Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67cc2199 by security tracker role at 2022-03-04T08:10:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-26412
+ RESERVED
+CVE-2022-26411
+ RESERVED
+CVE-2022-26410
+ RESERVED
+CVE-2022-26409
+ RESERVED
+CVE-2022-26408
+ RESERVED
+CVE-2022-26407
+ RESERVED
+CVE-2022-26406
+ RESERVED
+CVE-2022-26405
+ RESERVED
+CVE-2022-26404
+ RESERVED
+CVE-2022-26403
+ RESERVED
+CVE-2022-26402
+ RESERVED
+CVE-2022-26401
+ RESERVED
+CVE-2022-26400
+ RESERVED
+CVE-2022-26399
+ RESERVED
+CVE-2022-26398
+ RESERVED
+CVE-2022-26397
+ RESERVED
+CVE-2022-26396
+ RESERVED
+CVE-2022-26395
+ RESERVED
+CVE-2022-26394
+ RESERVED
+CVE-2022-26393
+ RESERVED
+CVE-2022-26392
+ RESERVED
+CVE-2022-26391
+ RESERVED
+CVE-2022-26390
+ RESERVED
+CVE-2022-26389
+ RESERVED
+CVE-2022-26388
+ RESERVED
+CVE-2022-0847
+ RESERVED
+CVE-2022-0846
+ RESERVED
+CVE-2022-0845
+ RESERVED
CVE-2022-26387
RESERVED
CVE-2022-26386
@@ -1825,8 +1881,8 @@ CVE-2022-21238
RESERVED
CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read
while proc ...)
NOT-FOR-US: FATEK Automation
-CVE-2022-0730
- RESERVED
+CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be
bypassed wi ...)
+ TODO: check
CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -3035,8 +3091,8 @@ CVE-2022-25222
RESERVED
CVE-2022-25221
RESERVED
-CVE-2022-25220
- RESERVED
+CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to
inject pe ...)
+ TODO: check
CVE-2022-25219
RESERVED
CVE-2022-25218
@@ -4291,12 +4347,12 @@ CVE-2022-24727
RESERVED
CVE-2022-24726
RESERVED
-CVE-2022-24725
- RESERVED
-CVE-2022-24724
- RESERVED
-CVE-2022-24723
- RESERVED
+CVE-2022-24725 (Shescape is a shell escape package for JavaScript. An issue in
version ...)
+ TODO: check
+CVE-2022-24724 (cmark-gfm is GitHub's extended version of the C reference
implementati ...)
+ TODO: check
+CVE-2022-24723 (URI.js is a Javascript URL mutation library. Before version
1.19.9, wh ...)
+ TODO: check
CVE-2022-24722 (VIewComponent is a framework for building view components in
Ruby on R ...)
NOT-FOR-US: VIewComponent
CVE-2022-24721
@@ -7983,12 +8039,12 @@ CVE-2022-23712
RESERVED
CVE-2022-23711
RESERVED
-CVE-2022-23710
- RESERVED
-CVE-2022-23709
- RESERVED
-CVE-2022-23708
- RESERVED
+CVE-2022-23710 (A cross-site-scripting (XSS) vulnerability was discovered in
the Data ...)
+ TODO: check
+CVE-2022-23709 (A flaw was discovered in Kibana in which users with Read
access to the ...)
+ TODO: check
+CVE-2022-23708 (A flaw was discovered in Elasticsearch 7.17.0’s upgrade
assistan ...)
+ TODO: check
CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using
this vu ...)
- kibana <itp> (bug #700337)
CVE-2022-23706
@@ -9271,8 +9327,8 @@ CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a
use-after-free of ID and
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e
(v2.9.13)
CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist
remdex/l ...)
NOT-FOR-US: livehelperchat
-CVE-2022-0265
- RESERVED
+CVE-2022-0265 (Improper Restriction of XML External Entity Reference in GitHub
reposi ...)
+ TODO: check
CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was
present in A ...)
{DLA-2905-1}
- apache-log4j1.2 1.2.17-11 (bug #1004482)
@@ -10162,10 +10218,10 @@ CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are
vulnerable against stored XS
NOT-FOR-US: Openmct
CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored
XSS via ...)
NOT-FOR-US: Openmct
-CVE-2022-23052
- RESERVED
-CVE-2022-23051
- RESERVED
+CVE-2022-23052 (PeteReport Version 0.5 contains a Cross Site Request Forgery
(CSRF) vu ...)
+ TODO: check
+CVE-2022-23051 (PeteReport Version 0.5 allows an authenticated admin user to
inject pe ...)
+ TODO: check
CVE-2022-23050
RESERVED
CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to
inject persis ...)
@@ -10400,16 +10456,16 @@ CVE-2022-22949
RESERVED
CVE-2022-22948
RESERVED
-CVE-2022-22947
- RESERVED
+CVE-2022-22947 (In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ ,
applicat ...)
