[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 13 Mar 2022 13:10:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4d388608 by security tracker role at 2022-03-13T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,18 @@
-CVE-2021-46709 [cross-site-scripting with newRows GET parameter]
+CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in 
compilePassOpcode in  ...)
+       TODO: check
+CVE-2022-26980
+       RESERVED
+CVE-2022-0942
+       RESERVED
+CVE-2022-0941
+       RESERVED
+CVE-2022-0940
+       RESERVED
+CVE-2022-0939
+       RESERVED
+CVE-2022-0938
+       RESERVED
+CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php 
newRows para ...)
        - phpliteadmin 1.9.8.2-2
        NOTE: 
https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability
        NOTE: 
https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows
@@ -1716,7 +1730,7 @@ CVE-2022-26320
        RESERVED
 CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro 
Portabl ...)
        NOT-FOR-US: Trend Micro
-CVE-2022-26318 (Null pointer dereference in WatchGuard Firebox and XTM 
appliances allo ...)
+CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated 
user can  ...)
        NOT-FOR-US: WatchGuard
 CVE-2022-26317 (A vulnerability has been identified in Mendix Applications 
using Mendi ...)
        NOT-FOR-US: Mendix (Siemens)
@@ -3535,6 +3549,7 @@ CVE-2022-0712 (NULL Pointer Dereference in GitHub 
repository radareorg/radare2 p
        NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466
        NOTE: 
https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7
 CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses 
containin ...)
+       {DSA-5102-1}
        - haproxy 2.4.13-1
        [buster] - haproxy <not-affected> (Vulnerable code introduced later)
        [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
@@ -5008,7 +5023,7 @@ CVE-2022-25092
        RESERVED
 CVE-2022-25091
        RESERVED
-CVE-2022-25090 (Printix Secure Cloud Print Management 1.3.1035.0 creates a 
temporary f ...)
+CVE-2022-25090 (Printix Secure Cloud Print Management through 1.3.1106.0 
creates a tem ...)
        NOT-FOR-US: Printix Secure Cloud Print Management
 CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0 
incorrectly u ...)
        NOT-FOR-US: Printix Secure Cloud Print Management
@@ -6004,8 +6019,8 @@ CVE-2022-0549
        NOTE: 
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
 CVE-2022-0548
        RESERVED
-CVE-2022-24696
-       RESERVED
+CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) 
allows a ...)
+       TODO: check
 CVE-2022-24695
        RESERVED
 CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 
21.10 before ...)
@@ -7736,8 +7751,8 @@ CVE-2022-24130 (xterm through Patch 370, when Sixel 
support is enabled, allows a
        NOTE: 
https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d
 CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity 
Provider allow ...)
        NOT-FOR-US: Shibboleth identity provider OIDC OP plugin
-CVE-2022-24128
-       RESERVED
+CVE-2022-24128 (Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow 
privilege esc ...)
+       TODO: check
 CVE-2022-24127
        RESERVED
 CVE-2022-24126
@@ -30339,7 +30354,7 @@ CVE-2021-41851
 CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site 
...)
        NOT-FOR-US: firefly-iii
 CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository 
adodb/a ...)
-       {DLA-2912-1}
+       {DSA-5101-1 DLA-2912-1}
        - libphp-adodb 5.21.4-1 (bug #1004376)
        NOTE: https://github.com/ADOdb/ADOdb/issues/793
        NOTE: 
https://github.com/adodb/adodb/commit/b4d5ce70034c5aac3a1d51d317d93c037a0938d2 
(v5.21.4)
@@ -64034,7 +64049,7 @@ CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF 
can occur because the CSR
        NOT-FOR-US: OWASP CSRFGuard
 CVE-2021-28489
        RESERVED
-CVE-2021-28488 (Ericsson Network Manager 20.2 has Insecure Permissions. ...)
+CVE-2021-28488 (Ericsson Network Manager (ENM) before 21.2 has incorrect 
access-contro ...)
        NOT-FOR-US: Ericsson
 CVE-2021-28487
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3886082572a08981574cd2a8f300c699974fa4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3886082572a08981574cd2a8f300c699974fa4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to