Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8c94b874 by security tracker role at 2022-03-24T20:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,55 @@ +CVE-2022-27863 + RESERVED +CVE-2022-27862 + RESERVED +CVE-2022-27861 + RESERVED +CVE-2022-27860 + RESERVED +CVE-2022-27859 + RESERVED +CVE-2022-27858 + RESERVED +CVE-2022-27857 + RESERVED +CVE-2022-27856 + RESERVED +CVE-2022-27855 + RESERVED +CVE-2022-27854 + RESERVED +CVE-2022-27853 + RESERVED +CVE-2022-27852 + RESERVED +CVE-2022-27851 + RESERVED +CVE-2022-27850 + RESERVED +CVE-2022-27849 + RESERVED +CVE-2022-27848 + RESERVED +CVE-2022-27847 + RESERVED +CVE-2022-27846 + RESERVED +CVE-2022-27845 + RESERVED +CVE-2022-27844 + RESERVED +CVE-2022-1066 + RESERVED +CVE-2022-1065 + RESERVED +CVE-2022-1064 + RESERVED +CVE-2022-1063 + RESERVED +CVE-2022-1062 + RESERVED +CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...) + TODO: check CVE-2022-XXXX [zlib memory corruption on deflate] - zlib <unfixed> NOTE: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 @@ -361,8 +413,8 @@ CVE-2022-27667 RESERVED CVE-2022-1059 RESERVED -CVE-2022-1058 - RESERVED +CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...) + TODO: check CVE-2022-1057 RESERVED CVE-2021-46739 @@ -436,8 +488,8 @@ CVE-2022-1054 RESERVED CVE-2022-1053 RESERVED -CVE-2022-1052 - RESERVED +CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...) + TODO: check CVE-2022-1051 RESERVED CVE-2022-1050 @@ -1715,8 +1767,8 @@ CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc p NOT-FOR-US: ShowDoc CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...) NOT-FOR-US: ShowDoc -CVE-2022-0955 - RESERVED +CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data- ...) + TODO: check CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's O ...) NOT-FOR-US: microweber CVE-2022-0953 @@ -2425,6 +2477,7 @@ CVE-2022-26852 CVE-2022-26851 RESERVED CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers t ...) + {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/278 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/311 @@ -2609,15 +2662,18 @@ CVE-2022-25905 CVE-2022-0910 RESERVED CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to ...) + {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/393 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/310 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/32ea0722ee68f503b7a3f9b2d557acb293fc8cde CVE-2022-0908 (Null source pointer passed as an argument to memcpy() function within ...) + {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/383 CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libt ...) + {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/392 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314 @@ -2671,6 +2727,7 @@ CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network destina CVE-2022-26777 RESERVED CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in tiffcrop.c i ...) + {DSA-5108-1} - tiff 4.3.0-6 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c NOTE: https://gitlab.com/libtiff/libtiff/-/issues/380 @@ -3012,8 +3069,8 @@ CVE-2022-26631 RESERVED CVE-2022-26630 RESERVED -CVE-2022-26629 - RESERVED +CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...) + TODO: check CVE-2022-26628 RESERVED CVE-2022-26627 @@ -3357,6 +3414,7 @@ CVE-2022-0867 CVE-2022-0866 RESERVED CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cau ...) + {DSA-5108-1} - tiff 4.3.0-5 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/385 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/306 @@ -5820,8 +5878,8 @@ CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with acc NOT-FOR-US: Passwordstate CVE-2022-25569 RESERVED -CVE-2022-25568 - RESERVED +CVE-2022-25568 (MotionEye v0.42.1 and below allows attackers to access sensitive infor ...) + TODO: check CVE-2022-25567 RESERVED CVE-2022-25566 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) @@ -8215,12 +8273,12 @@ CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when c NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) - {DLA-2932-1} + {DSA-5108-1 DLA-2932-1} - tiff 4.3.0-4 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...) - {DLA-2932-1} + {DSA-5108-1 DLA-2932-1} - tiff 4.3.0-4 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef @@ -8264,10 +8322,10 @@ CVE-2022-24698 RESERVED CVE-2022-24697 RESERVED -CVE-2022-0551 - RESERVED -CVE-2022-0550 - RESERVED +CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in Nozo ...) + TODO: check +CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upload i ...) + TODO: check CVE-2022-0549 RESERVED [experimental] - gitlab 14.6.5+ds1-1 @@ -11790,8 +11848,8 @@ CVE-2022-0317 (An improper input validation vulnerability in go-attestation befo NOT-FOR-US: go-attestation CVE-2022-0316 RESERVED -CVE-2022-0315 - RESERVED +CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod prior to ...) + TODO: check CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...) NOT-FOR-US: Zoho ManageEngine CVE-2022-23778 @@ -14962,7 +15020,7 @@ CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify tha CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...) NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...) - {DLA-2932-1} + {DSA-5108-1 DLA-2932-1} - tiff 4.3.0-3 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287 @@ -15411,8 +15469,8 @@ CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulne NOT-FOR-US: Apache ShardingSphere ElasticJob-UI CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> -CVE-2022-0153 - RESERVED +CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. ...) + TODO: check CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab <unfixed> CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) @@ -15427,8 +15485,8 @@ CVE-2022-0147 (The Cookie Information | Free GDPR Consent Solution WordPress plu NOT-FOR-US: WordPress plugin CVE-2022-0146 RESERVED -CVE-2022-0145 - RESERVED +CVE-2022-0145 (Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkc ...) + TODO: check CVE-2021-46162 (A vulnerability has been identified in Simcenter Femap (All versions & ...) NOT-FOR-US: Siemens CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) @@ -16480,8 +16538,8 @@ CVE-2022-22376 RESERVED CVE-2022-22375 RESERVED -CVE-2022-22374 - RESERVED +CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subj ...) + TODO: check CVE-2022-22373 RESERVED CVE-2022-22372 @@ -21437,8 +21495,8 @@ CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, wh NOT-FOR-US: NVIDIA CVE-2022-21821 RESERVED -CVE-2022-21820 - RESERVED +CVE-2022-21820 (NVIDIA DCGM contains a vulnerability in nvhostengine, where a network ...) + TODO: check CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an ...) NOT-FOR-US: NVIDIA CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...) @@ -25880,8 +25938,8 @@ CVE-2021-43702 RESERVED CVE-2021-43701 RESERVED -CVE-2021-43700 - RESERVED +CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...) + TODO: check CVE-2021-43699 RESERVED CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...) @@ -25949,8 +26007,8 @@ CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receivi NOTE: https://github.com/ethereum/go-ethereum/issues/23866 CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) NOT-FOR-US: HyperLedger -CVE-2021-43666 - RESERVED +CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier ...) + TODO: check CVE-2021-43665 RESERVED CVE-2021-43664 @@ -25963,8 +26021,8 @@ CVE-2021-43661 RESERVED CVE-2021-43660 RESERVED -CVE-2021-43659 - RESERVED +CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar, any file c ...) + TODO: check CVE-2021-43658 RESERVED CVE-2021-43657 @@ -28512,10 +28570,10 @@ CVE-2021-43087 RESERVED CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compressi ...) NOT-FOR-US: ARM astcenc -CVE-2021-43085 - RESERVED -CVE-2021-43084 - RESERVED +CVE-2021-43085 (An Insecure Permissions vulnerability exists in the OpenSSL Project 3. ...) + TODO: check +CVE-2021-43084 (An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tab ...) + TODO: check CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) NOT-FOR-US: bookstack CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) @@ -38577,8 +38635,8 @@ CVE-2021-39493 RESERVED CVE-2021-39492 RESERVED -CVE-2021-39491 - RESERVED +CVE-2021-39491 (A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgi ...) + TODO: check CVE-2021-39490 RESERVED CVE-2021-39489 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c94b874f7f615a6d69c9f1740c3c2e3a33a4059 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c94b874f7f615a6d69c9f1740c3c2e3a33a4059 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits