Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2d577817 by security tracker role at 2022-03-28T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,354 @@
-CVE-2022-27950 [HID: elo: fix memory leak in elo_probe]
+CVE-2022-28125
+ RESERVED
+CVE-2022-28124
+ RESERVED
+CVE-2022-28123
+ RESERVED
+CVE-2022-28122
+ RESERVED
+CVE-2022-28121
+ RESERVED
+CVE-2022-28120
+ RESERVED
+CVE-2022-28119
+ RESERVED
+CVE-2022-28118
+ RESERVED
+CVE-2022-28117
+ RESERVED
+CVE-2022-28116
+ RESERVED
+CVE-2022-28115
+ RESERVED
+CVE-2022-28114
+ RESERVED
+CVE-2022-28113
+ RESERVED
+CVE-2022-28112
+ RESERVED
+CVE-2022-28111
+ RESERVED
+CVE-2022-28110
+ RESERVED
+CVE-2022-28109
+ RESERVED
+CVE-2022-28108
+ RESERVED
+CVE-2022-28107
+ RESERVED
+CVE-2022-28106
+ RESERVED
+CVE-2022-28105
+ RESERVED
+CVE-2022-28104
+ RESERVED
+CVE-2022-28103
+ RESERVED
+CVE-2022-28102
+ RESERVED
+CVE-2022-28101
+ RESERVED
+CVE-2022-28100
+ RESERVED
+CVE-2022-28099
+ RESERVED
+CVE-2022-28098
+ RESERVED
+CVE-2022-28097
+ RESERVED
+CVE-2022-28096
+ RESERVED
+CVE-2022-28095
+ RESERVED
+CVE-2022-28094
+ RESERVED
+CVE-2022-28093
+ RESERVED
+CVE-2022-28092
+ RESERVED
+CVE-2022-28091
+ RESERVED
+CVE-2022-28090
+ RESERVED
+CVE-2022-28089
+ RESERVED
+CVE-2022-28088
+ RESERVED
+CVE-2022-28087
+ RESERVED
+CVE-2022-28086
+ RESERVED
+CVE-2022-28085
+ RESERVED
+CVE-2022-28084
+ RESERVED
+CVE-2022-28083
+ RESERVED
+CVE-2022-28082
+ RESERVED
+CVE-2022-28081
+ RESERVED
+CVE-2022-28080
+ RESERVED
+CVE-2022-28079
+ RESERVED
+CVE-2022-28078
+ RESERVED
+CVE-2022-28077
+ RESERVED
+CVE-2022-28076
+ RESERVED
+CVE-2022-28075
+ RESERVED
+CVE-2022-28074
+ RESERVED
+CVE-2022-28073
+ RESERVED
+CVE-2022-28072
+ RESERVED
+CVE-2022-28071
+ RESERVED
+CVE-2022-28070
+ RESERVED
+CVE-2022-28069
+ RESERVED
+CVE-2022-28068
+ RESERVED
+CVE-2022-28067
+ RESERVED
+CVE-2022-28066
+ RESERVED
+CVE-2022-28065
+ RESERVED
+CVE-2022-28064
+ RESERVED
+CVE-2022-28063
+ RESERVED
+CVE-2022-28062
+ RESERVED
+CVE-2022-28061
+ RESERVED
+CVE-2022-28060
+ RESERVED
+CVE-2022-28059
+ RESERVED
+CVE-2022-28058
+ RESERVED
+CVE-2022-28057
+ RESERVED
+CVE-2022-28056
+ RESERVED
+CVE-2022-28055
+ RESERVED
+CVE-2022-28054
+ RESERVED
+CVE-2022-28053
+ RESERVED
+CVE-2022-28052
+ RESERVED
+CVE-2022-28051
+ RESERVED
+CVE-2022-28050
+ RESERVED
+CVE-2022-28049
+ RESERVED
+CVE-2022-28048
+ RESERVED
+CVE-2022-28047
+ RESERVED
+CVE-2022-28046
+ RESERVED
+CVE-2022-28045
+ RESERVED
+CVE-2022-28044
+ RESERVED
+CVE-2022-28043
+ RESERVED
+CVE-2022-28042
+ RESERVED
+CVE-2022-28041
+ RESERVED
+CVE-2022-28040
+ RESERVED
+CVE-2022-28039
+ RESERVED
+CVE-2022-28038
+ RESERVED
+CVE-2022-28037
+ RESERVED
+CVE-2022-28036
+ RESERVED
+CVE-2022-28035
+ RESERVED
+CVE-2022-28034
+ RESERVED
+CVE-2022-28033
+ RESERVED
+CVE-2022-28032
+ RESERVED
+CVE-2022-28031
+ RESERVED
+CVE-2022-28030
+ RESERVED
+CVE-2022-28029
+ RESERVED
+CVE-2022-28028
+ RESERVED
+CVE-2022-28027
+ RESERVED
+CVE-2022-28026
+ RESERVED
+CVE-2022-28025
+ RESERVED
+CVE-2022-28024
+ RESERVED
+CVE-2022-28023
+ RESERVED
+CVE-2022-28022
+ RESERVED
+CVE-2022-28021
+ RESERVED
+CVE-2022-28020
+ RESERVED
+CVE-2022-28019
+ RESERVED
+CVE-2022-28018
+ RESERVED
+CVE-2022-28017
+ RESERVED
+CVE-2022-28016
+ RESERVED
+CVE-2022-28015
+ RESERVED
+CVE-2022-28014
+ RESERVED
+CVE-2022-28013
