27739
+ RESERVED
+CVE-2022-27738
+ RESERVED
+CVE-2022-27737
+ RESERVED
+CVE-2022-27736
+ RESERVED
+CVE-2022-27735
+ RESERVED
+CVE-2022-27734
+ RESERVED
+CVE-2022-27733
+ RESERVED
+CVE-2022-27732
+ RESERVED
+CVE-2022-27731
+ RESERVED
+CVE-2022-27730
+ RESERVED
+CVE-2022-27729
+ RESERVED
+CVE-2022-27728
+ RESERVED
+CVE-2022-27727
+ RESERVED
+CVE-2022-27726
+ RESERVED
+CVE-2022-27725
+ RESERVED
+CVE-2022-27724
+ RESERVED
+CVE-2022-27723
+ RESERVED
+CVE-2022-27722
+ RESERVED
+CVE-2022-27721
+ RESERVED
+CVE-2022-27720
+ RESERVED
+CVE-2022-27719
+ RESERVED
+CVE-2022-27718
+ RESERVED
+CVE-2022-27717
+ RESERVED
+CVE-2022-27716
+ RESERVED
+CVE-2022-27715
+ RESERVED
+CVE-2022-27714
+ RESERVED
+CVE-2022-27713
+ RESERVED
+CVE-2022-27712
+ RESERVED
+CVE-2022-27711
+ RESERVED
+CVE-2022-27710
+ RESERVED
+CVE-2022-27709
+ RESERVED
+CVE-2022-27708
+ RESERVED
+CVE-2022-27707
+ RESERVED
+CVE-2022-27706
+ RESERVED
+CVE-2022-27705
+ RESERVED
+CVE-2022-27704
+ RESERVED
+CVE-2022-27703
+ RESERVED
+CVE-2022-27702
+ RESERVED
+CVE-2022-27701
+ RESERVED
+CVE-2022-27700
+ RESERVED
+CVE-2022-27699
+ RESERVED
+CVE-2022-27698
+ RESERVED
+CVE-2022-27697
+ RESERVED
+CVE-2022-27696
+ RESERVED
+CVE-2022-27695
+ RESERVED
+CVE-2022-27694
+ RESERVED
+CVE-2022-27693
+ RESERVED
+CVE-2022-27692
+ RESERVED
+CVE-2022-27691
+ RESERVED
+CVE-2022-27690
+ RESERVED
+CVE-2022-27689
+ RESERVED
+CVE-2022-27688
+ RESERVED
+CVE-2022-27687
+ RESERVED
+CVE-2022-27686
+ RESERVED
+CVE-2022-27685
+ RESERVED
+CVE-2022-27684
+ RESERVED
+CVE-2022-27683
+ RESERVED
+CVE-2022-27682
+ RESERVED
+CVE-2022-27681
+ RESERVED
+CVE-2022-27680
+ RESERVED
+CVE-2022-27679
+ RESERVED
+CVE-2022-27678
+ RESERVED
+CVE-2022-27677
+ RESERVED
+CVE-2022-27676
+ RESERVED
+CVE-2022-27675
+ RESERVED
+CVE-2022-27674
+ RESERVED
+CVE-2022-27673
+ RESERVED
+CVE-2022-27672
+ RESERVED
+CVE-2022-27671
+ RESERVED
+CVE-2022-27670
+ RESERVED
+CVE-2022-27669
+ RESERVED
+CVE-2022-27668
+ RESERVED
+CVE-2022-27667
+ RESERVED
+CVE-2022-1059
+ RESERVED
+CVE-2022-1058
+ RESERVED
+CVE-2022-1057
+ RESERVED
+CVE-2021-46739
+ RESERVED
CVE-2022-27666 (In the Linux kernel before 5.16.15, there is a buffer overflow in ESP ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
@@ -874,8 +1114,8 @@ CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpa
NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243
CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10. ...)
NOT-FOR-US: ShowDoc
-CVE-2022-1033
- RESERVED
+CVE-2022-1033 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
+ TODO: check
CVE-2022-1032
RESERVED
CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 ...)
@@ -2515,7 +2755,7 @@ CVE-2022-0888
CVE-2022-0887
RESERVED
CVE-2022-0886 [esp: Fix possible buffer overflow in ESP transformation]
- RESERVED
+ REJECTED
- linux <unfixed>
NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
NOTE: Appears to be a duplicate assignment of CVE-2022-27666
@@ -3140,18 +3380,18 @@ CVE-2022-0864
RESERVED
CVE-2022-0863
RESERVED
-CVE-2022-0862
- RESERVED
-CVE-2022-0861
- RESERVED
+CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...)
+ TODO: check
+CVE-2022-0861 (A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orche ...)
+ TODO: check
CVE-2022-0860 (Improper Authorization in GitHub repository cobbler/cobbler prior to 3 ...)
- cobbler <removed>
-CVE-2022-0859
- RESERVED
-CVE-2022-0858
- RESERVED
-CVE-2022-0857
- RESERVED
+CVE-2022-0859 (McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 a ...)
+ TODO: check
+CVE-2022-0858 (A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolic ...)
+ TODO: check
+CVE-2022-0857 (A reflected cross-site scripting (XSS) vulnerability in McAfee Enterpr ...)
+ TODO: check
CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt, which allow ...)
