Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb239f68 by security tracker role at 2022-04-09T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2022-28888
+ RESERVED
+CVE-2022-28887
+ RESERVED
+CVE-2022-28886
+ RESERVED
+CVE-2022-28885
+ RESERVED
+CVE-2022-28884
+ RESERVED
+CVE-2022-28883
+ RESERVED
+CVE-2022-28882
+ RESERVED
+CVE-2022-28881
+ RESERVED
+CVE-2022-28880
+ RESERVED
+CVE-2022-28879
+ RESERVED
+CVE-2022-28878
+ RESERVED
+CVE-2022-28877
+ RESERVED
+CVE-2022-28876
+ RESERVED
+CVE-2022-28875
+ RESERVED
+CVE-2022-28874
+ RESERVED
+CVE-2022-28873
+ RESERVED
+CVE-2022-28872
+ RESERVED
+CVE-2022-28871
+ RESERVED
+CVE-2022-28870
+ RESERVED
+CVE-2022-28869
+ RESERVED
+CVE-2022-28868
+ RESERVED
+CVE-2022-28867
+ RESERVED
+CVE-2022-28866
+ RESERVED
+CVE-2022-28865
+ RESERVED
+CVE-2022-28864
+ RESERVED
+CVE-2022-28863
+ RESERVED
+CVE-2022-28862
+ RESERVED
+CVE-2022-28861
+ RESERVED
+CVE-2022-28860
+ RESERVED
+CVE-2022-1285
+ RESERVED
CVE-2022-28857
RESERVED
CVE-2022-28856
@@ -2702,8 +2762,8 @@ CVE-2022-27885 (Maccms v10 was discovered to contain
multiple reflected cross-si
NOT-FOR-US: Maccms
CVE-2022-27884 (Maccms v10 was discovered to contain a reflected cross-site
scripting ...)
NOT-FOR-US: Maccms
-CVE-2022-27883
- RESERVED
+CVE-2022-27883 (A link following vulnerability in Trend Micro Antivirus for
Mac 11.5 c ...)
+ TODO: check
CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer
signedn ...)
NOT-FOR-US: slaacd from OpenBSD
CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21
has a buff ...)
@@ -4704,7 +4764,7 @@ CVE-2022-27151
CVE-2022-27150
RESERVED
CVE-2022-27149
- RESERVED
+ REJECTED
CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable
to Integ ...)
TODO: check
CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a
use-after-free v ...)
@@ -5312,8 +5372,8 @@ CVE-2022-26880
RESERVED
CVE-2022-26879
RESERVED
-CVE-2022-26877
- RESERVED
+CVE-2022-26877 (Asana Desktop before 1.6.0 allows remote attackers to
exfiltrate local ...)
+ TODO: check
CVE-2022-26876
RESERVED
CVE-2022-26875
@@ -5354,16 +5414,16 @@ CVE-2022-26857
RESERVED
CVE-2022-26856
RESERVED
-CVE-2022-26855
- RESERVED
-CVE-2022-26854
- RESERVED
+CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an
incorrect d ...)
+ TODO: check
+CVE-2022-26854 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky
cryptograph ...)
+ TODO: check
CVE-2022-26853
RESERVED
-CVE-2022-26852
- RESERVED
-CVE-2022-26851
- RESERVED
+CVE-2022-26852 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a
predictable see ...)
+ TODO: check
+CVE-2022-26851 (Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable
file name f ...)
+ TODO: check
CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows
attackers t ...)
{DSA-5108-1}
- tiff 4.3.0-6
@@ -6045,8 +6105,8 @@ CVE-2022-26590
RESERVED
CVE-2022-26589
RESERVED
-CVE-2022-26588
- RESERVED
+CVE-2022-26588 (A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows
attacke ...)
+ TODO: check
CVE-2022-26587
RESERVED
CVE-2022-26586
@@ -7131,8 +7191,8 @@ CVE-2022-26182
CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a
heap-bu ...)
- lepton <removed>
NOTE: https://github.com/dropbox/lepton/issues/154
-CVE-2022-26180
- RESERVED
+CVE-2022-26180 (qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the
index.php/my ...)