+ RESERVED
+CVE-2022-28012
+ RESERVED
+CVE-2022-28011
+ RESERVED
+CVE-2022-28010
+ RESERVED
+CVE-2022-28009
+ RESERVED
+CVE-2022-28008
+ RESERVED
+CVE-2022-28007
+ RESERVED
+CVE-2022-28006
+ RESERVED
+CVE-2022-28005
+ RESERVED
+CVE-2022-28004
+ RESERVED
+CVE-2022-28003
+ RESERVED
+CVE-2022-28002
+ RESERVED
+CVE-2022-28001
+ RESERVED
+CVE-2022-28000
+ RESERVED
+CVE-2022-27999
+ RESERVED
+CVE-2022-27998
+ RESERVED
+CVE-2022-27997
+ RESERVED
+CVE-2022-27996
+ RESERVED
+CVE-2022-27995
+ RESERVED
+CVE-2022-27994
+ RESERVED
+CVE-2022-27993
+ RESERVED
+CVE-2022-27992
+ RESERVED
+CVE-2022-27991
+ RESERVED
+CVE-2022-27990
+ RESERVED
+CVE-2022-27989
+ RESERVED
+CVE-2022-27988
+ RESERVED
+CVE-2022-27987
+ RESERVED
+CVE-2022-27986
+ RESERVED
+CVE-2022-27985
+ RESERVED
+CVE-2022-27984
+ RESERVED
+CVE-2022-27983
+ RESERVED
+CVE-2022-27982
+ RESERVED
+CVE-2022-27981
+ RESERVED
+CVE-2022-27980
+ RESERVED
+CVE-2022-27979
+ RESERVED
+CVE-2022-27978
+ RESERVED
+CVE-2022-27977
+ RESERVED
+CVE-2022-27976
+ RESERVED
+CVE-2022-27975
+ RESERVED
+CVE-2022-27974
+ RESERVED
+CVE-2022-27973
+ RESERVED
+CVE-2022-27972
+ RESERVED
+CVE-2022-27971
+ RESERVED
+CVE-2022-27970
+ RESERVED
+CVE-2022-27969
+ RESERVED
+CVE-2022-27968
+ RESERVED
+CVE-2022-27967
+ RESERVED
+CVE-2022-27966
+ RESERVED
+CVE-2022-27965
+ RESERVED
+CVE-2022-27964
+ RESERVED
+CVE-2022-27963
+ RESERVED
+CVE-2022-27962
+ RESERVED
+CVE-2022-27961
+ RESERVED
+CVE-2022-27960
+ RESERVED
+CVE-2022-27959
+ RESERVED
+CVE-2022-27958
+ RESERVED
+CVE-2022-27957
+ RESERVED
+CVE-2022-27956
+ RESERVED
+CVE-2022-27955
+ RESERVED
+CVE-2022-27954
+ RESERVED
+CVE-2022-27953
+ RESERVED
+CVE-2022-27952
+ RESERVED
+CVE-2022-27951
+ RESERVED
+CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a
memory ...)
- linux 5.16.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -224,6 +574,7 @@ CVE-2022-1097
RESERVED
CVE-2022-1096
RESERVED
+ {DSA-5110-1}
- chromium 99.0.4844.84-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -4340,18 +4691,18 @@ CVE-2022-26275
RESERVED
CVE-2022-26274
RESERVED
-CVE-2022-26273
- RESERVED
+CVE-2022-26273 (EyouCMS v1.5.4 was discovered to lack parameter filtering in
\user\con ...)
+ TODO: check
CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1
allows ...)
NOT-FOR-US: Ionize CMS
-CVE-2022-26271
- RESERVED
+CVE-2022-26271 (74cmsSE v3.4.1 was discovered to contain an arbitrary file
read vulner ...)
+ TODO: check
CVE-2022-26270
RESERVED
CVE-2022-26269
RESERVED
-CVE-2022-26268
- RESERVED
+CVE-2022-26268 (Xiaohuanxiong v1.0 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak
via the a ...)
- piwigo <removed>
CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection
vulnerability ...)
@@ -4368,16 +4719,16 @@ CVE-2022-26261
RESERVED
CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype
pollution vu ...)
NOT-FOR-US: Simple-Plist
-CVE-2022-26259
- RESERVED
-CVE-2022-26258
- RESERVED
+CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL,
NBD80X09S-KL, ...)
+ TODO: check
+CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain a remote
command exe ...)
+ TODO: check
CVE-2022-26257
RESERVED
CVE-2022-26256
RESERVED
-CVE-2022-26255
- RESERVED
+CVE-2022-26255 (Clash for Windows v0.19.8 was discovered to allow arbitrary
code execu ...)
