Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eab0c008 by security tracker role at 2022-02-15T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-25166
+ RESERVED
+CVE-2022-25165
+ RESERVED
+CVE-2022-25164
+ RESERVED
+CVE-2022-25163
+ RESERVED
+CVE-2022-25162
+ RESERVED
+CVE-2022-25161
+ RESERVED
+CVE-2022-25160
+ RESERVED
+CVE-2022-25159
+ RESERVED
+CVE-2022-25158
+ RESERVED
+CVE-2022-25157
+ RESERVED
+CVE-2022-25156
+ RESERVED
+CVE-2022-25155
+ RESERVED
+CVE-2022-25154
+ RESERVED
+CVE-2022-25153
+ RESERVED
+CVE-2022-25152
+ RESERVED
+CVE-2022-25151
+ RESERVED
+CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before
6.8.1.0, prog ...)
+ TODO: check
+CVE-2022-25149
+ RESERVED
+CVE-2022-25148
+ RESERVED
+CVE-2022-0612
+ RESERVED
+CVE-2022-0611
+ RESERVED
+CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be
modified vi ...)
+ TODO: check
CVE-2022-25147
RESERVED
CVE-2022-0610
@@ -108,8 +152,8 @@ CVE-2022-25141
RESERVED
CVE-2022-25140
RESERVED
-CVE-2022-25139
- RESERVED
+CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a
heap use ...)
+ TODO: check
CVE-2022-25138
RESERVED
CVE-2022-25137
@@ -410,8 +454,8 @@ CVE-2022-24990
RESERVED
CVE-2022-24989
RESERVED
-CVE-2022-24988
- RESERVED
+CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has
an off-b ...)
+ TODO: check
CVE-2022-24987
RESERVED
CVE-2022-24986
@@ -426,20 +470,20 @@ CVE-2022-24982
RESERVED
CVE-2022-24981
RESERVED
-CVE-2022-0586
- RESERVED
+CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to
3.6.1 ...)
+ TODO: check
CVE-2022-0585
RESERVED
CVE-2022-0584
RESERVED
-CVE-2022-0583
- RESERVED
-CVE-2022-0582
- RESERVED
-CVE-2022-0581
- RESERVED
-CVE-2022-0580
- RESERVED
+CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to
3.6.1 and 3 ...)
+ TODO: check
+CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark
3.6.0 to ...)
+ TODO: check
+CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1
and 3. ...)
+ TODO: check
+CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to
22.2.0 ...)
+ TODO: check
CVE-2022-24980
RESERVED
CVE-2022-24979
@@ -448,8 +492,8 @@ CVE-2022-24978
RESERVED
CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code
execution v ...)
NOT-FOR-US: ImpressCMS
-CVE-2022-0579
- RESERVED
+CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior
to 5.3 ...)
+ TODO: check
CVE-2022-0578
RESERVED
CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction
with InspI ...)
@@ -1031,10 +1075,10 @@ CVE-2022-24707
RESERVED
CVE-2022-24706
RESERVED
-CVE-2022-24705
- RESERVED
-CVE-2022-24704
- RESERVED
+CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a
memcpy ...)
+ TODO: check
+CVE-2022-24704 (The rad_packet_recv function in
opt/src/accel-pppd/radius/packet.c suf ...)
+ TODO: check
CVE-2022-23922
RESERVED
CVE-2022-23104
@@ -2582,8 +2626,8 @@ CVE-2022-24208
RESERVED
CVE-2022-24207
RESERVED
-CVE-2022-24206
- RESERVED
+CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
CVE-2022-24205
RESERVED
CVE-2022-24204
@@ -3404,8 +3448,8 @@ CVE-2022-23994 (An Improper access control vulnerability
in StBedtimeModeReceive
NOT-FOR-US: Samsung
CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses
$_REQUEST['pkg_fi ...)
NOT-FOR-US: pfSense
-CVE-2022-23992
- RESERVED
+CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases
contain ...)
+ TODO: check
CVE-2022-23991
RESERVED
CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in
the doPro ...)
@@ -3701,8 +3745,8 @@ CVE-2022-23904
RESERVED
CVE-2022-23903
RESERVED
-CVE-2022-23902
- RESERVED
+CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
CVE-2022-23901
RESERVED
CVE-2022-23900
@@ -3993,12 +4037,12 @@ CVE-2021-46465
RESERVED
CVE-2021-46464
RESERVED
-CVE-2021-46463
- RESERVED
-CVE-2021-46462
- RESERVED
-CVE-2021-46461
- RESERVED
+CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a
control ...)
+ TODO: check
+CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a
segmenta ...)
+ TODO: check
+CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an
out-of- ...)
+ TODO: check
CVE-2021-46460
RESERVED
CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL
injection vulne ...)
@@ -4741,10 +4785,10 @@ CVE-2022-23640
RESERVED
CVE-2022-23639
RESERVED
-CVE-2022-23638
- RESERVED
-CVE-2022-23637
- RESERVED
+CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A
cross-site scri ...)
+ TODO: check
+CVE-2022-23637 (K-Box is a web-based application to manage documents, images,
videos a ...)
+ TODO: check
CVE-2022-23636
RESERVED
CVE-2022-23635
@@ -5390,8 +5434,8 @@ CVE-2022-23412
RESERVED
CVE-2022-23411
RESERVED
-CVE-2022-23410
- RESERVED
+CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code
execution and l ...)
+ TODO: check
CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote
attackers to ...)
NOT-FOR-US: Craft CMS
CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain
situatio ...)
@@ -5428,12 +5472,12 @@ CVE-2022-23393
RESERVED
CVE-2022-23392
RESERVED
-CVE-2022-23391
- RESERVED
-CVE-2022-23390
- RESERVED
-CVE-2022-23389
- RESERVED
+CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0
allows attack ...)
+ TODO: check
+CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below
allows at ...)
+ TODO: check
+CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code
execution (RCE) ...)
+ TODO: check
CVE-2022-23388
RESERVED
CVE-2022-23387
@@ -5536,12 +5580,12 @@ CVE-2022-23339
RESERVED
CVE-2022-23338
RESERVED
-CVE-2022-23337
- RESERVED
-CVE-2022-23336
- RESERVED
-CVE-2022-23335
- RESERVED
+CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection
vulnerability in ...)
+ TODO: check
+CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
CVE-2022-23334
RESERVED
CVE-2022-23333
@@ -6124,6 +6168,7 @@ CVE-2022-23224
CVE-2022-23223 (The HTTP response will disclose the user password. This issue
affected ...)
NOT-FOR-US: Apache ShenYu Admin
CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute
arbitrary ...)
+ {DLA-2923-1}
- h2database 2.1.210-1
NOTE:
https://github.com/h2database/h2database/releases/tag/version-2.1.210
NOTE: Fixed by
https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8
@@ -8133,8 +8178,8 @@ CVE-2022-0132 (peertube is vulnerable to Server-Side
Request Forgery (SSRF) ...)
- peertube <itp> (bug #950821)
CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a
hard-coded API ...)
NOT-FOR-US: Jimoty App for Android
-CVE-2021-4201
- RESERVED
+CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and
earlie ...)
+ TODO: check
CVE-2022-22708
RESERVED
CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the
mod_extforward_Forwarded functi ...)
@@ -9207,8 +9252,8 @@ CVE-2022-22297
RESERVED
CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System
1.0 is vul ...)
NOT-FOR-US: Sourcecodester
-CVE-2022-22295
- RESERVED
+CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which
an attack ...)
NOT-FOR-US: zfaka
CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
@@ -11944,12 +11989,12 @@ CVE-2021-45350
RESERVED
CVE-2021-45349
RESERVED
-CVE-2021-45348
- RESERVED
-CVE-2021-45347
- RESERVED
-CVE-2021-45346
- RESERVED
+CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in
SourceCodester Atte ...)
+ TODO: check
+CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2,
which l ...)
+ TODO: check
+CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3
3.35.1 and ...)
+ TODO: check
CVE-2021-45345
RESERVED
CVE-2021-45344
@@ -12037,8 +12082,8 @@ CVE-2021-45312
RESERVED
CVE-2021-45311
RESERVED
-CVE-2021-45310
- RESERVED
+CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is
affected ...)
+ TODO: check
CVE-2021-45309
RESERVED
CVE-2021-45308
@@ -13344,8 +13389,8 @@ CVE-2021-45007
RESERVED
CVE-2021-45006
RESERVED
-CVE-2021-45005
- RESERVED
+CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer
overflow w ...)
+ TODO: check
CVE-2021-45004
RESERVED
CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous
versions a ...)
@@ -13928,8 +13973,8 @@ CVE-2022-21820
RESERVED
CVE-2022-21819
RESERVED
-CVE-2022-21818
- RESERVED
+CVE-2022-21818 (NVIDIA License System contains a vulnerability in the
installation scr ...)
+ TODO: check
CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource
Sharing (CO ...)
NOT-FOR-US: NVIDIA
CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
@@ -16844,18 +16889,18 @@ CVE-2021-43955
RESERVED
CVE-2021-43954
RESERVED
-CVE-2021-43953
- RESERVED
-CVE-2021-43952
- RESERVED
+CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center
allow unaut ...)
+ TODO: check
+CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center
allow unaut ...)
+ TODO: check
CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
NOT-FOR-US: Atlassian
-CVE-2021-43950
- RESERVED
+CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
+ TODO: check
CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
NOT-FOR-US: Atlassian
-CVE-2021-43948
- RESERVED
+CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
+ TODO: check
CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center
allow authe ...)
@@ -16868,10 +16913,10 @@ CVE-2021-43943
RESERVED
CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2021-43941
- RESERVED
-CVE-2021-43940
- RESERVED
+CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
+ TODO: check
+CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data
Center allow ...)
+ TODO: check
CVE-2021-43939
RESERVED
CVE-2021-43938
@@ -20867,8 +20912,8 @@ CVE-2021-43108
RESERVED
CVE-2021-43107
RESERVED
-CVE-2021-43106
- RESERVED
+CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus
TranzWare Onli ...)
+ TODO: check
CVE-2021-43105
RESERVED
CVE-2021-43104
@@ -23551,6 +23596,7 @@ CVE-2020-36487
CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to
contain ...)
NOT-FOR-US: Swift File Transfer Mobile
CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2
database take ...)
+ {DLA-2923-1}
- h2database 2.1.210-1 (bug #1003894)
NOTE:
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
NOTE:
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
@@ -67329,7 +67375,7 @@ CVE-2021-25112
RESERVED
CVE-2021-25111
RESERVED
-CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allowed any
logged in ...)
+CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any
logged in u ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by
a SQL I ...)
NOT-FOR-US: WordPress plugin
@@ -168818,8 +168864,8 @@ CVE-2019-16865 (An issue was discovered in Pillow
before 6.2.0. When reading spe
NOTE:
https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a
NOTE:
https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5
NOTE:
https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
-CVE-2019-16864
- RESERVED
+CVE-2019-16864 (CompleteFTPService.exe in the server in EnterpriseDT
CompleteFTP befor ...)
+ TODO: check
CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12
allow a ...)
NOT-FOR-US: STMicroelectronics
CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR
5.x befor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab0c008fea92f0ba0df7642cb1afd5d544b926a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eab0c008fea92f0ba0df7642cb1afd5d544b926a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