+ TODO: check
CVE-2022-26179
RESERVED
CVE-2022-26178
@@ -9292,7 +9352,7 @@ CVE-2022-25358 (A ..%2F path traversal vulnerability
exists in the path handler
NOT-FOR-US: awful-salmonella-tar
CVE-2022-25357
RESERVED
-CVE-2022-25356 (ALIN MDaemon Security Gateway through 8.5.0 allows XML
Injection. ...)
+CVE-2022-25356 (Alt-N MDaemon Security Gateway through 8.5.0 allows
SecurityGateway.dl ...)
NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2022-25344
RESERVED
@@ -10892,10 +10952,10 @@ CVE-2022-24822 (Podium is a library for building
micro frontends. @podium/layout
TODO: check
CVE-2022-24821 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
TODO: check
-CVE-2022-24820
- RESERVED
-CVE-2022-24819
- RESERVED
+CVE-2022-24820 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2022-24819 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2022-24818
RESERVED
CVE-2022-24817
@@ -11984,8 +12044,8 @@ CVE-2022-24443
RESERVED
CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI
(Server- ...)
NOT-FOR-US: JetBrains YouTrack
-CVE-2022-24428
- RESERVED
+CVE-2022-24428 (Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x,
9.2.0.x, 9.2. ...)
+ TODO: check
CVE-2022-24427
RESERVED
CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update
versions prio ...)
@@ -19016,8 +19076,8 @@ CVE-2022-22565
RESERVED
CVE-2022-22564
RESERVED
-CVE-2022-22563
- RESERVED
+CVE-2022-22563 (Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant
informa ...)
+ TODO: check
CVE-2022-22562
RESERVED
CVE-2022-22561
@@ -31535,7 +31595,7 @@ CVE-2021-43151
CVE-2021-43150
RESERVED
CVE-2021-43149
- RESERVED
+ REJECTED
CVE-2021-43148
RESERVED
CVE-2021-43147
@@ -31653,7 +31713,7 @@ CVE-2021-43092
RESERVED
CVE-2021-43091 (An SQL Injection vlnerability exits in Yeswiki doryphore
20211012 via ...)
NOT-FOR-US: Yeswiki doryphore
-CVE-2021-43090 (An XML External Entity (XXE) vulnerability exists in all
versions of s ...)
+CVE-2021-43090 (An XML External Entity (XXE) vulnerability exists in soa-model
before ...)
NOT-FOR-US: soa-model
CVE-2021-43089
RESERVED
@@ -31924,8 +31984,8 @@ CVE-2020-36503 (The Connections Business Directory
WordPress plugin before 9.7 d
NOT-FOR-US: WordPress plugin
CVE-2021-43010
RESERVED
-CVE-2021-43009
- RESERVED
+CVE-2021-43009 (A Cross Site Scripting (XSS) vulnerability exists in
OpServices OpMon ...)
+ TODO: check
CVE-2021-43008 (Improper Access Control in Adminer versions 1.12.0 to 4.6.2
(fixed in ...)
- adminer 4.6.3-1
NOTE: https://github.com/vrana/adminer/releases/tag/v4.6.3
@@ -49728,20 +49788,20 @@ CVE-2021-36295 (Dell VNX2 OE for File versions
8.1.21.266 and earlier, contain a
NOT-FOR-US: Dell
CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain
an auth ...)
NOT-FOR-US: Dell
-CVE-2021-36293
- RESERVED
+CVE-2021-36293 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a
privilege ...)
+ TODO: check
CVE-2021-36292
RESERVED
CVE-2021-36291
RESERVED
-CVE-2021-36290
- RESERVED
+CVE-2021-36290 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a
privilege ...)
+ TODO: check
CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain
a sensi ...)
NOT-FOR-US: Dell
-CVE-2021-36288
- RESERVED
-CVE-2021-36287
- RESERVED
+CVE-2021-36288 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a
path trav ...)
+ TODO: check
+CVE-2021-36287 (Dell VNX2 for file version 8.1.21.266 and earlier, contain an
unauthen ...)
+ TODO: check
CVE-2021-36286 (Dell SupportAssist Client Consumer versions 3.9.13.0 and any
versions ...)
NOT-FOR-US: Dell SupportAssist Client Consumer
CVE-2021-36285 (Dell BIOS contains an Improper Restriction of Excessive
Authentication ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb239f68041347e13fa079b43945d9b14d4df8a6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb239f68041347e13fa079b43945d9b14d4df8a6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
