Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5b6e3446 by security tracker role at 2022-03-03T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-26387
+ RESERVED
+CVE-2022-26386
+ RESERVED
+CVE-2022-26385
+ RESERVED
+CVE-2022-26384
+ RESERVED
+CVE-2022-26383
+ RESERVED
+CVE-2022-26382
+ RESERVED
+CVE-2022-26381
+ RESERVED
+CVE-2022-26380
+ RESERVED
+CVE-2022-26379
+ RESERVED
+CVE-2022-26378
+ RESERVED
+CVE-2022-26377
+ RESERVED
+CVE-2022-26073
+ RESERVED
+CVE-2022-25989
+ RESERVED
+CVE-2022-0844
+ RESERVED
+CVE-2022-0843
+ RESERVED
+CVE-2022-0842
+ RESERVED
+CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile
prior to ...)
+ TODO: check
+CVE-2022-0840
+ RESERVED
+CVE-2022-0839
+ RESERVED
+CVE-2022-0838
+ RESERVED
+CVE-2022-0837
+ RESERVED
+CVE-2022-0836
+ RESERVED
CVE-2022-26365
RESERVED
CVE-2022-26364
@@ -716,16 +760,16 @@ CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build
10586 is vulnerable to inf
CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11.
The mixed ...)
- linux <unfixed>
NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884
-CVE-2022-26129
- RESERVED
-CVE-2022-26128
- RESERVED
-CVE-2022-26127
- RESERVED
-CVE-2022-26126
- RESERVED
-CVE-2022-26125
- RESERVED
+CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through
8.1.0 due t ...)
+ TODO: check
+CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through
8.1.0 due ...)
+ TODO: check
+CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through
8.1.0 due ...)
+ TODO: check
+CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through
8.1.0 due t ...)
+ TODO: check
+CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through
8.1.0 due t ...)
+ TODO: check
CVE-2022-26122
RESERVED
CVE-2022-26121
@@ -1330,8 +1374,8 @@ CVE-2022-0755
RESERVED
CVE-2022-0754
RESERVED
-CVE-2022-0753
- RESERVED
+CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository
hestiacp/h ...)
+ TODO: check
CVE-2022-0752
RESERVED
CVE-2022-0751
@@ -3298,8 +3342,8 @@ CVE-2022-25140
RESERVED
CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a
heap use ...)
NOT-FOR-US: njs
-CVE-2022-25138
- RESERVED
+CVE-2022-25138 (Axelor Open Suite v5.0 was discovered to contain a stored
cross-site s ...)
+ TODO: check
CVE-2022-25137 (A command injection vulnerability in the function
recvSlaveUpgstatus o ...)
NOT-FOR-US: TOTOLINK
CVE-2022-25136 (A command injection vulnerability in the function
meshSlaveUpdate of T ...)
@@ -3324,8 +3368,8 @@ CVE-2022-25127
RESERVED
CVE-2022-25126
RESERVED
-CVE-2022-25125
- RESERVED
+CVE-2022-25125 (MCMS v5.2.4 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
CVE-2022-25124
RESERVED
CVE-2022-25123
@@ -3518,8 +3562,8 @@ CVE-2022-25033
RESERVED
CVE-2022-25032
RESERVED
-CVE-2022-25031
- RESERVED
+CVE-2022-25031 (Remote Desktop Commander Suite Agent before v4.8 contains an
unquoted ...)
+ TODO: check
CVE-2022-25030
RESERVED
CVE-2022-25029 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
@@ -5170,8 +5214,7 @@ CVE-2022-21233
RESERVED
CVE-2022-21128
RESERVED
-CVE-2022-0492 [cgroup-v1: Require capabilities to set release_agent]
- RESERVED
+CVE-2022-0492 (A vulnerability was found in the Linux kernel’s
cgroup_release_a ...)
- linux 5.16.7-1
NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1
NOTE:
https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af
@@ -6813,7 +6856,7 @@ CVE-2022-23961
CVE-2022-23960
RESERVED
CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish
Cache 6.0 ...)
- {DLA-2920-1}
+ {DSA-5088-1 DLA-2920-1}
- varnish <unfixed> (bug #1004433)
NOTE: https://varnish-cache.org/security/VSV00008.html
NOTE: https://docs.varnish-software.com/security/VSV00008/
@@ -7028,10 +7071,10 @@ CVE-2022-23901
RESERVED
CVE-2022-23900
RESERVED
-CVE-2022-23899
- RESERVED
-CVE-2022-23898
- RESERVED
+CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
+CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
CVE-2022-23897
RESERVED
CVE-2022-23896
@@ -8050,8 +8093,7 @@ CVE-2022-23650 (Netmaker is a platform for creating and
managing virtual overlay
NOT-FOR-US: Netmaker
CVE-2022-23649 (Cosign provides container signing, verification, and storage
in an OCI ...)
NOT-FOR-US: Cosign
-CVE-2022-23648
- RESERVED
+CVE-2022-23648 (containerd is a container runtime available as a daemon for
Linux and ...)
- containerd 1.6.1~ds1-1
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
NOTE: https://www.openwall.com/lists/oss-security/2022/03/02/1
@@ -11503,8 +11545,8 @@ CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the
mod_extforward_Forwarded
[stretch] - lighttpd <not-affected> (Vulnerable code not present; the
issue was introduced in later versions)
NOTE: https://redmine.lighttpd.net/issues/3134
NOTE:
https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
-CVE-2022-22706
- RESERVED
+CVE-2022-22706 (An Arm product family through 2022-01-03 has an Exposed
Dangerous Meth ...)
+ TODO: check
CVE-2022-22705
RESERVED
CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux
sometimes a ...)
@@ -11515,8 +11557,8 @@ CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the
functionality to upload
NOT-FOR-US: PartKeepr
CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL
while c ...)
NOT-FOR-US: PartKeepr
-CVE-2022-22700
- RESERVED
+CVE-2022-22700 (CyberArk Identity versions up to and including 22.1 in the
'StartAuthe ...)
+ TODO: check
CVE-2022-22699
RESERVED
CVE-2022-22698
@@ -13721,8 +13763,8 @@ CVE-2021-45821
RESERVED
CVE-2021-45820
RESERVED
-CVE-2021-45819
- RESERVED
+CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted
service ...)
+ TODO: check
CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection
vulnerability wh ...)
NOT-FOR-US: SAFARI Montage
CVE-2021-45817
@@ -20720,8 +20762,8 @@ CVE-2021-3966
RESERVED
CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to
unauthenticated HTT ...)
NOT-FOR-US: HP
-CVE-2021-43774
- RESERVED
+CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm
DocuCentre-VI C4471 ...)
+ TODO: check
CVE-2021-43773
RESERVED
CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a
vulnerability th ...)
@@ -31583,12 +31625,12 @@ CVE-2021-40639 (Improper access control in Jfinal CMS
5.1.0 allows attackers to
NOT-FOR-US: Jfinal CMS
CVE-2021-40638
RESERVED
-CVE-2021-40637
- RESERVED
-CVE-2021-40636
- RESERVED
-CVE-2021-40635
- RESERVED
+CVE-2021-40637 (OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in
EmailCh ...)
+ TODO: check
+CVE-2021-40636 (OS4ED openSIS 8.0 is affected by SQL Injection in
CheckDuplicateName.p ...)
+ TODO: check
+CVE-2021-40635 (OS4ED openSIS 8.0 is affected by SQL injection in
ChooseCpSearch.php, ...)
+ TODO: check
CVE-2021-40634
RESERVED
CVE-2021-40633
@@ -41407,6 +41449,7 @@ CVE-2021-36728
CVE-2021-36727
RESERVED
CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling
and VCL a ...)
+ {DSA-5088-1}
- varnish 6.5.2-1 (bug #991040)
[stretch] - varnish <ignored> (HTTP/2 support is marked experimental in
5.0 and enabling is not recommended, code is quite different)
NOTE: https://varnish-cache.org/security/VSV00007.html
@@ -44316,8 +44359,7 @@ CVE-2021-3621 (A flaw was found in SSSD, where the
sssctl command was vulnerable
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
NOTE:
https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
NOTE: Introduced by
https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba
(v1.13.91)
-CVE-2021-3620
- RESERVED
+CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module,
where ...)
- ansible <unfixed>
[bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed
upstream)
[buster] - ansible <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -45373,8 +45415,7 @@ CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x
before 3.2.5 allows QuerySe
NOTE: Issue did affect only the experimental version and fixed in
2:3.2.5-1
CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when
dealing w ...)
NOT-FOR-US: FISCO-BCOS
-CVE-2021-3609
- RESERVED
+CVE-2021-3609 (.A flaw was found in the CAN BCM networking protocol in the
Linux kern ...)
{DSA-4941-1 DLA-2714-1 DLA-2713-1}
- linux 5.10.46-1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1
@@ -46136,8 +46177,7 @@ CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a
vulnerability that can resu
[stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with
next DLA)
NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
NOTE:
https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3
(v6.5.0)
-CVE-2021-3602 [Host environment variables leaked in build container when using
chroot isolation]
- RESERVED
+CVE-2021-3602 (An information disclosure flaw was found in Buildah, when
building con ...)
- golang-github-containers-buildah <unfixed>
[bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue)
NOTE:
https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b6e3446e9226b264e3331f9ccf103893dd5e94b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b6e3446e9226b264e3331f9ccf103893dd5e94b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
