Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e54423dd by security tracker role at 2022-03-26T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,107 @@
-CVE-2022-27887
+CVE-2022-27927
RESERVED
-CVE-2022-27886
+CVE-2022-27926
RESERVED
-CVE-2022-27885
+CVE-2022-27925
RESERVED
-CVE-2022-27884
+CVE-2022-27924
RESERVED
+CVE-2022-27923
+ RESERVED
+CVE-2022-27922
+ RESERVED
+CVE-2022-27921
+ RESERVED
+CVE-2022-27920 (libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in
webserver functi ...)
+ TODO: check
+CVE-2022-27919 (Gradle Enterprise before 2022.1 allows remote code execution
if the in ...)
+ TODO: check
+CVE-2022-27918
+ RESERVED
+CVE-2022-27917
+ RESERVED
+CVE-2022-27916
+ RESERVED
+CVE-2022-27915
+ RESERVED
+CVE-2022-27914
+ RESERVED
+CVE-2022-27913
+ RESERVED
+CVE-2022-27912
+ RESERVED
+CVE-2022-27911
+ RESERVED
+CVE-2022-27910
+ RESERVED
+CVE-2022-27909
+ RESERVED
+CVE-2022-27908
+ RESERVED
+CVE-2022-27907
+ RESERVED
+CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory
traversal. To ...)
+ TODO: check
+CVE-2022-27905
+ RESERVED
+CVE-2022-27904
+ RESERVED
+CVE-2022-27903
+ RESERVED
+CVE-2022-27902
+ RESERVED
+CVE-2022-27901
+ RESERVED
+CVE-2022-27900
+ RESERVED
+CVE-2022-27899
+ RESERVED
+CVE-2022-27898
+ RESERVED
+CVE-2022-27897
+ RESERVED
+CVE-2022-27896
+ RESERVED
+CVE-2022-27895
+ RESERVED
+CVE-2022-27894
+ RESERVED
+CVE-2022-27893
+ RESERVED
+CVE-2022-27892
+ RESERVED
+CVE-2022-27891
+ RESERVED
+CVE-2022-27890
+ RESERVED
+CVE-2022-27889
+ RESERVED
+CVE-2022-27888
+ RESERVED
+CVE-2022-1102
+ RESERVED
+CVE-2022-1101
+ RESERVED
+CVE-2022-1100
+ RESERVED
+CVE-2022-1099
+ RESERVED
+CVE-2022-1098
+ RESERVED
+CVE-2021-46742
+ RESERVED
+CVE-2021-46741
+ RESERVED
+CVE-2021-46740
+ RESERVED
+CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site
scripting ...)
+ TODO: check
+CVE-2022-27886 (Maccms v10 was discovered to contain a reflected cross-site
scripting ...)
+ TODO: check
+CVE-2022-27885 (Maccms v10 was discovered to contain multiple reflected
cross-site scr ...)
+ TODO: check
+CVE-2022-27884 (Maccms v10 was discovered to contain a reflected cross-site
scripting ...)
+ TODO: check
CVE-2022-27883
RESERVED
CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer
signedn ...)
@@ -98,8 +194,8 @@ CVE-2022-27494
RESERVED
CVE-2022-26423
RESERVED
-CVE-2022-1071
- RESERVED
+CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby
prior ...)
+ TODO: check
CVE-2022-1070
RESERVED
CVE-2022-1069
@@ -3130,8 +3226,8 @@ CVE-2022-26661 (An XXE issue was discovered in Tryton
Application Platform (Serv
NOTE:
https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
CVE-2022-26660 (RunAsSpc 4.0 uses a universal and recoverable encryption key.
In posse ...)
NOT-FOR-US: RunAsSpc
-CVE-2022-26659
- RESERVED
+CVE-2022-26659 (Docker Desktop installer on Windows in versions before 4.6.0
allows an ...)
+ TODO: check
CVE-2022-26658
RESERVED
CVE-2022-26657
@@ -3306,8 +3402,8 @@ CVE-2022-26575
RESERVED
CVE-2022-26574
RESERVED
-CVE-2022-26573
- RESERVED
+CVE-2022-26573 (Maccms v10 was discovered to contain multiple reflected
cross-site scr ...)
+ TODO: check
CVE-2022-26572
RESERVED
CVE-2022-26571
@@ -4294,8 +4390,8 @@ CVE-2022-26199
RESERVED
CVE-2022-26198
RESERVED
-CVE-2022-26197
- RESERVED
+CVE-2022-26197 (Joget DX 7 was discovered to contain a cross-site scripting
(XSS) vuln ...)
