[Git][security-tracker-team/security-tracker][master] automatic update

Mon Mar 28 09:10:25 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d577817 by security tracker role at 2022-03-28T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,354 @@
-CVE-2022-27950 [HID: elo: fix memory leak in elo_probe]
+CVE-2022-28125
+	RESERVED
+CVE-2022-28124
+	RESERVED
+CVE-2022-28123
+	RESERVED
+CVE-2022-28122
+	RESERVED
+CVE-2022-28121
+	RESERVED
+CVE-2022-28120
+	RESERVED
+CVE-2022-28119
+	RESERVED
+CVE-2022-28118
+	RESERVED
+CVE-2022-28117
+	RESERVED
+CVE-2022-28116
+	RESERVED
+CVE-2022-28115
+	RESERVED
+CVE-2022-28114
+	RESERVED
+CVE-2022-28113
+	RESERVED
+CVE-2022-28112
+	RESERVED
+CVE-2022-28111
+	RESERVED
+CVE-2022-28110
+	RESERVED
+CVE-2022-28109
+	RESERVED
+CVE-2022-28108
+	RESERVED
+CVE-2022-28107
+	RESERVED
+CVE-2022-28106
+	RESERVED
+CVE-2022-28105
+	RESERVED
+CVE-2022-28104
+	RESERVED
+CVE-2022-28103
+	RESERVED
+CVE-2022-28102
+	RESERVED
+CVE-2022-28101
+	RESERVED
+CVE-2022-28100
+	RESERVED
+CVE-2022-28099
+	RESERVED
+CVE-2022-28098
+	RESERVED
+CVE-2022-28097
+	RESERVED
+CVE-2022-28096
+	RESERVED
+CVE-2022-28095
+	RESERVED
+CVE-2022-28094
+	RESERVED
+CVE-2022-28093
+	RESERVED
+CVE-2022-28092
+	RESERVED
+CVE-2022-28091
+	RESERVED
+CVE-2022-28090
+	RESERVED
+CVE-2022-28089
+	RESERVED
+CVE-2022-28088
+	RESERVED
+CVE-2022-28087
+	RESERVED
+CVE-2022-28086
+	RESERVED
+CVE-2022-28085
+	RESERVED
+CVE-2022-28084
+	RESERVED
+CVE-2022-28083
+	RESERVED
+CVE-2022-28082
+	RESERVED
+CVE-2022-28081
+	RESERVED
+CVE-2022-28080
+	RESERVED
+CVE-2022-28079
+	RESERVED
+CVE-2022-28078
+	RESERVED
+CVE-2022-28077
+	RESERVED
+CVE-2022-28076
+	RESERVED
+CVE-2022-28075
+	RESERVED
+CVE-2022-28074
+	RESERVED
+CVE-2022-28073
+	RESERVED
+CVE-2022-28072
+	RESERVED
+CVE-2022-28071
+	RESERVED
+CVE-2022-28070
+	RESERVED
+CVE-2022-28069
+	RESERVED
+CVE-2022-28068
+	RESERVED
+CVE-2022-28067
+	RESERVED
+CVE-2022-28066
+	RESERVED
+CVE-2022-28065
+	RESERVED
+CVE-2022-28064
+	RESERVED
+CVE-2022-28063
+	RESERVED
+CVE-2022-28062
+	RESERVED
+CVE-2022-28061
+	RESERVED
+CVE-2022-28060
+	RESERVED
+CVE-2022-28059
+	RESERVED
+CVE-2022-28058
+	RESERVED
+CVE-2022-28057
+	RESERVED
+CVE-2022-28056
+	RESERVED
+CVE-2022-28055
+	RESERVED
+CVE-2022-28054
+	RESERVED
+CVE-2022-28053
+	RESERVED
+CVE-2022-28052
+	RESERVED
+CVE-2022-28051
+	RESERVED
+CVE-2022-28050
+	RESERVED
+CVE-2022-28049
+	RESERVED
+CVE-2022-28048
+	RESERVED
+CVE-2022-28047
+	RESERVED
+CVE-2022-28046
+	RESERVED
+CVE-2022-28045
+	RESERVED
+CVE-2022-28044
+	RESERVED
+CVE-2022-28043
+	RESERVED
+CVE-2022-28042
+	RESERVED
+CVE-2022-28041
+	RESERVED
+CVE-2022-28040
+	RESERVED
+CVE-2022-28039
+	RESERVED
+CVE-2022-28038
+	RESERVED
+CVE-2022-28037
+	RESERVED
+CVE-2022-28036
+	RESERVED
+CVE-2022-28035
+	RESERVED
+CVE-2022-28034
+	RESERVED
+CVE-2022-28033
+	RESERVED
+CVE-2022-28032
+	RESERVED
+CVE-2022-28031
+	RESERVED
+CVE-2022-28030
+	RESERVED
+CVE-2022-28029
+	RESERVED
+CVE-2022-28028
+	RESERVED
+CVE-2022-28027
+	RESERVED
+CVE-2022-28026
+	RESERVED
+CVE-2022-28025
+	RESERVED
