Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f232a1a7 by security tracker role at 2022-02-24T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,533 @@ +CVE-2022-26085 + RESERVED +CVE-2022-26068 + RESERVED +CVE-2022-26066 + RESERVED +CVE-2022-26063 + RESERVED +CVE-2022-26060 + RESERVED +CVE-2022-26050 + RESERVED +CVE-2022-26049 + RESERVED +CVE-2022-26048 + RESERVED +CVE-2022-26046 + RESERVED +CVE-2022-26044 + RESERVED +CVE-2022-26040 + RESERVED +CVE-2022-26036 + RESERVED +CVE-2022-26035 + RESERVED +CVE-2022-26033 + RESERVED +CVE-2022-26030 + RESERVED +CVE-2022-26029 + RESERVED +CVE-2022-26025 + RESERVED +CVE-2022-26021 + RESERVED +CVE-2022-26020 + RESERVED +CVE-2022-26018 + RESERVED +CVE-2022-26016 + RESERVED +CVE-2022-26015 + RESERVED +CVE-2022-26014 + RESERVED +CVE-2022-26012 + RESERVED +CVE-2022-26011 + RESERVED +CVE-2022-26010 + RESERVED +CVE-2022-26008 + RESERVED +CVE-2022-26005 + RESERVED +CVE-2022-26004 + RESERVED +CVE-2022-26003 + RESERVED +CVE-2022-26001 + RESERVED +CVE-2022-26000 + RESERVED +CVE-2022-25998 + RESERVED +CVE-2022-25994 + RESERVED +CVE-2022-25993 + RESERVED +CVE-2022-25991 + RESERVED +CVE-2022-25988 + RESERVED +CVE-2022-25985 + RESERVED +CVE-2022-25984 + RESERVED +CVE-2022-25983 + RESERVED +CVE-2022-25982 + RESERVED +CVE-2022-25981 + RESERVED +CVE-2022-25979 + RESERVED +CVE-2022-25978 + RESERVED +CVE-2022-25977 + RESERVED +CVE-2022-25975 + RESERVED +CVE-2022-25974 + RESERVED +CVE-2022-25973 + RESERVED +CVE-2022-25971 + RESERVED +CVE-2022-25970 + RESERVED +CVE-2022-25967 + RESERVED +CVE-2022-25965 + RESERVED +CVE-2022-25964 + RESERVED +CVE-2022-25963 + RESERVED +CVE-2022-25962 + RESERVED +CVE-2022-25961 + RESERVED +CVE-2022-25956 + RESERVED +CVE-2022-25955 + RESERVED +CVE-2022-25954 + RESERVED +CVE-2022-25953 + RESERVED +CVE-2022-25951 + RESERVED +CVE-2022-25950 + RESERVED +CVE-2022-25948 + RESERVED +CVE-2022-25947 + RESERVED +CVE-2022-25945 + RESERVED +CVE-2022-25944 + RESERVED +CVE-2022-25941 + RESERVED +CVE-2022-25940 + RESERVED +CVE-2022-25939 + RESERVED +CVE-2022-25938 + RESERVED +CVE-2022-25937 + RESERVED +CVE-2022-25936 + RESERVED +CVE-2022-25935 + RESERVED +CVE-2022-25934 + RESERVED +CVE-2022-25933 + RESERVED +CVE-2022-25931 + RESERVED +CVE-2022-25930 + RESERVED +CVE-2022-25929 + RESERVED +CVE-2022-25928 + RESERVED +CVE-2022-25927 + RESERVED +CVE-2022-25926 + RESERVED +CVE-2022-25925 + RESERVED +CVE-2022-25924 + RESERVED +CVE-2022-25923 + RESERVED +CVE-2022-25921 + RESERVED +CVE-2022-25919 + RESERVED +CVE-2022-25918 + RESERVED +CVE-2022-25916 + RESERVED +CVE-2022-25914 + RESERVED +CVE-2022-25913 + RESERVED +CVE-2022-25912 + RESERVED +CVE-2022-25911 + RESERVED +CVE-2022-25910 + RESERVED +CVE-2022-25908 + RESERVED +CVE-2022-25907 + RESERVED +CVE-2022-25906 + RESERVED +CVE-2022-25904 + RESERVED +CVE-2022-25903 + RESERVED +CVE-2022-25902 + RESERVED +CVE-2022-25901 + RESERVED +CVE-2022-25900 + RESERVED +CVE-2022-25898 + RESERVED +CVE-2022-25897 + RESERVED +CVE-2022-25896 + RESERVED +CVE-2022-25895 + RESERVED +CVE-2022-25894 + RESERVED +CVE-2022-25893 + RESERVED +CVE-2022-25892 + RESERVED +CVE-2022-25891 + RESERVED +CVE-2022-25890 + RESERVED +CVE-2022-25888 + RESERVED +CVE-2022-25887 + RESERVED +CVE-2022-25886 + RESERVED +CVE-2022-25885 + RESERVED +CVE-2022-25884 + RESERVED +CVE-2022-25883 + RESERVED +CVE-2022-25882 + RESERVED +CVE-2022-25881 + RESERVED +CVE-2022-25879 + RESERVED +CVE-2022-25878 + RESERVED +CVE-2022-25877 + RESERVED +CVE-2022-25876 + RESERVED +CVE-2022-25875 + RESERVED +CVE-2022-25874 + RESERVED +CVE-2022-25873 + RESERVED +CVE-2022-25872 + RESERVED +CVE-2022-25871 + RESERVED +CVE-2022-25869 + RESERVED +CVE-2022-25867 + RESERVED +CVE-2022-25866 + RESERVED +CVE-2022-25865 + RESERVED +CVE-2022-25863 + RESERVED +CVE-2022-25862 + RESERVED +CVE-2022-25861 + RESERVED +CVE-2022-25860 + RESERVED +CVE-2022-25859 + RESERVED +CVE-2022-25858 + RESERVED +CVE-2022-25857 + RESERVED +CVE-2022-25856 + RESERVED +CVE-2022-25855 + RESERVED +CVE-2022-25854 + RESERVED +CVE-2022-25853 + RESERVED +CVE-2022-25852 + RESERVED +CVE-2022-25851 + RESERVED +CVE-2022-25850 + RESERVED +CVE-2022-25849 + RESERVED +CVE-2022-25848 + RESERVED +CVE-2022-25847 + RESERVED +CVE-2022-25846 + RESERVED +CVE-2022-25845 + RESERVED +CVE-2022-25844 + RESERVED +CVE-2022-25843 + RESERVED +CVE-2022-25842 + RESERVED +CVE-2022-25840 + RESERVED +CVE-2022-25839 + RESERVED +CVE-2022-25767 + RESERVED +CVE-2022-25766 + RESERVED +CVE-2022-25765 + RESERVED +CVE-2022-25764 + RESERVED +CVE-2022-25761 + RESERVED +CVE-2022-25760 + RESERVED +CVE-2022-25759 + RESERVED +CVE-2022-25758 + RESERVED +CVE-2022-25648 + RESERVED +CVE-2022-25647 + RESERVED +CVE-2022-25646 + RESERVED +CVE-2022-25645 + RESERVED +CVE-2022-25644 + RESERVED +CVE-2022-25354 + RESERVED +CVE-2022-25353 + RESERVED +CVE-2022-25352 + RESERVED +CVE-2022-25351 + RESERVED +CVE-2022-25350 + RESERVED +CVE-2022-25349 + RESERVED +CVE-2022-25346 + RESERVED +CVE-2022-25345 + RESERVED +CVE-2022-25324 + RESERVED +CVE-2022-25304 + RESERVED +CVE-2022-25303 + RESERVED +CVE-2022-25302 + RESERVED +CVE-2022-25301 + RESERVED +CVE-2022-25300 + RESERVED +CVE-2022-25233 + RESERVED +CVE-2022-25232 + RESERVED +CVE-2022-25231 + RESERVED +CVE-2022-25171 + RESERVED +CVE-2022-24913 + RESERVED +CVE-2022-24912 + RESERVED +CVE-2022-24909 + RESERVED +CVE-2022-24441 + RESERVED +CVE-2022-24440 + RESERVED +CVE-2022-24439 + RESERVED +CVE-2022-24438 + RESERVED +CVE-2022-24437 + RESERVED +CVE-2022-24434 + RESERVED +CVE-2022-24433 + RESERVED +CVE-2022-24431 + RESERVED +CVE-2022-24430 + RESERVED +CVE-2022-24429 + RESERVED +CVE-2022-24381 + RESERVED +CVE-2022-24377 + RESERVED +CVE-2022-24376 + RESERVED +CVE-2022-24375 + RESERVED +CVE-2022-24373 + RESERVED +CVE-2022-24298 + RESERVED +CVE-2022-24279 + RESERVED +CVE-2022-24278 + RESERVED +CVE-2022-24068 + RESERVED +CVE-2022-24066 + RESERVED +CVE-2022-24065 + RESERVED +CVE-2022-23923 + RESERVED +CVE-2022-23920 + RESERVED +CVE-2022-23915 + RESERVED +CVE-2022-23812 + RESERVED +CVE-2022-23811 + RESERVED +CVE-2022-22984 + RESERVED +CVE-2022-22143 + RESERVED +CVE-2022-22138 + RESERVED +CVE-2022-21811 + RESERVED +CVE-2022-21810 + RESERVED +CVE-2022-21803 + RESERVED +CVE-2022-21802 + RESERVED +CVE-2022-21797 + RESERVED +CVE-2022-21235 + RESERVED +CVE-2022-21232 + RESERVED +CVE-2022-21231 + RESERVED +CVE-2022-21230 + RESERVED +CVE-2022-21227 + RESERVED +CVE-2022-21223 + RESERVED +CVE-2022-21222 + RESERVED +CVE-2022-21221 + RESERVED +CVE-2022-21213 + RESERVED +CVE-2022-21211 + RESERVED +CVE-2022-21208 + RESERVED +CVE-2022-21195 + RESERVED +CVE-2022-21192 + RESERVED +CVE-2022-21191 + RESERVED +CVE-2022-21190 + RESERVED +CVE-2022-21189 + RESERVED +CVE-2022-21187 + RESERVED +CVE-2022-21186 + RESERVED +CVE-2022-21169 + RESERVED +CVE-2022-21167 + RESERVED +CVE-2022-21165 + RESERVED +CVE-2022-21164 + RESERVED +CVE-2022-21149 + RESERVED +CVE-2022-21144 + RESERVED +CVE-2022-21129 + RESERVED +CVE-2022-21126 + RESERVED +CVE-2022-21122 + RESERVED +CVE-2022-0758 + RESERVED +CVE-2022-0757 + RESERVED +CVE-2022-0756 + RESERVED +CVE-2022-0755 + RESERVED +CVE-2022-0754 + RESERVED +CVE-2022-0753 + RESERVED +CVE-2022-0752 + RESERVED +CVE-2022-0751 + RESERVED +CVE-2022-0750 + RESERVED +CVE-2022-0749 + RESERVED +CVE-2022-0748 + RESERVED +CVE-2022-0747 + RESERVED +CVE-2022-0746 + RESERVED +CVE-2022-0745 + RESERVED +CVE-2022-0744 + RESERVED CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time window, ...) NOT-FOR-US: Laravel Fortify CVE-2022-25837 @@ -173,8 +703,8 @@ CVE-2022-0734 RESERVED CVE-2022-0733 RESERVED -CVE-2022-0732 - RESERVED +CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monitoring ...) + TODO: check CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...) - dolibarr <removed> CVE-2022-XXXX [Account Takeover via Email of OpenOffice file containing XSS exploit] @@ -583,8 +1113,8 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 CVE-2022-0711 RESERVED -CVE-2022-0710 - RESERVED +CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vu ...) + TODO: check CVE-2022-0709 RESERVED CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...) @@ -1074,16 +1604,16 @@ CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8. [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/ NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428) -CVE-2022-0695 - RESERVED +CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) + TODO: check CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...) NOT-FOR-US: PreMiD CVE-2022-25371 RESERVED CVE-2022-25370 RESERVED -CVE-2022-25355 - RESERVED +CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handl ...) + TODO: check CVE-2022-0694 RESERVED CVE-2022-0693 @@ -1225,10 +1755,10 @@ CVE-2022-25326 NOTE: https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41 CVE-2022-23183 RESERVED -CVE-2022-21179 - RESERVED -CVE-2022-0683 - RESERVED +CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mai ...) + TODO: check +CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulnerable ...) + TODO: check CVE-2022-0682 RESERVED CVE-2022-0681 @@ -1292,12 +1822,12 @@ CVE-2022-25309 RESERVED CVE-2022-25308 RESERVED -CVE-2022-25307 - RESERVED -CVE-2022-25306 - RESERVED -CVE-2022-25305 - RESERVED +CVE-2022-25307 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) + TODO: check +CVE-2022-25306 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) + TODO: check +CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) + TODO: check CVE-2022-21158 RESERVED CVE-2022-0674 @@ -1435,12 +1965,12 @@ CVE-2022-0655 RESERVED CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: Node request-retry -CVE-2022-0653 - RESERVED +CVE-2022-0653 (The Profile Builder – User Profile & User Registration Forms ...) + TODO: check CVE-2022-0652 RESERVED -CVE-2022-0651 - RESERVED +CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + TODO: check CVE-2022-0650 RESERVED CVE-2022-0649 @@ -1479,14 +2009,14 @@ CVE-2022-25247 RESERVED CVE-2022-25246 RESERVED -CVE-2022-24374 - RESERVED -CVE-2022-23916 - RESERVED -CVE-2022-23810 - RESERVED -CVE-2022-21142 - RESERVED +CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...) + TODO: check +CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...) + TODO: check +CVE-2022-23810 (Template injection (Improper Neutralization of Special Elements Used i ...) + TODO: check +CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x series ver ...) + TODO: check CVE-2022-0648 RESERVED CVE-2022-0647 @@ -1658,10 +2188,10 @@ CVE-2022-25168 RESERVED CVE-2022-25167 RESERVED -CVE-2022-24435 - RESERVED -CVE-2022-23986 - RESERVED +CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and earlier all ...) + TODO: check +CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier allows ...) + TODO: check CVE-2022-21159 RESERVED CVE-2022-0618 @@ -1794,10 +2324,10 @@ CVE-2022-25151 RESERVED CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...) NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control -CVE-2022-25149 - RESERVED -CVE-2022-25148 - RESERVED +CVE-2022-25149 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + TODO: check +CVE-2022-25148 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + TODO: check CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) @@ -2192,10 +2722,10 @@ CVE-2022-25006 RESERVED CVE-2022-25005 RESERVED -CVE-2022-25004 - RESERVED -CVE-2022-25003 - RESERVED +CVE-2022-25004 (Hospital Patient Record Management System v1.0 was discovered to conta ...) + TODO: check +CVE-2022-25003 (Hospital Patient Record Management System v1.0 was discovered to conta ...) + TODO: check CVE-2022-25002 RESERVED