Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
504e4d73 by security tracker role at 2022-01-11T20:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2022-23125
+ RESERVED
+CVE-2022-23124
+ RESERVED
+CVE-2022-23123
+ RESERVED
+CVE-2022-23122
+ RESERVED
+CVE-2022-23121
+ RESERVED
+CVE-2022-23120
+ RESERVED
+CVE-2022-23119
+ RESERVED
+CVE-2022-23118
+ RESERVED
+CVE-2022-23117
+ RESERVED
+CVE-2022-23116
+ RESERVED
+CVE-2022-23115
+ RESERVED
+CVE-2022-23114
+ RESERVED
+CVE-2022-23113
+ RESERVED
+CVE-2022-23112
+ RESERVED
+CVE-2022-23111
+ RESERVED
+CVE-2022-23110
+ RESERVED
+CVE-2022-23109
+ RESERVED
+CVE-2022-23108
+ RESERVED
+CVE-2022-23107
+ RESERVED
+CVE-2022-23106
+ RESERVED
+CVE-2022-23105
+ RESERVED
+CVE-2022-23102
+ RESERVED
+CVE-2022-21236
+ RESERVED
+CVE-2022-21217
+ RESERVED
+CVE-2022-21134
+ RESERVED
+CVE-2022-0194
+ RESERVED
+CVE-2022-0193
+ RESERVED
+CVE-2022-0192
+ RESERVED
+CVE-2022-0191
+ RESERVED
+CVE-2022-0190
+ RESERVED
+CVE-2022-0189
+ RESERVED
+CVE-2022-0188
+ RESERVED
+CVE-2022-0187
+ RESERVED
+CVE-2022-0186
+ RESERVED
+CVE-2022-0185
+ RESERVED
+CVE-2022-0184
+ RESERVED
+CVE-2022-0183
+ RESERVED
+CVE-2020-36515
+ RESERVED
CVE-2022-23101
RESERVED
CVE-2022-23100
@@ -528,14 +604,14 @@ CVE-2022-0175
RESERVED
CVE-2022-0174 (dolibarr is vulnerable to Business Logic Errors ...)
- dolibarr <removed>
-CVE-2022-0173
- RESERVED
+CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
+ TODO: check
CVE-2022-0172
RESERVED
CVE-2022-0171
RESERVED
-CVE-2022-0170
- RESERVED
+CVE-2022-0170 (peertube is vulnerable to Improper Access Control ...)
+ TODO: check
CVE-2022-0169
RESERVED
CVE-2022-0168
@@ -1284,6 +1360,7 @@ CVE-2021-4201
CVE-2022-22708
RESERVED
CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the
mod_extforward_Forwarded functi ...)
+ {DSA-5040-1}
- lighttpd <unfixed>
NOTE: https://redmine.lighttpd.net/issues/3134
NOTE:
https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
@@ -1366,8 +1443,8 @@ CVE-2021-46141 (An issue was discovered in uriparser
before 0.9.6. It performs i
NOTE: https://github.com/uriparser/uriparser/pull/124
CVE-2022-22678
RESERVED
-CVE-2022-0129
- RESERVED
+CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee
TechCheck pri ...)
+ TODO: check
CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...)
- vim <unfixed>
[bullseye] - vim <not-affected> (Vulnerable code introduced later)
@@ -4252,8 +4329,8 @@ CVE-2021-4158 [NULL pointer dereference in pci_write() in
hw/acpi/pcihp.c]
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html
CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87,
15.0.19.88, 1 ...)
NOT-FOR-US: FreePBX
-CVE-2021-45460
- RESERVED
+CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All
versions ...)
+ TODO: check
CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
RESERVED
- linux 5.10.38-1
@@ -6253,10 +6330,10 @@ CVE-2021-45036
RESERVED
CVE-2021-45035
RESERVED
-CVE-2021-45034
- RESERVED
-CVE-2021-45033
- RESERVED
+CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE
WITH I/O ...)
+ TODO: check
+CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE
WITH I/O ...)
+ TODO: check
CVE-2021-45032
RESERVED
CVE-2021-45031
@@ -7342,8 +7419,8 @@ CVE-2021-44649
RESERVED
CVE-2021-44648
RESERVED
-CVE-2021-44647
- RESERVED
+CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in
funcname ...)
+ TODO: check
CVE-2021-44646
RESERVED
CVE-2021-44645
@@ -9454,14 +9531,14 @@ CVE-2022-21673
RESERVED
CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI
configuratio ...)
TODO: check
-CVE-2022-21671
- RESERVED
+CVE-2022-21671 (@replit/crosis is a JavaScript client that speaks Replit's
container p ...)
+ TODO: check
CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2,
special patt ...)
- node-markdown-it <unfixed>
NOTE:
https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
NOTE:
https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101
(12.3.2)
-CVE-2022-21669
- RESERVED
+CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652
and pri ...)
+ TODO: check
CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with
version 20 ...)
TODO: check
CVE-2022-21667 (soketi is an open-source WebSockets server. There is an
unhandled case ...)
@@ -9471,21 +9548,25 @@ CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is
a content management sys
CVE-2022-21665
RESERVED
CVE-2022-21664 (WordPress is a free and open-source content management system
written ...)
+ {DSA-5039-1}
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
NOTE:
https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
CVE-2022-21663 (WordPress is a free and open-source content management system
written ...)
+ {DSA-5039-1}
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
NOTE: https://hackerone.com/reports/541469
CVE-2022-21662 (WordPress is a free and open-source content management system
written ...)
+ {DSA-5039-1}
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
NOTE: https://hackerone.com/reports/425342
CVE-2022-21661 (WordPress is a free and open-source content management system
written ...)
+ {DSA-5039-1}
- wordpress 5.8.3+dfsg1-1 (bug #1003243)
NOTE:
https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
@@ -11291,8 +11372,7 @@ CVE-2021-43568 (The verify function in the Stark Bank
Elixir ECDSA library (ecds
NOT-FOR-US: Stark bank libraries
CVE-2021-43567
RESERVED
-CVE-2021-43566
- RESERVED
+CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a
malicious c ...)
- samba <unfixed>
[bullseye] - samba <no-dsa> (Minor issue; no backport to older
versions, mitigations exists)
[buster] - samba <no-dsa> (Minor issue; no backport to older versions,
mitigations exists)
@@ -13630,14 +13710,14 @@ CVE-2021-43057 (An issue was discovered in the Linux
kernel before 5.14.8. A use
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
-CVE-2021-43055
- RESERVED
-CVE-2021-43054
- RESERVED
-CVE-2021-43053
- RESERVED
-CVE-2021-43052
- RESERVED
+CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL
- Commun ...)
+ TODO: check
+CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL
- Commun ...)
+ TODO: check
+CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL
- Commun ...)
+ TODO: check
+CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL
- Commun ...)
+ TODO: check
CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
NOT-FOR-US: Spotfire Server component of TIBCO
CVE-2021-43050
@@ -17977,8 +18057,8 @@ CVE-2021-41770 (Ping Identity PingFederate before
10.3.1 mishandles pre-parsing
NOT-FOR-US: Ping Identity PingFederate
CVE-2021-3838
RESERVED
-CVE-2021-41769
- RESERVED
+CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85
devices (CPU v ...)
+ TODO: check
CVE-2021-41768
RESERVED
CVE-2021-41767
@@ -24730,8 +24810,8 @@ CVE-2021-38993
RESERVED
CVE-2021-38992
RESERVED
-CVE-2021-38991
- RESERVED
+CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged
local user ...)
NOT-FOR-US: IBM
CVE-2021-38989
@@ -29121,14 +29201,14 @@ CVE-2021-37200 (A vulnerability has been identified
in SINEC NMS (All versions &
NOT-FOR-US: Siemens
CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All
versions), ...)
NOT-FOR-US: Siemens
-CVE-2021-37198
- RESERVED
-CVE-2021-37197
- RESERVED
-CVE-2021-37196
- RESERVED
-CVE-2021-37195
- RESERVED
+CVE-2021-37198 (A vulnerability has been identified in COMOS (All versions
< V10.4. ...)
+ TODO: check
+CVE-2021-37197 (A vulnerability has been identified in COMOS (All versions
< V10.4. ...)
+ TODO: check
+CVE-2021-37196 (A vulnerability has been identified in COMOS (All versions
< V10.4. ...)
+ TODO: check
+CVE-2021-37195 (A vulnerability has been identified in COMOS (All versions
< V10.4. ...)
+ TODO: check
CVE-2021-37194
RESERVED
CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
@@ -34970,8 +35050,8 @@ CVE-2021-34706 (A vulnerability in the web-based
management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP)
service ...)
NOT-FOR-US: Cisco
-CVE-2021-34704
- RESERVED
+CVE-2021-34704 (A vulnerability in the web services interface of Cisco
Adaptive Securi ...)
+ TODO: check
CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
message pa ...)
NOT-FOR-US: Cisco
CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco
Identit ...)
@@ -47827,8 +47907,8 @@ CVE-2021-29703 (Db2 for Linux, UNIX and Windows
(includes Db2 Connect Server) is
NOT-FOR-US: IBM
CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)
11.1.4 a ...)
NOT-FOR-US: IBM
-CVE-2021-29701
- RESERVED
+CVE-2021-29701 (IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as
well as I ...)
+ TODO: check
CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through
6.1.1.0 c ...)
NOT-FOR-US: IBM
CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote
priviled ...)
@@ -53563,7 +53643,7 @@ CVE-2021-27395 (A vulnerability has been identified in
SIMATIC Process Historian
NOT-FOR-US: Siemens
CVE-2021-27394 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Mendix Applications (Siemens)
-CVE-2021-27393 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
+CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open
Network ...)
NOT-FOR-US: Siveillance
@@ -58033,7 +58113,7 @@ CVE-2021-3190 (The async-git package before 1.13.2 for
Node.js allows OS Command
NOT-FOR-US: Node async-git
CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All
versions ...)
NOT-FOR-US: Solid Edge (Siemens)
-CVE-2021-25677 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
+CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224
(V6.3), SCALAN ...)
NOT-FOR-US: Siemens
@@ -78674,8 +78754,8 @@ CVE-2021-1575 (A vulnerability in the web-based
management interface of Cisco Vi
NOT-FOR-US: Cisco
CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1573
- RESERVED
+CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
+ TODO: check
CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local
attacker ...)
NOT-FOR-US: Cisco
CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -82587,10 +82667,10 @@ CVE-2020-28105
RESERVED
CVE-2020-28104
RESERVED
-CVE-2020-28103
- RESERVED
-CVE-2020-28102
- RESERVED
+CVE-2020-28103 (cscms v4.1 allows for SQL injection via the "page_del"
function. ...)
+ TODO: check
+CVE-2020-28102 (cscms v4.1 allows for SQL injection via the "js_del" function.
...)
+ TODO: check
CVE-2020-28101
RESERVED
CVE-2020-28100
@@ -83931,11 +84011,11 @@ CVE-2020-27739 (A Weak Session Management
vulnerability in Citadel WebCit throug
- webcit <removed> (bug #973385)
[buster] - webcit <ignored> (Minor issue)
[stretch] - webcit <ignored> (Minor issue)
-CVE-2020-27738 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
+CVE-2020-27738 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27737 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
+CVE-2020-27737 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
-CVE-2020-27736 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
+CVE-2020-27736 (A vulnerability has been identified in Nucleus NET (All
versions), Nuc ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary
IFRAME ele ...)
NOT-FOR-US: Wing FTP
@@ -85948,7 +86028,7 @@ CVE-2020-27011
RESERVED
CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro
InterScan We ...)
NOT-FOR-US: Trend Micro
-CVE-2020-27009 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
+CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All
versions < ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions
< V13.1. ...)
NOT-FOR-US: JT2Go
@@ -111016,7 +111096,7 @@ CVE-2020-15797 (A vulnerability has been identified
in DCA Vantage Analyzer (All
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open
Controlle ...)
NOT-FOR-US: Siemens
-CVE-2020-15795 (A vulnerability has been identified in Capital VSTAR (Versions
includi ...)
+CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All
versions < ...)
NOT-FOR-US: Nucleus (Siemens)
CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All
versions). ...)
NOT-FOR-US: Desigo Insight
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504e4d73dc4bd3508fd4d079bdb53c4a3dcb7235
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504e4d73dc4bd3508fd4d079bdb53c4a3dcb7235
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