+CVE-2022-28024
+	RESERVED
+CVE-2022-28023
+	RESERVED
+CVE-2022-28022
+	RESERVED
+CVE-2022-28021
+	RESERVED
+CVE-2022-28020
+	RESERVED
+CVE-2022-28019
+	RESERVED
+CVE-2022-28018
+	RESERVED
+CVE-2022-28017
+	RESERVED
+CVE-2022-28016
+	RESERVED
+CVE-2022-28015
+	RESERVED
+CVE-2022-28014
+	RESERVED
+CVE-2022-28013
+	RESERVED
+CVE-2022-28012
+	RESERVED
+CVE-2022-28011
+	RESERVED
+CVE-2022-28010
+	RESERVED
+CVE-2022-28009
+	RESERVED
+CVE-2022-28008
+	RESERVED
+CVE-2022-28007
+	RESERVED
+CVE-2022-28006
+	RESERVED
+CVE-2022-28005
+	RESERVED
+CVE-2022-28004
+	RESERVED
+CVE-2022-28003
+	RESERVED
+CVE-2022-28002
+	RESERVED
+CVE-2022-28001
+	RESERVED
+CVE-2022-28000
+	RESERVED
+CVE-2022-27999
+	RESERVED
+CVE-2022-27998
+	RESERVED
+CVE-2022-27997
+	RESERVED
+CVE-2022-27996
+	RESERVED
+CVE-2022-27995
+	RESERVED
+CVE-2022-27994
+	RESERVED
+CVE-2022-27993
+	RESERVED
+CVE-2022-27992
+	RESERVED
+CVE-2022-27991
+	RESERVED
+CVE-2022-27990
+	RESERVED
+CVE-2022-27989
+	RESERVED
+CVE-2022-27988
+	RESERVED
+CVE-2022-27987
+	RESERVED
+CVE-2022-27986
+	RESERVED
+CVE-2022-27985
+	RESERVED
+CVE-2022-27984
+	RESERVED
+CVE-2022-27983
+	RESERVED
+CVE-2022-27982
+	RESERVED
+CVE-2022-27981
+	RESERVED
+CVE-2022-27980
+	RESERVED
+CVE-2022-27979
+	RESERVED
+CVE-2022-27978
+	RESERVED
+CVE-2022-27977
+	RESERVED
+CVE-2022-27976
+	RESERVED
+CVE-2022-27975
+	RESERVED
+CVE-2022-27974
+	RESERVED
+CVE-2022-27973
+	RESERVED
+CVE-2022-27972
+	RESERVED
+CVE-2022-27971
+	RESERVED
+CVE-2022-27970
+	RESERVED
+CVE-2022-27969
+	RESERVED
+CVE-2022-27968
+	RESERVED
+CVE-2022-27967
+	RESERVED
+CVE-2022-27966
+	RESERVED
+CVE-2022-27965
+	RESERVED
+CVE-2022-27964
+	RESERVED
+CVE-2022-27963
+	RESERVED
+CVE-2022-27962
+	RESERVED
+CVE-2022-27961
+	RESERVED
+CVE-2022-27960
+	RESERVED
+CVE-2022-27959
+	RESERVED
+CVE-2022-27958
+	RESERVED
+CVE-2022-27957
+	RESERVED
+CVE-2022-27956
+	RESERVED
+CVE-2022-27955
+	RESERVED
+CVE-2022-27954
+	RESERVED
+CVE-2022-27953
+	RESERVED
+CVE-2022-27952
+	RESERVED
+CVE-2022-27951
+	RESERVED
+CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory  ...)
 	- linux 5.16.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -224,6 +574,7 @@ CVE-2022-1097
 	RESERVED
 CVE-2022-1096
 	RESERVED
+	{DSA-5110-1}
 	- chromium 99.0.4844.84-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -4340,18 +4691,18 @@ CVE-2022-26275
 	RESERVED
 CVE-2022-26274
 	RESERVED
-CVE-2022-26273
-	RESERVED
+CVE-2022-26273 (EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\con ...)
+	TODO: check
 CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows  ...)
 	NOT-FOR-US: Ionize CMS
-CVE-2022-26271
-	RESERVED
+CVE-2022-26271 (74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulner ...)
+	TODO: check
 CVE-2022-26270
 	RESERVED
 CVE-2022-26269
 	RESERVED
-CVE-2022-26268
-	RESERVED
+CVE-2022-26268 (Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerabi ...)
+	TODO: check
 CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via the a ...)
 	- piwigo <removed>
 CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability ...)
