Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
751c6f77 by security tracker role at 2022-02-20T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-25371
+ RESERVED
+CVE-2022-25370
+ RESERVED
+CVE-2022-25355
+ RESERVED
+CVE-2022-0694
+ RESERVED
+CVE-2022-0693
+ RESERVED
+CVE-2022-0692
+ RESERVED
+CVE-2022-0691
+ RESERVED
CVE-2022-25369
RESERVED
CVE-2022-25368
@@ -6,14 +20,14 @@ CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in
Packagist microweber/mi
NOT-FOR-US: microweber
CVE-2022-0689 (Use multiple time the one-time coupon in Packagist
microweber/microweb ...)
NOT-FOR-US: microweber
-CVE-2022-0688
- RESERVED
+CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior
to 1.2. ...)
+ TODO: check
CVE-2022-0687
RESERVED
-CVE-2022-0686
- RESERVED
-CVE-2022-0685
- RESERVED
+CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM
url-parse prio ...)
+ TODO: check
+CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim
prior ...)
+ TODO: check
CVE-2022-0684
RESERVED
CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called
from six ...)
@@ -4931,8 +4945,8 @@ CVE-2022-0338 (Improper Privilege Management in Conda
loguru prior to 0.5.3. ...
NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
NOTE: Document best practices for security:
https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
NOTE: loguru documents security considerations and best practices to
follow
-CVE-2022-23848
- RESERVED
+CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the
input str ...)
+ TODO: check
CVE-2022-23847
RESERVED
CVE-2022-23846
@@ -7484,10 +7498,10 @@ CVE-2022-23056
RESERVED
CVE-2022-23055
RESERVED
-CVE-2022-23054
- RESERVED
-CVE-2022-23053
- RESERVED
+CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored
XSS via ...)
+ TODO: check
+CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored
XSS via ...)
+ TODO: check
CVE-2022-23052
RESERVED
CVE-2022-23051
@@ -12253,8 +12267,8 @@ CVE-2022-22128
RESERVED
CVE-2022-22127
RESERVED
-CVE-2022-22126
- RESERVED
+CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored
XSS via ...)
+ TODO: check
CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to
Stored ...)
NOT-FOR-US: Halo
CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to
Stored ...)
@@ -13640,12 +13654,12 @@ CVE-2021-45085 (XSS can occur in GNOME Web (aka
Epiphany) before 40.4 and 41.x b
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45084
RESERVED
-CVE-2021-45083
- RESERVED
-CVE-2021-45082 (An issue was discovered in Cobbler through 3.3.0. In the
templar.py fi ...)
+CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in
/etc/cobbler ...)
+ TODO: check
+CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the
templar.py fil ...)
- cobbler <removed>
-CVE-2021-45081
- RESERVED
+CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in
several ...)
+ TODO: check
CVE-2021-45080
RESERVED
CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an
EAP-Succ ...)
@@ -14101,8 +14115,8 @@ CVE-2021-45009
RESERVED
CVE-2021-45008
RESERVED
-CVE-2021-45007
- RESERVED
+CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery
(CSRF) vulne ...)
+ TODO: check
CVE-2021-45006
RESERVED
CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer
overflow w ...)
@@ -19424,7 +19438,7 @@ CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED **
WebAdmin Control Panel in Atmail
- atmailopen <removed>
CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices
before 2 ...)
NOT-FOR-US: Realtek
-CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library
(ecdsa-pyth ...)
+CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library
(aka starkb ...)
NOT-FOR-US: Stark bank libraries
CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library
(ecdsa-nod ...)
NOT-FOR-US: Stark bank libraries
@@ -336031,7 +336045,7 @@ CVE-2016-1000103
REJECTED
CVE-2016-1000102
REJECTED
-CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential
remote code ex ...)
+CVE-2016-1000027 (Pivotal Spring Framework through 5.3.16 suffers from a
potential remot ...)
- libspring-java 4.2.7-1 (unimportant)
NOTE: https://www.tenable.com/security/research/tra-2016-20
NOTE: This is not a vulnerability in Spring itself, just how
applications are using it
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/751c6f7714bc3c311aa737171e736c421a53fa37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/751c6f7714bc3c311aa737171e736c421a53fa37
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