+ TODO: check
CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was
discovere ...)
NOT-FOR-US: WoWonder
CVE-2022-26253
@@ -5698,8 +6049,8 @@ CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde
Mime_Viewer before 2.2.4
NOTE: Fixed by:
https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5
(2.2.4)
CVE-2022-25762
RESERVED
-CVE-2022-25757
- RESERVED
+CVE-2022-25757 (In Apache APISIX before 2.13.0, when decoding JSON with
duplicate keys ...)
+ TODO: check
CVE-2022-25756
RESERVED
CVE-2022-25755
@@ -9797,8 +10148,7 @@ CVE-2022-24305 (Zoho ManageEngine SharePoint Manager
Plus before 4329 is vulnera
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24304
RESERVED
-CVE-2022-24303
- RESERVED
+CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because
spaces in ...)
- pillow 9.0.1-1
[bullseye] - pillow <ignored> (Minor issue)
[buster] - pillow <ignored> (Minor issue)
@@ -18972,10 +19322,10 @@ CVE-2021-45492
RESERVED
CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: ShowDoc
-CVE-2021-45491
- RESERVED
-CVE-2021-45490
- RESERVED
+CVE-2021-45491 (3CX System through 2022-03-17 stores cleartext passwords in a
database ...)
+ TODO: check
+CVE-2021-45490 (The client applications in 3CX on Windows, the 3CX app for
iOS, and th ...)
+ TODO: check
CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation
algorithm employ ...)
NOT-FOR-US: NetBSD
CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP
ISN (IS ...)
@@ -22466,8 +22816,8 @@ CVE-2021-44619
RESERVED
CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists
in Nystud ...)
NOT-FOR-US: Nystudio107 Seomatic
-CVE-2021-44617
- RESERVED
+CVE-2021-44617 (A SQL Injection vulnerability exits in the Ramo plugin for
GLPI 9.4.6 ...)
+ TODO: check
CVE-2021-44616
RESERVED
CVE-2021-44615
@@ -23749,18 +24099,18 @@ CVE-2021-44215 (Northern.tech CFEngine Enterprise
3.15.4 before 3.15.5 has Insec
NOT-FOR-US: Northern.tech CFEngine Enterprise Hub
CVE-2021-44214
RESERVED
-CVE-2021-44213
- RESERVED
-CVE-2021-44212
- RESERVED
-CVE-2021-44211
- RESERVED
-CVE-2021-44210
- RESERVED
-CVE-2021-44209
- RESERVED
-CVE-2021-44208
- RESERVED
+CVE-2021-44213 (OX App Suite through 7.10.5 allows XSS via uuencoding in a
multipart/a ...)
+ TODO: check
+CVE-2021-44212 (OX App Suite through 7.10.5 allows XSS via a trailing control
characte ...)
+ TODO: check
+CVE-2021-44211 (OX App Suite through 7.10.5 allows XSS via the class attribute
of an e ...)
+ TODO: check
+CVE-2021-44210 (OX App Suite through 7.10.5 allows XSS via NIFF (Notation
Interchange ...)
+ TODO: check
+CVE-2021-44209 (OX App Suite through 7.10.5 allows XSS via an HTML 5 element
such as A ...)
+ TODO: check
+CVE-2021-44208 (OX App Suite through 7.10.5 allows XSS via an unknown system
message i ...)
+ TODO: check
CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
...)
NOT-FOR-US: Acclaim USAHERDS
CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input
During Web ...)
@@ -24000,8 +24350,8 @@ CVE-2021-44129
RESERVED
CVE-2021-44128
RESERVED
-CVE-2021-44127
- RESERVED
+CVE-2021-44127 (In DLink DAP-1360 F1 firmware version <=v6.10 in the
"webupg" binar ...)
+ TODO: check
CVE-2021-44126
RESERVED
CVE-2021-44125
@@ -71450,14 +71800,14 @@ CVE-2021-26603 (A heap overflow issue was found in
ARK library of bandisoft Co.,
NOT-FOR-US: bandisoft
CVE-2021-26602
RESERVED
-CVE-2021-26601
- RESERVED
-CVE-2021-26600
- RESERVED
-CVE-2021-26599
- RESERVED
-CVE-2021-26598
- RESERVED
+CVE-2021-26601 (ImpressCMS before 1.4.3 allows
libraries/image-editor/image-edit.php i ...)
+ TODO: check
+CVE-2021-26600 (ImpressCMS before 1.4.3 has plugins/preloads/autologin.php
type confus ...)
+ TODO: check
+CVE-2021-26599 (ImpressCMS before 1.4.3 allows include/findusers.php groups
SQL Inject ...)
+ TODO: check
+CVE-2021-26598 (ImpressCMS before 1.4.3 has Incorrect Access Control because
include/f ...)
+ TODO: check
CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3
allows r ...)
NOT-FOR-US: Pryaniki
CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica")
13.39.028, 13.3 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d5778177f0ce1d274af32b5f5bd19469ede4507
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d5778177f0ce1d274af32b5f5bd19469ede4507
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
