[Git][security-tracker-team/security-tracker][master] automatic update

Tue Mar 29 09:10:22 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3671b60c by security tracker role at 2022-03-29T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-28132
+	RESERVED
+CVE-2022-28131
+	RESERVED
+CVE-2022-28130
+	RESERVED
+CVE-2022-28129
+	RESERVED
+CVE-2022-1148
+	RESERVED
+CVE-2022-1147
+	RESERVED
+CVE-2022-1146
+	RESERVED
+CVE-2022-1145
+	RESERVED
+CVE-2022-1144
+	RESERVED
+CVE-2022-1143
+	RESERVED
+CVE-2022-1142
+	RESERVED
+CVE-2022-1141
+	RESERVED
+CVE-2022-1140
+	RESERVED
+CVE-2022-1139
+	RESERVED
+CVE-2022-1138
+	RESERVED
+CVE-2022-1137
+	RESERVED
+CVE-2022-1136
+	RESERVED
+CVE-2022-1135
+	RESERVED
+CVE-2022-1134
+	RESERVED
+CVE-2022-1133
+	RESERVED
+CVE-2022-1132
+	RESERVED
+CVE-2022-1131
+	RESERVED
+CVE-2022-1130
+	RESERVED
+CVE-2022-1129
+	RESERVED
+CVE-2022-1128
+	RESERVED
+CVE-2022-1127
+	RESERVED
+CVE-2022-1126
+	RESERVED
+CVE-2022-1125
+	RESERVED
+CVE-2022-1124
+	RESERVED
+CVE-2022-1123
+	RESERVED
+CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g.,  ...)
+	TODO: check
+CVE-2020-36521
+	RESERVED
 CVE-2022-28128
 	RESERVED
 CVE-2022-27496
@@ -392,7 +456,7 @@ CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a m
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/13/1
 CVE-2022-27949
 	RESERVED
-CVE-2022-27948 (Certain Tesla vehicles through 2022-03-26 allow attackers to open the  ...)
+CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attacke ...)
 	NOT-FOR-US: Tesla
 CVE-2022-1110
 	RESERVED
@@ -630,38 +694,38 @@ CVE-2022-1089
 	RESERVED
 CVE-2022-1088
 	RESERVED
-CVE-2022-1087
-	RESERVED
-CVE-2022-1086
-	RESERVED
-CVE-2022-1085
-	RESERVED
-CVE-2022-1084
-	RESERVED
-CVE-2022-1083
-	RESERVED
-CVE-2022-1082
-	RESERVED
-CVE-2022-1081
-	RESERVED
-CVE-2022-1080
-	RESERVED
-CVE-2022-1079
-	RESERVED
-CVE-2022-1078
-	RESERVED
-CVE-2022-1077
-	RESERVED
-CVE-2022-1076
-	RESERVED
-CVE-2022-1075
-	RESERVED
-CVE-2022-1074
-	RESERVED
-CVE-2022-1073
-	RESERVED
+CVE-2022-1087 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2022-1086 (A vulnerability was found in DolphinPHP up to 1.5.0 and classified as  ...)
+	TODO: check
+CVE-2022-1085 (A vulnerability was found in CLTPHP up to 6.0. It has been declared as ...)
+	TODO: check
+CVE-2022-1084 (A vulnerability classified as critical was found in SourceCodester One ...)
+	TODO: check
+CVE-2022-1083 (A vulnerability classified as critical has been found in Microfinance  ...)
+	TODO: check
+CVE-2022-1082 (A vulnerability was found in SourceCodester Microfinance Management Sy ...)
+	TODO: check
+CVE-2022-1081 (A vulnerability was found in SourceCodester Microfinance Management Sy ...)
+	TODO: check
+CVE-2022-1080 (A vulnerability was found in SourceCodester One Church Management Syst ...)
+	TODO: check
+CVE-2022-1079 (A vulnerability classified as problematic has been found in SourceCode ...)
+	TODO: check
+CVE-2022-1078 (A vulnerability was found in SourceCodester College Website Management ...)
+	TODO: check
+CVE-2022-1077 (A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has ...)
+	TODO: check
+CVE-2022-1076 (A vulnerability was found in Automatic Question Paper Generator System ...)
+	TODO: check
+CVE-2022-1075 (A vulnerability was found in College Website Management System 1.0 and ...)
+	TODO: check
+CVE-2022-1074 (A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified a ...)
+	TODO: check
+CVE-2022-1073 (A vulnerability was found in Automatic Question Paper Generator 1.0. I ...)
