Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe9567fd by security tracker role at 2022-02-24T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time
window, ...)
+ TODO: check
+CVE-2022-25837
+ RESERVED
+CVE-2022-25836
+ RESERVED
+CVE-2022-25835
+ RESERVED
+CVE-2022-25834
+ RESERVED
+CVE-2022-25833
+ RESERVED
+CVE-2022-25832
+ RESERVED
+CVE-2022-25831
+ RESERVED
+CVE-2022-25830
+ RESERVED
+CVE-2022-25829
+ RESERVED
+CVE-2022-25828
+ RESERVED
+CVE-2022-25827
+ RESERVED
+CVE-2022-25826
+ RESERVED
+CVE-2022-25825
+ RESERVED
+CVE-2022-25824
+ RESERVED
+CVE-2022-25823
+ RESERVED
+CVE-2022-25822
+ RESERVED
+CVE-2022-25821
+ RESERVED
+CVE-2022-25820
+ RESERVED
+CVE-2022-25819
+ RESERVED
+CVE-2022-25818
+ RESERVED
+CVE-2022-25817
+ RESERVED
+CVE-2022-25816
+ RESERVED
+CVE-2022-25815
+ RESERVED
+CVE-2022-25814
+ RESERVED
+CVE-2022-0743
+ RESERVED
+CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems
with the ...)
+ TODO: check
CVE-2022-25813
RESERVED
CVE-2022-25812
@@ -397,12 +451,12 @@ CVE-2022-25642
RESERVED
CVE-2022-25641
RESERVED
-CVE-2022-25640
- RESERVED
+CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly
enforce a re ...)
+ TODO: check
CVE-2022-25639
RESERVED
-CVE-2022-25638
- RESERVED
+CVE-2022-25638 (In wolfSSL before 5.2.0, certificate validation may be
bypassed during ...)
+ TODO: check
CVE-2022-25637
RESERVED
CVE-2022-25635
@@ -928,18 +982,18 @@ CVE-2022-25408
RESERVED
CVE-2022-25407
RESERVED
-CVE-2022-25406
- RESERVED
-CVE-2022-25405
- RESERVED
-CVE-2022-25404
- RESERVED
-CVE-2022-25403
- RESERVED
-CVE-2022-25402
- RESERVED
-CVE-2022-25401
- RESERVED
+CVE-2022-25406 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2022-25405 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2022-25404 (Tongda2000 v11.10 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2022-25403 (HMS v1.0 was discovered to contain a SQL injection
vulnerability via t ...)
+ TODO: check
+CVE-2022-25402 (An incorrect access control issue in HMS v1.0 allows
unauthenticated a ...)
+ TODO: check
+CVE-2022-25401 (The copy function of the file manager in Cuppa CMS v1.0 allows
any fil ...)
+ TODO: check
CVE-2022-25400
RESERVED
CVE-2022-25399
@@ -1070,14 +1124,14 @@ CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows
allows attackers to move
NOT-FOR-US: Docker Desktop
CVE-2022-25364
RESERVED
-CVE-2022-25363
- RESERVED
+CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated
remote at ...)
+ TODO: check
CVE-2022-25362
RESERVED
CVE-2022-25361
RESERVED
-CVE-2022-25360
- RESERVED
+CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated
remote at ...)
+ TODO: check
CVE-2022-25359
RESERVED
CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path
handler of awf ...)
@@ -1137,12 +1191,12 @@ CVE-2022-25333
RESERVED
CVE-2022-25332
RESERVED
-CVE-2022-25331
- RESERVED
-CVE-2022-25330
- RESERVED
-CVE-2022-25329
- RESERVED
+CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro
ServerProtect ...)
+ TODO: check
+CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro
ServerProtect 6. ...)
+ TODO: check
+CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a
static cre ...)
+ TODO: check
CVE-2022-25328
RESERVED
CVE-2022-25327
@@ -1284,14 +1338,14 @@ CVE-2022-25295
RESERVED
CVE-2022-25294
RESERVED
-CVE-2022-25293
- RESERVED
-CVE-2022-25292
- RESERVED
-CVE-2022-25291
- RESERVED
-CVE-2022-25290
- RESERVED
+CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox
and XTM ap ...)
+ TODO: check
+CVE-2022-25292 (A wgagent stack-based buffer overflow in WatchGuard Firebox
and XTM ap ...)
+ TODO: check
+CVE-2022-25291 (An integer overflow in WatchGuard Firebox and XTM appliances
allows an ...)
+ TODO: check
+CVE-2022-25290 (WatchGuard Firebox and XTM appliances allow an authenticated
remote at ...)
+ TODO: check
CVE-2022-25289
RESERVED
CVE-2022-25288
@@ -1918,20 +1972,20 @@ CVE-2022-25106
RESERVED
CVE-2022-25105
RESERVED
-CVE-2022-25104
- RESERVED
+CVE-2022-25104 (HorizontCMS v1.0.0-beta.2 was discovered to contain an
arbitrary file ...)
+ TODO: check
CVE-2022-25103
RESERVED
CVE-2022-25102
RESERVED
-CVE-2022-25101
- RESERVED
+CVE-2022-25101 (A vulnerability in the component /templates/install.php of
WBCE CMS v1 ...)
+ TODO: check
CVE-2022-25100
RESERVED
-CVE-2022-25099
- RESERVED
-CVE-2022-25098
- RESERVED
+CVE-2022-25099 (A vulnerability in the component /languages/index.php of WBCE
CMS v1.5 ...)
+ TODO: check
+CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to
insufficient fi ...)
+ TODO: check
CVE-2022-25097
RESERVED
CVE-2022-25096
@@ -2290,6 +2344,7 @@ CVE-2022-0567
RESERVED
CVE-2022-0566
RESERVED
+ {DSA-5086-1}
- thunderbird 1:91.6.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566
CVE-2022-0565 (Exposure of Sensitive Information to an Unauthorized Actor in
Packagis ...)
@@ -2799,10 +2854,10 @@ CVE-2022-24710
RESERVED
CVE-2022-24709
RESERVED
-CVE-2022-24708
- RESERVED
-CVE-2022-24707
- RESERVED
+CVE-2022-24708 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
+ TODO: check
+CVE-2022-24707 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
+ TODO: check
CVE-2022-24706
RESERVED
CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a
memcpy ...)
@@ -2913,12 +2968,12 @@ CVE-2022-24682 (An issue was discovered in the Calendar
feature in Zimbra Collab
NOT-FOR-US: Zimbra
CVE-2022-24681
RESERVED
-CVE-2022-24680
- RESERVED
-CVE-2022-24679
- RESERVED
-CVE-2022-24678
- RESERVED
+CVE-2022-24680 (A security link following local privilege escalation
vulnerability in ...)
+ TODO: check
+CVE-2022-24679 (A security link following local privilege escalation
vulnerability in ...)
+ TODO: check
+CVE-2022-24678 (An security agent resource exhaustion denial-of-service
vulnerability ...)
+ TODO: check
CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution
because ...)
NOT-FOR-US: HYBBS2
CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows
arbitrary file ...)
@@ -2941,8 +2996,8 @@ CVE-2022-21202
RESERVED
CVE-2022-21168
RESERVED
-CVE-2022-24671
- RESERVED
+CVE-2022-24671 (A link following privilege escalation vulnerability in Trend
Micro Ant ...)
+ TODO: check
CVE-2022-24670
RESERVED
CVE-2022-24669
@@ -3564,8 +3619,8 @@ CVE-2022-24411
RESERVED
CVE-2022-24410
RESERVED
-CVE-2022-24409
- RESERVED
+CVE-2022-24409 (Only customers with active BSAFE maintenance contracts can
receive det ...)
+ TODO: check
CVE-2022-24380
RESERVED
CVE-2022-22147
@@ -6548,16 +6603,16 @@ CVE-2022-23657
RESERVED
CVE-2022-23656
RESERVED
-CVE-2022-23655
- RESERVED
+CVE-2022-23655 (Octobercms is a self-hosted CMS platform based on the Laravel
PHP Fram ...)
+ TODO: check
CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions
an authen ...)
NOT-FOR-US: Wiki.js
-CVE-2022-23653
- RESERVED
+CVE-2022-23653 (B2 Command Line Tool is the official command line tool for the
backbla ...)
+ TODO: check
CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which
provides m ...)
NOT-FOR-US: capsule-proxy
-CVE-2022-23651
- RESERVED
+CVE-2022-23651 (b2-sdk-python is a python library to access cloud storage
provided by ...)
+ TODO: check
CVE-2022-23650 (Netmaker is a platform for creating and managing virtual
overlay netwo ...)
NOT-FOR-US: Netmaker
CVE-2022-23649 (Cosign provides container signing, verification, and storage
in an OCI ...)
@@ -8274,8 +8329,8 @@ CVE-2022-23178 (An issue was discovered on Crestron
HD-MD4X2-4K-E 1.0.0.2159 dev
NOT-FOR-US: Crestron devices
CVE-2022-23177
RESERVED
-CVE-2022-23176
- RESERVED
+CVE-2022-23176 (WatchGuard Firebox and XTM appliances allow a remote attacker
with unp ...)
+ TODO: check
CVE-2022-23175
RESERVED
CVE-2022-23174
@@ -10990,14 +11045,14 @@ CVE-2022-22338
RESERVED
CVE-2022-22337
RESERVED
-CVE-2022-22336
- RESERVED
+CVE-2022-22336 (IBM Sterling External Authentication Server and IBM Sterling
Secure Pr ...)
+ TODO: check
CVE-2022-22335
RESERVED
CVE-2022-22334
RESERVED
-CVE-2022-22333
- RESERVED
+CVE-2022-22333 (IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and
IBM Sterli ...)
+ TODO: check
CVE-2022-22332
RESERVED
CVE-2022-22331
@@ -12375,8 +12430,8 @@ CVE-2021-45748
RESERVED
CVE-2021-45747
RESERVED
-CVE-2021-45746
- RESERVED
+CVE-2021-45746 (A Directory Traversal vulnerability exists in WeBankPartners
wecube-pl ...)
+ TODO: check
CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Bludit 3.1 ...)
NOT-FOR-US: Bludit
CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in
bludit 3.1 ...)
@@ -16419,8 +16474,8 @@ CVE-2021-44612
RESERVED
CVE-2021-44611
RESERVED
-CVE-2021-44610
- RESERVED
+CVE-2021-44610 (Multiple SQL Injection vulnerabilities exist in bloofoxCMS
0.5.2.1 - 0 ...)
+ TODO: check
CVE-2021-44609
RESERVED
CVE-2021-44608 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in
bloofoxC ...)
@@ -16568,10 +16623,10 @@ CVE-2021-44552
RESERVED
CVE-2021-44551
RESERVED
-CVE-2021-44550
- RESERVED
-CVE-2021-4070
- RESERVED
+CVE-2021-44550 (An Incorrect Access Control vulnerability exists in CoreNLP
4.3.2 via ...)
+ TODO: check
+CVE-2021-4070 (Off-by-one Error in GitHub repository v2fly/v2ray-core prior to
4.44.0 ...)
+ TODO: check
CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on
top of ...)
NOT-FOR-US: Apache Sling
CVE-2021-4069 (vim is vulnerable to Use After Free ...)
@@ -18802,8 +18857,8 @@ CVE-2021-43945
RESERVED
CVE-2021-43944
RESERVED
-CVE-2021-43943
- RESERVED
+CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server
and Data ...)
+ TODO: check
CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
@@ -42348,8 +42403,8 @@ CVE-2021-35691
RESERVED
CVE-2021-35690
RESERVED
-CVE-2021-35689
- RESERVED
+CVE-2021-35689 (A potential vulnerability in the Oracle Talent Acquisition
Cloud - Tal ...)
+ TODO: check
CVE-2021-35688
RESERVED
CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical
Applications ...)
@@ -66686,8 +66741,8 @@ CVE-2021-26094
RESERVED
CVE-2021-26093
RESERVED
-CVE-2021-26092
- RESERVED
+CVE-2021-26092 (Failure to sanitize input in the SSL VPN web portal of FortiOS
5.2.10 ...)
+ TODO: check
CVE-2021-26091
RESERVED
CVE-2021-26090 (A missing release of memory after its effective lifetime
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe9567fd2c7e2fc67b06491328f11c3be865e5a6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe9567fd2c7e2fc67b06491328f11c3be865e5a6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
