Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b6d84b9b by security tracker role at 2022-02-19T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2022-25367
+ RESERVED
+CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because,
although it ...)
+ TODO: check
+CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to
move arbitr ...)
+ TODO: check
+CVE-2022-25364
+ RESERVED
+CVE-2022-25363
+ RESERVED
+CVE-2022-25362
+ RESERVED
+CVE-2022-25361
+ RESERVED
+CVE-2022-25360
+ RESERVED
+CVE-2022-25359
+ RESERVED
+CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path
handler of awf ...)
+ TODO: check
+CVE-2022-25357
+ RESERVED
+CVE-2022-25356
+ RESERVED
+CVE-2022-25344
+ RESERVED
+CVE-2022-25343
+ RESERVED
+CVE-2022-25342
+ RESERVED
+CVE-2022-25341
+ RESERVED
+CVE-2022-25340
+ RESERVED
+CVE-2022-25339
+ RESERVED
+CVE-2022-25338
+ RESERVED
+CVE-2022-24914
+ RESERVED
+CVE-2022-24436
+ RESERVED
+CVE-2022-24378
+ RESERVED
+CVE-2022-24067
+ RESERVED
+CVE-2022-23403
+ RESERVED
+CVE-2022-23182
+ RESERVED
+CVE-2022-22139
+ RESERVED
+CVE-2022-21225
+ RESERVED
+CVE-2022-21198
+ RESERVED
+CVE-2022-21183
+ RESERVED
+CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to
cause a den ...)
+ TODO: check
CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and
1.3.x bef ...)
NOT-FOR-US: Ibexa
CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and
1.3.x bef ...)
@@ -239,8 +299,8 @@ CVE-2021-46699
RESERVED
CVE-2022-25257
RESERVED
-CVE-2022-25256
- RESERVED
+CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS.
/SASWebReportStudio/logonAndRend ...)
+ TODO: check
CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4
on Linux ...)
- qt6-base <unfixed>
- qtbase-opensource-src <unfixed>
@@ -701,22 +761,22 @@ CVE-2022-25139 (njs through 0.7.0, used in NGINX, was
discovered to contain a he
NOT-FOR-US: njs
CVE-2022-25138
RESERVED
-CVE-2022-25137
- RESERVED
-CVE-2022-25136
- RESERVED
-CVE-2022-25135
- RESERVED
-CVE-2022-25134
- RESERVED
-CVE-2022-25133
- RESERVED
-CVE-2022-25132
- RESERVED
-CVE-2022-25131
- RESERVED
-CVE-2022-25130
- RESERVED
+CVE-2022-25137 (A command injection vulnerability in the function
recvSlaveUpgstatus o ...)
+ TODO: check
+CVE-2022-25136 (A command injection vulnerability in the function
meshSlaveUpdate of T ...)
+ TODO: check
+CVE-2022-25135 (A command injection vulnerability in the function
recv_mesh_info_sync ...)
+ TODO: check
+CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW
of TOTO ...)
+ TODO: check
+CVE-2022-25133 (A command injection vulnerability in the function
isAssocPriDevice of ...)
+ TODO: check
+CVE-2022-25132 (A command injection vulnerability in the function
meshSlaveDlfw of TOT ...)
+ TODO: check
+CVE-2022-25131 (A command injection vulnerability in the function
recvSlaveCloudCheckS ...)
+ TODO: check
+CVE-2022-25130 (A command injection vulnerability in the function
updateWifiInfo of TO ...)
+ TODO: check
CVE-2022-25129
RESERVED
CVE-2022-25128
@@ -1059,10 +1119,10 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in
Wireshark 3.6.0 to 3.6.1 a
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to
22.2.0 ...)
NOT-FOR-US: LibreNMS
-CVE-2022-24980
- RESERVED
-CVE-2022-24979
- RESERVED
+CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif)
extension ...)
+ TODO: check
+CVE-2022-24979 (An issue was discovered in the Varnishcache extension before
2.0.1 for ...)
+ TODO: check
CVE-2022-24978
RESERVED
CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code
execution v ...)
@@ -1113,8 +1173,8 @@ CVE-2022-24973
RESERVED
CVE-2022-24972
RESERVED
-CVE-2022-24971
- RESERVED
+CVE-2022-24971 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2022-24970
RESERVED
CVE-2022-24969
@@ -1805,8 +1865,7 @@ CVE-2022-0545
RESERVED
CVE-2022-0544
RESERVED
-CVE-2022-0543 [sandbox escape]
- RESERVED
+CVE-2022-0543 (It was discovered, that redis, a persistent key-value database,
due to ...)
{DSA-5081-1}
- redis <unfixed> (bug #1005787)
NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
@@ -2594,40 +2653,40 @@ CVE-2022-24372
RESERVED
CVE-2022-24371
RESERVED
-CVE-2022-24370
- RESERVED
-CVE-2022-24369
- RESERVED
-CVE-2022-24368
- RESERVED
-CVE-2022-24367
- RESERVED
-CVE-2022-24366
- RESERVED
-CVE-2022-24365
- RESERVED
-CVE-2022-24364
- RESERVED
-CVE-2022-24363
- RESERVED
-CVE-2022-24362
- RESERVED
-CVE-2022-24361
- RESERVED
-CVE-2022-24360
- RESERVED
-CVE-2022-24359
- RESERVED
-CVE-2022-24358
- RESERVED
-CVE-2022-24357
- RESERVED
-CVE-2022-24356
- RESERVED
-CVE-2022-24355
- RESERVED
-CVE-2022-24354
- RESERVED
+CVE-2022-24370 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-24369 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24368 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-24367 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24366 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24365 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24364 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24363 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24362 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24361 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24360 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24359 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24358 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24357 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24356 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24355 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2022-24354 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
CVE-2022-24353
RESERVED
CVE-2022-24352
@@ -3478,8 +3537,8 @@ CVE-2022-24114 (Local privilege escalation due to race
condition on application
NOT-FOR-US: Acronis
CVE-2022-24113 (Local privilege escalation due to excessive permissions
assigned to ch ...)
NOT-FOR-US: Acronis
-CVE-2022-0409
- RESERVED
+CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist
showdoc/s ...)
+ TODO: check
CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -3643,65 +3702,61 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository
vim/vim prior to 8.2. ...
NOTE:
https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323
(v8.2.4233)
CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with
kernel ...)
NOT-FOR-US: Insyde
-CVE-2022-24064
- RESERVED
-CVE-2022-24063
- RESERVED
-CVE-2022-24062
- RESERVED
-CVE-2022-24061
- RESERVED
-CVE-2022-24060
- RESERVED
-CVE-2022-24059
- RESERVED
-CVE-2022-24058
- RESERVED
-CVE-2022-24057
- RESERVED
-CVE-2022-24056
- RESERVED
-CVE-2022-24055
- RESERVED
+CVE-2022-24064 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24063 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24062 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24061 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-24060 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2022-24059 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24058 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24057 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24056 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24055 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
CVE-2022-24054
RESERVED
CVE-2022-24053
RESERVED
-CVE-2022-24052
- RESERVED
+CVE-2022-24052 (This vulnerability allows local attackers to escalate
privileges on af ...)
- mariadb-10.6 <unfixed>
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
-CVE-2022-24051
- RESERVED
+CVE-2022-24051 (This vulnerability allows local attackers to escalate
privileges on af ...)
- mariadb-10.6 <unfixed>
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
-CVE-2022-24050
- RESERVED
+CVE-2022-24050 (This vulnerability allows local attackers to escalate
privileges on af ...)
- mariadb-10.6 <unfixed>
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
-CVE-2022-24049
- RESERVED
-CVE-2022-24048
- RESERVED
+CVE-2022-24049 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2022-24048 (This vulnerability allows local attackers to escalate
privileges on af ...)
- mariadb-10.6 <unfixed>
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
-CVE-2022-24047
- RESERVED
-CVE-2022-24046
- RESERVED
+CVE-2022-24047 (This vulnerability allows remote attackers to bypass
authentication on ...)
+ TODO: check
+CVE-2022-24046 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
CVE-2022-24045
RESERVED
CVE-2022-24044
@@ -3836,196 +3891,196 @@ CVE-2022-0385
RESERVED
CVE-2022-0384
RESERVED
-CVE-2021-46656
- RESERVED
-CVE-2021-46655
- RESERVED
-CVE-2021-46654
- RESERVED
-CVE-2021-46653
- RESERVED
-CVE-2021-46652
- RESERVED
-CVE-2021-46651
- RESERVED
-CVE-2021-46650
- RESERVED
-CVE-2021-46649
- RESERVED
-CVE-2021-46648
- RESERVED
-CVE-2021-46647
- RESERVED
-CVE-2021-46646
- RESERVED
-CVE-2021-46645
- RESERVED
-CVE-2021-46644
- RESERVED
-CVE-2021-46643
- RESERVED
-CVE-2021-46642
- RESERVED
-CVE-2021-46641
- RESERVED
-CVE-2021-46640
- RESERVED
-CVE-2021-46639
- RESERVED
-CVE-2021-46638
- RESERVED
-CVE-2021-46637
- RESERVED
-CVE-2021-46636
- RESERVED
-CVE-2021-46635
- RESERVED
-CVE-2021-46634
- RESERVED
-CVE-2021-46633
- RESERVED
-CVE-2021-46632
- RESERVED
-CVE-2021-46631
- RESERVED
-CVE-2021-46630
- RESERVED
-CVE-2021-46629
- RESERVED
-CVE-2021-46628
- RESERVED
-CVE-2021-46627
- RESERVED
-CVE-2021-46626
- RESERVED
-CVE-2021-46625
- RESERVED
-CVE-2021-46624
- RESERVED
-CVE-2021-46623
- RESERVED
-CVE-2021-46622
- RESERVED
-CVE-2021-46621
- RESERVED
-CVE-2021-46620
- RESERVED
-CVE-2021-46619
- RESERVED
-CVE-2021-46618
- RESERVED
-CVE-2021-46617
- RESERVED
-CVE-2021-46616
- RESERVED
-CVE-2021-46615
- RESERVED
-CVE-2021-46614
- RESERVED
-CVE-2021-46613
- RESERVED
-CVE-2021-46612
- RESERVED
-CVE-2021-46611
- RESERVED
-CVE-2021-46610
- RESERVED
-CVE-2021-46609
- RESERVED
-CVE-2021-46608
- RESERVED
-CVE-2021-46607
- RESERVED
-CVE-2021-46606
- RESERVED
-CVE-2021-46605
- RESERVED
-CVE-2021-46604
- RESERVED
-CVE-2021-46603
- RESERVED
-CVE-2021-46602
- RESERVED
-CVE-2021-46601
- RESERVED
-CVE-2021-46600
- RESERVED
-CVE-2021-46599
- RESERVED
-CVE-2021-46598
- RESERVED
-CVE-2021-46597
- RESERVED
-CVE-2021-46596
- RESERVED
-CVE-2021-46595
- RESERVED
-CVE-2021-46594
- RESERVED
-CVE-2021-46593
- RESERVED
-CVE-2021-46592
- RESERVED
-CVE-2021-46591
- RESERVED
-CVE-2021-46590
- RESERVED
-CVE-2021-46589
- RESERVED
-CVE-2021-46588
- RESERVED
-CVE-2021-46587
- RESERVED
-CVE-2021-46586
- RESERVED
-CVE-2021-46585
- RESERVED
-CVE-2021-46584
- RESERVED
-CVE-2021-46583
- RESERVED
-CVE-2021-46582
- RESERVED
-CVE-2021-46581
- RESERVED
-CVE-2021-46580
- RESERVED
-CVE-2021-46579
- RESERVED
-CVE-2021-46578
- RESERVED
-CVE-2021-46577
- RESERVED
-CVE-2021-46576
- RESERVED
-CVE-2021-46575
- RESERVED
-CVE-2021-46574
- RESERVED
-CVE-2021-46573
- RESERVED
-CVE-2021-46572
- RESERVED
-CVE-2021-46571
- RESERVED
-CVE-2021-46570
- RESERVED
-CVE-2021-46569
- RESERVED
-CVE-2021-46568
- RESERVED
-CVE-2021-46567
- RESERVED
-CVE-2021-46566
- RESERVED
-CVE-2021-46565
- RESERVED
-CVE-2021-46564
- RESERVED
-CVE-2021-46563
- RESERVED
-CVE-2021-46562
- RESERVED
+CVE-2021-46656 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46655 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46654 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46653 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46652 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46651 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46650 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46649 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46648 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46647 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46646 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46645 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46644 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46643 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46642 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46641 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46640 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46639 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46638 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46637 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46636 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46635 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46634 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46633 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46632 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46631 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46630 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46629 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46628 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46627 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46626 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46625 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46624 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46623 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46622 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46621 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46620 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46619 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46618 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46617 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46616 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46615 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46614 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46613 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46612 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46611 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46610 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46609 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46608 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46607 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46606 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46605 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46604 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46603 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46602 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46601 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46600 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46599 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46598 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46597 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46596 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46595 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46594 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46593 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46592 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46591 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46590 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46589 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46588 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46587 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46586 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46585 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46584 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46583 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46582 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46581 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46580 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46579 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46578 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46577 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46576 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46575 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46574 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46573 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46572 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46571 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46570 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
+ TODO: check
+CVE-2021-46569 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46568 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46567 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46566 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46565 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46564 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46563 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2021-46562 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2022-24004
RESERVED
CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby
Vision prior ...)
@@ -5364,24 +5419,24 @@ CVE-2022-23652
RESERVED
CVE-2022-23651
RESERVED
-CVE-2022-23650
- RESERVED
-CVE-2022-23649
- RESERVED
+CVE-2022-23650 (Netmaker is a platform for creating and managing virtual
overlay netwo ...)
+ TODO: check
+CVE-2022-23649 (Cosign provides container signing, verification, and storage
in an OCI ...)
+ TODO: check
CVE-2022-23648
RESERVED
CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version
1.14.0 a ...)
TODO: check
CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and
prior t ...)
TODO: check
-CVE-2022-23645
- RESERVED
+CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character
device, a ...)
+ TODO: check
CVE-2022-23644 (BookWyrm is a decentralized social network for tracking
reading habits ...)
