[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 26 08:10:23 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e54423dd by security tracker role at 2022-03-26T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,107 @@
-CVE-2022-27887
+CVE-2022-27927
RESERVED
-CVE-2022-27886
+CVE-2022-27926
RESERVED
-CVE-2022-27885
+CVE-2022-27925
RESERVED
-CVE-2022-27884
+CVE-2022-27924
RESERVED
+CVE-2022-27923
+ RESERVED
+CVE-2022-27922
+ RESERVED
+CVE-2022-27921
+ RESERVED
+CVE-2022-27920 (libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functi ...)
+ TODO: check
+CVE-2022-27919 (Gradle Enterprise before 2022.1 allows remote code execution if the in ...)
+ TODO: check
+CVE-2022-27918
+ RESERVED
+CVE-2022-27917
+ RESERVED
+CVE-2022-27916
+ RESERVED
+CVE-2022-27915
+ RESERVED
+CVE-2022-27914
+ RESERVED
+CVE-2022-27913
+ RESERVED
+CVE-2022-27912
+ RESERVED
+CVE-2022-27911
+ RESERVED
+CVE-2022-27910
+ RESERVED
+CVE-2022-27909
+ RESERVED
+CVE-2022-27908
+ RESERVED
+CVE-2022-27907
+ RESERVED
+CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To ...)
+ TODO: check
+CVE-2022-27905
+ RESERVED
+CVE-2022-27904
+ RESERVED
+CVE-2022-27903
+ RESERVED
+CVE-2022-27902
+ RESERVED
+CVE-2022-27901
+ RESERVED
+CVE-2022-27900
+ RESERVED
+CVE-2022-27899
+ RESERVED
+CVE-2022-27898
+ RESERVED
+CVE-2022-27897
+ RESERVED
+CVE-2022-27896
+ RESERVED
+CVE-2022-27895
+ RESERVED
+CVE-2022-27894
+ RESERVED
+CVE-2022-27893
+ RESERVED
+CVE-2022-27892
+ RESERVED
+CVE-2022-27891
+ RESERVED
+CVE-2022-27890
+ RESERVED
+CVE-2022-27889
+ RESERVED
+CVE-2022-27888
+ RESERVED
+CVE-2022-1102
+ RESERVED
+CVE-2022-1101
+ RESERVED
+CVE-2022-1100
+ RESERVED
+CVE-2022-1099
+ RESERVED
+CVE-2022-1098
+ RESERVED
+CVE-2021-46742
+ RESERVED
+CVE-2021-46741
+ RESERVED
+CVE-2021-46740
+ RESERVED
+CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site scripting ...)
+ TODO: check
+CVE-2022-27886 (Maccms v10 was discovered to contain a reflected cross-site scripting ...)
+ TODO: check
+CVE-2022-27885 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...)
+ TODO: check
+CVE-2022-27884 (Maccms v10 was discovered to contain a reflected cross-site scripting ...)
+ TODO: check
CVE-2022-27883
RESERVED
CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedn ...)
@@ -98,8 +194,8 @@ CVE-2022-27494
RESERVED
CVE-2022-26423
RESERVED
-CVE-2022-1071
- RESERVED
+CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...)
+ TODO: check
CVE-2022-1070
RESERVED
CVE-2022-1069
@@ -3130,8 +3226,8 @@ CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Serv
NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
CVE-2022-26660 (RunAsSpc 4.0 uses a universal and recoverable encryption key. In posse ...)
NOT-FOR-US: RunAsSpc
-CVE-2022-26659
- RESERVED
+CVE-2022-26659 (Docker Desktop installer on Windows in versions before 4.6.0 allows an ...)
+ TODO: check
CVE-2022-26658
RESERVED
CVE-2022-26657
@@ -3306,8 +3402,8 @@ CVE-2022-26575
RESERVED
CVE-2022-26574
RESERVED
-CVE-2022-26573
- RESERVED
+CVE-2022-26573 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...)
