Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5319a88 by security tracker role at 2022-01-07T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-22732
+ RESERVED
+CVE-2022-22731
+ RESERVED
+CVE-2022-0144
+ RESERVED
+CVE-2022-0143
+ RESERVED
+CVE-2022-0142
+ RESERVED
+CVE-2022-0141
+ RESERVED
+CVE-2022-0140
+ RESERVED
+CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
+ TODO: check
+CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
+ TODO: check
+CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
+ TODO: check
+CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
+ TODO: check
+CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
+ TODO: check
CVE-2022-22728
RESERVED
CVE-2022-22727
@@ -1273,18 +1297,18 @@ CVE-2021-46046
RESERVED
CVE-2021-46045
RESERVED
-CVE-2021-46044
- RESERVED
-CVE-2021-46043
- RESERVED
-CVE-2021-46042
- RESERVED
-CVE-2021-46041
- RESERVED
-CVE-2021-46040
- RESERVED
-CVE-2021-46039
- RESERVED
+CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via
ShiftMetaOf ...)
+ TODO: check
+CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the
gf_list ...)
+ TODO: check
+CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via
the _fsee ...)
+ TODO: check
+CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via
the co64_b ...)
+ TODO: check
+CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via
the finpla ...)
+ TODO: check
+CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via
the shift_ ...)
+ TODO: check
CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in
unlink_chu ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/2000
@@ -8155,26 +8179,22 @@ CVE-2022-21666
RESERVED
CVE-2022-21665
RESERVED
-CVE-2022-21664
- RESERVED
+CVE-2022-21664 (WordPress is a free and open-source content management system
written ...)
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
NOTE:
https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
-CVE-2022-21663
- RESERVED
+CVE-2022-21663 (WordPress is a free and open-source content management system
written ...)
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
NOTE: https://hackerone.com/reports/541469
-CVE-2022-21662
- RESERVED
+CVE-2022-21662 (WordPress is a free and open-source content management system
written ...)
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
NOTE: https://hackerone.com/reports/425342
-CVE-2022-21661
- RESERVED
+CVE-2022-21661 (WordPress is a free and open-source content management system
written ...)
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
@@ -12814,8 +12834,8 @@ CVE-2021-42843
RESERVED
CVE-2021-42842
RESERVED
-CVE-2021-42841
- RESERVED
+CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of
improper vali ...)
+ TODO: check
CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the
system se ...)
NOT-FOR-US: SuiteCRM
CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to
filter spec ...)
@@ -24082,8 +24102,8 @@ CVE-2021-38676
RESERVED
CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
NOT-FOR-US: QNAP
-CVE-2021-38674
- RESERVED
+CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly'
Flag ...)
NOT-FOR-US: adminlte
CVE-2021-38673
@@ -56529,8 +56549,8 @@ CVE-2021-25745
RESERVED
CVE-2021-25744
RESERVED
-CVE-2021-25743
- RESERVED
+CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences
containe ...)
+ TODO: check
CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user
that can ...)
NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may
be able ...)
@@ -71980,12 +72000,12 @@ CVE-2021-20050 (An Improper Access Control
Vulnerability in the SMA100 series le
NOT-FOR-US: SonicWall
CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows
a remot ...)
NOT-FOR-US: SonicWall
-CVE-2021-20048
- RESERVED
+CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP
response h ...)
+ TODO: check
CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit)
and ear ...)
NOT-FOR-US: SonicWall
-CVE-2021-20046
- RESERVED
+CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP
Content-Length respo ...)
+ TODO: check
CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles
RAC_COPY_TO (RacN ...)
NOT-FOR-US: SonicWall
CVE-2021-20044 (A post-authentication remote command injection vulnerability
in SonicW ...)
@@ -76269,8 +76289,7 @@ CVE-2020-29052
RESERVED
CVE-2020-29051
RESERVED
-CVE-2020-29050 [arbitrary file reads by scattered file snippets]
- RESERVED
+CVE-2020-29050 (SphinxSearch in Sphinx Technologies Sphinx through 3.1.1
allows direct ...)
{DSA-5036-1}
- sphinxsearch 2.2.11-3
NOTE: Backported for sphinxsearch from:
https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
@@ -129025,16 +129044,16 @@ CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS
05.01.00 or earlier do not au
NOT-FOR-US: NCR SelfServ ATMs
CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase
version ...)
NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
-CVE-2020-9061
- RESERVED
-CVE-2020-9060
- RESERVED
-CVE-2020-9059
- RESERVED
-CVE-2020-9058
- RESERVED
-CVE-2020-9057
- RESERVED
+CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets,
includi ...)
+ TODO: check
+CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using
S2, inc ...)
+ TODO: check
+CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using
S0 auth ...)
+ TODO: check
+CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using
CRC-16 ...)
+ TODO: check
+CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series
chipsets ...)
+ TODO: check
CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored
cross-site scr ...)
NOT-FOR-US: Periscope BuySpeed
CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is
vulnera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5319a8844eec54b157e9c4487857f6f56861140
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5319a8844eec54b157e9c4487857f6f56861140
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
