Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b21a862c by security tracker role at 2022-03-02T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-26354
+ RESERVED
+CVE-2022-26353
+ RESERVED
+CVE-2022-0835
+ RESERVED
+CVE-2022-0834
+ RESERVED
+CVE-2022-0833
+ RESERVED
+CVE-2022-0832
+ RESERVED
+CVE-2022-0831
+ RESERVED
+CVE-2022-0830
+ RESERVED
+CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior
to 1.9 ...)
+ TODO: check
+CVE-2022-0828
+ RESERVED
+CVE-2022-0827
+ RESERVED
+CVE-2022-0826
+ RESERVED
+CVE-2022-0825
+ RESERVED
+CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub
repository ...)
+ TODO: check
+CVE-2022-0823
+ RESERVED
CVE-2022-26352
RESERVED
CVE-2022-26351
@@ -62,8 +92,8 @@ CVE-2022-0821
RESERVED
CVE-2022-0820
RESERVED
-CVE-2022-0819
- RESERVED
+CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to
15.0.1. ...)
+ TODO: check
CVE-2022-0818
RESERVED
CVE-2022-0817
@@ -1781,8 +1811,8 @@ CVE-2022-25637
RESERVED
CVE-2022-25635
RESERVED
-CVE-2022-25634
- RESERVED
+CVE-2022-25634 (Qt through 5.15.8 and 6.x through 6.2.3 can load system
library files ...)
+ TODO: check
CVE-2022-25633
RESERVED
CVE-2022-25632
@@ -3500,8 +3530,8 @@ CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow
attackers to execute arbit
TODO: check if reported upstream
CVE-2022-25017
RESERVED
-CVE-2022-25016
- RESERVED
+CVE-2022-25016 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
+ TODO: check
CVE-2022-25015 (A stored cross-site scripting (XSS) vulnerability in Ice Hrm
30.0.0.OS ...)
NOT-FOR-US: Ice Hrm
CVE-2022-25014 (Ice Hrm 30.0.0.OS was discovered to contain a reflected
cross-site scr ...)
@@ -4936,8 +4966,8 @@ CVE-2022-24449
CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel
before 5.1 ...)
- linux 5.16.7-1
NOTE: Fixed by:
https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2)
-CVE-2022-24447
- RESERVED
+CVE-2022-24447 (An issue was discovered in Zoho ManageEngine Key Manager Plus
before 6 ...)
+ TODO: check
CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus
6.1.6. A ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24445
@@ -5374,10 +5404,10 @@ CVE-2022-24308
RESERVED
CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect
access cont ...)
NOT-FOR-US: Mastodon
-CVE-2022-24306
- RESERVED
-CVE-2022-24305
- RESERVED
+CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows
account t ...)
+ TODO: check
+CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is
vulnerable to ...)
+ TODO: check
CVE-2022-24304
RESERVED
CVE-2022-24303
@@ -7015,8 +7045,8 @@ CVE-2022-23880
RESERVED
CVE-2022-23879
RESERVED
-CVE-2022-23878
- RESERVED
+CVE-2022-23878 (seacms V11.5 is affected by an arbitrary code execution
vulnerability ...)
+ TODO: check
CVE-2022-23877
RESERVED
CVE-2022-23876
@@ -7713,8 +7743,8 @@ CVE-2022-0316
RESERVED
CVE-2022-0315
RESERVED
-CVE-2022-23779
- RESERVED
+CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes
the insta ...)
+ TODO: check
CVE-2022-23778
RESERVED
CVE-2022-23777
@@ -8712,8 +8742,8 @@ CVE-2022-23397
RESERVED
CVE-2022-23396
RESERVED
-CVE-2022-23395
- RESERVED
+CVE-2022-23395 (jQuery Cookie 1.4.1 is affected by prototype pollution, which
can lead ...)
+ TODO: check
CVE-2022-23394
RESERVED
CVE-2022-23393
@@ -8930,7 +8960,7 @@ CVE-2021-46390
RESERVED
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to
commit 882925 ...)
NOT-FOR-US: IIPImage High Resolution Streaming Image Server
-CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17)
is affec ...)
+CVE-2021-46388 (** DISPUTED ** WAGO 750-8212 PFC200 G2 2ETH RS Firmware
version 03.05. ...)
NOT-FOR-US: WAGO
CVE-2021-46387 (ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by
Cross S ...)
TODO: check
@@ -12404,8 +12434,8 @@ CVE-2022-22352
RESERVED
CVE-2022-22351
RESERVED
-CVE-2022-22350
- RESERVED
+CVE-2022-22350 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0,
and 6.0. ...)
NOT-FOR-US: IBM
CVE-2022-22348
@@ -12502,12 +12532,12 @@ CVE-2022-22305
RESERVED
CVE-2022-22304
RESERVED
-CVE-2022-22303
- RESERVED
+CVE-2022-22303 (An exposure of sensitive system information to an unauthorized
control ...)
+ TODO: check
CVE-2022-22302
RESERVED
-CVE-2022-22301
- RESERVED
+CVE-2022-22301 (An improper neutralization of special elements used in an OS
Command v ...)
+ TODO: check
CVE-2022-22300 (A improper handling of insufficient permissions or privileges
in Forti ...)
TODO: check
CVE-2022-22299
@@ -19247,8 +19277,8 @@ CVE-2021-44168 (A download of code without integrity
check vulnerability in the
NOT-FOR-US: FortiGuard
CVE-2021-44167
RESERVED
-CVE-2021-44166
- RESERVED
+CVE-2021-44166 (An improper access control vulnerability [CWE-284 ] in
FortiToken Mobi ...)
+ TODO: check
CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
CVE-2021-44164 (Chain Sea ai chatbot system’s file upload function has
insuffici ...)
@@ -24369,8 +24399,8 @@ CVE-2021-43072
RESERVED
CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version
6.4.1 and 6. ...)
NOT-FOR-US: FortiGuard
-CVE-2021-43070
- RESERVED
+CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in
FortiWLM ...)
+ TODO: check
CVE-2021-43069
RESERVED
CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator
version 6.4.0 ...)
@@ -35631,8 +35661,8 @@ CVE-2021-38998
RESERVED
CVE-2021-38997
RESERVED
-CVE-2021-38996
- RESERVED
+CVE-2021-38996 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
NOT-FOR-US: IBM
CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
@@ -37378,8 +37408,8 @@ CVE-2021-38270
RESERVED
CVE-2021-38269
RESERVED
-CVE-2021-38268
- RESERVED
+CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal through
v7.3.6 and L ...)
+ TODO: check
CVE-2021-38267
RESERVED
CVE-2021-38266
@@ -45346,8 +45376,8 @@ CVE-2021-35038
RESERVED
CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect
vulnera ...)
NOT-FOR-US: Jamf Pro
-CVE-2021-35036 (A command injection vulnerability in the web interface of the
Zyxel NW ...)
- TODO: check
+CVE-2021-35036
+ REJECTED
CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in
the Zyxe ...)
NOT-FOR-US: Zyxel
CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI
program of ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21a862c0e35007f1c20ea3a573442292e820bef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b21a862c0e35007f1c20ea3a573442292e820bef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