- libcaca <unfixed> (unimportant)
NOTE: https://github.com/cacalabs/libcaca/issues/65
@@ -3314,8 +3554,8 @@ CVE-2022-0843
RESERVED
- firefox 98.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-0843
-CVE-2022-0842
- RESERVED
+CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orche ...)
+ TODO: check
CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0. ...)
NOT-FOR-US: ljharb/npm-lockfile
CVE-2022-0840
@@ -3646,8 +3886,8 @@ CVE-2022-26245
RESERVED
CVE-2022-26244
RESERVED
-CVE-2022-26243
- RESERVED
+CVE-2022-26243 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...)
+ TODO: check
CVE-2022-26242
RESERVED
CVE-2022-26241
@@ -6340,8 +6580,7 @@ CVE-2022-0637
RESERVED
CVE-2022-0636
RESERVED
-CVE-2022-0635 [DNAME insist with synth-from-dnssec enabled]
- RESERVED
+CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...)
- bind9 1:9.18.1-1
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -9904,8 +10143,7 @@ CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows
NOT-FOR-US: Whale browser
CVE-2022-24070
RESERVED
-CVE-2022-0396 [DoS from specifically crafted TCP packets]
- RESERVED
+CVE-2022-0396 (BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S ...)
- bind9 1:9.18.1-1
[bullseye] - bind9 1:9.16.27-1~deb11u1
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -13105,8 +13343,8 @@ CVE-2022-23244
RESERVED
CVE-2022-23243
RESERVED
-CVE-2022-23242
- RESERVED
+CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a delet ...)
+ TODO: check
CVE-2022-23241
RESERVED
CVE-2022-23240
@@ -16220,8 +16458,8 @@ CVE-2022-22318
RESERVED
CVE-2022-22317
RESERVED
-CVE-2022-22316
- RESERVED
+CVE-2022-22316 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and a ...)
+ TODO: check
CVE-2022-22315
RESERVED
CVE-2022-22314
@@ -16410,8 +16648,8 @@ CVE-2021-46066
RESERVED
CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-46064
- RESERVED
+CVE-2021-46064 (IrfanView 4.59 is vulnerable to buffer overflow via the function at ad ...)
+ TODO: check
CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...)
NOT-FOR-US: MCMS
CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...)
@@ -17563,10 +17801,10 @@ CVE-2021-45759
RESERVED
CVE-2021-45758
RESERVED
-CVE-2021-45757
- RESERVED
-CVE-2021-45756
- RESERVED
+CVE-2021-45757 (ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in ...)
+ TODO: check
+CVE-2021-45756 (Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.8207 ...)
+ TODO: check
CVE-2021-45755
RESERVED
CVE-2021-45754
@@ -21246,8 +21484,8 @@ CVE-2021-23170
RESERVED
CVE-2021-23148
RESERVED
-CVE-2021-44759
- RESERVED
+CVE-2021-44759 (Improper Authentication vulnerability in TLS origin validation of Apac ...)
+ TODO: check
CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...)
NOT-FOR-US: McAfee
CVE-2021-4087
@@ -23171,8 +23409,8 @@ CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malici
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911
CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...)
- jspwiki <removed>
-CVE-2021-44139
- RESERVED
+CVE-2021-44139 (Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). ...)
+ TODO: check
CVE-2021-44138
RESERVED
CVE-2021-44137
@@ -23480,8 +23718,8 @@ CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During W
NOT-FOR-US: kimai2
CVE-2022-21742
RESERVED
-CVE-2021-44040
- RESERVED
+CVE-2021-44040 (Improper Input Validation vulnerability in request line parsing of Apa ...)
+ TODO: check
CVE-2021-44039
RESERVED
CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...)
@@ -25439,14 +25677,14 @@ CVE-2021-43740
RESERVED
CVE-2021-43739
RESERVED
-CVE-2021-43738
- RESERVED
-CVE-2021-43737
- RESERVED
-CVE-2021-43736
- RESERVED
-CVE-2021-43735
- RESERVED
+CVE-2021-43738 (An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF v ...)
+ TODO: check
+CVE-2021-43737 (An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF v ...)
+ TODO: check
+CVE-2021-43736 (CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnera ...)
+ TODO: check
+CVE-2021-43735 (CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behav ...)
+ TODO: check
CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...)
NOT-FOR-US: kkFileview
CVE-2021-43733
@@ -39955,8 +40193,8 @@ CVE-2021-38774
RESERVED
CVE-2021-38773
RESERVED
-CVE-2021-38772
- RESERVED
+CVE-2021-38772 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...)
+ TODO: check
CVE-2021-38771
RESERVED
CVE-2021-38770
@@ -41213,8 +41451,8 @@ CVE-2021-38280
RESERVED
CVE-2021-38279
RESERVED
-CVE-2021-38278
- RESERVED
+CVE-2021-38278 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...)
+ TODO: check
CVE-2021-38277
RESERVED
CVE-2021-38276
@@ -74347,8 +74585,7 @@ CVE-2021-25222
RESERVED
CVE-2021-25221
RESERVED
-CVE-2021-25220 [DNS forwarders - cache poisoning vulnerability]
- RESERVED
+CVE-2021-25220 (BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIN ...)
{DSA-5105-1 DLA-2955-1}
- bind9 1:9.18.1-1
NOTE: https://kb.isc.org/docs/cve-2021-25220
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e8615f9f0abb444ed954b6726176cefe156245
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4e8615f9f0abb444ed954b6726176cefe156245
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220323/553a02de/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list