Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f788a05 by security tracker role at 2022-03-10T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2022-26849
+ RESERVED
+CVE-2022-26848
+ RESERVED
+CVE-2022-26843
+ RESERVED
+CVE-2022-26832
+ RESERVED
+CVE-2022-26831
+ RESERVED
+CVE-2022-26830
+ RESERVED
+CVE-2022-26829
+ RESERVED
+CVE-2022-26828
+ RESERVED
+CVE-2022-26827
+ RESERVED
+CVE-2022-26826
+ RESERVED
+CVE-2022-26825
+ RESERVED
+CVE-2022-26824
+ RESERVED
+CVE-2022-26823
+ RESERVED
+CVE-2022-26822
+ RESERVED
+CVE-2022-26821
+ RESERVED
+CVE-2022-26820
+ RESERVED
+CVE-2022-26819
+ RESERVED
+CVE-2022-26818
+ RESERVED
+CVE-2022-26817
+ RESERVED
+CVE-2022-26816
+ RESERVED
+CVE-2022-26815
+ RESERVED
+CVE-2022-26814
+ RESERVED
+CVE-2022-26813
+ RESERVED
+CVE-2022-26812
+ RESERVED
+CVE-2022-26811
+ RESERVED
+CVE-2022-26810
+ RESERVED
+CVE-2022-26809
+ RESERVED
+CVE-2022-26808
+ RESERVED
+CVE-2022-26807
+ RESERVED
+CVE-2022-26806
+ RESERVED
+CVE-2022-26805
+ RESERVED
+CVE-2022-26804
+ RESERVED
+CVE-2022-26803
+ RESERVED
+CVE-2022-26802
+ RESERVED
+CVE-2022-26801
+ RESERVED
+CVE-2022-26800
+ RESERVED
+CVE-2022-26799
+ RESERVED
+CVE-2022-26798
+ RESERVED
+CVE-2022-26797
+ RESERVED
+CVE-2022-26796
+ RESERVED
+CVE-2022-26795
+ RESERVED
+CVE-2022-26794
+ RESERVED
+CVE-2022-26793
+ RESERVED
+CVE-2022-26792
+ RESERVED
+CVE-2022-26791
+ RESERVED
+CVE-2022-26790
+ RESERVED
+CVE-2022-26789
+ RESERVED
+CVE-2022-26788
+ RESERVED
+CVE-2022-26787
+ RESERVED
+CVE-2022-26786
+ RESERVED
+CVE-2022-26785
+ RESERVED
+CVE-2022-26784
+ RESERVED
+CVE-2022-26783
+ RESERVED
+CVE-2022-26512
+ RESERVED
+CVE-2022-26425
+ RESERVED
+CVE-2022-26421
+ RESERVED
+CVE-2022-26342
+ RESERVED
+CVE-2022-26076
+ RESERVED
+CVE-2022-26062
+ RESERVED
+CVE-2022-26052
+ RESERVED
+CVE-2022-26032
+ RESERVED
+CVE-2022-26009
+ RESERVED
+CVE-2022-25996
+ RESERVED
+CVE-2022-25987
+ RESERVED
+CVE-2022-25915
+ RESERVED
+CVE-2022-25905
+ RESERVED
+CVE-2022-0910
+ RESERVED
+CVE-2022-0909
+ RESERVED
+CVE-2022-0908
+ RESERVED
+CVE-2022-0907
+ RESERVED
CVE-2022-26782
RESERVED
CVE-2022-26781
@@ -51,8 +191,8 @@ CVE-2022-0891 (A heap buffer overflow in ExtractImageSection
function in tiffcro
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/380
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/382
-CVE-2022-0890
- RESERVED
+CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior
to 3.2 ...)
+ TODO: check
CVE-2022-26776
RESERVED
CVE-2022-26775
@@ -271,11 +411,13 @@ CVE-2022-0882
RESERVED
CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository
chocobo ...)
- peertube <itp> (bug #950821)
-CVE-2022-26847
+CVE-2022-26847 (SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated
access ...)
+ {DSA-5093-1}
- spip 4.0.5-1
NOTE:
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE:
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
-CVE-2022-26846
+CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote
authenticated ed ...)
+ {DSA-5093-1}
- spip 4.0.5-1
NOTE:
https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE:
https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
@@ -329,8 +471,8 @@ CVE-2022-26654
RESERVED
CVE-2022-26653
RESERVED
-CVE-2022-26652
- RESERVED
+CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with
write a ...)
+ TODO: check
CVE-2022-26651
RESERVED
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to
v11.2.0.1025 ...)
@@ -977,12 +1119,14 @@ CVE-2022-0845 (Code Injection in GitHub repository
pytorchlightning/pytorch-ligh
NOT-FOR-US: pytorchlightning
CVE-2022-26387
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26387
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26387
CVE-2022-26386
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox-esr 91.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386
CVE-2022-26385
@@ -991,12 +1135,14 @@ CVE-2022-26385
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385
CVE-2022-26384
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26384
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384
CVE-2022-26383
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26383
@@ -1007,6 +1153,7 @@ CVE-2022-26382
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382
CVE-2022-26381
RESERVED
+ {DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26381
@@ -2950,8 +3097,8 @@ CVE-2022-0717 (Out-of-bounds Read in GitHub repository
mruby/mruby prior to 3.2.
NOTE:
https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76
CVE-2022-0716
RESERVED
-CVE-2022-0715
- RESERVED
+CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that
could cau ...)
+ TODO: check
CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2.4 ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -4133,8 +4280,8 @@ CVE-2022-23986 (SQL injection vulnerability in the
phpUploader v1.2 and earlier
NOT-FOR-US: phpUploader
CVE-2022-21159
RESERVED
-CVE-2022-0618
- RESERVED
+CVE-2022-0618 (A program using swift-nio-http2 is vulnerable to a denial of
service a ...)
+ TODO: check
CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file
system fu ...)
{DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1}
- linux 5.16.7-1
@@ -4963,12 +5110,12 @@ CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and
1.17.x before 1.17.8 all
NOTE:
https://github.com/golang/go/commit/ac071634c487eb6ac5422652de3c7c18fba7c522
(go1.17.8)
CVE-2022-24920
RESERVED
-CVE-2022-24919
- RESERVED
-CVE-2022-24918
- RESERVED
-CVE-2022-24917
- RESERVED
+CVE-2022-24919 (An authenticated user can create a link with reflected
Javascript code ...)
+ TODO: check
+CVE-2022-24918 (An authenticated user can create a link with reflected
Javascript code ...)
+ TODO: check
+CVE-2022-24917 (An authenticated user can create a link with reflected
Javascript code ...)
+ TODO: check
CVE-2022-24911
RESERVED
CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow
an rem ...)
@@ -5285,8 +5432,8 @@ CVE-2022-24755
RESERVED
CVE-2022-24754
RESERVED
-CVE-2022-24753
- RESERVED
+CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce
platform. A ...)
+ TODO: check
CVE-2022-24752
RESERVED
CVE-2022-24751
@@ -5295,22 +5442,22 @@ CVE-2022-24750
RESERVED
CVE-2022-24749
RESERVED
-CVE-2022-24748
- RESERVED
-CVE-2022-24747
- RESERVED
-CVE-2022-24746
- RESERVED
-CVE-2022-24745
- RESERVED
-CVE-2022-24744
- RESERVED
+CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php
Framewo ...)
+ TODO: check
+CVE-2022-24747 (Shopware is an open commerce platform based on the Symfony php
Framewo ...)
+ TODO: check
+CVE-2022-24746 (Shopware is an open commerce platform based on the Symfony php
Framewo ...)
+ TODO: check
+CVE-2022-24745 (Shopware is an open commerce platform based on the Symfony php
Framewo ...)
+ TODO: check
+CVE-2022-24744 (Shopware is an open commerce platform based on the Symfony php
Framewo ...)
+ TODO: check
CVE-2022-24743
RESERVED
CVE-2022-24742
RESERVED
-CVE-2022-24741
- RESERVED
+CVE-2022-24741 (Nextcloud server is an open source, self hosted cloud style
services p ...)
+ TODO: check
CVE-2022-24740
RESERVED
CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior
to 3.0. ...)
@@ -5323,12 +5470,12 @@ CVE-2022-24736
RESERVED
CVE-2022-24735
RESERVED
-CVE-2022-24734
- RESERVED
+CVE-2022-24734 (MyBB is a free and open source forum software. In affected
versions th ...)
+ TODO: check
CVE-2022-24733
RESERVED
-CVE-2022-24732
- RESERVED
+CVE-2022-24732 (Maddy Mail Server is an open source SMTP compatible email
server. Vers ...)
+ TODO: check
CVE-2022-24731
RESERVED
CVE-2022-24730
@@ -6427,8 +6574,8 @@ CVE-2022-24351
RESERVED
CVE-2022-24350
RESERVED
-CVE-2022-24349
- RESERVED
+CVE-2022-24349 (An authenticated user can create a link with reflected XSS
payload for ...)
+ TODO: check
CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory
traversal ...)
NOT-FOR-US: Argo CD
CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to
stored XSS vi ...)
@@ -6507,10 +6654,10 @@ CVE-2022-0481 (NULL Pointer Dereference in Homebrew
mruby prior to 3.2. ...)
