Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 36475359 by security tracker role at 2021-12-21T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,197 @@ +CVE-2022-22136 + RESERVED +CVE-2022-22135 + RESERVED +CVE-2022-22134 + RESERVED +CVE-2022-22133 + RESERVED +CVE-2022-22132 + RESERVED +CVE-2022-22131 + RESERVED +CVE-2022-22130 + RESERVED +CVE-2022-22129 + RESERVED +CVE-2022-22128 + RESERVED +CVE-2022-22127 + RESERVED +CVE-2022-22126 + RESERVED +CVE-2022-22125 + RESERVED +CVE-2022-22124 + RESERVED +CVE-2022-22123 + RESERVED +CVE-2022-22122 + RESERVED +CVE-2022-22121 + RESERVED +CVE-2022-22120 + RESERVED +CVE-2022-22119 + RESERVED +CVE-2022-22118 + RESERVED +CVE-2022-22117 + RESERVED +CVE-2022-22116 + RESERVED +CVE-2022-22115 + RESERVED +CVE-2022-22114 + RESERVED +CVE-2022-22113 + RESERVED +CVE-2022-22112 + RESERVED +CVE-2022-22111 + RESERVED +CVE-2022-22110 + RESERVED +CVE-2022-22109 + RESERVED +CVE-2022-22108 + RESERVED +CVE-2022-22107 + RESERVED +CVE-2022-22106 + RESERVED +CVE-2022-22105 + RESERVED +CVE-2022-22104 + RESERVED +CVE-2022-22103 + RESERVED +CVE-2022-22102 + RESERVED +CVE-2022-22101 + RESERVED +CVE-2022-22100 + RESERVED +CVE-2022-22099 + RESERVED +CVE-2022-22098 + RESERVED +CVE-2022-22097 + RESERVED +CVE-2022-22096 + RESERVED +CVE-2022-22095 + RESERVED +CVE-2022-22094 + RESERVED +CVE-2022-22093 + RESERVED +CVE-2022-22092 + RESERVED +CVE-2022-22091 + RESERVED +CVE-2022-22090 + RESERVED +CVE-2022-22089 + RESERVED +CVE-2022-22088 + RESERVED +CVE-2022-22087 + RESERVED +CVE-2022-22086 + RESERVED +CVE-2022-22085 + RESERVED +CVE-2022-22084 + RESERVED +CVE-2022-22083 + RESERVED +CVE-2022-22082 + RESERVED +CVE-2022-22081 + RESERVED +CVE-2022-22080 + RESERVED +CVE-2022-22079 + RESERVED +CVE-2022-22078 + RESERVED +CVE-2022-22077 + RESERVED +CVE-2022-22076 + RESERVED +CVE-2022-22075 + RESERVED +CVE-2022-22074 + RESERVED +CVE-2022-22073 + RESERVED +CVE-2022-22072 + RESERVED +CVE-2022-22071 + RESERVED +CVE-2022-22070 + RESERVED +CVE-2022-22069 + RESERVED +CVE-2022-22068 + RESERVED +CVE-2022-22067 + RESERVED +CVE-2022-22066 + RESERVED +CVE-2022-22065 + RESERVED +CVE-2022-22064 + RESERVED +CVE-2022-22063 + RESERVED +CVE-2022-22062 + RESERVED +CVE-2022-22061 + RESERVED +CVE-2022-22060 + RESERVED +CVE-2022-22059 + RESERVED +CVE-2022-22058 + RESERVED +CVE-2022-22057 + RESERVED +CVE-2022-22056 + RESERVED +CVE-2022-22055 + RESERVED +CVE-2022-22054 + RESERVED +CVE-2021-45458 + RESERVED +CVE-2021-45457 + RESERVED +CVE-2021-45456 + RESERVED +CVE-2021-45455 + RESERVED +CVE-2021-45454 + RESERVED +CVE-2021-45453 + RESERVED +CVE-2021-45452 + RESERVED +CVE-2021-4150 + RESERVED +CVE-2021-4149 + RESERVED +CVE-2021-4148 + RESERVED +CVE-2021-4147 + RESERVED +CVE-2021-4146 + RESERVED +CVE-2021-4145 + RESERVED +CVE-2021-4144 + RESERVED CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...) TODO: check CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...) @@ -24,8 +218,7 @@ CVE-2017-20010 CVE-2017-20009 RESERVED NOT-FOR-US: MODX Revolution -CVE-2012-20001 - RESERVED +CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the "<object data='data:text ...) NOT-FOR-US: PrestaShop CVE-2021-45442 RESERVED @@ -317,26 +510,26 @@ CVE-2021-45299 RESERVED CVE-2021-45298 RESERVED -CVE-2021-45297 - RESERVED +CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) + TODO: check CVE-2021-45296 RESERVED CVE-2021-45295 RESERVED CVE-2021-45294 RESERVED -CVE-2021-45293 - RESERVED -CVE-2021-45292 - RESERVED -CVE-2021-45291 - RESERVED -CVE-2021-45290 - RESERVED -CVE-2021-45289 - RESERVED -CVE-2021-45288 - RESERVED +CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...) + TODO: check +CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) + TODO: check +CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) + TODO: check +CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...) + TODO: check +CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) + TODO: check +CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) + TODO: check CVE-2021-45287 RESERVED CVE-2021-45286 @@ -401,14 +594,14 @@ CVE-2021-45257 RESERVED CVE-2021-45256 RESERVED -CVE-2021-45255 - RESERVED +CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...) + TODO: check CVE-2021-45254 RESERVED -CVE-2021-45253 - RESERVED -CVE-2021-45252 - RESERVED +CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...) + TODO: check +CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...) + TODO: check CVE-2021-45251 RESERVED CVE-2021-45250 @@ -451,8 +644,8 @@ CVE-2021-4141 RESERVED CVE-2021-4140 RESERVED -CVE-2021-4139 - RESERVED +CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + TODO: check CVE-2021-4138 RESERVED CVE-2022-22053 @@ -1033,12 +1226,12 @@ CVE-2021-45093 RESERVED CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...) NOT-FOR-US: Thinfinity VirtualUI -CVE-2021-45091 - RESERVED -CVE-2021-45090 - RESERVED -CVE-2021-45089 - RESERVED +CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...) + TODO: check +CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...) + TODO: check +CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...) + TODO: check CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) - epiphany-browser 41.2-1 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 @@ -1750,14 +1943,14 @@ CVE-2021-44879 RESERVED CVE-2021-44878 RESERVED -CVE-2021-44877 - RESERVED -CVE-2021-44876 - RESERVED -CVE-2021-44875 - RESERVED -CVE-2021-44874 - RESERVED +CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...) + TODO: check +CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) + TODO: check +CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) + TODO: check +CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...) + TODO: check CVE-2021-44873 RESERVED CVE-2021-44872 @@ -1784,10 +1977,10 @@ CVE-2021-44862 RESERVED CVE-2021-44861 RESERVED -CVE-2021-44860 - RESERVED -CVE-2021-44859 - RESERVED +CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...) + TODO: check +CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...) + TODO: check CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5021-1 DLA-2847-1} - mediawiki 1:1.35.5-1 @@ -3126,10 +3319,10 @@ CVE-2021-44425 RESERVED CVE-2021-44424 RESERVED -CVE-2021-44423 - RESERVED -CVE-2021-44422 - RESERVED +CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...) + TODO: check +CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...) + TODO: check CVE-2021-44421 RESERVED CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) @@ -3749,8 +3942,8 @@ CVE-2021-44209 RESERVED CVE-2021-44208 RESERVED -CVE-2021-44207 - RESERVED +CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...) + TODO: check CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: snipe-it CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -3866,22 +4059,26 @@ CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user CVE-2021-44158 RESERVED CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1} - xorg-server 2:1.20.13-3 - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768 CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1} - xorg-server 2:1.20.13-3 [stretch] - xorg-server <not-affected> (Vulnerable code introduced later) - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21 CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1} - xorg-server 2:1.20.13-3 - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02 CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1} - xorg-server 2:1.20.13-3 - xwayland 2:21.1.4-1 NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html @@ -4875,8 +5072,8 @@ CVE-2021-43841 RESERVED CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) TODO: check -CVE-2021-43839 - RESERVED +CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...) + TODO: check CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...) TODO: check CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...) @@ -6259,8 +6456,8 @@ CVE-2021-43589 RESERVED CVE-2021-43588 RESERVED -CVE-2021-43587 - RESERVED +CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...) + TODO: check CVE-2021-43586 RESERVED CVE-2021-43585 @@ -26083,8 +26280,8 @@ CVE-2021-3639 [Prevent redirect to URLs that begin with '///'] [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) [stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 -CVE-2021-36350 - RESERVED +CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...) + TODO: check CVE-2021-36349 RESERVED CVE-2021-36348 @@ -26101,18 +26298,18 @@ CVE-2021-36343 RESERVED CVE-2021-36342 RESERVED -CVE-2021-36341 - RESERVED +CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...) + TODO: check CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...) NOT-FOR-US: EMC CVE-2021-36339 RESERVED CVE-2021-36338 RESERVED -CVE-2021-36337 - RESERVED -CVE-2021-36336 - RESERVED +CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...) + TODO: check +CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...) + TODO: check CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...) NOT-FOR-US: EMC CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...) @@ -26147,12 +26344,12 @@ CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 cont NOT-FOR-US: Dell CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...) NOT-FOR-US: Dell -CVE-2021-36318 - RESERVED -CVE-2021-36317 - RESERVED -CVE-2021-36316 - RESERVED +CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...) + TODO: check +CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...) + TODO: check +CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...) + TODO: check CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...) NOT-FOR-US: EMC CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...) @@ -48406,24 +48603,24 @@ CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulne NOT-FOR-US: Delta Electronics CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...) NOT-FOR-US: GE -CVE-2021-27453 - RESERVED +CVE-2021-27453 (Mesa Labs AmegaView Versions 3.0 uses default cookies that could be se ...) + TODO: check CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...) NOT-FOR-US: GE -CVE-2021-27451 - RESERVED +CVE-2021-27451 (Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generat ...) + TODO: check CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...) NOT-FOR-US: GE -CVE-2021-27449 - RESERVED +CVE-2021-27449 (Mesa Labs AmegaView Versions 3.0 and prior has a command injection vul ...) + TODO: check CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...) NOT-FOR-US: GE -CVE-2021-27447 - RESERVED +CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, ...) + TODO: check CVE-2021-27446 RESERVED -CVE-2021-27445 - RESERVED +CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...) + TODO: check CVE-2021-27444 RESERVED CVE-2021-27443 @@ -54716,8 +54913,8 @@ CVE-2021-24983 RESERVED CVE-2021-24982 RESERVED -CVE-2021-24981 - RESERVED +CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...) + TODO: check CVE-2021-24980 RESERVED CVE-2021-24979 @@ -54766,8 +54963,8 @@ CVE-2021-24958 RESERVED CVE-2021-24957 RESERVED -CVE-2021-24956 - RESERVED +CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...) + TODO: check CVE-2021-24955 (The User Registration, Login Form, User Profile & Membership WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24954 (The User Registration, Login Form, User Profile & Membership WordP ...) @@ -54796,8 +54993,8 @@ CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin befor NOT-FOR-US: WordPress plugin CVE-2021-24942 RESERVED -CVE-2021-24941 - RESERVED +CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...) + TODO: check CVE-2021-24940 RESERVED CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...) @@ -54864,8 +55061,8 @@ CVE-2021-24909 RESERVED CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...) NOT-FOR-US: WordPress plugin -CVE-2021-24907 - RESERVED +CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...) + TODO: check CVE-2021-24906 RESERVED CVE-2021-24905 @@ -54980,14 +55177,14 @@ CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with NOT-FOR-US: WordPress plugin CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...) NOT-FOR-US: WordPress plugin -CVE-2021-24849 - RESERVED +CVE-2021-24849 (The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress ...) + TODO: check CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...) NOT-FOR-US: WordPress plugin CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...) NOT-FOR-US: WordPress plugin -CVE-2021-24846 - RESERVED +CVE-2021-24846 (The get_query() function of the Ni WooCommerce Custom Order Status Wor ...) + TODO: check CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing ...) NOT-FOR-US: WordPress plugin CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...) @@ -55178,8 +55375,8 @@ CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capa NOT-FOR-US: WordPress plugins CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...) NOT-FOR-US: WordPress plugin -CVE-2021-24750 - RESERVED +CVE-2021-24750 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) + TODO: check CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...) @@ -55200,10 +55397,10 @@ CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape NOT-FOR-US: WordPress plugin CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...) NOT-FOR-US: WordPress plugin -CVE-2021-24739 - RESERVED -CVE-2021-24738 - RESERVED +CVE-2021-24739 (The Logo Carousel WordPress plugin before 3.4.2 allows users with a ro ...) + TODO: check +CVE-2021-24738 (The Logo Carousel WordPress plugin before 3.4.2 does not validate and ...) + TODO: check CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...) @@ -55522,8 +55719,8 @@ CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not saniti NOT-FOR-US: WordPress plugin CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...) NOT-FOR-US: WordPress plugin -CVE-2021-24578 - RESERVED +CVE-2021-24578 (The SportsPress WordPress plugin before 2.7.9 does not sanitise and es ...) + TODO: check CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...) NOT-FOR-US: WordPress plugin CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...) @@ -97255,8 +97452,8 @@ CVE-2020-19772 RESERVED CVE-2020-19771 RESERVED -CVE-2020-19770 - RESERVED +CVE-2020-19770 (A cross-site scripting (XSS) vulnerability in the system bulletin comp ...) + TODO: check CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...) NOT-FOR-US: Rob The Bank CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3647535975637698120ea88ccb3d4a9e5f90baee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3647535975637698120ea88ccb3d4a9e5f90baee You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits