Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
311a43e2 by security tracker role at 2022-04-01T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-28327
+ RESERVED
+CVE-2022-28326
+ RESERVED
+CVE-2022-28325
+ RESERVED
+CVE-2022-28324
+ RESERVED
+CVE-2022-28323
+ RESERVED
+CVE-2022-28322
+ RESERVED
+CVE-2022-28321
+ RESERVED
+CVE-2022-28320
+ RESERVED
+CVE-2022-28319
+ RESERVED
+CVE-2022-28318
+ RESERVED
+CVE-2022-28317
+ RESERVED
+CVE-2022-28316
+ RESERVED
+CVE-2022-28315
+ RESERVED
+CVE-2022-28314
+ RESERVED
+CVE-2022-28313
+ RESERVED
+CVE-2022-28312
+ RESERVED
+CVE-2022-28311
+ RESERVED
+CVE-2022-28310
+ RESERVED
+CVE-2022-28309
+ RESERVED
+CVE-2022-28308
+ RESERVED
+CVE-2022-28307
+ RESERVED
+CVE-2022-28306
+ RESERVED
+CVE-2022-28305
+ RESERVED
+CVE-2022-28304
+ RESERVED
+CVE-2022-28303
+ RESERVED
+CVE-2022-28302
+ RESERVED
+CVE-2022-28301
+ RESERVED
+CVE-2022-28300
+ RESERVED
+CVE-2022-27188
+ RESERVED
+CVE-2022-26034
+ RESERVED
+CVE-2022-1200
+ RESERVED
+CVE-2021-4225
+ RESERVED
CVE-2022-28299
RESERVED
CVE-2022-28298
@@ -1016,14 +1080,14 @@ CVE-2022-27968
RESERVED
CVE-2022-27967
RESERVED
-CVE-2022-27966
- RESERVED
-CVE-2022-27965
- RESERVED
-CVE-2022-27964
- RESERVED
-CVE-2022-27963
- RESERVED
+CVE-2022-27966 (Xshell v7.0.0099 and below contains a binary hijack
vulnerability whic ...)
+ TODO: check
+CVE-2022-27965 (Xlpd v7.0.0094 and below contains a binary hijack
vulnerability which ...)
+ TODO: check
+CVE-2022-27964 (Xmanager v7.0.0096 and below contains a binary hijack
vulnerability wh ...)
+ TODO: check
+CVE-2022-27963 (Xftp 7.0.0088p and below contains a binary hijack
vulnerability which ...)
+ TODO: check
CVE-2022-27962
RESERVED
CVE-2022-27961
@@ -3408,14 +3472,14 @@ CVE-2022-27054
RESERVED
CVE-2022-27053
RESERVED
-CVE-2022-27052
- RESERVED
+CVE-2022-27052 (FreeFtpd version 1.0.13 and below contains an unquoted service
path vu ...)
+ TODO: check
CVE-2022-27051
RESERVED
-CVE-2022-27050
- RESERVED
-CVE-2022-27049
- RESERVED
+CVE-2022-27050 (BitComet Service for Windows before version 1.8.6 contains an
unquoted ...)
+ TODO: check
+CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily
move log f ...)
+ TODO: check
CVE-2022-27048
RESERVED
CVE-2022-27047
@@ -4635,8 +4699,8 @@ CVE-2022-26548
RESERVED
CVE-2022-26547
RESERVED
-CVE-2022-26546
- RESERVED
+CVE-2022-26546 (Hospital Management System v1.0 was discovered to lack an
authorizatio ...)
+ TODO: check
CVE-2022-26545
RESERVED
CVE-2022-26544
@@ -8877,8 +8941,8 @@ CVE-2022-25019
CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute
arbitrary c ...)
- pluxml <unfixed> (bug #1008264)
NOTE:
https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf
-CVE-2022-25017
- RESERVED
+CVE-2022-25017 (Hitron CHITA 7.2.2.0.3b6-CD devices contain a command
injection vulner ...)
+ TODO: check
CVE-2022-25016 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
NOT-FOR-US: Home Owners Collection Management System
CVE-2022-25015 (A stored cross-site scripting (XSS) vulnerability in Ice Hrm
30.0.0.OS ...)
@@ -8959,12 +9023,14 @@ CVE-2022-24982 (Forms generated by JQueryForm.com
before 2022-02-05 allows a rem
CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms
generate ...)
