[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 22 Mar 2022 13:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
417749a0 by security tracker role at 2022-03-22T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2022-27653
+       RESERVED
+CVE-2022-27652
+       RESERVED
+CVE-2022-27651
+       RESERVED
+CVE-2022-27650
+       RESERVED
+CVE-2022-27649
+       RESERVED
+CVE-2022-27648
+       RESERVED
+CVE-2022-27647
+       RESERVED
+CVE-2022-27646
+       RESERVED
+CVE-2022-27645
+       RESERVED
+CVE-2022-27644
+       RESERVED
+CVE-2022-27643
+       RESERVED
+CVE-2022-27642
+       RESERVED
+CVE-2022-27641
+       RESERVED
+CVE-2022-27640
+       RESERVED
+CVE-2022-1055
+       RESERVED
+CVE-2022-1054
+       RESERVED
+CVE-2022-1053
+       RESERVED
+CVE-2022-1052
+       RESERVED
+CVE-2022-1051
+       RESERVED
+CVE-2022-1050
+       RESERVED
+CVE-2022-1049
+       RESERVED
+CVE-2022-1048
+       RESERVED
+CVE-2022-1047
+       RESERVED
+CVE-2022-1046
+       RESERVED
+CVE-2022-1045
+       RESERVED
+CVE-2022-1044
+       RESERVED
+CVE-2022-1043
+       RESERVED
+CVE-2022-1042
+       RESERVED
+CVE-2022-1041
+       RESERVED
 CVE-2022-27635
        RESERVED
 CVE-2022-27626
@@ -768,14 +826,14 @@ CVE-2022-25959
        RESERVED
 CVE-2022-1037
        RESERVED
-CVE-2022-1036
-       RESERVED
+CVE-2022-1036 (Able to create an account with long password leads to memory 
corruptio ...)
+       TODO: check
 CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository 
gpac/gpa ...)
        - gpac <unfixed>
        NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b
        NOTE: 
https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243
-CVE-2022-1034
-       RESERVED
+CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc 
v2.10. ...)
+       TODO: check
 CVE-2022-1033
        RESERVED
 CVE-2022-1032
@@ -907,8 +965,8 @@ CVE-2022-1001
        RESERVED
 CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager 
prior  ...)
        TODO: check
-CVE-2022-27228
-       RESERVED
+CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of 
Bitrix Site ...)
+       TODO: check
 CVE-2022-27227
        RESERVED
 CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 
2022-03-16  ...)
@@ -3143,7 +3201,7 @@ CVE-2022-0845 (Code Injection in GitHub repository 
pytorchlightning/pytorch-ligh
        NOT-FOR-US: pytorchlightning
 CVE-2022-26387
        RESERVED
-       {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+       {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
        - firefox 98.0-1
        - firefox-esr 91.7.0esr-1
        - thunderbird 1:91.7.0-1
@@ -3152,7 +3210,7 @@ CVE-2022-26387
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387
 CVE-2022-26386
        RESERVED
-       {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+       {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
        - firefox-esr 91.7.0esr-1
        - thunderbird 1:91.7.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386
@@ -3163,7 +3221,7 @@ CVE-2022-26385
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385
 CVE-2022-26384
        RESERVED
-       {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+       {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
        - firefox 98.0-1
        - firefox-esr 91.7.0esr-1
        - thunderbird 1:91.7.0-1
@@ -3172,7 +3230,7 @@ CVE-2022-26384
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384
 CVE-2022-26383
        RESERVED
-       {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+       {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
        - firefox 98.0-1
        - firefox-esr 91.7.0esr-1
        - thunderbird 1:91.7.0-1
@@ -3185,7 +3243,7 @@ CVE-2022-26382
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382
 CVE-2022-26381
        RESERVED
-       {DSA-5106-1 DSA-5097-1 DLA-2942-1}
+       {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1}
        - firefox 98.0-1
        - firefox-esr 91.7.0esr-1
        - thunderbird 1:91.7.0-1
@@ -3508,8 +3566,8 @@ CVE-2022-26262
        RESERVED
 CVE-2022-26261
        RESERVED
-CVE-2022-26260
-       RESERVED
+CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype 
pollution vu ...)
+       TODO: check
 CVE-2022-26259
        RESERVED
 CVE-2022-26258
@@ -5435,8 +5493,8 @@ CVE-2022-25519
        RESERVED
 CVE-2022-25518
        RESERVED
-CVE-2022-25517
-       RESERVED
+CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection 
vulnerab ...)
+       TODO: check
 CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a 
heap-buffer-overflow  ...)
        - libstb <unfixed> (unimportant)
        NOTE: https://github.com/nothings/stb/issues/1287
@@ -5513,8 +5571,8 @@ CVE-2022-25486 (CuppaCMS v1.0 was discovered to contain a 
local file inclusion v
        NOT-FOR-US: CuppaCMS
 CVE-2022-25485 (CuppaCMS v1.0 was discovered to contain a local file inclusion 
via the ...)
        NOT-FOR-US: CuppaCMS
-CVE-2022-25484
-       RESERVED
+CVE-2022-25484 (tcpprep v4.4.1 has a reachable assertion (assert(l2len &gt; 
0)) in pac ...)
+       TODO: check
 CVE-2022-25483
        RESERVED
 CVE-2022-25482
@@ -6008,8 +6066,7 @@ CVE-2022-0669
        RESERVED
 CVE-2022-0668
        RESERVED
-CVE-2022-0667 [Assertion failure on delayed DS lookup]
-       RESERVED
+CVE-2022-0667 (When the vulnerability is triggered the BIND process will exit. 
BIND 9 ...)
        - bind9 1:9.18.1-1
        [bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
        [buster] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -7505,8 +7562,8 @@ CVE-2022-24776
        RESERVED
 CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions 
prior to 1.8 ...)
        TODO: check
-CVE-2022-24774
-       RESERVED
+CVE-2022-24774 (CycloneDX BOM Repository Server is a bill of materials (BOM) 
repositor ...)
+       TODO: check
 CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of 
Transpo ...)
        - node-node-forge <unfixed>
        NOTE: 
https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr
@@ -7533,8 +7590,8 @@ CVE-2022-24766 (mitmproxy is an interactive, 
SSL/TLS-capable intercepting proxy.
        NOTE: 
https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b
 (v8.0.0)
 CVE-2022-24765
        RESERVED
-CVE-2022-24764
-       RESERVED
+CVE-2022-24764 (PJSIP is a free and open source multimedia communication 
library writt ...)
+       TODO: check
 CVE-2022-24763
        RESERVED
 CVE-2022-24762 (sysend.js is a library that allows a user to send messages 
between pag ...)
@@ -17322,10 +17379,10 @@ CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 
3.9.1 is affected by a Cross
        NOT-FOR-US: NUUO Network Video Recorder NVRsolo
 CVE-2021-45811
        RESERVED
-CVE-2021-45810
-       RESERVED
-CVE-2021-45809
-       RESERVED
+CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by 
incorre ...)
+       TODO: check
+CVE-2021-45809 (Multiple versions of GlobalProtect-openconnect are affected by 
incorre ...)
+       TODO: check
 CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. 
With the ...)
        NOT-FOR-US: jpress
 CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via 
io.jpress.web.adm ...)
@@ -23657,8 +23714,8 @@ CVE-2022-21720 (GLPI is a free asset and IT management 
software package. Prior t
 CVE-2022-21719 (GLPI is a free asset and IT management software package. All 
GLPI vers ...)
        - glpi <removed> (unimportant)
        NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-21718
-       RESERVED
+CVE-2022-21718 (Electron is a framework for writing cross-platform desktop 
application ...)
+       TODO: check
 CVE-2022-21717
        RESERVED
 CVE-2022-21716 (Twisted is an event-based framework for internet applications, 
support ...)
@@ -25485,8 +25542,8 @@ CVE-2021-43652
        RESERVED
 CVE-2021-43651
        RESERVED
-CVE-2021-43650
-       RESERVED
+CVE-2021-43650 (WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 
parameter u ...)
+       TODO: check
 CVE-2021-43649
        RESERVED
 CVE-2021-43648
@@ -32580,8 +32637,8 @@ CVE-2021-41738
        RESERVED
 CVE-2021-41737
        RESERVED
-CVE-2021-41736
-       RESERVED
+CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow 
in the  ...)
+       TODO: check
 CVE-2021-41735
        RESERVED
 CVE-2021-41734



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417749a0f807da4765c58771cbea12df5cd365b0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/417749a0f807da4765c58771cbea12df5cd365b0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to