CVE-2022-25001 @@ -2884,10 +3414,10 @@ CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a m NOT-FOR-US: ACCEL-PPP CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...) NOT-FOR-US: ACCEL-PPP -CVE-2022-23922 - RESERVED -CVE-2022-23104 - RESERVED +CVE-2022-23922 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...) + TODO: check +CVE-2022-23104 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...) + TODO: check CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...) - util-linux <unfixed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151 @@ -2971,8 +3501,8 @@ CVE-2022-24689 RESERVED CVE-2022-24688 RESERVED -CVE-2022-24687 - RESERVED +CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, a ...) + TODO: check CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...) - nomad <unfixed> NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 @@ -3024,18 +3554,15 @@ CVE-2022-24669 RESERVED CVE-2022-0547 RESERVED -CVE-2022-0546 [Out-of-bounds memory access due to malformed HDR image file] - RESERVED +CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...) - blender <unfixed> NOTE: Issue: https://developer.blender.org/T94572 NOTE: Patch: https://developer.blender.org/D11952 -CVE-2022-0545 [Out-of-bounds memory access in IMB_flipy() due to large image dimensions] - RESERVED +CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads to a w ...) - blender <unfixed> NOTE: Issue: https://developer.blender.org/T94629 NOTE: Patch: https://developer.blender.org/D13744 -CVE-2022-0544 [Out-of-bounds memory access due to malformed DDS image file] - RESERVED +CVE-2022-0544 (An integer underflow in the DDS loader of Blender leads to an out-of-b ...) - blender <unfixed> NOTE: Issue: https://developer.blender.org/T94661 NOTE: https://developer.blender.org/rB0ac83d05d7cccec436bb939e0aa768f6a3d77d72 @@ -3077,11 +3604,11 @@ CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O NOT-FOR-US: cri-o CVE-2022-0531 RESERVED -CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) +CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...) - unzip <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395 NOTE: Crash in CLI tool, no security impact -CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...) +CVE-2022-0529 (A flaw was found in Unzip. The vulnerability occurs during the convers ...) - unzip <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402 CVE-2021-46681 @@ -3243,18 +3770,18 @@ CVE-2022-24617 RESERVED CVE-2022-24616 RESERVED -CVE-2022-24615 - RESERVED -CVE-2022-24614 - RESERVED -CVE-2022-24613 - RESERVED +CVE-2022-24615 (zip4j up to 2.9.0 can throw various uncaught exceptions while parsing ...) + TODO: check +CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor up to 2 ...) + TODO: check +CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught exceptions ...) + TODO: check CVE-2022-24612 RESERVED CVE-2022-24611 RESERVED -CVE-2022-24610 - RESERVED +CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...) + TODO: check CVE-2022-24609 RESERVED CVE-2022-24608 @@ -4427,8 +4954,8 @@ CVE-2022-24234 RESERVED CVE-2022-24233 RESERVED -CVE-2022-24232 - RESERVED +CVE-2022-24232 (A local file inclusion in Hospital Patient Record Management System v1 ...) + TODO: check CVE-2022-24231 RESERVED CVE-2022-24230 @@ -8432,8 +8959,8 @@ CVE-2022-23137 RESERVED CVE-2022-23136 RESERVED -CVE-2022-23135 - RESERVED +CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...) + TODO: check CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...) {DLA-2914-1} - zabbix <unfixed> @@ -9645,10 +10172,10 @@ CVE-2022-22796 RESERVED CVE-2022-22795 RESERVED -CVE-2022-22794 - RESERVED -CVE-2022-22793 - RESERVED +CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker c ...) + TODO: check +CVE-2022-22793 (Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a ...) + TODO: check CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...) NOT-FOR-US: MobiSoft CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code ...) @@ -11040,8 +11567,8 @@ CVE-2022-22351 RESERVED CVE-2022-22350 RESERVED -CVE-2022-22349 - RESERVED +CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0. ...) + TODO: check CVE-2022-22348 RESERVED CVE-2022-22347 @@ -16381,10 +16908,10 @@ CVE-2021-44665 RESERVED CVE-2021-44664 RESERVED -CVE-2021-44663 - RESERVED -CVE-2021-44662 - RESERVED +CVE-2021-44663 (A Remote Code Execution (RCE) vulnerability exists in the Xerte Projec ...) + TODO: check +CVE-2021-44662 (A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte ...) + TODO: check CVE-2021-44661 RESERVED CVE-2021-44660 @@ -16800,28 +17327,24 @@ CVE-2021-44536 RESERVED CVE-2021-44535 RESERVED -CVE-2022-21824 [Prototype pollution via console.table properties] - RESERVED +CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it was n ...) - nodejs <unfixed> (bug #1004177) [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824 NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x) CVE-2021-44534 RESERVED -CVE-2021-44533 [Incorrect handling of certificate subject and issuer fields] - RESERVED +CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did ...) - nodejs <unfixed> (bug #1004177) [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533 NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x) -CVE-2021-44532 [Certificate Verification Bypass via String Injection] - RESERVED +CVE-2021-44532 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 conv ...) - nodejs <unfixed> (bug #1004177) [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532 NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x) -CVE-2021-44531 [Improper handling of URI Subject Alternative Names] - RESERVED +CVE-2021-44531 (Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI ...) - nodejs <unfixed> (bug #1004177) [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531 @@ -17731,8 +18254,7 @@ CVE-2021-44222 RESERVED CVE-2021-44221 RESERVED -CVE-2021-4021 - RESERVED +CVE-2021-4021 (A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ...) - radare2 <unfixed> NOTE: https://github.com/radareorg/radare2/issues/19436 CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) @@ -20713,7 +21235,7 @@ CVE-2021-3941 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153 NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed CVE-2021-3940 - RESERVED + REJECTED CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...) NOT-FOR-US: FATEK WinProladder CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...) @@ -20879,7 +21401,7 @@ CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file d CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: snipe-it CVE-2021-3937 - RESERVED + REJECTED CVE-2021-3936 RESERVED CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...) @@ -24204,7 +24726,7 @@ CVE-2021-42564 (An open redirect through HTML injection in confidential messages CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...) NOT-FOR-US: NI Service Locator CVE-2021-3893 - RESERVED + REJECTED CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...) NOT-FOR-US: CALDERA CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...) @@ -24316,7 +24838,7 @@ CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/ NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8) CVE-2021-3887 - RESERVED + REJECTED CVE-2022-20611 RESERVED CVE-2022-20610 @@ -25758,7 +26280,7 @@ CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strl NOTE: https://github.com/OpenRC/openrc/pull/462 NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204 CVE-2021-3886 - RESERVED + REJECTED CVE-2021-3885 RESERVED CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...) @@ -25772,9 +26294,9 @@ CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1 NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72) NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak. CVE-2021-3884 - RESERVED + REJECTED CVE-2021-3883 - RESERVED + REJECTED CVE-2020-36484 RESERVED CVE-2020-36483 @@ -26159,7 +26681,7 @@ CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...) NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8) CVE-2021-3880 - RESERVED + REJECTED CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: snipe-it CVE-2021-42262 @@ -26405,7 +26927,7 @@ CVE-2021-42149 CVE-2021-42148 RESERVED CVE-2021-3877 - RESERVED + REJECTED CVE-2021-42147 RESERVED CVE-2021-42146 @@ -26435,7 +26957,7 @@ CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may hav CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...) NOT-FOR-US: Django Unicorn, different from src:unicorn CVE-2021-3876 - RESERVED + REJECTED CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3565-1 (bug #996593) [bullseye] - vim <not-affected> (Vulnerable feature and code introduced later) @@ -26497,7 +27019,7 @@ CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windo CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) NOT-FOR-US: bookstack CVE-2021-3873 - RESERVED + REJECTED CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...) NOT-FOR-US: VITEC Exterity IPTV products CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...) @@ -26524,9 +27046,9 @@ CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...) NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b CVE-2021-3871 - RESERVED + REJECTED CVE-2021-3870 - RESERVED + REJECTED CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...) {DSA-4984-1} - flatpak 1.12.1-1 (bug #995935) @@ -26641,9 +27163,9 @@ CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization ch CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...) NOT-FOR-US: SAP CVE-2021-3868 - RESERVED + REJECTED CVE-2021-3867 - RESERVED + REJECTED CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...) - zulip-server <itp> (bug #800052) NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 @@ -34169,8 +34691,8 @@ CVE-2021-39040 RESERVED CVE-2021-39039 RESERVED -CVE-2021-39038 - RESERVED +CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere Application Ser ...) + TODO: check CVE-2021-39037 RESERVED CVE-2021-39036 @@ -34255,10 +34777,10 @@ CVE-2021-38997 RESERVED CVE-2021-38996 RESERVED -CVE-2021-38995 - RESERVED -CVE-2021-38994 - RESERVED +CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + TODO: check +CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + TODO: check CVE-2021-38993 RESERVED CVE-2021-38992 @@ -35219,8 +35741,7 @@ CVE-2021-3701 - ansible-runner 2.1.1-1 NOTE: https://github.com/ansible/ansible-runner/issues/738 NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89 -CVE-2021-3700 - RESERVED +CVE-2021-3700 (A use-after-free vulnerability was found in usbredir in versions prior ...) - usbredir 0.11.0-1 [bullseye] - usbredir <no-dsa> (Minor issue) [buster] - usbredir <no-dsa> (Minor issue) @@ -43920,8 +44441,7 @@ CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow] NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542 NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0) NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-phi...