[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 31 21:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d46dff48 by security tracker role at 2022-03-31T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2022-28299
+ RESERVED
+CVE-2022-28298
+ RESERVED
+CVE-2022-28297
+ RESERVED
+CVE-2022-28296
+ RESERVED
+CVE-2022-28295
+ RESERVED
+CVE-2022-28294
+ RESERVED
+CVE-2022-28293
+ RESERVED
+CVE-2022-28292
+ RESERVED
+CVE-2022-28291
+ RESERVED
+CVE-2022-28290
+ RESERVED
+CVE-2022-28289
+ RESERVED
+CVE-2022-28288
+ RESERVED
+CVE-2022-28287
+ RESERVED
+CVE-2022-28286
+ RESERVED
+CVE-2022-28285
+ RESERVED
+CVE-2022-28284
+ RESERVED
+CVE-2022-28283
+ RESERVED
+CVE-2022-28282
+ RESERVED
+CVE-2022-28281
+ RESERVED
+CVE-2022-1199
+ RESERVED
+CVE-2022-1198
+ RESERVED
+CVE-2022-1197
+ RESERVED
+CVE-2022-1196
+ RESERVED
+CVE-2022-1195
+ RESERVED
+CVE-2022-1194
+ RESERVED
+CVE-2022-1193
+ RESERVED
+CVE-2022-1192
+ RESERVED
+CVE-2021-46779
+ RESERVED
+CVE-2021-46778
+ RESERVED
+CVE-2021-46777
+ RESERVED
+CVE-2021-46776
+ RESERVED
+CVE-2021-46775
+ RESERVED
+CVE-2021-46774
+ RESERVED
+CVE-2021-46773
+ RESERVED
+CVE-2021-46772
+ RESERVED
+CVE-2021-46771
+ RESERVED
+CVE-2021-46770
+ RESERVED
+CVE-2021-46769
+ RESERVED
+CVE-2021-46768
+ RESERVED
+CVE-2021-46767
+ RESERVED
+CVE-2021-46766
+ RESERVED
+CVE-2021-46765
+ RESERVED
+CVE-2021-46764
+ RESERVED
+CVE-2021-46763
+ RESERVED
+CVE-2021-46762
+ RESERVED
+CVE-2021-46761
+ RESERVED
+CVE-2021-46760
+ RESERVED
+CVE-2021-46759
+ RESERVED
+CVE-2021-46758
+ RESERVED
+CVE-2021-46757
+ RESERVED
+CVE-2021-46756
+ RESERVED
+CVE-2021-46755
+ RESERVED
+CVE-2021-46754
+ RESERVED
+CVE-2021-46753
+ RESERVED
+CVE-2021-46752
+ RESERVED
+CVE-2021-46751
+ RESERVED
+CVE-2021-46750
+ RESERVED
+CVE-2021-46749
+ RESERVED
+CVE-2021-46748
+ RESERVED
+CVE-2021-46747
+ RESERVED
+CVE-2021-46746
+ RESERVED
+CVE-2021-46745
+ RESERVED
+CVE-2021-46744
+ RESERVED
CVE-2022-28280
RESERVED
CVE-2022-28279
@@ -112,8 +238,8 @@ CVE-2022-28225
RESERVED
CVE-2022-28224
RESERVED
-CVE-2022-1191
- RESERVED
+CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
+ TODO: check
CVE-2022-1190
RESERVED
CVE-2022-1189
@@ -150,8 +276,8 @@ CVE-2022-1178 (Stored Cross Site Scripting in GitHub repository openemr/openemr
NOT-FOR-US: OpenEMR
CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub repo ...)
NOT-FOR-US: OpenEMR
-CVE-2022-1176
- RESERVED
+CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...)
+ TODO: check
CVE-2022-1175
RESERVED
CVE-2022-1174
@@ -518,12 +644,12 @@ CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (
NOT-FOR-US: Firebase PHP-JWT
CVE-2020-36521
RESERVED
-CVE-2022-28128
- RESERVED
-CVE-2022-27496
- RESERVED
-CVE-2022-25348
- RESERVED
+CVE-2022-28128 (Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and ear ...)
+ TODO: check
+CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and ...)
+ TODO: check
+CVE-2022-25348 (Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and ear ...)
+ TODO: check
CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1368
@@ -3904,8 +4030,8 @@ CVE-2022-25996
RESERVED
CVE-2022-25987
RESERVED
-CVE-2022-25915
- RESERVED
+CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
+ TODO: check
CVE-2022-25905
RESERVED
CVE-2022-0910
@@ -4557,10 +4683,10 @@ CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated administrat
NOT-FOR-US: Abantecart
CVE-2022-0872
RESERVED
-CVE-2022-26019
- RESERVED
-CVE-2022-24299
- RESERVED
+CVE-2022-26019 (Improper access control vulnerability in pfSense CE and pfSense Plus ( ...)
+ TODO: check
+CVE-2022-24299 (Improper input validation vulnerability in pfSense CE and pfSense Plus ...)
+ TODO: check
CVE-2022-0871 (Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5. ...)
NOT-FOR-US: Go Git Service
CVE-2022-0870 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...)