+ TODO: check
CVE-2022-26572
RESERVED
CVE-2022-26571
@@ -4294,8 +4390,8 @@ CVE-2022-26199
RESERVED
CVE-2022-26198
RESERVED
-CVE-2022-26197
- RESERVED
+CVE-2022-26197 (Joget DX 7 was discovered to contain a cross-site scripting (XSS) vuln ...)
+ TODO: check
CVE-2022-26196
RESERVED
CVE-2022-26195
@@ -5965,8 +6061,8 @@ CVE-2022-25592
RESERVED
CVE-2022-25591
RESERVED
-CVE-2022-25590
- RESERVED
+CVE-2022-25590 (SurveyKing v0.2.0 was discovered to retain users' session cookies afte ...)
+ TODO: check
CVE-2022-25589
RESERVED
CVE-2022-25588
@@ -6099,8 +6195,8 @@ CVE-2022-25525
RESERVED
CVE-2022-25524
RESERVED
-CVE-2022-25523
- RESERVED
+CVE-2022-25523 (TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
CVE-2022-25522
RESERVED
CVE-2022-25521
@@ -8172,10 +8268,10 @@ CVE-2022-24786
RESERVED
CVE-2022-24785
RESERVED
-CVE-2022-24784
- RESERVED
-CVE-2022-24783
- RESERVED
+CVE-2022-24784 (Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and ...)
+ TODO: check
+CVE-2022-24783 (Deno is a runtime for JavaScript and TypeScript. The versions of Deno ...)
+ TODO: check
CVE-2022-24782 (Discourse is an open source discussion platform. Versions 2.8.2 and pr ...)
NOT-FOR-US: Discourse
CVE-2022-24781 (Geon is a board game based on solving questions about the Pythagorean ...)
@@ -8719,8 +8815,8 @@ CVE-2022-24645
RESERVED
CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code e ...)
NOT-FOR-US: KeyMouse
-CVE-2022-24643
- RESERVED
+CVE-2022-24643 (A stored cross-site scripting (XSS) issue was discovered in the OpenEM ...)
+ TODO: check
CVE-2022-24642
RESERVED
CVE-2022-24641
@@ -14487,8 +14583,8 @@ CVE-2022-22997
RESERVED
CVE-2022-22996
RESERVED
-CVE-2022-22995
- RESERVED
+CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default ...)
+ TODO: check
CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...)
NOT-FOR-US: Western Digital
CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...)
@@ -17534,8 +17630,8 @@ CVE-2022-22276
RESERVED
CVE-2022-22275
RESERVED
-CVE-2022-22274
- RESERVED
+CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via HTTP re ...)
+ TODO: check
CVE-2022-22273 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Ele ...)
NOT-FOR-US: Sonicwall
CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...)
@@ -21299,8 +21395,8 @@ CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via fil
NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
NOTE: The initial fix for prototype pollution (cf. SNYK-JS-MINIMIST-559764) in setKey()
NOTE: was insufficient.
-CVE-2021-44905
- RESERVED
+CVE-2021-44905 (Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD ...)
+ TODO: check
CVE-2021-44904
RESERVED
CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable ...)
@@ -22080,8 +22176,8 @@ CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches
NOT-FOR-US: git-it
CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...)
NOT-FOR-US: naholyr github-todos
-CVE-2021-44683
- RESERVED
+CVE-2021-44683 (The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due t ...)
+ TODO: check
CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
@@ -35319,12 +35415,12 @@ CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purch
NOT-FOR-US: Sourcecodester
CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-40906
- RESERVED
-CVE-2021-40905
- RESERVED
-CVE-2021-40904
- RESERVED
+CVE-2021-40906 (CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not saniti ...)
+ TODO: check
+CVE-2021-40905 (The web management console of CheckMK Enterprise Edition (versions 1.5 ...)
+ TODO: check
+CVE-2021-40904 (The web management console of CheckMK Raw Edition (versions 1.5.0 to 1 ...)
+ TODO: check
CVE-2021-40903
RESERVED
CVE-2021-40902
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54423dd4e1691db894355c2c70e950e41802509
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54423dd4e1691db894355c2c70e950e41802509
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220326/ea356e34/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list