[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 21 Mar 2022 01:10:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a006d95 by security tracker role at 2022-03-21T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-1031
+       RESERVED
 CVE-2022-27258
        RESERVED
 CVE-2022-27257
@@ -4676,8 +4678,8 @@ CVE-2022-25507 (FreeTAKServer-UI v1.9.8 was discovered to 
contain a stored cross
        NOT-FOR-US: FreeTAKServer
 CVE-2022-25506 (FreeTAKServer-UI v1.9.8 was discovered to contain a SQL 
injection vuln ...)
        NOT-FOR-US: FreeTAKServer
-CVE-2022-25505
-       RESERVED
+CVE-2022-25505 (Taocms v3.0.2 was discovered to contain a SQL injection 
vulnerability  ...)
+       TODO: check
 CVE-2022-25504
        RESERVED
 CVE-2022-25503
@@ -4724,8 +4726,8 @@ CVE-2022-25483
        RESERVED
 CVE-2022-25482
        RESERVED
-CVE-2022-25481
-       RESERVED
+CVE-2022-25481 (ThinkPHP Framework v5.0.24 was discovered to be configured 
without the ...)
+       TODO: check
 CVE-2022-25480
        RESERVED
 CVE-2022-25479
@@ -4762,8 +4764,8 @@ CVE-2022-25464 (A stored cross-site scripting (XSS) 
vulnerability in the compone
        NOT-FOR-US: DoraCMS
 CVE-2022-25463
        RESERVED
-CVE-2022-25462
-       RESERVED
+CVE-2022-25462 (Yafu v2.0 contains a segmentation fault via the component 
/factor/avx- ...)
+       TODO: check
 CVE-2022-25461 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack 
overflo ...)
        NOT-FOR-US: Tenda
 CVE-2022-25460 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack 
overflo ...)
@@ -30561,8 +30563,8 @@ CVE-2021-42196
        RESERVED
 CVE-2021-42195
        RESERVED
-CVE-2021-42194
-       RESERVED
+CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms 
V1.5.4- ...)
+       TODO: check
 CVE-2021-42193
        RESERVED
 CVE-2021-42192
@@ -37456,10 +37458,10 @@ CVE-2021-39386
        RESERVED
 CVE-2021-39385
        RESERVED
-CVE-2021-39384
-       RESERVED
-CVE-2021-39383
-       RESERVED
+CVE-2021-39384 (DWSurvey v3.2.0 was discovered to contain an arbitrary file 
write vuln ...)
+       TODO: check
+CVE-2021-39383 (DWSurvey v3.2.0 was discovered to contain a remote command 
execution ( ...)
+       TODO: check
 CVE-2021-39382
        RESERVED
 CVE-2021-39381
@@ -39498,6 +39500,7 @@ CVE-2021-3701
        NOTE: https://github.com/ansible/ansible-runner/issues/738
        NOTE: 
https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
 CVE-2021-3700 (A use-after-free vulnerability was found in usbredir in 
versions prior ...)
+       {DLA-2958-1}
        - usbredir 0.11.0-1
        [bullseye] - usbredir <no-dsa> (Minor issue)
        [buster] - usbredir <no-dsa> (Minor issue)
@@ -102785,10 +102788,10 @@ CVE-2020-26010
        RESERVED
 CVE-2020-26009
        RESERVED
-CVE-2020-26008
-       RESERVED
-CVE-2020-26007
-       RESERVED
+CVE-2020-26008 (The PluginsUpload function in 
application/service/PluginsAdminService. ...)
+       TODO: check
+CVE-2020-26007 (An arbitrary file upload vulnerability in the upload payment 
plugin of ...)
+       TODO: check
 CVE-2020-26006 (Project Worlds Online Examination System 1.0 is affected by 
Cross Site ...)
        NOT-FOR-US: Project Worlds Online Examination System
 CVE-2020-26005
@@ -135163,11 +135166,13 @@ CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable 
to CSRF that allows remote at
 CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote 
attacker ...)
        NOT-FOR-US: iSmartgate PRO
 CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x 
before 0.99. ...)
+       {DLA-2936-1}
        - libgit2 0.28.4+dfsg.1-2
        [buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)
        [jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)
        NOTE: 
https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x 
before 0.99. ...)
+       {DLA-2936-1}
        - libgit2 0.28.4+dfsg.1-2
        [buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)
        [jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on 
NTFS like filesystem)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a006d95fbf2dfdc3cf2387c5d544d8e55baef88

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a006d95fbf2dfdc3cf2387c5d544d8e55baef88
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to