+ TODO: check
CVE-2022-26196
RESERVED
CVE-2022-26195
@@ -5965,8 +6061,8 @@ CVE-2022-25592
RESERVED
CVE-2022-25591
RESERVED
-CVE-2022-25590
- RESERVED
+CVE-2022-25590 (SurveyKing v0.2.0 was discovered to retain users' session
cookies afte ...)
+ TODO: check
CVE-2022-25589
RESERVED
CVE-2022-25588
@@ -6099,8 +6195,8 @@ CVE-2022-25525
RESERVED
CVE-2022-25524
RESERVED
-CVE-2022-25523
- RESERVED
+CVE-2022-25523 (TypesetterCMS v5.1 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
CVE-2022-25522
RESERVED
CVE-2022-25521
@@ -8172,10 +8268,10 @@ CVE-2022-24786
RESERVED
CVE-2022-24785
RESERVED
-CVE-2022-24784
- RESERVED
-CVE-2022-24783
- RESERVED
+CVE-2022-24784 (Statamic is a Laravel and Git powered CMS. Before versions
3.2.39 and ...)
+ TODO: check
+CVE-2022-24783 (Deno is a runtime for JavaScript and TypeScript. The versions
of Deno ...)
+ TODO: check
CVE-2022-24782 (Discourse is an open source discussion platform. Versions
2.8.2 and pr ...)
NOT-FOR-US: Discourse
CVE-2022-24781 (Geon is a board game based on solving questions about the
Pythagorean ...)
@@ -8719,8 +8815,8 @@ CVE-2022-24645
RESERVED
CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a
remote code e ...)
NOT-FOR-US: KeyMouse
-CVE-2022-24643
- RESERVED
+CVE-2022-24643 (A stored cross-site scripting (XSS) issue was discovered in
the OpenEM ...)
+ TODO: check
CVE-2022-24642
RESERVED
CVE-2022-24641
@@ -14487,8 +14583,8 @@ CVE-2022-22997
RESERVED
CVE-2022-22996
RESERVED
-CVE-2022-22995
- RESERVED
+CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their
default ...)
+ TODO: check
CVE-2022-22994 (A remote code execution vulnerability was discovered on
Western Digita ...)
NOT-FOR-US: Western Digital
CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital
My Clou ...)
@@ -17534,8 +17630,8 @@ CVE-2022-22276
RESERVED
CVE-2022-22275
RESERVED
-CVE-2022-22274
- RESERVED
+CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via
HTTP re ...)
+ TODO: check
CVE-2022-22273 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of
Special Ele ...)
NOT-FOR-US: Sonicwall
CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR
Jan-2022 Relea ...)
@@ -21299,8 +21395,8 @@ CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to
Prototype Pollution via fil
NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
NOTE: The initial fix for prototype pollution (cf.
SNYK-JS-MINIMIST-559764) in setKey()
NOTE: was insufficient.
-CVE-2021-44905
- RESERVED
+CVE-2021-44905 (Incorrect permissions in the Bluetooth Services in the
Fortessa FTBTLD ...)
+ TODO: check
CVE-2021-44904
RESERVED
CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is
vulnerable ...)
@@ -22080,8 +22176,8 @@ CVE-2021-44685 (Git-it through 4.4.0 allows OS command
injection at the Branches
NOT-FOR-US: git-it
CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection.
The ran ...)
NOT-FOR-US: naholyr github-todos
-CVE-2021-44683
- RESERVED
+CVE-2021-44683 (The DuckDuckGo browser 7.64.4 on iOS allows Address Bar
Spoofing due t ...)
+ TODO: check
CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault
through 1 ...)
NOT-FOR-US: Veritas
CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault
through 1 ...)
@@ -35319,12 +35415,12 @@ CVE-2021-40908 (SQL injection vulnerability in
Login.php in Sourcecodester Purch
NOT-FOR-US: Sourcecodester
CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit
Rental Mana ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-40906
- RESERVED
-CVE-2021-40905
- RESERVED
-CVE-2021-40904
- RESERVED
+CVE-2021-40906 (CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does
not saniti ...)
+ TODO: check
+CVE-2021-40905 (The web management console of CheckMK Enterprise Edition
(versions 1.5 ...)
+ TODO: check
+CVE-2021-40904 (The web management console of CheckMK Raw Edition (versions
1.5.0 to 1 ...)
+ TODO: check
CVE-2021-40903
RESERVED
CVE-2021-40902
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54423dd4e1691db894355c2c70e950e41802509
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54423dd4e1691db894355c2c70e950e41802509
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