NOT-FOR-US: JQueryForm.com
CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to
3.6.1 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0
to 3.6. ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -8983,18 +9049,21 @@ CVE-2022-0585 (Large loops in multiple protocol
dissectors in Wireshark 3.6.0 to
CVE-2022-0584
RESERVED
CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to
3.6.1 and 3 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html
CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark
3.6.0 to ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882
NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html
CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1
and 3. ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -9429,32 +9498,32 @@ CVE-2022-24805
RESERVED
CVE-2022-24804
RESERVED
-CVE-2022-24803
- RESERVED
-CVE-2022-24802
- RESERVED
+CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor’s standard
include proces ...)
+ TODO: check
+CVE-2022-24802 (deepmerge-ts is a typescript library providing functionality
to deep m ...)
+ TODO: check
CVE-2022-24801
RESERVED
CVE-2022-24800
RESERVED
CVE-2022-24799
RESERVED
-CVE-2022-24798
- RESERVED
-CVE-2022-24797
- RESERVED
-CVE-2022-24796
- RESERVED
+CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database
server, ...)
+ TODO: check
+CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed
service mod ...)
+ TODO: check
+CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for
running ...)
+ TODO: check
CVE-2022-24795
RESERVED
-CVE-2022-24794
- RESERVED
+CVE-2022-24794 (Express OpenID Connect is an Express JS middleware
implementing sign o ...)
+ TODO: check
CVE-2022-24793
RESERVED
CVE-2022-24792
RESERVED
-CVE-2022-24791
- RESERVED
+CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly,
using Cran ...)
+ TODO: check
CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1
server for R ...)
- puma <unfixed> (bug #1008723)
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
@@ -9552,8 +9621,8 @@ CVE-2022-24760 (Parse Server is an open source http web
server backend. In versi
NOT-FOR-US: Parse Server
CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation
of noise ...)
NOT-FOR-US: chainsafe/libp2p-noise
-CVE-2022-24758
- RESERVED
+CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for
interacti ...)
+ TODO: check
CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core
services, APIs, ...)
- jupyter-server <unfixed> (bug #1008319)
NOTE:
https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a
(v1.15.4)
@@ -12897,8 +12966,8 @@ CVE-2021-46441
RESERVED
CVE-2021-46440
RESERVED
-CVE-2021-46439
- RESERVED
+CVE-2021-46439 (The WinSEGAV AutoConfig service in EG Free Antivirus v2020
suffers fro ...)
+ TODO: check
CVE-2021-46438
RESERVED
CVE-2021-46437
@@ -19168,12 +19237,14 @@ CVE-2021-4186 (Crash in the Gryphon dissector in
Wireshark 3.4.0 to 3.4.10 allow
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and
3.4.0 to 3 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark
3.6.0 and 3 ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -19194,6 +19265,7 @@ CVE-2021-4182 (Crash in the RFC 7468 dissector in
Wireshark 3.6.0 and 3.4.0 to 3
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and
3.4.0 to 3. ...)
+ {DLA-2967-1}
- wireshark 3.6.2-1
[bullseye] - wireshark <no-dsa> (Minor issue)
[buster] - wireshark <no-dsa> (Minor issue)
@@ -21807,8 +21879,8 @@ CVE-2022-21949
RESERVED
CVE-2022-21948
RESERVED
-CVE-2022-21947
- RESERVED
+CVE-2022-21947 (A Improper Access Control vulnerability in Rancher Desktop of
SUSE all ...)
+ TODO: check
CVE-2022-21946 (A Improper Privilege Management vulnerability in the sudoers
configura ...)
NOT-FOR-US: SUSE cscreen
CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE
Factory ...)
@@ -27413,8 +27485,8 @@ CVE-2021-43724 (A Cross Site Scripting (XSS)
vulnerability exits in Subrion CMS
NOT-FOR-US: Subrion CMS
CVE-2021-43723
RESERVED
-CVE-2021-43722
- RESERVED
+CVE-2021-43722 (D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The
hnap_main ...)
+ TODO: check
CVE-2021-43721 (Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in
the markd ...)
NOT-FOR-US: Leanote
CVE-2021-43720
@@ -27443,8 +27515,8 @@ CVE-2021-43709
RESERVED
CVE-2021-43708
RESERVED
-CVE-2021-43707
- RESERVED
+CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10
via link ...)
+ TODO: check
CVE-2021-43706
RESERVED
CVE-2021-43705
@@ -50979,12 +51051,12 @@ CVE-2021-35119
RESERVED
CVE-2021-35118
RESERVED
-CVE-2021-35117
- RESERVED
+CVE-2021-35117 (An Out of Bounds read may potentially occur while processing
an IBSS b ...)
+ TODO: check
CVE-2021-35116
RESERVED
-CVE-2021-35115
- RESERVED
+CVE-2021-35115 (Improper handling of multiple session supported by PVM backend
can lea ...)
+ TODO: check
CVE-2021-35114
RESERVED
CVE-2021-35113
@@ -50993,22 +51065,22 @@ CVE-2021-35112
RESERVED
CVE-2021-35111
RESERVED
-CVE-2021-35110
- RESERVED
+CVE-2021-35110 (Possible buffer overflow to improper validation of hash
segment of fil ...)
+ TODO: check
CVE-2021-35109
RESERVED
CVE-2021-35108
RESERVED
CVE-2021-35107
RESERVED
-CVE-2021-35106
- RESERVED
-CVE-2021-35105
- RESERVED
+CVE-2021-35106 (Possible out of bound read due to improper length calculation
of WMI m ...)
+ TODO: check
+CVE-2021-35105 (Possible out of bounds access due to improper input validation
during ...)
+ TODO: check
CVE-2021-35104
RESERVED
-CVE-2021-35103
- RESERVED
+CVE-2021-35103 (Possible out of bound write due to improper validation of
number of ti ...)
+ TODO: check
CVE-2021-35102
RESERVED
CVE-2021-35101
@@ -51035,10 +51107,10 @@ CVE-2021-35091
RESERVED
CVE-2021-35090
RESERVED
-CVE-2021-35089
- RESERVED
-CVE-2021-35088
- RESERVED
+CVE-2021-35089 (Possible buffer overflow due to lack of input IB amount
validation whi ...)
+ TODO: check
+CVE-2021-35088 (Possible out of bound read due to improper validation of IE
length dur ...)
+ TODO: check
CVE-2021-35087
RESERVED
CVE-2021-35086
@@ -63321,18 +63393,18 @@ CVE-2021-30335 (Possible assertion in QOS request due
to improper validation whe
NOT-FOR-US: Qualcomm components for Android
CVE-2021-30334
RESERVED
-CVE-2021-30333
- RESERVED
-CVE-2021-30332
- RESERVED
-CVE-2021-30331
- RESERVED
+CVE-2021-30333 (Improper validation of buffer size input to the EFS file can
lead to m ...)
+ TODO: check
+CVE-2021-30332 (Possible assertion due to improper validation of OTA
configuration in ...)
+ TODO: check
+CVE-2021-30331 (Possible buffer overflow due to improper data validation of
external c ...)
+ TODO: check
CVE-2021-30330 (Possible null pointer dereference due to improper validation
of APE cl ...)
NOT-FOR-US: Qualcomm
-CVE-2021-30329
- RESERVED
-CVE-2021-30328
- RESERVED
+CVE-2021-30329 (Possible assertion due to improper validation of TCI
configuration in ...)
+ TODO: check
+CVE-2021-30328 (Possible assertion due to improper validation of invalid NR
CSI-IM res ...)
+ TODO: check
CVE-2021-30327
RESERVED
CVE-2021-30326 (Possible assertion due to improper size validation while
processing th ...)
@@ -83257,6 +83329,7 @@ CVE-2021-22193 (An issue has been discovered in GitLab
affecting all versions st
CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to
3.2.11 ...)
+ {DLA-2967-1}
- wireshark 3.4.4-1
[buster] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
@@ -92714,8 +92787,8 @@ CVE-2021-1952 (Possible buffer over read occurs due to
lack of length check of r
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1951
RESERVED
-CVE-2021-1950
- RESERVED
+CVE-2021-1950 (Improper cleaning of secure memory between authenticated users
can lea ...)
+ TODO: check
CVE-2021-1949 (Possible integer overflow due to improper check of batch count
value w ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1948 (Possible out of bound read due to lack of length check of data
while p ...)
@@ -92730,8 +92803,8 @@ CVE-2021-1944
RESERVED
CVE-2021-1943 (Possible buffer out of bound read can occur due to improper
validation ...)
NOT-FOR-US: Snapdragon
-CVE-2021-1942
- RESERVED
+CVE-2021-1942 (Improper handling of permissions of a shared memory region can
lead to ...)
+ TODO: check
CVE-2021-1941 (Possible buffer over read issue due to improper length check on
WPA IE ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2021-1940 (Use after free can occur due to improper handling of response
from fir ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311a43e2d35382874df2373de9e4ad3512bd32be
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/311a43e2d35382874df2373de9e4ad3512bd32be
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
