Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a65d3a98 by security tracker role at 2022-03-16T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data
transmissio ...)
+ TODO: check
+CVE-2022-27224
+ RESERVED
+CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel
before 5.16 ...)
+ TODO: check
+CVE-2022-27222
+ RESERVED
+CVE-2022-0993
+ RESERVED
+CVE-2022-0992
+ RESERVED
+CVE-2022-0991
+ RESERVED
+CVE-2022-0990
+ RESERVED
+CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to
spoof an ...)
+ TODO: check
CVE-2022-27221
RESERVED
CVE-2022-27220
@@ -609,38 +627,38 @@ CVE-2022-27007
RESERVED
CVE-2022-27006
RESERVED
-CVE-2022-27005
- RESERVED
-CVE-2022-27004
- RESERVED
-CVE-2022-27003
- RESERVED
-CVE-2022-27002
- RESERVED
-CVE-2022-27001
- RESERVED
-CVE-2022-27000
- RESERVED
-CVE-2022-26999
- RESERVED
-CVE-2022-26998
- RESERVED
-CVE-2022-26997
- RESERVED
-CVE-2022-26996
- RESERVED
-CVE-2022-26995
- RESERVED
-CVE-2022-26994
- RESERVED
-CVE-2022-26993
- RESERVED
-CVE-2022-26992
- RESERVED
-CVE-2022-26991
- RESERVED
-CVE-2022-26990
- RESERVED
+CVE-2022-27005 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R
V9.1.0u.61 ...)
+ TODO: check
+CVE-2022-27004 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R
V9.1.0u.61 ...)
+ TODO: check
+CVE-2022-27003 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R
V9.1.0u.61 ...)
+ TODO: check
+CVE-2022-27002 (Arris TR3300 v1.0.13 were discovered to contain a command
injection vu ...)
+ TODO: check
+CVE-2022-27001 (Arris TR3300 v1.0.13 were discovered to contain a command
injection vu ...)
+ TODO: check
+CVE-2022-27000 (Arris TR3300 v1.0.13 was discovered to contain a command
injection vul ...)
+ TODO: check
+CVE-2022-26999 (Arris TR3300 v1.0.13 was discovered to contain a command
injection vul ...)
+ TODO: check
+CVE-2022-26998 (Arris TR3300 v1.0.13 was discovered to contain a command
injection vul ...)
+ TODO: check
+CVE-2022-26997 (Arris TR3300 v1.0.13 was discovered to contain a command
injection vul ...)
+ TODO: check
+CVE-2022-26996 (Arris TR3300 v1.0.13 was discovered to contain a command
injection vul ...)
+ TODO: check
+CVE-2022-26995 (Arris TR3300 v1.0.13 was discovered to contain a command
injection vul ...)
+ TODO: check
+CVE-2022-26994 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and
SBR-AC1 ...)
+ TODO: check
+CVE-2022-26993 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and
SBR-AC1 ...)
+ TODO: check
+CVE-2022-26992 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and
SBR-AC1 ...)
+ TODO: check
+CVE-2022-26991 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and
SBR-AC1 ...)
+ TODO: check
+CVE-2022-26990 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and
SBR-AC1 ...)
+ TODO: check
CVE-2022-26989
RESERVED
CVE-2022-26988
@@ -2302,7 +2320,8 @@ CVE-2022-0823
RESERVED
CVE-2022-26352
RESERVED
-CVE-2022-26351 (Canon imagePROGRAF and imageRUNNER devices through 2022-03-14
generate ...)
+CVE-2022-26351
+ REJECTED
NOT-FOR-US: Canon
CVE-2022-26350
RESERVED
@@ -2411,7 +2430,7 @@ CVE-2022-26322
RESERVED
CVE-2022-26321
RESERVED
-CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module, as used in certain
Fujifilm ( ...)
+CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module before 10.4.0, as used
in cert ...)
NOT-FOR-US: Fujifilm
CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro
Portabl ...)
NOT-FOR-US: Trend Micro
@@ -2617,24 +2636,24 @@ CVE-2022-26216
RESERVED
CVE-2022-26215
RESERVED
-CVE-2022-26214
- RESERVED
-CVE-2022-26213
- RESERVED
-CVE-2022-26212
- RESERVED
-CVE-2022-26211
- RESERVED
-CVE-2022-26210
- RESERVED
-CVE-2022-26209
- RESERVED
-CVE-2022-26208
- RESERVED
-CVE-2022-26207
- RESERVED
-CVE-2022-26206
- RESERVED
+CVE-2022-26214 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
+CVE-2022-26213 (Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered
to cont ...)
+ TODO: check
+CVE-2022-26212 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
+CVE-2022-26211 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
+CVE-2022-26210 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
+CVE-2022-26209 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
+CVE-2022-26208 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
+CVE-2022-26207 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
+CVE-2022-26206 (Totolink A830R V5.9c.4729_B20191112, A3100R
V4.1.2cu.5050_B20200504, A ...)
+ TODO: check
CVE-2022-26205
RESERVED
CVE-2022-26204
@@ -4480,34 +4499,34 @@ CVE-2022-25500
RESERVED
CVE-2022-25499
RESERVED
-CVE-2022-25498
- RESERVED
-CVE-2022-25497
- RESERVED
+CVE-2022-25498 (CuppaCMS v1.0 was discovered to contain a remote code
execution (RCE) ...)
+ TODO: check
+CVE-2022-25497 (CuppaCMS v1.0 was discovered to contain an arbitrary file read
via the ...)
+ TODO: check
CVE-2022-25496
RESERVED
-CVE-2022-25495
- RESERVED
-CVE-2022-25494
- RESERVED
-CVE-2022-25493
- RESERVED
-CVE-2022-25492
- RESERVED
-CVE-2022-25491
- RESERVED
-CVE-2022-25490
- RESERVED
-CVE-2022-25489
- RESERVED
-CVE-2022-25488
- RESERVED
-CVE-2022-25487
- RESERVED
-CVE-2022-25486
- RESERVED
-CVE-2022-25485
- RESERVED
+CVE-2022-25495 (The component /jquery_file_upload/server/php/index.php of
CuppaCMS v1. ...)
+ TODO: check
+CVE-2022-25494 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
+ TODO: check
+CVE-2022-25493 (HMS v1.0 was discovered to contain a reflected cross-site
scripting (X ...)
+ TODO: check
+CVE-2022-25492 (HMS v1.0 was discovered to contain a SQL injection
vulnerability via t ...)
+ TODO: check
+CVE-2022-25491 (HMS v1.0 was discovered to contain a SQL injection
vulnerability via t ...)
+ TODO: check
+CVE-2022-25490 (HMS v1.0 was discovered to contain a SQL injection
vulnerability via t ...)
+ TODO: check
+CVE-2022-25489 (Atom CMS v2.0 was discovered to contain a reflected cross-site
scripti ...)
+ TODO: check
+CVE-2022-25488 (Atom CMS v2.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2022-25487 (Atom CMS v2.0 was discovered to contain a remote code
execution (RCE) ...)
+ TODO: check
+CVE-2022-25486 (CuppaCMS v1.0 was discovered to contain a local file inclusion
via the ...)
+ TODO: check
+CVE-2022-25485 (CuppaCMS v1.0 was discovered to contain a local file inclusion
via the ...)
+ TODO: check
CVE-2022-25484
RESERVED
CVE-2022-25483
@@ -9156,8 +9175,8 @@ CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an
integer overflow in the
NOTE: https://github.com/libexpat/libexpat/pull/551
NOTE: Introduced with:
https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb
(R_1_95_4)
NOTE: Fixed by:
https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1
(R_2_4_4)
-CVE-2022-23989
- RESERVED
+CVE-2022-23989 (In Stormshield Network Security (SNS) 3.7.6 through 3.7.24,
3.11.1 thr ...)
+ TODO: check
CVE-2022-23988 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-23987 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do
not sanit ...)
@@ -16134,8 +16153,8 @@ CVE-2021-45850
RESERVED
CVE-2021-45849
RESERVED
-CVE-2021-45848
- RESERVED
+CVE-2021-45848 (Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and
later all ...)
+ TODO: check
CVE-2021-45847 (Several missing input validations in the 3MF parser component
of Slic3 ...)
- slic3r <unfixed>
NOTE: https://github.com/slic3r/Slic3r/issues/5118
@@ -22806,14 +22825,14 @@ CVE-2022-21642 (Discourse is an open source platform
for community discussion. I
NOT-FOR-US: Discourse
CVE-2021-43959
RESERVED
-CVE-2021-43958
- RESERVED
-CVE-2021-43957
- RESERVED
-CVE-2021-43956
- RESERVED
-CVE-2021-43955
- RESERVED
+CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version
4.8.9 al ...)
+ TODO: check
+CVE-2021-43957 (Affected versions of Atlassian Fisheye & Crucible allowed
remote a ...)
+ TODO: check
+CVE-2021-43956 (The jQuery deserialize library in Fisheye and Crucible before
version ...)
+ TODO: check
+CVE-2021-43955 (The /rest-service-fecru/server-v1 resource in Fisheye and
Crucible bef ...)
+ TODO: check
CVE-2021-43954 (The DefaultRepositoryAdminService class in Fisheye and
Crucible before ...)
NOT-FOR-US: Atlassian
CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center
allow unaut ...)
@@ -63214,8 +63233,8 @@ CVE-2021-3463 (A null pointer dereference vulnerability
in Lenovo Power Manageme
NOT-FOR-US: Lenovo
CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management
Driver ...)
NOT-FOR-US: Lenovo
-CVE-2021-29134
- RESERVED
+CVE-2021-29134 (The avatar middleware in Gitea before 1.13.6 allows Directory
Traversa ...)
+ TODO: check
CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux
Configurat ...)
NOT-FOR-US: haserl (Alpine), different from src:haserl
CVE-2021-29132
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65d3a98f6123fdb5ada082756cb5a93210af5aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65d3a98f6123fdb5ada082756cb5a93210af5aa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
