[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 24 20:10:29 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c94b874 by security tracker role at 2022-03-24T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-27863
+	RESERVED
+CVE-2022-27862
+	RESERVED
+CVE-2022-27861
+	RESERVED
+CVE-2022-27860
+	RESERVED
+CVE-2022-27859
+	RESERVED
+CVE-2022-27858
+	RESERVED
+CVE-2022-27857
+	RESERVED
+CVE-2022-27856
+	RESERVED
+CVE-2022-27855
+	RESERVED
+CVE-2022-27854
+	RESERVED
+CVE-2022-27853
+	RESERVED
+CVE-2022-27852
+	RESERVED
+CVE-2022-27851
+	RESERVED
+CVE-2022-27850
+	RESERVED
+CVE-2022-27849
+	RESERVED
+CVE-2022-27848
+	RESERVED
+CVE-2022-27847
+	RESERVED
+CVE-2022-27846
+	RESERVED
+CVE-2022-27845
+	RESERVED
+CVE-2022-27844
+	RESERVED
+CVE-2022-1066
+	RESERVED
+CVE-2022-1065
+	RESERVED
+CVE-2022-1064
+	RESERVED
+CVE-2022-1063
+	RESERVED
+CVE-2022-1062
+	RESERVED
+CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...)
+	TODO: check
 CVE-2022-XXXX [zlib memory corruption on deflate]
 	- zlib <unfixed>
 	NOTE: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
@@ -361,8 +413,8 @@ CVE-2022-27667
 	RESERVED
 CVE-2022-1059
 	RESERVED
-CVE-2022-1058
-	RESERVED
+CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...)
+	TODO: check
 CVE-2022-1057
 	RESERVED
 CVE-2021-46739
@@ -436,8 +488,8 @@ CVE-2022-1054
 	RESERVED
 CVE-2022-1053
 	RESERVED
-CVE-2022-1052
-	RESERVED
+CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...)
+	TODO: check
 CVE-2022-1051
 	RESERVED
 CVE-2022-1050
@@ -1715,8 +1767,8 @@ CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc p
 	NOT-FOR-US: ShowDoc
 CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior  ...)
 	NOT-FOR-US: ShowDoc
-CVE-2022-0955
-	RESERVED
+CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data- ...)
+	TODO: check
 CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's O ...)
 	NOT-FOR-US: microweber
 CVE-2022-0953
@@ -2425,6 +2477,7 @@ CVE-2022-26852
 CVE-2022-26851
 	RESERVED
 CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers t ...)
+	{DSA-5108-1}
 	- tiff 4.3.0-6
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/278
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/311
@@ -2609,15 +2662,18 @@ CVE-2022-25905
 CVE-2022-0910
 	RESERVED
 CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to  ...)
+	{DSA-5108-1}
 	- tiff 4.3.0-6
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/393
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/310
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/32ea0722ee68f503b7a3f9b2d557acb293fc8cde
 CVE-2022-0908 (Null source pointer passed as an argument to memcpy() function within  ...)
+	{DSA-5108-1}
 	- tiff 4.3.0-6
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/383
 CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libt ...)
+	{DSA-5108-1}
 	- tiff 4.3.0-6
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/392
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314
@@ -2671,6 +2727,7 @@ CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network destina
 CVE-2022-26777
 	RESERVED
 CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in tiffcrop.c i ...)
+	{DSA-5108-1}
 	- tiff 4.3.0-6
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/380
@@ -3012,8 +3069,8 @@ CVE-2022-26631
 	RESERVED
 CVE-2022-26630
 	RESERVED
-CVE-2022-26629
-	RESERVED
+CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...)
+	TODO: check
 CVE-2022-26628
 	RESERVED
 CVE-2022-26627
@@ -3357,6 +3414,7 @@ CVE-2022-0867
 CVE-2022-0866
 	RESERVED
 CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cau ...)
+	{DSA-5108-1}
 	- tiff 4.3.0-5
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/385
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/306
@@ -5820,8 +5878,8 @@ CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with acc
 	NOT-FOR-US: Passwordstate
 CVE-2022-25569
 	RESERVED
-CVE-2022-25568
-	RESERVED
+CVE-2022-25568 (MotionEye v0.42.1 and below allows attackers to access sensitive infor ...)
+	TODO: check
 CVE-2022-25567
 	RESERVED
 CVE-2022-25566 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...)
@@ -8215,12 +8273,12 @@ CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when c
 	NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided
 	NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh
 CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within  ...)
-	{DLA-2932-1}
+	{DSA-5108-1 DLA-2932-1}
 	- tiff 4.3.0-4
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
 CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within  ...)
-	{DLA-2932-1}
+	{DSA-5108-1 DLA-2932-1}