@@ -7727,8 +7853,8 @@ CVE-2022-25326 (fscrypt through v0.3.2 creates a world-writable directory by def
[buster] - fscrypt <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1
NOTE: https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41
-CVE-2022-23183
- RESERVED
+CVE-2022-23183 (Missing authorization vulnerability in Advanced Custom Fields versions ...)
+ TODO: check
CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mai ...)
NOT-FOR-US: EC-CUBE
CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulnerable ...)
@@ -10761,8 +10887,8 @@ CVE-2022-24296
RESERVED
CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...)
NOT-FOR-US: Okta Advanced Server Access Client
-CVE-2022-22986
- RESERVED
+CVE-2022-22986 (Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, ...)
+ TODO: check
CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
NOT-FOR-US: jsdecena/laracom
CVE-2022-0471
@@ -11361,8 +11487,8 @@ CVE-2022-24138
RESERVED
CVE-2022-24137
RESERVED
-CVE-2022-24136
- RESERVED
+CVE-2022-24136 (Hospital Management System v1.0 is affected by an unrestricted upload ...)
+ TODO: check
CVE-2022-24135 (QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: QingScan
CVE-2022-24134
@@ -12484,8 +12610,8 @@ CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub reposi
[stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206)
-CVE-2022-0350
- RESERVED
+CVE-2022-0350 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
+ TODO: check
CVE-2022-0349 (The NotificationX WordPress plugin before 2.3.9 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
@@ -18005,8 +18131,8 @@ CVE-2022-22313
RESERVED
CVE-2022-22312
RESERVED
-CVE-2022-22311
- RESERVED
+CVE-2022-22311 (IBM Security Verify Access could allow a user, using man in the middle ...)
+ TODO: check
CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...)
NOT-FOR-US: IBM
CVE-2022-22309
@@ -27934,10 +28060,10 @@ CVE-2021-43508
RESERVED
CVE-2021-43507
RESERVED
-CVE-2021-43506
- RESERVED
-CVE-2021-43505
- RESERVED
+CVE-2021-43506 (An SQL Injection vulnerability exists in Sourcecodester Simple Client ...)
+ TODO: check
+CVE-2021-43505 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourceco ...)
+ TODO: check
CVE-2021-43504
RESERVED
CVE-2021-43503
@@ -27978,8 +28104,8 @@ CVE-2021-43486
RESERVED
CVE-2021-43485
RESERVED
-CVE-2021-43484
- RESERVED
+CVE-2021-43484 (A Remote Code Execution (RCE) vulnerability exists in Simple Client Ma ...)
+ TODO: check
CVE-2021-43483
RESERVED
CVE-2021-43482
@@ -27988,10 +28114,10 @@ CVE-2021-43481
RESERVED
CVE-2021-43480
RESERVED
-CVE-2021-43479
- RESERVED
-CVE-2021-43478
- RESERVED
+CVE-2021-43479 (A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2. ...)
+ TODO: check
+CVE-2021-43478 (A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a ...)
+ TODO: check
CVE-2021-43477
RESERVED
CVE-2021-43476
@@ -30325,8 +30451,8 @@ CVE-2021-42948
RESERVED
CVE-2021-42947
RESERVED
-CVE-2021-42946
- RESERVED
+CVE-2021-42946 (A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via t ...)
+ TODO: check
CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...)
NOT-FOR-US: ZZCMS
CVE-2021-42944
@@ -30486,14 +30612,14 @@ CVE-2021-42871
RESERVED
CVE-2021-42870
RESERVED
-CVE-2021-42869
- RESERVED
-CVE-2021-42868
- RESERVED
-CVE-2021-42867
- RESERVED
-CVE-2021-42866
- RESERVED
+CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...)
+ TODO: check
+CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...)
+ TODO: check
+CVE-2021-42867 (A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8 ...)
+ TODO: check
+CVE-2021-42866 (A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the S ...)
+ TODO: check
CVE-2021-42865
RESERVED
CVE-2021-42864
@@ -45170,8 +45296,8 @@ CVE-2021-37519
RESERVED
CVE-2021-37518
RESERVED
-CVE-2021-37517
- RESERVED
+CVE-2021-37517 (An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fix ...)
+ TODO: check
CVE-2021-37516
RESERVED
CVE-2021-37515
@@ -47265,8 +47391,8 @@ CVE-2021-36627
RESERVED
CVE-2021-36626
RESERVED
-CVE-2021-36625
- RESERVED
+CVE-2021-36625 (An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixe ...)
+ TODO: check
CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...)
NOT-FOR-US: Sourcecodester
CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...)
@@ -52848,8 +52974,8 @@ CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() funct
NOT-FOR-US: STMicroelectronics
CVE-2021-34258
RESERVED
-CVE-2021-34257
- RESERVED
+CVE-2021-34257 (Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 ...)
+ TODO: check
CVE-2021-34256
RESERVED
CVE-2021-34255
@@ -88309,8 +88435,8 @@ CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmwa
NOT-FOR-US: WSR-1166DHP3 firmware
CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...)
NOT-FOR-US: WSR-1166DHP3 firmware
-CVE-2021-20729
- RESERVED
+CVE-2021-20729 (Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfS ...)
+ TODO: check
CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...)
NOT-FOR-US: goo blog App
CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d46dff48a8fd9f380c7f99ab3a9a856bcd43406e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d46dff48a8fd9f380c7f99ab3a9a856bcd43406e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220331/6dbadd25/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list