Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5a8464da by security tracker role at 2022-03-22T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,287 @@ +CVE-2022-27635 + RESERVED +CVE-2022-27626 + RESERVED +CVE-2022-27625 + RESERVED +CVE-2022-27624 + RESERVED +CVE-2022-27623 + RESERVED +CVE-2022-27622 + RESERVED +CVE-2022-27621 + RESERVED +CVE-2022-27620 + RESERVED +CVE-2022-27619 + RESERVED +CVE-2022-27618 + RESERVED +CVE-2022-27617 + RESERVED +CVE-2022-27616 + RESERVED +CVE-2022-27615 + RESERVED +CVE-2022-27614 + RESERVED +CVE-2022-27613 + RESERVED +CVE-2022-27612 + RESERVED +CVE-2022-27611 + RESERVED +CVE-2022-27610 + RESERVED +CVE-2022-27609 + RESERVED +CVE-2022-27608 + RESERVED +CVE-2022-27607 (Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom ...) + TODO: check +CVE-2022-27606 + RESERVED +CVE-2022-27605 + RESERVED +CVE-2022-27604 + RESERVED +CVE-2022-27603 + RESERVED +CVE-2022-27602 + RESERVED +CVE-2022-27601 + RESERVED +CVE-2022-27600 + RESERVED +CVE-2022-27599 + RESERVED +CVE-2022-27598 + RESERVED +CVE-2022-27597 + RESERVED +CVE-2022-27596 + RESERVED +CVE-2022-27595 + RESERVED +CVE-2022-27594 + RESERVED +CVE-2022-27593 + RESERVED +CVE-2022-27592 + RESERVED +CVE-2022-27591 + RESERVED +CVE-2022-27590 + RESERVED +CVE-2022-27589 + RESERVED +CVE-2022-27588 + RESERVED +CVE-2022-27587 + RESERVED +CVE-2022-27586 + RESERVED +CVE-2022-27585 + RESERVED +CVE-2022-27584 + RESERVED +CVE-2022-27583 + RESERVED +CVE-2022-27582 + RESERVED +CVE-2022-27581 + RESERVED +CVE-2022-27580 + RESERVED +CVE-2022-27579 + RESERVED +CVE-2022-27578 + RESERVED +CVE-2022-27577 + RESERVED +CVE-2022-27576 + RESERVED +CVE-2022-27575 + RESERVED +CVE-2022-27574 + RESERVED +CVE-2022-27573 + RESERVED +CVE-2022-27572 + RESERVED +CVE-2022-27571 + RESERVED +CVE-2022-27570 + RESERVED +CVE-2022-27569 + RESERVED +CVE-2022-27568 + RESERVED +CVE-2022-27567 + RESERVED +CVE-2022-27566 + RESERVED +CVE-2022-27565 + RESERVED +CVE-2022-27564 + RESERVED +CVE-2022-27563 + RESERVED +CVE-2022-27562 + RESERVED +CVE-2022-27561 + RESERVED +CVE-2022-27560 + RESERVED +CVE-2022-27559 + RESERVED +CVE-2022-27558 + RESERVED +CVE-2022-27557 + RESERVED +CVE-2022-27556 + RESERVED +CVE-2022-27555 + RESERVED +CVE-2022-27554 + RESERVED +CVE-2022-27553 + RESERVED +CVE-2022-27552 + RESERVED +CVE-2022-27551 + RESERVED +CVE-2022-27550 + RESERVED +CVE-2022-27549 + RESERVED +CVE-2022-27548 + RESERVED +CVE-2022-27547 + RESERVED +CVE-2022-27546 + RESERVED +CVE-2022-27545 + RESERVED +CVE-2022-27544 + RESERVED +CVE-2022-27543 + RESERVED +CVE-2022-27542 + RESERVED +CVE-2022-27541 + RESERVED +CVE-2022-27540 + RESERVED +CVE-2022-27539 + RESERVED +CVE-2022-27538 + RESERVED +CVE-2022-27537 + RESERVED +CVE-2022-27536 + RESERVED +CVE-2022-27535 + RESERVED +CVE-2022-27534 + RESERVED +CVE-2022-27533 + RESERVED +CVE-2022-27532 + RESERVED +CVE-2022-27531 + RESERVED +CVE-2022-27530 + RESERVED +CVE-2022-27529 + RESERVED +CVE-2022-27528 + RESERVED +CVE-2022-27527 + RESERVED +CVE-2022-27526 + RESERVED +CVE-2022-27525 + RESERVED +CVE-2022-27524 + RESERVED +CVE-2022-27523 + RESERVED +CVE-2022-27522 + RESERVED +CVE-2022-27521 + RESERVED +CVE-2022-27520 + RESERVED +CVE-2022-27519 + RESERVED +CVE-2022-27518 + RESERVED +CVE-2022-27517 + RESERVED +CVE-2022-27516 + RESERVED +CVE-2022-27515 + RESERVED +CVE-2022-27514 + RESERVED +CVE-2022-27513 + RESERVED +CVE-2022-27512 + RESERVED +CVE-2022-27511 + RESERVED +CVE-2022-27510 + RESERVED +CVE-2022-27509 + RESERVED +CVE-2022-27508 + RESERVED +CVE-2022-27507 + RESERVED +CVE-2022-27506 + RESERVED +CVE-2022-27505 + RESERVED +CVE-2022-27504 + RESERVED +CVE-2022-27503 + RESERVED +CVE-2022-27502 + RESERVED +CVE-2022-27501 + RESERVED +CVE-2022-27500 + RESERVED +CVE-2022-27233 + RESERVED +CVE-2022-27229 + RESERVED +CVE-2022-27183 + RESERVED +CVE-2022-27180 + RESERVED +CVE-2022-26889 + RESERVED +CVE-2022-26888 + RESERVED +CVE-2022-26840 + RESERVED +CVE-2022-26070 + RESERVED +CVE-2022-26024 + RESERVED +CVE-2022-26017 + RESERVED +CVE-2022-25841 + RESERVED +CVE-2022-1040 + RESERVED +CVE-2022-1039 + RESERVED +CVE-2022-1038 + RESERVED CVE-2022-27492 RESERVED CVE-2022-27491 @@ -316,8 +600,8 @@ CVE-2022-27335 RESERVED CVE-2022-27334 RESERVED -CVE-2022-27333 - RESERVED +CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...) + TODO: check CVE-2022-27332 RESERVED CVE-2022-27331 @@ -1126,8 +1410,8 @@ CVE-2022-27092 RESERVED CVE-2022-27091 RESERVED -CVE-2022-27090 - RESERVED +CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...) + TODO: check CVE-2022-27089 RESERVED CVE-2022-27088 @@ -3174,12 +3458,12 @@ CVE-2022-26287 RESERVED CVE-2022-26286 RESERVED -CVE-2022-26285 - RESERVED -CVE-2022-26284 - RESERVED -CVE-2022-26283 - RESERVED +CVE-2022-26285 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...) + TODO: check +CVE-2022-26284 (Simple Client Management System v1.0 was discovered to contain a SQL i ...) + TODO: check +CVE-2022-26283 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...) + TODO: check CVE-2022-26282 RESERVED CVE-2022-26281 @@ -3376,10 +3660,10 @@ CVE-2022-26186 RESERVED CVE-2022-26185 RESERVED -CVE-2022-26184 - RESERVED -CVE-2022-26183 - RESERVED +CVE-2022-26184 (Poetry v1.1.9 and below was discovered to contain an untrusted search ...) + TODO: check +CVE-2022-26183 (PNPM v6.15.1 and below was discovered to contain an untrusted search p ...) + TODO: check CVE-2022-26182 RESERVED CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-bu ...) @@ -3397,8 +3681,8 @@ CVE-2022-26176 RESERVED CVE-2022-26175 RESERVED -CVE-2022-26174 - RESERVED +CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 ...) + TODO: check CVE-2022-26173 RESERVED CVE-2022-26172 @@ -3652,8 +3936,8 @@ CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/a NOT-FOR-US: rudloff/alltube CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated administr ...) NOT-FOR-US: MODX Revolution -CVE-2022-26148 - RESERVED +CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...) + TODO: check CVE-2022-26147 RESERVED CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...) @@ -5855,8 +6139,8 @@ CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in Git NOT-FOR-US: Node request-retry CVE-2022-0653 (The Profile Builder – User Profile & User Registration Forms ...) NOT-FOR-US: WordPress plugin -CVE-2022-0652 - RESERVED +CVE-2022-0652 (Confd log files contain local users', including root’s, SHA512cr ...) + TODO: check CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) NOT-FOR-US: WordPress plugin CVE-2022-0650 @@ -9703,8 +9987,8 @@ CVE-2022-24005 RESERVED CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat -CVE-2022-0386 - RESERVED +CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...) + TODO: check CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17 does n ...) @@ -10089,6 +10373,7 @@ CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. Th CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...) + {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 <no-dsa> (Minor issue) [buster] - apache2 <no-dsa> (Minor issue) @@ -12102,22 +12387,22 @@ CVE-2022-23354 RESERVED CVE-2022-23353 RESERVED -CVE-2022-23352 - RESERVED +CVE-2022-23352 (An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial ...) + TODO: check CVE-2022-23351 RESERVED -CVE-2022-23350 - RESERVED -CVE-2022-23349 - RESERVED -CVE-2022-23348 - RESERVED -CVE-2022-23347 - RESERVED -CVE-2022-23346 - RESERVED -CVE-2022-23345 - RESERVED +CVE-2022-23350 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cros ...) + TODO: check +CVE-2022-23349 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cros ...) + TODO: check +CVE-2022-23348 (BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak p ...) + TODO: check +CVE-2022-23347 (BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable ...) + TODO: check +CVE-2022-23346 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...) + TODO: check +CVE-2022-23345 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...) + TODO: check CVE-2022-23344 RESERVED CVE-2022-23343 @@ -12230,8 +12515,8 @@ CVE-2021-46392 RESERVED CVE-2021-46391 RESERVED -CVE-2021-46390 - RESERVED +CVE-2021-46390 (An access control issue in the authentication module of Lexar_F35 v1.0 ...) + TODO: check CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) NOT-FOR-US: IIPImage High Resolution Streaming Image Server CVE-2021-46388 @@ -14711,18 +14996,21 @@ CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerabil CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) NOT-FOR-US: Schneider Electric CVE-2022-22721 (If LimitXMLRequestBody is set to allow request bodies larger than 350M ...) + {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 <no-dsa> (Minor issue) [buster] - apache2 <no-dsa> (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721 NOTE: Fixed by: https://svn.apache.org/r1898693 CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ...) + {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 <no-dsa> (Minor issue) [buster] - apache2 <no-dsa> (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720 NOTE: Fixed by: https://svn.apache.org/r1898692 CVE-2022-22719 (A carefully crafted request body can cause a read to a random memory a ...) + {DLA-2960-1} - apache2 2.4.53-1 [bullseye] - apache2 <no-dsa> (Minor issue) [buster] - apache2 <no-dsa> (Minor issue) @@ -34903,8 +35191,8 @@ CVE-2021-40664 RESERVED CVE-2021-40663 RESERVED -CVE-2021-40662 - RESERVED +CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...) + TODO: check CVE-2021-40661 RESERVED CVE-2021-40660 @@ -39589,8 +39877,8 @@ CVE-2021-38747 RESERVED CVE-2021-38746 RESERVED -CVE-2021-38745 - RESERVED +CVE-2021-38745 (Chamilo LMS v1.11.14 was discovered to contain a zero click code injec ...) + TODO: check CVE-2021-38744 RESERVED CVE-2021-38743 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a8464da811a0e71c216f08872bd6e968ad3b3e1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a8464da811a0e71c216f08872bd6e968ad3b3e1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits