[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 17 Mar 2022 13:10:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d6ecaf9d by security tracker role at 2022-03-17T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-27172
+       RESERVED
+CVE-2022-1017
+       RESERVED
+CVE-2022-1016
+       RESERVED
+CVE-2022-1015
+       RESERVED
+CVE-2022-1014
+       RESERVED
+CVE-2022-1013
+       RESERVED
+CVE-2022-1012
+       RESERVED
+CVE-2022-1011
+       RESERVED
+CVE-2022-1010
+       RESERVED
+CVE-2022-1009
+       RESERVED
+CVE-2022-1008
+       RESERVED
+CVE-2022-1007
+       RESERVED
+CVE-2022-1006
+       RESERVED
+CVE-2022-1005
+       RESERVED
+CVE-2022-1004
+       RESERVED
+CVE-2022-1003
+       RESERVED
+CVE-2022-1002
+       RESERVED
+CVE-2022-1001
+       RESERVED
+CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager 
prior  ...)
+       TODO: check
 CVE-2022-27228
        RESERVED
 CVE-2022-27227
@@ -266,16 +304,16 @@ CVE-2022-27167
        RESERVED
 CVE-2022-27166
        RESERVED
-CVE-2022-26511
-       RESERVED
+CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when 
opening ...)
+       TODO: check
 CVE-2022-26510
        RESERVED
 CVE-2022-26303
        RESERVED
 CVE-2022-26082
        RESERVED
-CVE-2022-26081
-       RESERVED
+CVE-2022-26081 (The installer of WPS Office Version 10.8.0.5745 insecurely 
load shcore ...)
+       TODO: check
 CVE-2022-26077
        RESERVED
 CVE-2022-26067
@@ -284,10 +322,10 @@ CVE-2022-26043
        RESERVED
 CVE-2022-26026
        RESERVED
-CVE-2022-25969
-       RESERVED
-CVE-2022-25949
-       RESERVED
+CVE-2022-25969 (The installer of WPS Office Version 10.8.0.6186 insecurely 
load VERSIO ...)
+       TODO: check
+CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 
Plus Ve ...)
+       TODO: check
 CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository 
getgrav/grav  ...)
        TODO: check
 CVE-2022-0969
@@ -1835,8 +1873,8 @@ CVE-2022-26528
        RESERVED
 CVE-2022-26527
        RESERVED
-CVE-2022-26526
-       RESERVED
+CVE-2022-26526 (Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 
11.0.0.0 ...)
+       TODO: check
 CVE-2022-26525
        RESERVED
 CVE-2022-26524
@@ -1871,8 +1909,8 @@ CVE-2022-26505 (A DNS rebinding issue in ReadyMedia 
(formerly MiniDLNA) before 1
        NOTE: https://www.openwall.com/lists/oss-security/2022/03/03/1
 CVE-2022-26504
        RESERVED
-CVE-2022-26503
-       RESERVED
+CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows 
2.0, 2.1, ...)
+       TODO: check
 CVE-2022-26502
        RESERVED
 CVE-2022-26501
@@ -2980,7 +3018,7 @@ CVE-2022-0780
 CVE-2022-0779
        RESERVED
 CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square 
root, cont ...)
-       {DSA-5103-1}
+       {DSA-5103-1 DLA-2953-1 DLA-2952-1}
        - openssl 1.1.1n-1
        - openssl1.0 <removed>
        NOTE: https://www.openssl.org/news/secadv/20220315.txt
@@ -3483,8 +3521,8 @@ CVE-2022-25764
        RESERVED
 CVE-2022-25761
        RESERVED
-CVE-2022-25760
-       RESERVED
+CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary 
Code Inj ...)
+       TODO: check
 CVE-2022-25759
        RESERVED
 CVE-2022-25758
@@ -3499,12 +3537,12 @@ CVE-2022-25645
        RESERVED
 CVE-2022-25644
        RESERVED
-CVE-2022-25354
-       RESERVED
+CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype 
Pollution  ...)
+       TODO: check
 CVE-2022-25353
        RESERVED
-CVE-2022-25352
-       RESERVED
+CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype 
Polluti ...)
+       TODO: check
 CVE-2022-25351
        RESERVED
 CVE-2022-25350
@@ -3623,8 +3661,8 @@ CVE-2022-21223
        RESERVED
 CVE-2022-21222
        RESERVED
-CVE-2022-21221
-       RESERVED
+CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are 
vulnerable t ...)
+       TODO: check
 CVE-2022-21213
        RESERVED
 CVE-2022-21211
@@ -3684,10 +3722,10 @@ CVE-2022-0751
        NOTE: 
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
 CVE-2022-0750
        RESERVED
-CVE-2022-0749
-       RESERVED
-CVE-2022-0748
-       RESERVED
+CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The 
socket cli ...)
+       TODO: check
+CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary 
Code Ex ...)
+       TODO: check
 CVE-2022-0747
        RESERVED
 CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr 
prior to  ...)
@@ -4884,8 +4922,8 @@ CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB 
injection because, althou
        NOT-FOR-US: Cryptomator
 CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to 
move arbitr ...)
        NOT-FOR-US: Docker Desktop
-CVE-2022-25364
-       RESERVED
+CVE-2022-25364 (In Gradle Enterprise before 2021.4.2, the default built-in 
build cache ...)
+       TODO: check
 CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated 
remote at ...)
        NOT-FOR-US: WatchGuard
 CVE-2022-25362
@@ -5117,8 +5155,8 @@ CVE-2022-25298 (This affects the package sprinfall/webcc 
before 0.3.0. It is pos
        NOT-FOR-US: webcc
 CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. 
The unsa ...)
        NOT-FOR-US: drogon
-CVE-2022-25296
-       RESERVED
+CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype 
Pollution v ...)
+       TODO: check
 CVE-2022-25295
        RESERVED
 CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies 
on an in ...)
@@ -6592,12 +6630,12 @@ CVE-2022-24763
        RESERVED
 CVE-2022-24762 (sysend.js is a library that allows a user to send messages 
between pag ...)
        TODO: check
-CVE-2022-24761
-       RESERVED
+CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 
and 3.  ...)
+       TODO: check
 CVE-2022-24760 (Parse Server is an open source http web server backend. In 
versions pr ...)
        TODO: check
-CVE-2022-24759
-       RESERVED
+CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation 
of noise  ...)
+       TODO: check
 CVE-2022-24758
        RESERVED
 CVE-2022-24757
@@ -16368,14 +16406,14 @@ CVE-2021-45796
        RESERVED
 CVE-2021-45795
        RESERVED
-CVE-2021-45794
-       RESERVED
-CVE-2021-45793
-       RESERVED
-CVE-2021-45792
-       RESERVED
-CVE-2021-45791
-       RESERVED
+CVE-2021-45794 (Slims9 Bulian 9.4.2 is affected by SQL injection in 
/admin/modules/sys ...)
+       TODO: check
+CVE-2021-45793 (Slims9 Bulian 9.4.2 is affected by SQL injection in 
lib/comment.inc.ph ...)
+       TODO: check
+CVE-2021-45792 (Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) 
in /admi ...)
+       TODO: check
+CVE-2021-45791 (Slims8 Akasia 8.3.1 is affected by SQL injection in 
/admin/modules/bib ...)
+       TODO: check
 CVE-2021-45790 (An arbitrary file upload vulnerability was found in 
Metersphere v1.15. ...)
        NOT-FOR-US: Metersphere
 CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere 
v1.15.4, ...)
@@ -19595,12 +19633,12 @@ CVE-2021-44910
        RESERVED
 CVE-2021-44909
        RESERVED
-CVE-2021-44908
-       RESERVED
+CVE-2021-44908 (SailsJS Sails.js &lt;=1.4.0 is vulnerable to Prototype 
Pollution via c ...)
+       TODO: check
 CVE-2021-44907
        RESERVED
-CVE-2021-44906
-       RESERVED
+CVE-2021-44906 (Minimist &lt;=1.2.5 is vulnerable to Prototype Pollution via 
file inde ...)
+       TODO: check
 CVE-2021-44905
        RESERVED
 CVE-2021-44904
@@ -21531,14 +21569,14 @@ CVE-2021-44264
        RESERVED
 CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...)
        NOT-FOR-US: Gurock TestRail
-CVE-2021-44262
-       RESERVED
-CVE-2021-44261
-       RESERVED
-CVE-2021-44260
-       RESERVED
-CVE-2021-44259
-       RESERVED
+CVE-2021-44262 (A vulnerability is in the 'MNU_top.htm' page of the Netgear 
W104, vers ...)
+       TODO: check
+CVE-2021-44261 (A vulnerability is in the 'BRS_top.html' page of the Netgear 
W104, ver ...)
+       TODO: check
+CVE-2021-44260 (A vulnerability is in the 'live_mfg.html' page of the WAVLINK 
AC1200,  ...)
+       TODO: check
+CVE-2021-44259 (A vulnerability is in the 'wx.html' page of the WAVLINK 
AC1200, versio ...)
+       TODO: check
 CVE-2021-44258
        RESERVED
 CVE-2021-44257
@@ -76482,8 +76520,8 @@ CVE-2021-23773
        RESERVED
 CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; 
all vers ...)
        NOT-FOR-US: iris Go web framework
-CVE-2021-23771
-       RESERVED
+CVE-2021-23771 (This affects all versions of package notevil; all versions of 
package  ...)
+       TODO: check
 CVE-2021-23770
        RESERVED
 CVE-2021-23769
@@ -76765,8 +76803,8 @@ CVE-2021-23634
        RESERVED
 CVE-2021-23633
        RESERVED
-CVE-2021-23632
-       RESERVED
+CVE-2021-23632 (All versions of package git are vulnerable to Remote Code 
Execution (R ...)
+       TODO: check
 CVE-2021-23631 (This affects all versions of package convert-svg-core; all 
versions of ...)
        NOT-FOR-US: Node convert-svg
 CVE-2021-23630
@@ -76919,8 +76957,8 @@ CVE-2021-23558 (The package bmoor before 0.10.1 are 
vulnerable to Prototype Poll
        NOT-FOR-US: Node bmoor
 CVE-2021-23557
        RESERVED
-CVE-2021-23556
-       RESERVED
+CVE-2021-23556 (The package guake before 3.8.5 are vulnerable to Exposed 
Dangerous Met ...)
+       TODO: check
 CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass 
via dire ...)
        NOT-FOR-US: Node vm2
 CVE-2021-23554
@@ -125884,8 +125922,8 @@ CVE-2020-15593 (SteelCentral Aternity Agent 
11.0.0.120 on Windows mishandles IPC
        NOT-FOR-US: SteelCentral Aternity Agent
 CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows 
allows Privil ...)
        NOT-FOR-US: SteelCentral Aternity Agent
-CVE-2020-15591
-       RESERVED
+CVE-2020-15591 (fexsrv in F*EX (aka Frams' Fast File EXchange) before 
fex-20160919_2 a ...)
+       TODO: check
 CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN 
Client for Li ...)
        NOT-FOR-US: Private Internet Access client for Linux
 CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, 
InternetSen ...)
@@ -221806,7 +221844,7 @@ CVE-2019-1552 (OpenSSL has internal defaults for a 
directory tree where it can f
        - openssl1.0 <not-affected> (Windows-specific)
        NOTE: https://www.openssl.org/news/secadv/20190730.txt
 CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring 
procedure u ...)
-       {DSA-4855-1 DSA-4594-1}
+       {DSA-4855-1 DSA-4594-1 DLA-2952-1}
        - openssl 1.1.1e-1 (low; bug #947949)
        [jessie] - openssl <not-affected> (Affected modules are not present in 
Jessie)
        - openssl1.0 <removed> (low)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ecaf9d85d320efc7c8e24aec810faa669d4174

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6ecaf9d85d320efc7c8e24aec810faa669d4174
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to