[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 31 09:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33557a52 by security tracker role at 2022-03-31T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2022-28280
+ RESERVED
+CVE-2022-28279
+ RESERVED
+CVE-2022-28278
+ RESERVED
+CVE-2022-28277
+ RESERVED
+CVE-2022-28276
+ RESERVED
+CVE-2022-28275
+ RESERVED
+CVE-2022-28274
+ RESERVED
+CVE-2022-28273
+ RESERVED
+CVE-2022-28272
+ RESERVED
+CVE-2022-28271
+ RESERVED
+CVE-2022-28270
+ RESERVED
+CVE-2022-28269
+ RESERVED
+CVE-2022-28268
+ RESERVED
+CVE-2022-28267
+ RESERVED
+CVE-2022-28266
+ RESERVED
+CVE-2022-28265
+ RESERVED
+CVE-2022-28264
+ RESERVED
+CVE-2022-28263
+ RESERVED
+CVE-2022-28262
+ RESERVED
+CVE-2022-28261
+ RESERVED
+CVE-2022-28260
+ RESERVED
+CVE-2022-28259
+ RESERVED
+CVE-2022-28258
+ RESERVED
+CVE-2022-28257
+ RESERVED
+CVE-2022-28256
+ RESERVED
+CVE-2022-28255
+ RESERVED
+CVE-2022-28254
+ RESERVED
+CVE-2022-28253
+ RESERVED
+CVE-2022-28252
+ RESERVED
+CVE-2022-28251
+ RESERVED
+CVE-2022-28250
+ RESERVED
+CVE-2022-28249
+ RESERVED
+CVE-2022-28248
+ RESERVED
+CVE-2022-28247
+ RESERVED
+CVE-2022-28246
+ RESERVED
+CVE-2022-28245
+ RESERVED
+CVE-2022-28244
+ RESERVED
+CVE-2022-28243
+ RESERVED
+CVE-2022-28242
+ RESERVED
+CVE-2022-28241
+ RESERVED
+CVE-2022-28240
+ RESERVED
+CVE-2022-28239
+ RESERVED
+CVE-2022-28238
+ RESERVED
+CVE-2022-28237
+ RESERVED
+CVE-2022-28236
+ RESERVED
+CVE-2022-28235
+ RESERVED
+CVE-2022-28234
+ RESERVED
+CVE-2022-28233
+ RESERVED
+CVE-2022-28232
+ RESERVED
+CVE-2022-28231
+ RESERVED
+CVE-2022-28230
+ RESERVED
+CVE-2022-28229
+ RESERVED
+CVE-2022-28228
+ RESERVED
+CVE-2022-28227
+ RESERVED
+CVE-2022-28226
+ RESERVED
+CVE-2022-28225
+ RESERVED
+CVE-2022-28224
+ RESERVED
+CVE-2022-1191
+ RESERVED
+CVE-2022-1190
+ RESERVED
+CVE-2022-1189
+ RESERVED
+CVE-2022-1188
+ RESERVED
+CVE-2022-1187
+ RESERVED
+CVE-2022-1186
+ RESERVED
CVE-2022-28223 (Tekon KIO devices through 2022-03-30 allow an authenticated admin user ...)
NOT-FOR-US: Tekon KIO devices
CVE-2022-28222
@@ -4160,12 +4286,12 @@ CVE-2022-26648
RESERVED
CVE-2022-26647
RESERVED
-CVE-2022-26646
- RESERVED
-CVE-2022-26645
- RESERVED
-CVE-2022-26644
- RESERVED
+CVE-2022-26646 (Online Banking System Protect v1.0 was discovered to contain a local f ...)
+ TODO: check
+CVE-2022-26645 (A remote code execution (RCE) vulnerability in Online Banking System P ...)
+ TODO: check
+CVE-2022-26644 (Online Banking System Protect v1.0 was discovered to contain multiple ...)
+ TODO: check
CVE-2022-26643
RESERVED
CVE-2022-26642 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...)
@@ -8614,8 +8740,8 @@ CVE-2022-25010 (The component /rootfs in RageFile of Stepmania v5.1b2 and below
NOT-FOR-US: StepMania
CVE-2022-25009
RESERVED
-CVE-2022-25008
- RESERVED
+CVE-2022-25008 (totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B202 ...)
+ TODO: check
CVE-2022-25007
RESERVED
CVE-2022-25006
@@ -9174,8 +9300,8 @@ CVE-2022-24792
RESERVED
CVE-2022-24791
RESERVED
-CVE-2022-24790
- RESERVED
+CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...)
+ TODO: check
CVE-2022-24789 (C1 CMS is an open-source, .NET based Content Management System (CMS). ...)
NOT-FOR-US: C1 CMS
CVE-2022-24788
@@ -9251,8 +9377,8 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
TODO: check impact for src:asterisk and src:ring
-CVE-2022-24763
- RESERVED
+CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...)
NOT-FOR-US: sysend.js
CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...)
@@ -18227,16 +18353,16 @@ CVE-2021-46012
REJECTED
CVE-2021-46011
RESERVED
-CVE-2021-46010
- RESERVED
-CVE-2021-46009
- RESERVED
-CVE-2021-46008
- RESERVED
-CVE-2021-46007
- RESERVED
-CVE-2021-46006
- RESERVED
+CVE-2021-46010 (Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random V ...)
