Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4d388608 by security tracker role at 2022-03-13T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,18 @@ -CVE-2021-46709 [cross-site-scripting with newRows GET parameter] +CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in ...) + TODO: check +CVE-2022-26980 + RESERVED +CVE-2022-0942 + RESERVED +CVE-2022-0941 + RESERVED +CVE-2022-0940 + RESERVED +CVE-2022-0939 + RESERVED +CVE-2022-0938 + RESERVED +CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows para ...) - phpliteadmin 1.9.8.2-2 NOTE: https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability NOTE: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows @@ -1716,7 +1730,7 @@ CVE-2022-26320 RESERVED CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro Portabl ...) NOT-FOR-US: Trend Micro -CVE-2022-26318 (Null pointer dereference in WatchGuard Firebox and XTM appliances allo ...) +CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can ...) NOT-FOR-US: WatchGuard CVE-2022-26317 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Mendix (Siemens) @@ -3535,6 +3549,7 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466 NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses containin ...) + {DSA-5102-1} - haproxy 2.4.13-1 [buster] - haproxy <not-affected> (Vulnerable code introduced later) [stretch] - haproxy <not-affected> (Vulnerable code introduced later) @@ -5008,7 +5023,7 @@ CVE-2022-25092 RESERVED CVE-2022-25091 RESERVED -CVE-2022-25090 (Printix Secure Cloud Print Management 1.3.1035.0 creates a temporary f ...) +CVE-2022-25090 (Printix Secure Cloud Print Management through 1.3.1106.0 creates a tem ...) NOT-FOR-US: Printix Secure Cloud Print Management CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly u ...) NOT-FOR-US: Printix Secure Cloud Print Management @@ -6004,8 +6019,8 @@ CVE-2022-0549 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0548 RESERVED -CVE-2022-24696 - RESERVED +CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a ...) + TODO: check CVE-2022-24695 RESERVED CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...) @@ -7736,8 +7751,8 @@ CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows a NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...) NOT-FOR-US: Shibboleth identity provider OIDC OP plugin -CVE-2022-24128 - RESERVED +CVE-2022-24128 (Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege esc ...) + TODO: check CVE-2022-24127 RESERVED CVE-2022-24126 @@ -30339,7 +30354,7 @@ CVE-2021-41851 CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...) NOT-FOR-US: firefly-iii CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...) - {DLA-2912-1} + {DSA-5101-1 DLA-2912-1} - libphp-adodb 5.21.4-1 (bug #1004376) NOTE: https://github.com/ADOdb/ADOdb/issues/793 NOTE: https://github.com/adodb/adodb/commit/b4d5ce70034c5aac3a1d51d317d93c037a0938d2 (v5.21.4) @@ -64034,7 +64049,7 @@ CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSR NOT-FOR-US: OWASP CSRFGuard CVE-2021-28489 RESERVED -CVE-2021-28488 (Ericsson Network Manager 20.2 has Insecure Permissions. ...) +CVE-2021-28488 (Ericsson Network Manager (ENM) before 21.2 has incorrect access-contro ...) NOT-FOR-US: Ericsson CVE-2021-28487 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3886082572a08981574cd2a8f300c699974fa4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3886082572a08981574cd2a8f300c699974fa4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits