[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 23 Feb 2022 12:10:39 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
50d49a3d by security tracker role at 2022-02-23T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-25813
+       RESERVED
+CVE-2022-25812
+       RESERVED
+CVE-2022-25811
+       RESERVED
+CVE-2022-25810
+       RESERVED
+CVE-2022-0742
+       RESERVED
+CVE-2022-0741
+       RESERVED
+CVE-2022-0740
+       RESERVED
+CVE-2022-0739
+       RESERVED
+CVE-2022-0738
+       RESERVED
+CVE-2022-0737
+       RESERVED
+CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow 
prior to 1. ...)
+       TODO: check
+CVE-2022-0735
+       RESERVED
+CVE-2021-4223
+       RESERVED
 CVE-2022-25809 (Improper Neutralization of audio output from 3rd and 4th 
Generation Am ...)
        NOT-FOR-US: Amazon Echo Dot devices
 CVE-2022-25808
@@ -92,8 +118,8 @@ CVE-2022-0733
        RESERVED
 CVE-2022-0732
        RESERVED
-CVE-2022-0731
-       RESERVED
+CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository 
dolibarr/dolibarr  ...)
+       TODO: check
 CVE-2022-XXXX [Account Takeover via Email of OpenOffice file containing XSS 
exploit]
        - php-horde-mime-viewer <unfixed>
        NOTE: 
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
@@ -332,28 +358,28 @@ CVE-2022-21209
        RESERVED
 CVE-2022-0730
        RESERVED
-CVE-2022-0729
-       RESERVED
+CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim 
prior  ...)
+       TODO: check
 CVE-2022-0728
        RESERVED
-CVE-2022-0727
-       RESERVED
-CVE-2022-0726
-       RESERVED
+CVE-2022-0727 (Improper Access Control in GitHub repository 
chocobozzz/peertube prior ...)
+       TODO: check
+CVE-2022-0726 (Improper Authorization in GitHub repository chocobozzz/peertube 
prior  ...)
+       TODO: check
 CVE-2022-0725
        RESERVED
-CVE-2022-0724
-       RESERVED
+CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository 
microwe ...)
+       TODO: check
 CVE-2022-0723
        RESERVED
 CVE-2022-0722
        RESERVED
-CVE-2022-0721
-       RESERVED
+CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in 
GitHub repos ...)
+       TODO: check
 CVE-2022-0720
        RESERVED
-CVE-2022-0719
-       RESERVED
+CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
microweber ...)
+       TODO: check
 CVE-2022-0718
        RESERVED
 CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files 
with es ...)
@@ -3124,8 +3150,8 @@ CVE-2022-24622
        RESERVED
 CVE-2022-24621
        RESERVED
-CVE-2022-24620
-       RESERVED
+CVE-2022-24620 (Piwigo version 12.2.0 is vulnerable to stored cross-site 
scripting (XS ...)
+       TODO: check
 CVE-2022-24619
        RESERVED
 CVE-2022-24618
@@ -3241,8 +3267,8 @@ CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be 
vulnerable to Server-Side
        NOT-FOR-US: Novel-plus
 CVE-2022-24567
        RESERVED
-CVE-2022-24566
-       RESERVED
+CVE-2022-24566 (In Checkmk &lt;=2.0.0p19 fixed in 2.0.0p20 and Checkmk 
&lt;=1.6.0p27 f ...)
+       TODO: check
 CVE-2022-24565 (Checkmk &lt;=2.0.0p19 Fixed in 2.0.0p20 and Checkmk 
&lt;=1.6.0p27 Fixe ...)
        - check-mk <removed>
 CVE-2022-24564 (Checkmk &lt;=2.0.0p19 contains a Cross Site Scripting (XSS) 
vulnerabil ...)
@@ -3618,8 +3644,7 @@ CVE-2021-46671 (options.c in atftp before 0.7.5 reads 
past the end of an array,
        [buster] - atftp <no-dsa> (Minor issue)
        [stretch] - atftp <no-dsa> (Minor issue)
        NOTE: 
https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5
 (v0.7.5)
-CVE-2022-24407 [SQL injection]
-       RESERVED
+CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, 
plugins/sql.c does  ...)
        - cyrus-sasl2 <unfixed>
        NOTE: Fixed by: 
https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc
 (cyrus-sasl-2.1.28)
        NOTE: Fixed by: 
https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480
 (master)
@@ -3895,8 +3920,8 @@ CVE-2022-0478
        RESERVED
 CVE-2022-0477
        RESERVED
-CVE-2022-0476
-       RESERVED
+CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior 
to 5.6. ...)
+       TODO: check
 CVE-2022-0475
        RESERVED
 CVE-2022-0474 (Full list of recipients from customer users in a contact field 
could b ...)
@@ -16384,10 +16409,10 @@ CVE-2021-44610
        RESERVED
 CVE-2021-44609
        RESERVED
-CVE-2021-44608
-       RESERVED
-CVE-2021-44607
-       RESERVED
+CVE-2021-44608 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in 
bloofoxC ...)
+       TODO: check
+CVE-2021-44607 (A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 
1.5.1 in ...)
+       TODO: check
 CVE-2021-44606
        RESERVED
 CVE-2021-44605
@@ -18518,8 +18543,8 @@ CVE-2022-21707 (wasmCloud Host Runtime is a server 
process that securely hosts a
        NOT-FOR-US: wasmCloud Host Runtime
 CVE-2022-21706
        RESERVED
-CVE-2022-21705
-       RESERVED
+CVE-2022-21705 (Octobercms is a self-hosted CMS platform based on the Laravel 
PHP Fram ...)
+       TODO: check
 CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected 
versions defau ...)
        - node-log4js 6.4.1+~cs8.3.5-1
        [bullseye] - node-log4js <no-dsa> (Minor issue)
@@ -20154,8 +20179,8 @@ CVE-2021-43726
        RESERVED
 CVE-2021-43725
        RESERVED
-CVE-2021-43724
-       RESERVED
+CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion 
CMS throug ...)
+       TODO: check
 CVE-2021-43723
        RESERVED
 CVE-2021-43722
@@ -22395,8 +22420,8 @@ CVE-2022-20652
        RESERVED
 CVE-2022-20651
        RESERVED
-CVE-2022-20650
-       RESERVED
+CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software 
could al ...)
+       TODO: check
 CVE-2022-20649
        RESERVED
 CVE-2022-20648
@@ -22445,12 +22470,12 @@ CVE-2022-20627
        RESERVED
 CVE-2022-20626
        RESERVED
-CVE-2022-20625
-       RESERVED
-CVE-2022-20624
-       RESERVED
-CVE-2022-20623
-       RESERVED
+CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of 
Cisco FXOS  ...)
+       TODO: check
+CVE-2022-20624 (A vulnerability in the Cisco Fabric Services over IP (CFSoIP) 
feature  ...)
+       TODO: check
+CVE-2022-20623 (A vulnerability in the rate limiter for Bidirectional 
Forwarding Detec ...)
+       TODO: check
 CVE-2022-20622
        RESERVED
 CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d49a3d60da33ab1bd14a6428579661c91c4c12

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d49a3d60da33ab1bd14a6428579661c91c4c12
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to