[Git][security-tracker-team/security-tracker][master] automatic update

Sun Mar 27 21:10:29 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64407bfb by security tracker role at 2022-03-27T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-27949
+	RESERVED
+CVE-2022-27948 (Certain Tesla vehicles through 2022-03-26 allow attackers to open the  ...)
+	TODO: check
 CVE-2022-1110
 	RESERVED
 CVE-2022-1109
@@ -54,8 +58,8 @@ CVE-2022-27929
 	RESERVED
 CVE-2022-27928
 	RESERVED
-CVE-2022-1106
-	RESERVED
+CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby prior t ...)
+	TODO: check
 CVE-2022-1105
 	RESERVED
 CVE-2022-1104
@@ -3393,8 +3397,8 @@ CVE-2022-26622
 	RESERVED
 CVE-2022-26621
 	RESERVED
-CVE-2022-26620 (Akeo Consulting Rufus Executable 3.17.1846 and Rufus Portable Executab ...)
-	TODO: check
+CVE-2022-26620
+	REJECTED
 CVE-2022-26619
 	RESERVED
 CVE-2022-26618
@@ -4361,12 +4365,12 @@ CVE-2022-26256
 	RESERVED
 CVE-2022-26255
 	RESERVED
-CVE-2022-26254
-	RESERVED
+CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovere ...)
+	TODO: check
 CVE-2022-26253
 	RESERVED
-CVE-2022-26252
-	RESERVED
+CVE-2022-26252 (aaPanel v6.8.21 was discovered to be vulnerable to directory traversal ...)
+	TODO: check
 CVE-2022-26251
 	RESERVED
 CVE-2022-26250
@@ -4379,8 +4383,8 @@ CVE-2022-26247 (TMS v2.28.0 contains an insecure permissions vulnerability via t
 	NOT-FOR-US: TMS
 CVE-2022-26246 (TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vul ...)
 	NOT-FOR-US: TMS
-CVE-2022-26245
-	RESERVED
+CVE-2022-26245 (Falcon-plus v0.3 was discovered to contain a SQL injection vulnerabili ...)
+	TODO: check
 CVE-2022-26244
 	RESERVED
 CVE-2022-26243 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...)
@@ -4469,8 +4473,8 @@ CVE-2022-26202
 	RESERVED
 CVE-2022-26201 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
 	NOT-FOR-US: Victor CMS
-CVE-2022-26200 (Technitium Installer v4.4 was discovered to allow attackers to execute ...)
-	TODO: check
+CVE-2022-26200
+	REJECTED
 CVE-2022-26199
 	RESERVED
 CVE-2022-26198 (Notable v1.8.4 does not filter text editing, allowing attackers to exe ...)
@@ -56770,17 +56774,17 @@ CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer
 CVE-2021-32279
 	RESERVED
 CVE-2021-32278 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
-	{DLA-2792-1}
+	{DSA-5109-1 DLA-2792-1}
 	- faad2 2.10.0-1
 	NOTE: https://github.com/knik0/faad2/issues/62
 	NOTE: https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e (2_10_0)
 CVE-2021-32277 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
-	{DLA-2792-1}
+	{DSA-5109-1 DLA-2792-1}
 	- faad2 2.10.0-1
 	NOTE: https://github.com/knik0/faad2/issues/59
 	NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0)
 CVE-2021-32276 (An issue was discovered in faad2 through 2.10.0. A NULL pointer derefe ...)
-	{DLA-2792-1}
+	{DSA-5109-1 DLA-2792-1}
 	- faad2 2.10.0-1
 	NOTE: https://github.com/knik0/faad2/issues/58
 	NOTE: https://github.com/knik0/faad2/commit/b58840121d1827b4b6c7617e2431589af1776ddc (2_10_0)
@@ -56789,16 +56793,18 @@ CVE-2021-32275 (An issue was discovered in faust through v2.30.5. A NULL pointer
 	NOTE: https://github.com/grame-cncm/faust/issues/482
 	NOTE: Negligible security impact
 CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
-	{DLA-2792-1}
+	{DSA-5109-1 DLA-2792-1}
 	- faad2 2.10.0-1
 	NOTE: https://github.com/knik0/faad2/issues/60
 	NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0)
 CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...)
+	{DSA-5109-1}
 	- faad2 2.10.0-1
 	[stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2)
 	NOTE: https://github.com/knik0/faad2/issues/56
 	NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0)
 CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...)
+	{DSA-5109-1}
 	- faad2 2.10.0-1
 	[stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2)
 	NOTE: https://github.com/knik0/faad2/issues/57
@@ -207957,7 +207963,7 @@ CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Vi
 CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
 	NOT-FOR-US: Bosch
 CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
-	{DLA-2792-1 DLA-1899-1}
+	{DSA-5109-1 DLA-2792-1 DLA-1899-1}
 	- faad2 2.8.8-3.1 (bug #914641)
 	NOTE: https://sourceforge.net/p/faac/bugs/240/
 	NOTE: https://github.com/knik0/faad2/issues/39
@@ -217449,7 +217455,7 @@ CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_a
 	NOTE: https://github.com/knik0/faad2/issues/30
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...)
-	{DLA-2792-1 DLA-1899-1}
+	{DSA-5109-1 DLA-2792-1 DLA-1899-1}
 	- faad2 2.8.8-3.1 (low)
 	NOTE: https://github.com/knik0/faad2/issues/32
 	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
@@ -218054,7 +218060,7 @@ CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12
 	NOTE: https://github.com/square/okhttp/issues/4967
 	NOTE: No practicable security imapacting relevance
 CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
-	{DLA-2792-1 DLA-1899-1}
+	{DSA-5109-1 DLA-2792-1 DLA-1899-1}
 	- faad2 2.8.8-3.1 (low)
 	NOTE: https://github.com/knik0/faad2/issues/24
 	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
@@ -218071,7 +218077,7 @@ CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of
 	NOTE: very similar to CVE-2018-20194, same fix:
 	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
 CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
-	{DLA-1899-1}
+	{DSA-5109-1 DLA-1899-1}
 	- faad2 2.8.8-3.1 (low)
 	[stretch] - faad2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/knik0/faad2/issues/19



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64407bfb396700f8227e5c47a1f768f268e5981c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64407bfb396700f8227e5c47a1f768f268e5981c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220327/22306cee/attachment.htm>