TODO: check, possibly only introduced with
dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc
CVE-2022-24324
RESERVED
-CVE-2022-24323
- RESERVED
-CVE-2022-24322
- RESERVED
+CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional
Conditions vulner ...)
+ TODO: check
+CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the
Bounds of a M ...)
+ TODO: check
CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional
Conditions vulner ...)
NOT-FOR-US: Schneider Electric
CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability
exists that c ...)
@@ -10138,7 +10285,8 @@ CVE-2021-46390
RESERVED
CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to
commit 882925 ...)
NOT-FOR-US: IIPImage High Resolution Streaming Image Server
-CVE-2021-46388 (** DISPUTED ** WAGO 750-8212 PFC200 G2 2ETH RS Firmware
version 03.05. ...)
+CVE-2021-46388
+ REJECTED
NOT-FOR-US: WAGO
CVE-2021-46387 (ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by
Cross S ...)
NOT-FOR-US: ZyXEL
@@ -12031,7 +12179,7 @@ CVE-2021-4203 [af_unix: fix races in sk_peer_pid and
sk_peer_cred accesses]
NOTE:
https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4)
CVE-2021-4202
RESERVED
- {DLA-2940-1}
+ {DSA-5096-1 DLA-2940-1}
- linux 5.15.5-1 (unimportant)
[bullseye] - linux 5.10.84-1
NOTE: CONFIG_NFC_NCI not enabled in Debian
@@ -12200,10 +12348,10 @@ CVE-2022-22808 (A CWE-942: Permissive Cross-domain
Policy with Untrusted Domains
NOT-FOR-US: Schneider Electric
CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or
Frames vulner ...)
NOT-FOR-US: Schneider Electric
-CVE-2022-22806
- RESERVED
-CVE-2022-22805
- RESERVED
+CVE-2022-22806 (A CWE-294: Authentication Bypass by Capture-replay
vulnerability exist ...)
+ TODO: check
+CVE-2022-22805 (A CWE-120: Buffer Copy without Checking Size of Input
('Classic Buffer ...)
+ TODO: check
CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page
Generation ...)
NOT-FOR-US: Schneider Electric
CVE-2022-22803
@@ -13295,8 +13443,8 @@ CVE-2022-22513
RESERVED
CVE-2022-22512
RESERVED
-CVE-2022-22511
- RESERVED
+CVE-2022-22511 (Various configuration pages of the device are vulnerable to
reflected ...)
+ TODO: check
CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer
derefere ...)
NOT-FOR-US: Codesys
CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an
incorrect ...)
@@ -19061,28 +19209,28 @@ CVE-2021-44634
RESERVED
CVE-2021-44633
RESERVED
-CVE-2021-44632
- RESERVED
-CVE-2021-44631
- RESERVED
-CVE-2021-44630
- RESERVED
-CVE-2021-44629
- RESERVED
-CVE-2021-44628
- RESERVED
-CVE-2021-44627
- RESERVED
-CVE-2021-44626
- RESERVED
-CVE-2021-44625
- RESERVED
+CVE-2021-44632 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
+CVE-2021-44631 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
+CVE-2021-44630 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
+CVE-2021-44629 (A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N
20190826 2. ...)
+ TODO: check
+CVE-2021-44628 (A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
+CVE-2021-44627 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
+CVE-2021-44626 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
+CVE-2021-44625 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
CVE-2021-44624
RESERVED
-CVE-2021-44623
- RESERVED
-CVE-2021-44622
- RESERVED
+CVE-2021-44623 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
+CVE-2021-44622 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N
20190826 2.3 ...)
+ TODO: check
CVE-2021-44621
RESERVED
CVE-2021-44620
@@ -54057,8 +54205,8 @@ CVE-2021-3533 (A flaw was found in Ansible if an
ansible user sets ANSIBLE_ASYNC
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477
CVE-2021-32026
RESERVED
-CVE-2021-32025
- RESERVED
+CVE-2021-32025 (An elevation of privilege vulnerability in the QNX Neutrino
Kernel of ...)
+ TODO: check
CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec
of BlackB ...)
NOT-FOR-US: BlackBerry
CVE-2021-32023 (An elevation of privilege vulnerability in the message broker
of Black ...)
@@ -77216,8 +77364,8 @@ CVE-2021-22785 (A CWE-200: Information Exposure
vulnerability exists that could
NOT-FOR-US: Schneider Electric
CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22783
- RESERVED
+CVE-2021-22783 (A CWE-200: Information Exposure vulnerability exists which
could allow ...)
+ TODO: check
CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in
EcoStruxu ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22781 (Insufficiently Protected Credentials vulnerability exists in
EcoStruxu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f788a059217a0634c5dd8b44216ee69c1bde841
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f788a059217a0634c5dd8b44216ee69c1bde841
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