@@ -4368,16 +4719,16 @@ CVE-2022-26261
 	RESERVED
 CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollution vu ...)
 	NOT-FOR-US: Simple-Plist
-CVE-2022-26259
-	RESERVED
-CVE-2022-26258
-	RESERVED
+CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, ...)
+	TODO: check
+CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain a remote command exe ...)
+	TODO: check
 CVE-2022-26257
 	RESERVED
 CVE-2022-26256
 	RESERVED
-CVE-2022-26255
-	RESERVED
+CVE-2022-26255 (Clash for Windows v0.19.8 was discovered to allow arbitrary code execu ...)
+	TODO: check
 CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovere ...)
 	NOT-FOR-US: WoWonder
 CVE-2022-26253
@@ -5698,8 +6049,8 @@ CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4
 	NOTE: Fixed by: https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5 (2.2.4)
 CVE-2022-25762
 	RESERVED
-CVE-2022-25757
-	RESERVED
+CVE-2022-25757 (In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys ...)
+	TODO: check
 CVE-2022-25756
 	RESERVED
 CVE-2022-25755
@@ -9797,8 +10148,7 @@ CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnera
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-24304
 	RESERVED
-CVE-2022-24303
-	RESERVED
+CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because spaces in ...)
 	- pillow 9.0.1-1
 	[bullseye] - pillow <ignored> (Minor issue)
 	[buster] - pillow <ignored> (Minor issue)
@@ -18972,10 +19322,10 @@ CVE-2021-45492
 	RESERVED
 CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: ShowDoc
-CVE-2021-45491
-	RESERVED
-CVE-2021-45490
-	RESERVED
+CVE-2021-45491 (3CX System through 2022-03-17 stores cleartext passwords in a database ...)
+	TODO: check
+CVE-2021-45490 (The client applications in 3CX on Windows, the 3CX app for iOS, and th ...)
+	TODO: check
 CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...)
 	NOT-FOR-US: NetBSD
 CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...)
@@ -22466,8 +22816,8 @@ CVE-2021-44619
 	RESERVED
 CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists in Nystud ...)
 	NOT-FOR-US: Nystudio107 Seomatic
-CVE-2021-44617
-	RESERVED
+CVE-2021-44617 (A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6  ...)
+	TODO: check
 CVE-2021-44616
 	RESERVED
 CVE-2021-44615
@@ -23749,18 +24099,18 @@ CVE-2021-44215 (Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insec
 	NOT-FOR-US: Northern.tech CFEngine Enterprise Hub
 CVE-2021-44214
 	RESERVED
-CVE-2021-44213
-	RESERVED
-CVE-2021-44212
-	RESERVED
-CVE-2021-44211
-	RESERVED
-CVE-2021-44210
-	RESERVED
-CVE-2021-44209
-	RESERVED
-CVE-2021-44208
-	RESERVED
+CVE-2021-44213 (OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/a ...)
+	TODO: check
+CVE-2021-44212 (OX App Suite through 7.10.5 allows XSS via a trailing control characte ...)
+	TODO: check
+CVE-2021-44211 (OX App Suite through 7.10.5 allows XSS via the class attribute of an e ...)
+	TODO: check
+CVE-2021-44210 (OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange  ...)
+	TODO: check
+CVE-2021-44209 (OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as A ...)
+	TODO: check
+CVE-2021-44208 (OX App Suite through 7.10.5 allows XSS via an unknown system message i ...)
+	TODO: check
 CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...)
 	NOT-FOR-US: Acclaim USAHERDS
 CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web  ...)
@@ -24000,8 +24350,8 @@ CVE-2021-44129
 	RESERVED
 CVE-2021-44128
 	RESERVED
-CVE-2021-44127
-	RESERVED
+CVE-2021-44127 (In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binar ...)
+	TODO: check
 CVE-2021-44126
 	RESERVED
 CVE-2021-44125
@@ -71450,14 +71800,14 @@ CVE-2021-26603 (A heap overflow issue was found in ARK library of bandisoft Co.,
 	NOT-FOR-US: bandisoft
 CVE-2021-26602
 	RESERVED
-CVE-2021-26601
-	RESERVED
-CVE-2021-26600
-	RESERVED
-CVE-2021-26599
-	RESERVED
-CVE-2021-26598
-	RESERVED
+CVE-2021-26601 (ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php i ...)
+	TODO: check
+CVE-2021-26600 (ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confus ...)
+	TODO: check
+CVE-2021-26599 (ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Inject ...)
+	TODO: check
+CVE-2021-26598 (ImpressCMS before 1.4.3 has Incorrect Access Control because include/f ...)
+	TODO: check
 CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
 	NOT-FOR-US: Pryaniki
 CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d5778177f0ce1d274af32b5f5bd19469ede4507

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d5778177f0ce1d274af32b5f5bd19469ede4507
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220328/f9148356/attachment.htm>