 	- tiff 4.3.0-4
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
@@ -8264,10 +8322,10 @@ CVE-2022-24698
 	RESERVED
 CVE-2022-24697
 	RESERVED
-CVE-2022-0551
-	RESERVED
-CVE-2022-0550
-	RESERVED
+CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in Nozo ...)
+	TODO: check
+CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upload i ...)
+	TODO: check
 CVE-2022-0549
 	RESERVED
 	[experimental] - gitlab 14.6.5+ds1-1
@@ -11790,8 +11848,8 @@ CVE-2022-0317 (An improper input validation vulnerability in go-attestation befo
 	NOT-FOR-US: go-attestation
 CVE-2022-0316
 	RESERVED
-CVE-2022-0315
-	RESERVED
+CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod prior to  ...)
+	TODO: check
 CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-23778
@@ -14962,7 +15020,7 @@ CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify tha
 CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...)
 	NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER
 CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...)
-	{DLA-2932-1}
+	{DSA-5108-1 DLA-2932-1}
 	- tiff 4.3.0-3
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
@@ -15411,8 +15469,8 @@ CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 	NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
 CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
-CVE-2022-0153
-	RESERVED
+CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. ...)
+	TODO: check
 CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -15427,8 +15485,8 @@ CVE-2022-0147 (The Cookie Information | Free GDPR Consent Solution WordPress plu
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0146
 	RESERVED
-CVE-2022-0145
-	RESERVED
+CVE-2022-0145 (Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkc ...)
+	TODO: check
 CVE-2021-46162 (A vulnerability has been identified in Simcenter Femap (All versions & ...)
 	NOT-FOR-US: Siemens
 CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
@@ -16480,8 +16538,8 @@ CVE-2022-22376
 	RESERVED
 CVE-2022-22375
 	RESERVED
-CVE-2022-22374
-	RESERVED
+CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subj ...)
+	TODO: check
 CVE-2022-22373
 	RESERVED
 CVE-2022-22372
@@ -21437,8 +21495,8 @@ CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, wh
 	NOT-FOR-US: NVIDIA
 CVE-2022-21821
 	RESERVED
-CVE-2022-21820
-	RESERVED
+CVE-2022-21820 (NVIDIA DCGM contains a vulnerability in nvhostengine, where a network  ...)
+	TODO: check
 CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an  ...)
 	NOT-FOR-US: NVIDIA
 CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
@@ -25880,8 +25938,8 @@ CVE-2021-43702
 	RESERVED
 CVE-2021-43701
 	RESERVED
-CVE-2021-43700
-	RESERVED
+CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...)
+	TODO: check
 CVE-2021-43699
 	RESERVED
 CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...)
@@ -25949,8 +26007,8 @@ CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receivi
 	NOTE: https://github.com/ethereum/go-ethereum/issues/23866
 CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...)
 	NOT-FOR-US: HyperLedger
-CVE-2021-43666
-	RESERVED
+CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier ...)
+	TODO: check
 CVE-2021-43665
 	RESERVED
 CVE-2021-43664
@@ -25963,8 +26021,8 @@ CVE-2021-43661
 	RESERVED
 CVE-2021-43660
 	RESERVED
-CVE-2021-43659
-	RESERVED
+CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar, any file c ...)
+	TODO: check
 CVE-2021-43658
 	RESERVED
 CVE-2021-43657
@@ -28512,10 +28570,10 @@ CVE-2021-43087
 	RESERVED
 CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compressi ...)
 	NOT-FOR-US: ARM astcenc
-CVE-2021-43085
-	RESERVED
-CVE-2021-43084
-	RESERVED
+CVE-2021-43085 (An Insecure Permissions vulnerability exists in the OpenSSL Project 3. ...)
+	TODO: check
+CVE-2021-43084 (An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tab ...)
+	TODO: check
 CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
 	NOT-FOR-US: bookstack
 CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
@@ -38577,8 +38635,8 @@ CVE-2021-39493
 	RESERVED
 CVE-2021-39492
 	RESERVED
-CVE-2021-39491
-	RESERVED
+CVE-2021-39491 (A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgi ...)
+	TODO: check
 CVE-2021-39490
 	RESERVED
 CVE-2021-39489



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c94b874f7f615a6d69c9f1740c3c2e3a33a4059

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c94b874f7f615a6d69c9f1740c3c2e3a33a4059
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220324/4f0c8911/attachment.htm>

More information about the debian-security-tracker-commits mailing list