+ TODO: check
CVE-2022-22946
RESERVED
CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability.
A malici ...)
NOT-FOR-US: VMware
CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site
scripting (XSS ...)
NOT-FOR-US: VMware
-CVE-2022-22943
- RESERVED
+CVE-2022-22943 (VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0)
contains ...)
+ TODO: check
CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
RESERVED
- linux 5.15.15-2
@@ -19450,8 +19506,7 @@ CVE-2021-4004
RESERVED
CVE-2021-4003
RESERVED
-CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare]
- RESERVED
+CVE-2021-4002 (A memory leak flaw in the Linux kernel's hugetlbfs memory usage
was fo ...)
- linux 5.15.5-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1
@@ -20095,8 +20150,8 @@ CVE-2022-21718
RESERVED
CVE-2022-21717
RESERVED
-CVE-2022-21716
- RESERVED
+CVE-2022-21716 (Twisted is an event-based framework for internet applications,
support ...)
+ TODO: check
CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP
full-stack web fr ...)
- codeigniter <itp> (bug #471583)
CVE-2022-21714
@@ -32152,8 +32207,7 @@ CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
CVE-2021-3763
RESERVED
NOT-FOR-US: Red Hat AMQ Broker
-CVE-2021-3762
- RESERVED
+CVE-2021-3762 (A directory traversal vulnerability was found in the ClairCore
engine ...)
NOT-FOR-US: Quay/clair
CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions
prior t ...)
NOT-FOR-US: Apache OpenOffice
@@ -36652,10 +36706,10 @@ CVE-2021-38580
RESERVED
CVE-2021-38579
RESERVED
-CVE-2021-38578
- RESERVED
-CVE-2021-38577
- RESERVED
+CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch
underflow w ...)
+ TODO: check
+CVE-2021-38577 (Heap Overflow in BaseBmpSupportLib. ...)
+ TODO: check
CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the
Platform a ...)
- edk2 <undetermined>
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private)
@@ -42290,8 +42344,7 @@ CVE-2021-36352 (Stored cross-site scripting (XSS)
vulnerability in Care2x Hospit
NOT-FOR-US: Care2x Hospital Information Management
CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital
Information ...)
NOT-FOR-US: Care2x Open Source Hospital Information Management
-CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
- RESERVED
+CVE-2021-3640 (A flaw use-after-free in function sco_sock_sendmsg() of the
Linux kern ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
@@ -42536,8 +42589,7 @@ CVE-2020-36418
RESERVED
CVE-2020-36417
RESERVED
-CVE-2021-3638 [ati-vga: inconsistent check in ati_2d_blt() may lead to
out-of-bounds write]
- RESERVED
+CVE-2021-3638 (An out-of-bounds memory access flaw was found in the ATI VGA
device em ...)
{DSA-4980-1}
- qemu 1:6.1+dfsg-6 (bug #992726)
[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA
device emulation added later)
@@ -57943,15 +57995,13 @@ CVE-2021-30162 (An issue was discovered on LG mobile
devices with Android OS 4.4
NOT-FOR-US: LG mobile devices
CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS
11 softwa ...)
NOT-FOR-US: LG mobile devices
-CVE-2021-26948
- RESERVED
+CVE-2021-26948 (Null pointer dereference in the htmldoc v1.9.11 and before may
allow a ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/410
NOTE:
https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
NOTE: Crash in CLI tool, no security impact
-CVE-2021-26259
- RESERVED
+CVE-2021-26259 (A flaw was found in htmldoc in v1.9.12. Heap buffer overflow
in render ...)
{DSA-4928-1 DLA-2700-1}
- htmldoc 1.9.11-4 (unimportant; bug #989437)
NOTE: https://github.com/michaelrsweet/htmldoc/issues/417
@@ -76361,25 +76411,25 @@ CVE-2021-3026 (Invision Community IPS Community Suite
before 4.5.4.2 allows XSS
CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows
SQL Injec ...)
NOT-FOR-US: Invision Community IPS Community
CVE-2021-22695
- RESERVED
+ REJECTED
CVE-2021-22694
- RESERVED
+ REJECTED
CVE-2021-22693
- RESERVED
+ REJECTED
CVE-2021-22692
- RESERVED
+ REJECTED
CVE-2021-22691
- RESERVED
+ REJECTED
CVE-2021-22690
- RESERVED
+ REJECTED
CVE-2021-22689
- RESERVED
+ REJECTED
CVE-2021-22688
- RESERVED
+ REJECTED
CVE-2021-22687
- RESERVED
+ REJECTED
CVE-2021-22686
- RESERVED
+ REJECTED
CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1
and OpsCe ...)
NOT-FOR-US: Veritas
CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and
3.5. It ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67cc21997fa343aea26cfc31f3906b0f85337183
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67cc21997fa343aea26cfc31f3906b0f85337183
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