@redhat.com/ -CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c] - RESERVED +CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...) - imagemagick <not-affected> (Specific to Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...) @@ -44400,15 +44920,13 @@ CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute NOT-FOR-US: D-Link CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link -CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()] - RESERVED +CVE-2021-3608 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) - qemu 1:5.2+dfsg-11 (bug #990563) [buster] - qemu <no-dsa> (Minor issue) [stretch] - qemu <not-affected> (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3 -CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()] - RESERVED +CVE-2021-3607 (An integer overflow was found in the QEMU implementation of VMWare's p ...) - qemu 1:5.2+dfsg-11 (bug #990564) [buster] - qemu <no-dsa> (Minor issue) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -45033,8 +45551,7 @@ CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contain NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may ...) NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway -CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c] - RESERVED +CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in versions p ...) - imagemagick 8:6.9.11.57+dfsg-1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624 NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114 @@ -56485,8 +57002,7 @@ CVE-2021-26259 NOTE: https://github.com/michaelrsweet/htmldoc/issues/417 NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5 NOTE: Crash in CLI tool, no security impact -CVE-2021-26252 - RESERVED +CVE-2021-26252 (A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_ ...) {DSA-4928-1 DLA-2700-1} - htmldoc 1.9.11-4 (unimportant; bug #989437) NOTE: https://github.com/michaelrsweet/htmldoc/issues/412 @@ -124400,12 +124916,12 @@ CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri NOT-FOR-US: Philips CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...) NOT-FOR-US: Advantech -CVE-2020-14504 - RESERVED +CVE-2020-14504 (The web interface of the 1734-AENTR communication module mishandles au ...) + TODO: check CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...) NOT-FOR-US: Advantech -CVE-2020-14502 - RESERVED +CVE-2020-14502 (The web interface of the 1734-AENTR communication module is vulnerable ...) + TODO: check CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...) NOT-FOR-US: Advantech CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...) @@ -124446,14 +124962,14 @@ CVE-2020-14483 (A timeout during a TLS handshake can result in the connection fa NOT-FOR-US: Niagara CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...) NOT-FOR-US: Delta Industrial Automation DOPSoft -CVE-2020-14481 - RESERVED -CVE-2020-14480 - RESERVED +CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak encryp ...) + TODO: check +CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access ...) + TODO: check CVE-2020-14479 RESERVED -CVE-2020-14478 - RESERVED +CVE-2020-14478 (A local, authenticated attacker could use an XML External Entity (XXE) ...) + TODO: check CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...) NOT-FOR-US: Philips CVE-2020-14476 @@ -136798,24 +137314,24 @@ CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.11.00 and prior NOT-FOR-US: Rockwell CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...) NOT-FOR-US: Inductive Automation -CVE-2020-10640 - RESERVED +CVE-2020-10640 (Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to ...) + TODO: check CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 -CVE-2020-10636 - RESERVED -CVE-2020-10635 - RESERVED +CVE-2020-10636 (Inadequate encryption may allow the passwords for Emerson OpenEnterpri ...) + TODO: check +CVE-2020-10635 (Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server ...) + TODO: check CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) NOT-FOR-US: eWON Flexy and Cosy -CVE-2020-10632 - RESERVED +CVE-2020-10632 (Inadequate folder security permissions in Emerson OpenEnterprise versi ...) + TODO: check CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f232a1a73f016e356e36723332fca9e117246230 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f232a1a73f016e356e36723332fca9e117246230 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits