Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a1f9497 by security tracker role at 2022-02-25T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-26111
+ RESERVED
+CVE-2022-26110
+ RESERVED
+CVE-2022-26109
+ RESERVED
+CVE-2022-26108
+ RESERVED
+CVE-2022-26107
+ RESERVED
+CVE-2022-26106
+ RESERVED
+CVE-2022-26105
+ RESERVED
+CVE-2022-26104
+ RESERVED
+CVE-2022-26103
+ RESERVED
+CVE-2022-26102
+ RESERVED
+CVE-2022-26101
+ RESERVED
+CVE-2022-26100
+ RESERVED
+CVE-2022-26099
+ RESERVED
+CVE-2022-26098
+ RESERVED
+CVE-2022-26097
+ RESERVED
+CVE-2022-26096
+ RESERVED
+CVE-2022-26095
+ RESERVED
+CVE-2022-26094
+ RESERVED
+CVE-2022-26093
+ RESERVED
+CVE-2022-26092
+ RESERVED
+CVE-2022-26091
+ RESERVED
+CVE-2022-26090
+ RESERVED
+CVE-2022-26089
+ RESERVED
+CVE-2022-26088
+ RESERVED
+CVE-2022-0761
+ RESERVED
+CVE-2022-0760
+ RESERVED
+CVE-2022-0759
+ RESERVED
CVE-2022-26085
RESERVED
CVE-2022-26068
@@ -3407,8 +3461,8 @@ CVE-2022-24711
RESERVED
CVE-2022-24710
RESERVED
-CVE-2022-24709
- RESERVED
+CVE-2022-24709 (@awsui/components-react is the main AWS UI package which
contains Reac ...)
+ TODO: check
CVE-2022-24708 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
TODO: check
CVE-2022-24707 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
@@ -5460,20 +5514,20 @@ CVE-2022-24054
RESERVED
CVE-2022-24053
RESERVED
-CVE-2022-24052 (This vulnerability allows local attackers to escalate
privileges on af ...)
+CVE-2022-24052 (MariaDB CONNECT Storage Engine Heap-based Buffer Overflow
Privilege Es ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
-CVE-2022-24051 (This vulnerability allows local attackers to escalate
privileges on af ...)
+CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege
Escalation Vuln ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
-CVE-2022-24050 (This vulnerability allows local attackers to escalate
privileges on af ...)
+CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege
Escalation Vul ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -5481,7 +5535,7 @@ CVE-2022-24050 (This vulnerability allows local attackers
to escalate privileges
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
CVE-2022-24049 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Sonos One Speaker
-CVE-2022-24048 (This vulnerability allows local attackers to escalate
privileges on af ...)
+CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow
Privilege E ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -5709,7 +5763,7 @@ CVE-2021-46616 (This vulnerability allows remote
attackers to disclose sensitive
NOT-FOR-US: Bentley
CVE-2021-46615 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
NOT-FOR-US: Bentley
-CVE-2021-46614 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+CVE-2021-46614 (Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing
Out-Of-Bounds ...)
NOT-FOR-US: Bentley
CVE-2021-46613 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Bentley
@@ -6671,8 +6725,8 @@ CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and
6.4.0, there is no limit
NOTE:
https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
(v6.4.0)
CVE-2022-23836
RESERVED
-CVE-2022-23835
- RESERVED
+CVE-2022-23835 (** DISPUTED ** The Visual Voice Mail (VVM) application through
2022-02 ...)
+ TODO: check
CVE-2022-0337
RESERVED
CVE-2022-0336 [Samba AD users with permission to write to an account can
impersonate arbitrary services]
@@ -7073,8 +7127,8 @@ CVE-2022-23703
RESERVED
CVE-2022-23702
RESERVED
-CVE-2022-23701
- RESERVED
+CVE-2022-23701 (A potential remote host header injection security
vulnerability has be ...)
+ TODO: check
CVE-2022-23700
RESERVED
CVE-2022-23699
@@ -16926,10 +16980,10 @@ CVE-2021-44667
RESERVED
CVE-2021-44666
RESERVED
-CVE-2021-44665
- RESERVED
-CVE-2021-44664
- RESERVED
+CVE-2021-44665 (A Directory Traversal vulnerability exists in the Xerte
Project Xerte ...)
+ TODO: check
+CVE-2021-44664 (An Authenticated Remote Code Exection (RCE) vulnerability
exists in Xe ...)
+ TODO: check
CVE-2021-44663 (A Remote Code Execution (RCE) vulnerability exists in the
Xerte Projec ...)
NOT-FOR-US: Xerte
CVE-2021-44662 (A Site Scripting (XSS) vulnerability exists in the Xerte
Project Xerte ...)
@@ -17160,11 +17214,11 @@ CVE-2021-44568 (Two heap-overflow vulnerabilities
exist in openSUSE/libsolv libs
NOTE: https://github.com/openSUSE/libsolv/issues/425
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44567 (An SQL Injection vulnerability exits in RosarioSIS before
7.6.1 via th ...)
+CVE-2021-44567 (An unauthenticated SQL Injection vulnerability exists in
RosarioSIS be ...)
NOT-FOR-US: RosarioSIS
-CVE-2021-44566 (A Cross Site Scripting vulnerability exists RosarioSIS before
4.3 via ...)
+CVE-2021-44566 (A Cross Site Scripting (XSS) vulnerability exists in
RosarioSIS before ...)
NOT-FOR-US: RosarioSIS
-CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS
before 7 ...)
+CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerability exists in
RosarioSIS before ...)
NOT-FOR-US: RosarioSIS
CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101
product, ...)
NOT-FOR-US: SYNC2101
@@ -20772,8 +20826,8 @@ CVE-2021-3959 (A Server-Side Request Forgery (SSRF)
vulnerability in the EPPUpda
NOT-FOR-US: Bitdefender
CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software
suffers f ...)
NOT-FOR-US: iPack SCADA Automation
-CVE-2021-43745
- RESERVED
+CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes
0.48.6 in the ...)
+ TODO: check
CVE-2021-43744
RESERVED
CVE-2021-43743
@@ -33769,10 +33823,10 @@ CVE-2021-39365 (In GNOME grilo though 0.3.13,
grl-net-wc.c does not enable TLS c
- grilo 0.3.13-1.1 (bug #992971)
NOTE:
https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
-CVE-2021-39364
- RESERVED
-CVE-2021-39363
- RESERVED
+CVE-2021-39364 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3
devices allo ...)
+ TODO: check
+CVE-2021-39363 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3
devices allo ...)
+ TODO: check
CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before
2.16.9 L ...)
{DLA-2826-1}
- mbedtls 2.16.9-0.1
@@ -46076,12 +46130,12 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package
before 3.31 for Python allows
NOTE: https://github.com/nvbn/thefuck/pull/1206
CVE-2021-34362 (A command injection vulnerability has been reported to affect
QNAP dev ...)
NOT-FOR-US: QNAP
-CVE-2021-34361
- RESERVED
+CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
CVE-2021-34360
RESERVED
-CVE-2021-34359
- RESERVED
+CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
CVE-2021-34358 (We have already fixed this vulnerability in the following
versions of ...)
NOT-FOR-US: QNAP
CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
@@ -59554,16 +59608,16 @@ CVE-2021-29222
RESERVED
CVE-2021-29221 (A local privilege escalation vulnerability was discovered in
Erlang/OT ...)
- erlang <not-affected> (Windows-specific)
-CVE-2021-29220
- RESERVED
+CVE-2021-29220 (Multiple buffer overflow security vulnerabilities have been
identified ...)
+ TODO: check
CVE-2021-29219 (A potential local buffer overflow vulnerability has been
identified in ...)
NOT-FOR-US: HPE
CVE-2021-29218 (A local unquoted search path security vulnerability has been
identifie ...)
NOT-FOR-US: HPE
-CVE-2021-29217
- RESERVED
-CVE-2021-29216
- RESERVED
+CVE-2021-29217 (A remote URL redirection vulnerability was discovered in HPE
OneView G ...)
+ TODO: check
+CVE-2021-29216 (A remote cross-site scripting vulnerability was discovered in
HPE OneV ...)
+ TODO: check
CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric
that may ...)
NOT-FOR-US: HPE
CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ
Manageme ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1f949727176abbc708d493e0c3fca0d1953b34
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1f949727176abbc708d493e0c3fca0d1953b34
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