+	TODO: check
 CVE-2022-1072
-	RESERVED
+	REJECTED
 CVE-2022-27494
 	RESERVED
 CVE-2022-26423
@@ -3763,14 +3827,14 @@ CVE-2022-26644
 	RESERVED
 CVE-2022-26643
 	RESERVED
-CVE-2022-26642
-	RESERVED
-CVE-2022-26641
-	RESERVED
-CVE-2022-26640
-	RESERVED
-CVE-2022-26639
-	RESERVED
+CVE-2022-26642 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2022-26641 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2022-26640 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...)
+	TODO: check
+CVE-2022-26639 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...)
+	TODO: check
 CVE-2022-26638
 	RESERVED
 CVE-2022-26637
@@ -4691,8 +4755,8 @@ CVE-2022-26298
 	RESERVED
 CVE-2022-26297
 	RESERVED
-CVE-2022-26296
-	RESERVED
+CVE-2022-26296 (BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was di ...)
+	TODO: check
 CVE-2022-26295 (A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user  ...)
 	NOT-FOR-US: Online Project Time Management System
 CVE-2022-26294
@@ -4701,8 +4765,8 @@ CVE-2022-26293 (Online Project Time Management System v1.0 was discovered to con
 	NOT-FOR-US: Online Project Time Management System
 CVE-2022-26292
 	RESERVED
-CVE-2022-26291
-	RESERVED
+CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...)
+	TODO: check
 CVE-2022-26290 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...)
 	NOT-FOR-US: Tenda
 CVE-2022-26289 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...)
@@ -4723,12 +4787,12 @@ CVE-2022-26282
 	RESERVED
 CVE-2022-26281
 	RESERVED
-CVE-2022-26280
-	RESERVED
+CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds read via  ...)
+	TODO: check
 CVE-2022-26279 (EyouCMS v1.5.5 was discovered to have no access control in the compone ...)
 	NOT-FOR-US: EyouCMS
-CVE-2022-26278
-	RESERVED
+CVE-2022-26278 (Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow vi ...)
+	TODO: check
 CVE-2022-26277
 	RESERVED
 CVE-2022-26276 (An issue in index.php of OneNav v0.9.14 allows attackers to perform di ...)
@@ -4745,8 +4809,8 @@ CVE-2022-26271 (74cmsSE v3.4.1 was discovered to contain an arbitrary file read
 	NOT-FOR-US: 74cmsSE
 CVE-2022-26270
 	RESERVED
-CVE-2022-26269
-	RESERVED
+CVE-2022-26269 (Suzuki Connect v1.0.15 allows attackers to tamper with displayed messa ...)
+	TODO: check
 CVE-2022-26268 (Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerabi ...)
 	NOT-FOR-US: Xiaohuanxiong
 CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via the a ...)
@@ -6697,8 +6761,8 @@ CVE-2022-25523 (TypesetterCMS v5.1 was discovered to contain a Cross-Site Reques
 	NOT-FOR-US: TypesetterCMS
 CVE-2022-25522
 	RESERVED
-CVE-2022-25521
-	RESERVED
+CVE-2022-25521 (UNNO v03.11.00 was discovered to contain access control issue. ...)
+	TODO: check
 CVE-2022-25520
 	RESERVED
 CVE-2022-25519
@@ -6913,8 +6977,8 @@ CVE-2022-25422
 	RESERVED
 CVE-2022-25421
 	RESERVED
-CVE-2022-25420
-	RESERVED
+CVE-2022-25420 (NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerab ...)
+	TODO: check
 CVE-2022-25419
 	RESERVED
 CVE-2022-25418 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...)
@@ -8414,10 +8478,10 @@ CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.
 	[buster] - linux 4.19.235-1
 	NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1)
-CVE-2022-24957
-	RESERVED
-CVE-2022-24956
-	RESERVED
+CVE-2022-24957 (DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficie ...)
+	TODO: check
+CVE-2022-24956 (An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort- ...)
+	TODO: check
 CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
 	NOT-FOR-US: Foxit
 CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
@@ -8759,8 +8823,8 @@ CVE-2022-24791
 	RESERVED
 CVE-2022-24790
 	RESERVED
-CVE-2022-24789
-	RESERVED
+CVE-2022-24789 (C1 CMS is an open-source, .NET based Content Management System (CMS).  ...)
+	TODO: check
 CVE-2022-24788
 	RESERVED
 CVE-2022-24787
@@ -10974,32 +11038,32 @@ CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.
 	NOT-FOR-US: WordPress plugin
 CVE-2018-25030 (A vulnerability classified as problematic has been found in Mirmay Sec ...)
 	NOT-FOR-US: Mirmay Secure Private Browser and File Manager
-CVE-2017-20016
-	RESERVED
-CVE-2017-20015
-	RESERVED
-CVE-2017-20014
-	RESERVED
-CVE-2017-20013
-	RESERVED
-CVE-2017-20012
-	RESERVED
-CVE-2017-20011
-	RESERVED
+CVE-2017-20016 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA ...)