NOT-FOR-US: BookWyrm
CVE-2022-23643 (Sourcegraph is a code search and navigation engine.
Sourcegraph versio ...)
TODO: check
-CVE-2022-23642
- RESERVED
+CVE-2022-23642 (Sourcegraph is a code search and navigation engine.
Sourcegraph prior ...)
+ TODO: check
CVE-2022-23641 (Discourse is an open source discussion platform. In versions
prior to ...)
NOT-FOR-US: Discourse
CVE-2022-23640
@@ -6760,8 +6815,8 @@ CVE-2022-23230
RESERVED
CVE-2022-23229
RESERVED
-CVE-2022-23228
- RESERVED
+CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input
validation. An un ...)
+ TODO: check
CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker
to uploa ...)
NOT-FOR-US: NUUO NVRmini2
CVE-2022-23226
@@ -9909,8 +9964,8 @@ CVE-2021-46112
RESERVED
CVE-2021-46111
RESERVED
-CVE-2021-46110
- RESERVED
+CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple
time-ba ...)
+ TODO: check
CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site
Scripting (XSS) ...)
NOT-FOR-US: ASUS
CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the
username parame ...)
@@ -9969,8 +10024,8 @@ CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable
to Cross Site Scripting (
NOT-FOR-US: uscat
CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting
(XSS) v ...)
NOT-FOR-US: uscat
-CVE-2021-46082
- RESERVED
+CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series
protocol gate ...)
+ TODO: check
CVE-2021-46081
RESERVED
CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in
Vehicle Se ...)
@@ -10007,10 +10062,10 @@ CVE-2021-46065 (A Cross-site scripting (XSS)
vulnerability in Secondary Email Fi
NOT-FOR-US: Zoho ManageEngine
CVE-2021-46064
RESERVED
-CVE-2021-46063
- RESERVED
-CVE-2021-46062
- RESERVED
+CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template
Injection ...)
+ TODO: check
+CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file
deletion vulne ...)
+ TODO: check
CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester
Computer and M ...)
NOT-FOR-US: Sourcecodester
CVE-2021-46060
@@ -13550,8 +13605,8 @@ CVE-2021-45084
RESERVED
CVE-2021-45083
RESERVED
-CVE-2021-45082
- RESERVED
+CVE-2021-45082 (An issue was discovered in Cobbler through 3.3.0. In the
templar.py fi ...)
+ TODO: check
CVE-2021-45081
RESERVED
CVE-2021-45080
@@ -16061,8 +16116,8 @@ CVE-2021-44304
RESERVED
CVE-2021-44303
RESERVED
-CVE-2021-44302
- RESERVED
+CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL
injection v ...)
+ TODO: check
CVE-2021-44301
RESERVED
CVE-2021-44300
@@ -28322,10 +28377,10 @@ CVE-2021-40843 (Proofpoint Insider Threat Management
Server contains an unsafe d
NOT-FOR-US: Proofpoint
CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL
injection v ...)
NOT-FOR-US: Proofpoint
-CVE-2021-40841
- RESERVED
-CVE-2021-40840
- RESERVED
+CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig
2.12.2 all ...)
+ TODO: check
+CVE-2021-40840 (A Stored XSS issue exists in the admin/users user
administration form ...)
+ TODO: check
CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an
infinite loop i ...)
- python-rencode 1.0.6-2
[bullseye] - python-rencode <no-dsa> (Minor issue)
@@ -56526,10 +56581,10 @@ CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the
Linux kernel before 5.11.12 has
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134
NOTE:
https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
-CVE-2021-29656
- RESERVED
-CVE-2021-29655
- RESERVED
+CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate
validat ...)
+ TODO: check
+CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning
authent ...)
+ TODO: check
CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of
Untrusted Data ( ...)
NOT-FOR-US: AjaxSearchPro
CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under
certain ci ...)
@@ -71178,8 +71233,8 @@ CVE-2021-23704
RESERVED
CVE-2021-23703
RESERVED
-CVE-2021-23702
- RESERVED
+CVE-2021-23702 (The package object-extend from 0.0.0 are vulnerable to
Prototype Pollu ...)
+ TODO: check
CVE-2021-23701
RESERVED
CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to
Prototype Pollut ...)
@@ -324220,8 +324275,7 @@ CVE-2017-0372 (Parameters injection in the
SyntaxHighlight extension of Mediawik
NOTE: https://phabricator.wikimedia.org/T158689
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
NOTE:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
-CVE-2017-0371
- RESERVED
+CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2,
and 1.2 ...)
- mediawiki 1:1.27.2-1
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
NOTE: https://phabricator.wikimedia.org/T140591
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6d84b9bd08ad665f09e7acc91adbe5780d1df8b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6d84b9bd08ad665f09e7acc91adbe5780d1df8b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