+ TODO: check
+CVE-2021-46009 (In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or B ...)
+ TODO: check
+CVE-2021-46008 (In totolink a3100r V5.9c.4577, the hard-coded telnet password can be d ...)
+ TODO: check
+CVE-2021-46007 (totolink a3100r V5.9c.4577 is vulnerable to os command injection. The ...)
+ TODO: check
+CVE-2021-46006 (In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like functio ...)
+ TODO: check
CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...)
NOT-FOR-US: Sourcecodester
CVE-2021-46004
@@ -18835,8 +18961,8 @@ CVE-2021-45902
RESERVED
CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...)
NOT-FOR-US: ServiceNow Orlando
-CVE-2021-45900
- RESERVED
+CVE-2021-45900 (Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. ...)
+ TODO: check
CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...)
NOT-FOR-US: SuiteCRM
CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...)
@@ -22045,8 +22171,8 @@ CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WIT
NOT-FOR-US: Siemens
CVE-2021-45032
RESERVED
-CVE-2021-45031
- RESERVED
+CVE-2021-45031 (A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in ...)
+ TODO: check
CVE-2021-45030
RESERVED
CVE-2021-45029 (Groovy Code Injection & SpEL Injection which lead to Remote Code E ...)
@@ -27235,14 +27361,14 @@ CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and e
NOTE: Backport 2.16: https://github.com/ARMmbed/mbedtls/pull/5311
CVE-2021-43665
RESERVED
-CVE-2021-43664
- RESERVED
-CVE-2021-43663
- RESERVED
-CVE-2021-43662
- RESERVED
-CVE-2021-43661
- RESERVED
+CVE-2021-43664 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a co ...)
+ TODO: check
+CVE-2021-43663 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a co ...)
+ TODO: check
+CVE-2021-43662 (totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.4 ...)
+ TODO: check
+CVE-2021-43661 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a re ...)
+ TODO: check
CVE-2021-43660
RESERVED
CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar, any file c ...)
@@ -29686,8 +29812,8 @@ CVE-2021-43144
RESERVED
CVE-2021-43143
RESERVED
-CVE-2021-43142
- RESERVED
+CVE-2021-43142 (An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in ...)
+ TODO: check
CVE-2021-43141 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simp ...)
NOT-FOR-US: Sourcecodester
CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Subscript ...)
@@ -37046,10 +37172,10 @@ CVE-2021-40647
RESERVED
CVE-2021-40646
RESERVED
-CVE-2021-40645
- RESERVED
-CVE-2021-40644
- RESERVED
+CVE-2021-40645 (An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/ ...)
+ TODO: check
+CVE-2021-40644 (An SQL Injection vulnerability exists in oasys oa_system as of 9/7/202 ...)
+ TODO: check
CVE-2021-40643
RESERVED
CVE-2021-40642
@@ -42706,8 +42832,8 @@ CVE-2021-38364
RESERVED
CVE-2021-38363
RESERVED
-CVE-2021-38362
- RESERVED
+CVE-2021-38362 (In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker ...)
+ TODO: check
CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
NOT-FOR-US: WordPess plugin
CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
@@ -54299,8 +54425,8 @@ CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denia
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master)
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master)
NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master)
-CVE-2021-33581
- RESERVED
+CVE-2021-33581 (MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows ...)
+ TODO: check
CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...)
NOT-FOR-US: Apache Roller
CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...)
@@ -54469,8 +54595,8 @@ CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI devi
NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
CVE-2021-33524
RESERVED
-CVE-2021-33523
- RESERVED
+CVE-2021-33523 (MashZone NextGen through 10.7 GA allows a remote authenticated user, w ...)
+ TODO: check
CVE-2021-33522
RESERVED
CVE-2021-33521
@@ -55197,8 +55323,8 @@ CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. A
NOT-FOR-US: Fimer Aurora
CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...)
NOT-FOR-US: Fimer Aurora
-CVE-2021-33208
- RESERVED
+CVE-2021-33208 (The "Register an Ehcache Configuration File" admin feature in MashZone ...)
+ TODO: check
CVE-2021-33207
RESERVED
CVE-2021-33206
@@ -193099,8 +193225,8 @@ CVE-2019-12268
RESERVED
CVE-2019-12267
RESERVED
-CVE-2019-12266
- RESERVED
+CVE-2019-12266 (Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, ...)
+ TODO: check
CVE-2019-12265 (Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Le ...)
NOT-FOR-US: Wind River VxWorks
CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect ...)
@@ -201851,8 +201977,8 @@ CVE-2019-9566 (FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request.
NOT-FOR-US: FlarumChina
CVE-2019-9565 (Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 b ...)
NOT-FOR-US: Druide Antidote
-CVE-2019-9564
- RESERVED
+CVE-2019-9564 (A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2 ...)
+ TODO: check
CVE-2019-9563 (In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the ...)
NOT-FOR-US: BlueMind
CVE-2019-9562
@@ -334063,7 +334189,7 @@ CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork before
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/26
CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27 allows attac ...)
- {DLA-721-1}
+ {DLA-2966-1 DLA-721-1}
[experimental] - libgc 1:7.4.4-1
- libgc 1:7.6.4-0.3 (bug #844771)
[jessie] - libgc <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33557a527812ccaa2575443d3de8a3584e741977
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33557a527812ccaa2575443d3de8a3584e741977
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/01f14fa2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list