+	TODO: check
+CVE-2017-20015 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2017-20014 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2017-20013 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+	TODO: check
+CVE-2017-20012 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+	TODO: check
+CVE-2017-20011 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTE ...)
+	TODO: check
 CVE-2015-10002 (A vulnerability classified as problematic has been found in Kiddoware  ...)
 	NOT-FOR-US: Kiddoware Kids Place
-CVE-2010-10001
-	RESERVED
-CVE-2008-10001
-	RESERVED
-CVE-2005-10001
-	RESERVED
-CVE-2003-5003
-	RESERVED
-CVE-2003-5002
-	RESERVED
-CVE-2003-5001
-	RESERVED
+CVE-2010-10001 (A vulnerability, which was classified as problematic, was found in She ...)
+	TODO: check
+CVE-2008-10001 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2005-10001 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity ...)
+	TODO: check
+CVE-2003-5003 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS Black ...)
+	TODO: check
+CVE-2003-5002 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS Black ...)
+	TODO: check
+CVE-2003-5001 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS Black ...)
+	TODO: check
 CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios cr ...)
 	- mahara <removed>
 CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...)
@@ -11763,8 +11827,8 @@ CVE-2022-23939
 	RESERVED
 CVE-2022-23938
 	RESERVED
-CVE-2022-23937
-	RESERVED
+CVE-2022-23937 (In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to ...)
+	TODO: check
 CVE-2022-23936
 	RESERVED
 CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
@@ -12454,8 +12518,8 @@ CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.
 	- moodle <removed>
 CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...)
 	- moodle <removed>
-CVE-2022-0331
-	RESERVED
+CVE-2022-0331 (An information disclosure vulnerability in Webadmin allows an unauthen ...)
+	TODO: check
 CVE-2022-0330 (A random memory access flaw was found in the Linux kernel's GPU i915 k ...)
 	{DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1}
 	- linux 5.15.15-2
@@ -18514,10 +18578,10 @@ CVE-2021-45868 (In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does no
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/17/1
 CVE-2021-45867
 	RESERVED
-CVE-2021-45866
-	RESERVED
-CVE-2021-45865
-	RESERVED
+CVE-2021-45866 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+	TODO: check
+CVE-2021-45865 (A File Upload vulnerability exists in Sourcecodester Student Attendanc ...)
+	TODO: check
 CVE-2021-45864 (tsMuxer git-c6a0277 was discovered to contain a segmentation fault via ...)
 	NOT-FOR-US: tsMuxer
 CVE-2021-45863 (tsMuxer git-2678966 was discovered to contain a heap-based buffer over ...)
@@ -22936,8 +23000,8 @@ CVE-2021-44583
 	RESERVED
 CVE-2021-44582
 	RESERVED
-CVE-2021-44581
-	RESERVED
+CVE-2021-44581 (An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the i ...)
+	TODO: check
 CVE-2021-44580
 	RESERVED
 CVE-2021-44579
@@ -29327,24 +29391,24 @@ CVE-2021-43107
 	RESERVED
 CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...)
 	NOT-FOR-US: Compass Plus TranzWare
-CVE-2021-43105
-	RESERVED
+CVE-2021-43105 (A vulnerability in the bailiwick checking function in Technitium DNS S ...)
+	TODO: check
 CVE-2021-43104
 	RESERVED
-CVE-2021-43103
-	RESERVED
-CVE-2021-43102
-	RESERVED
-CVE-2021-43101
-	RESERVED
-CVE-2021-43100
-	RESERVED
-CVE-2021-43099
-	RESERVED
-CVE-2021-43098
-	RESERVED
-CVE-2021-43097
-	RESERVED
+CVE-2021-43103 (A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction ...)
+	TODO: check
+CVE-2021-43102 (A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction. ...)
+	TODO: check
+CVE-2021-43101 (A File Upload vulnerability exists in bbs 5.3 is via MembershipCardMan ...)
+	TODO: check
+CVE-2021-43100 (A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction ...)
+	TODO: check
+CVE-2021-43099 (An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3  ...)
+	TODO: check
+CVE-2021-43098 (A File Upload vulnerability exists in bbs v5.3 via QuestionManageActio ...)
+	TODO: check
+CVE-2021-43097 (A Server-side Template Injection (SSTI) vulnerability exists in bbs 5. ...)
+	TODO: check
 CVE-2021-43096
 	RESERVED
 CVE-2021-43095



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3671b60c868d55683dfc95ad5ae4ed4e134466ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3671b60c868d55683dfc95ad5ae4ed4e134466ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220329/ba5ddd46/attachment-0001.htm>
