[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 30 09:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c0f4bab4 by security tracker role at 2022-03-30T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2022-28219
+ RESERVED
+CVE-2022-28218
+ RESERVED
+CVE-2022-28217
+ RESERVED
+CVE-2022-28216
+ RESERVED
+CVE-2022-28215
+ RESERVED
+CVE-2022-28214
+ RESERVED
+CVE-2022-28213
+ RESERVED
+CVE-2022-28212
+ RESERVED
+CVE-2022-28211
+ RESERVED
+CVE-2022-28210
+ RESERVED
+CVE-2022-28209 (An issue was discovered in Mediawiki through 1.37.1. The check for the ...)
+ TODO: check
+CVE-2022-28208
+ RESERVED
+CVE-2022-28207
+ RESERVED
+CVE-2022-28206 (An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidat ...)
+ TODO: check
+CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The CentralAuth e ...)
+ TODO: check
+CVE-2022-28204
+ RESERVED
+CVE-2022-28203
+ RESERVED
+CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before ...)
+ TODO: check
+CVE-2022-28201
+ RESERVED
+CVE-2022-28200
+ RESERVED
+CVE-2022-28199
+ RESERVED
+CVE-2022-28198
+ RESERVED
+CVE-2022-28197
+ RESERVED
+CVE-2022-28196
+ RESERVED
+CVE-2022-28195
+ RESERVED
+CVE-2022-28194
+ RESERVED
+CVE-2022-28193
+ RESERVED
+CVE-2022-28192
+ RESERVED
+CVE-2022-28191
+ RESERVED
+CVE-2022-28190
+ RESERVED
+CVE-2022-28189
+ RESERVED
+CVE-2022-28188
+ RESERVED
+CVE-2022-28187
+ RESERVED
+CVE-2022-28186
+ RESERVED
+CVE-2022-28185
+ RESERVED
+CVE-2022-28184
+ RESERVED
+CVE-2022-28183
+ RESERVED
+CVE-2022-28182
+ RESERVED
+CVE-2022-28181
+ RESERVED
+CVE-2022-28180
+ RESERVED
+CVE-2022-28179
+ RESERVED
+CVE-2022-28178
+ RESERVED
+CVE-2022-28177
+ RESERVED
+CVE-2022-28176
+ RESERVED
+CVE-2022-28175
+ RESERVED
+CVE-2022-28174
+ RESERVED
+CVE-2022-28173
+ RESERVED
+CVE-2022-28172
+ RESERVED
+CVE-2022-28171
+ RESERVED
+CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...)
+ TODO: check
+CVE-2022-1162
+ RESERVED
+CVE-2022-1161
+ RESERVED
+CVE-2022-1160
+ RESERVED
CVE-2022-28170
RESERVED
CVE-2022-28169
@@ -957,10 +1063,10 @@ CVE-2022-27818
RESERVED
CVE-2022-27817
RESERVED
-CVE-2022-27816
- RESERVED
-CVE-2022-27815
- RESERVED
+CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...)
+ TODO: check
+CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an ...)
+ TODO: check
CVE-2022-27814
RESERVED
CVE-2022-27813
@@ -1793,8 +1899,8 @@ CVE-2022-27434
RESERVED
CVE-2022-27433
RESERVED
-CVE-2022-27432
- RESERVED
+CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...)
+ TODO: check
CVE-2022-27431
RESERVED
CVE-2022-27430
@@ -3146,16 +3252,16 @@ CVE-2022-26953
RESERVED
CVE-2022-26952
RESERVED
-CVE-2022-26951
- RESERVED
-CVE-2022-26950
- RESERVED
-CVE-2022-26949
- RESERVED
-CVE-2022-26948
- RESERVED
-CVE-2022-26947
- RESERVED
+CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerabil ...)
+ TODO: check
+CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vu ...)
+ TODO: check
+CVE-2022-26949 (Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access co ...)
+ TODO: check
+CVE-2022-26948 (The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1. ...)
+ TODO: check
+CVE-2022-26947 (Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerab ...)
+ TODO: check
CVE-2022-0936
RESERVED
CVE-2022-26946
@@ -3324,8 +3430,8 @@ CVE-2022-26873
RESERVED
CVE-2022-26872
RESERVED
-CVE-2022-26871
- RESERVED
+CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...)
+ TODO: check
CVE-2022-26870
RESERVED
CVE-2022-26869
@@ -4975,8 +5081,8 @@ CVE-2022-26246 (TMS v2.28.0 was discovered to contain a cross-site scripting (XS
NOT-FOR-US: TMS
CVE-2022-26245 (Falcon-plus v0.3 was discovered to contain a SQL injection vulnerabili ...)
NOT-FOR-US: Falcon-plus
-CVE-2022-26244
- RESERVED
+CVE-2022-26244 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...)
+ TODO: check
CVE-2022-26243 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...)
NOT-FOR-US: Tenda
CVE-2022-26242
@@ -6505,6 +6611,7 @@ CVE-2022-21238
CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...)
NOT-FOR-US: FATEK Automation
CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypassed wi ...)
+ {DLA-2965-1}
- cacti <unfixed>
NOTE: https://github.com/Cacti/cacti/issues/4562
NOTE: https://github.com/Cacti/cacti/commit/1386bdbf7f845a32e24ac9415f3ebb7932e77fe7 (1.2.x)
@@ -9263,8 +9370,8 @@ CVE-2022-24695
RESERVED
CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...)
- mahara <removed>
-CVE-2022-24693
- RESERVED
+CVE-2022-24693 (Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB ...)
+ TODO: check
CVE-2022-24692
RESERVED
CVE-2022-24691
@@ -22170,7 +22277,7 @@ CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.
[stretch] - linux <ignored> (Minor issue; f2fs is not supportable)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1
NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1)
-CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
+CVE-2021-44878 (If an OpenID Connect provider supports the "none" algorithm (i.e., tok ...)
NOT-FOR-US: Pac4j
CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
NOT-FOR-US: Dalmark Systems Systeam
@@ -22453,8 +22560,8 @@ CVE-2021-4096
RESERVED
CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, where an ...)
NOT-FOR-US: NVIDIA
-CVE-2022-21821
- RESERVED
+CVE-2022-21821 (NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in ...)
+ TODO: check
CVE-2022-21820 (NVIDIA DCGM contains a vulnerability in nvhostengine, where a network ...)
NOT-FOR-US: NVIDIA
CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an ...)
@@ -24689,8 +24796,8 @@ CVE-2021-44084
RESERVED
CVE-2021-44083
RESERVED
-CVE-2021-44082
- RESERVED
+CVE-2021-44082 (textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /tex ...)
+ TODO: check
CVE-2021-44081 (A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. Wh ...)
TODO: check
CVE-2021-44080
@@ -29486,8 +29593,8 @@ CVE-2021-43120
RESERVED
CVE-2021-43119
RESERVED
-CVE-2021-43118
- RESERVED
+CVE-2021-43118 (A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 ...)
+ TODO: check
CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...)
NOT-FOR-US: fastadmin
CVE-2021-43116
@@ -30019,8 +30126,8 @@ CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an
NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers
CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
-CVE-2021-42911
- RESERVED
+CVE-2021-42911 (A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1 ...)
+ TODO: check
CVE-2021-42910
RESERVED
CVE-2021-42909
@@ -30842,6 +30949,7 @@ CVE-2021-26247 (As an unauthenticated remote user, visit "http://<CACTI_SERVE
NOTE: https://github.com/Cacti/cacti/issues/1882
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1)
CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
+ {DLA-2965-1}
- cacti 1.2.1+ds1-1
NOTE: https://github.com/Cacti/cacti/issues/1882
NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above is from 2018) which refactors user_admin.php XSS protection
@@ -34444,8 +34552,8 @@ CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosur
NOT-FOR-US: SuiteCRM
CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
NOT-FOR-US: SuiteCRM
-CVE-2021-41594
- RESERVED
+CVE-2021-41594 (In RSA Archer 6.9.SP1 P3, if some application functions are precluded ...)
+ TODO: check
CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...)
NOT-FOR-US: Lightning Labs lnd
CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...)
@@ -108348,12 +108456,12 @@ CVE-2020-24773
RESERVED
CVE-2020-24772 (In Dreamacro Clash for Windows v0.11.4, an attacker could embed a mali ...)
NOT-FOR-US: Dreamacro Clash for Windows
-CVE-2020-24771
- RESERVED
-CVE-2020-24770
- RESERVED
-CVE-2020-24769
- RESERVED
+CVE-2020-24771 (Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unautho ...)
+ TODO: check
+CVE-2020-24770 (SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows rem ...)
+ TODO: check
+CVE-2020-24769 (SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows ...)
+ TODO: check
CVE-2020-24768
RESERVED
CVE-2020-24767
@@ -111784,6 +111892,7 @@ CVE-2020-23228
CVE-2020-23227
RESERVED
CVE-2020-23226 (Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1. ...)
+ {DLA-2965-1}
- cacti 1.2.13+ds1-1
[buster] - cacti <no-dsa> (Minor issues)
NOTE: https://github.com/Cacti/cacti/issues/3549
@@ -135037,6 +135146,7 @@ CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF
[stretch] - cacti <not-affected> (auth_profile.php / user self-management introduced in v1.0)
NOTE: https://github.com/Cacti/cacti/issues/3342
CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...)
+ {DLA-2965-1}
- cacti 1.2.11+ds1-1
[buster] - cacti 1.2.2+ds1-2+deb10u3
NOTE: https://github.com/Cacti/cacti/issues/3343
@@ -152102,7 +152212,7 @@ CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS vi
CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...)
NOT-FOR-US: Ultimate FAQ plugin for WordPress
CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...)
- {DLA-2069-1}
+ {DLA-2965-1 DLA-2069-1}
- cacti 1.2.9+ds1-1 (bug #949996)
[buster] - cacti 1.2.2+ds1-2+deb10u3
NOTE: https://github.com/Cacti/cacti/issues/3191
@@ -196484,7 +196594,7 @@ CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8051f678b3b43326e5fdfd7c03f39de21059f426
CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...)
- {DLA-1757-1}
+ {DLA-2965-1 DLA-1757-1}
- cacti 1.2.2+ds1-2 (low; bug #926700)
NOTE: https://github.com/Cacti/cacti/issues/2581
NOTE: https://github.com/Cacti/cacti/commit/c373e66a6a224e221a1db037164144ce59b20736 (v1.2.3)
@@ -253376,6 +253486,7 @@ CVE-2018-10074 (The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-
- linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/9903e41ae1f5d50c93f268ca3304d4d7c64b9311 (4.16-rc7)
CVE-2018-10061 (Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars ...)
+ {DLA-2965-1}
- cacti 1.1.37+ds1-1 (low)
[jessie] - cacti <no-dsa> (Minor issue)
[wheezy] - cacti <no-dsa> (Minor issue)
@@ -253387,6 +253498,7 @@ CVE-2018-10061 (Cacti before 1.1.37 has XSS because it makes certain htmlspecial
NOTE: https://github.com/Cacti/cacti/commit/0eb5a973c9b563b1f8c9e1d181baef06c0e89d56 (v1.1.37)
NOTE: https://github.com/Cacti/cacti/commit/3a76892c178e27ce6e7189fd0ba17581f91154e8 (v1.1.37)
CVE-2018-10060 (Cacti before 1.1.37 has XSS because it does not properly reject uninte ...)
+ {DLA-2965-1}
- cacti 1.1.37+ds1-1 (low)
[jessie] - cacti <no-dsa> (Minor issue)
[wheezy] - cacti <no-dsa> (Minor issue)
@@ -379261,8 +379373,8 @@ CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the TheCar
NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3299 (Cross-site scripting (XSS) vulnerability in the Floating Social Bar pl ...)
NOT-FOR-US: Wordpress plugin
-CVE-2015-3298
- RESERVED
+CVE-2015-3298 (Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN ...)
+ TODO: check
CVE-2015-3296 (Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0 ...)
NOT-FOR-US: NodeBB
CVE-2015-3295 (markdown-it before 4.1.0 does not block data: URLs. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0f4bab4b3df145da56a76ec6c05aea4a922d588
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0f4bab4b3df145da56a76ec6c05aea4a922d588
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220330/23dce9f9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list