Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8c94b874 by security tracker role at 2022-03-24T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-27863
+ RESERVED
+CVE-2022-27862
+ RESERVED
+CVE-2022-27861
+ RESERVED
+CVE-2022-27860
+ RESERVED
+CVE-2022-27859
+ RESERVED
+CVE-2022-27858
+ RESERVED
+CVE-2022-27857
+ RESERVED
+CVE-2022-27856
+ RESERVED
+CVE-2022-27855
+ RESERVED
+CVE-2022-27854
+ RESERVED
+CVE-2022-27853
+ RESERVED
+CVE-2022-27852
+ RESERVED
+CVE-2022-27851
+ RESERVED
+CVE-2022-27850
+ RESERVED
+CVE-2022-27849
+ RESERVED
+CVE-2022-27848
+ RESERVED
+CVE-2022-27847
+ RESERVED
+CVE-2022-27846
+ RESERVED
+CVE-2022-27845
+ RESERVED
+CVE-2022-27844
+ RESERVED
+CVE-2022-1066
+ RESERVED
+CVE-2022-1065
+ RESERVED
+CVE-2022-1064
+ RESERVED
+CVE-2022-1063
+ RESERVED
+CVE-2022-1062
+ RESERVED
+CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository
radareorg/ra ...)
+ TODO: check
CVE-2022-XXXX [zlib memory corruption on deflate]
- zlib <unfixed>
NOTE:
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
@@ -361,8 +413,8 @@ CVE-2022-27667
RESERVED
CVE-2022-1059
RESERVED
-CVE-2022-1058
- RESERVED
+CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea
prior to 1. ...)
+ TODO: check
CVE-2022-1057
RESERVED
CVE-2021-46739
@@ -436,8 +488,8 @@ CVE-2022-1054
RESERVED
CVE-2022-1053
RESERVED
-CVE-2022-1052
- RESERVED
+CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub
repository ra ...)
+ TODO: check
CVE-2022-1051
RESERVED
CVE-2022-1050
@@ -1715,8 +1767,8 @@ CVE-2022-0957 (Stored XSS via File Upload in GitHub
repository star7th/showdoc p
NOT-FOR-US: ShowDoc
CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc
prior ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0955
- RESERVED
+CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/data- ...)
+ TODO: check
CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in
Shop's O ...)
NOT-FOR-US: microweber
CVE-2022-0953
@@ -2425,6 +2477,7 @@ CVE-2022-26852
CVE-2022-26851
RESERVED
CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows
attackers t ...)
+ {DSA-5108-1}
- tiff 4.3.0-6
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/278
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/311
@@ -2609,15 +2662,18 @@ CVE-2022-25905
CVE-2022-0910
RESERVED
CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows
attackers to ...)
+ {DSA-5108-1}
- tiff 4.3.0-6
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/393
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/310
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/32ea0722ee68f503b7a3f9b2d557acb293fc8cde
CVE-2022-0908 (Null source pointer passed as an argument to memcpy() function
within ...)
+ {DSA-5108-1}
- tiff 4.3.0-6
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/383
CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop
in libt ...)
+ {DSA-5108-1}
- tiff 4.3.0-6
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/392
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314
@@ -2671,6 +2727,7 @@ CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21
stores a network destina
CVE-2022-26777
RESERVED
CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in
tiffcrop.c i ...)
+ {DSA-5108-1}
- tiff 4.3.0-6
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/380
@@ -3012,8 +3069,8 @@ CVE-2022-26631
RESERVED
CVE-2022-26630
RESERVED
-CVE-2022-26629
- RESERVED
+CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+
Messenger 1.0.3 ...)
+ TODO: check
CVE-2022-26628
RESERVED
CVE-2022-26627
@@ -3357,6 +3414,7 @@ CVE-2022-0867
CVE-2022-0866
RESERVED
CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers
to cau ...)
+ {DSA-5108-1}
- tiff 4.3.0-5
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/385
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/306
@@ -5820,8 +5878,8 @@ CVE-2022-25570 (In Click Studios (SA) Pty Ltd
Passwordstate 9435, users with acc
NOT-FOR-US: Passwordstate
CVE-2022-25569
RESERVED
-CVE-2022-25568
- RESERVED
+CVE-2022-25568 (MotionEye v0.42.1 and below allows attackers to access
sensitive infor ...)
+ TODO: check
CVE-2022-25567
RESERVED
CVE-2022-25566 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack
overflow in th ...)
@@ -8215,12 +8273,12 @@ CVE-2022-0563 (A flaw was found in the util-linux chfn
and chsh utilities when c
NOTE: util-linux in Debian does build with readline support but chfn
and chsh are provided
NOTE: by src:shadow and util-linux is configured with
--disable-chfn-chsh
CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function
within ...)
- {DLA-2932-1}
+ {DSA-5108-1 DLA-2932-1}
- tiff 4.3.0-4
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function
within ...)
- {DLA-2932-1}
+ {DSA-5108-1 DLA-2932-1}
- tiff 4.3.0-4
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
@@ -8264,10 +8322,10 @@ CVE-2022-24698
RESERVED
CVE-2022-24697
RESERVED
-CVE-2022-0551
- RESERVED
-CVE-2022-0550
- RESERVED
+CVE-2022-0551 (Improper Input Validation vulnerability in project file upload
in Nozo ...)
+ TODO: check
+CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo
upload i ...)
+ TODO: check
CVE-2022-0549
RESERVED
[experimental] - gitlab 14.6.5+ds1-1
@@ -11790,8 +11848,8 @@ CVE-2022-0317 (An improper input validation
vulnerability in go-attestation befo
NOT-FOR-US: go-attestation
CVE-2022-0316
RESERVED
-CVE-2022-0315
- RESERVED
+CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod
prior to ...)
+ TODO: check
CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes
the insta ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-23778
@@ -14962,7 +15020,7 @@ CVE-2022-22846 (The dnslib package through 0.9.16 for
Python does not verify tha
CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the
same 167 ...)
NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER
CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in
tif_unix.c i ...)
- {DLA-2932-1}
+ {DSA-5108-1 DLA-2932-1}
- tiff 4.3.0-3
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
@@ -15411,8 +15469,8 @@ CVE-2022-22733 (Exposure of Sensitive Information to an
Unauthorized Actor vulne
NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
-CVE-2022-0153
- RESERVED
+CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to
5.11.1. ...)
+ TODO: check
CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -15427,8 +15485,8 @@ CVE-2022-0147 (The Cookie Information | Free GDPR
Consent Solution WordPress plu
NOT-FOR-US: WordPress plugin
CVE-2022-0146
RESERVED
-CVE-2022-0145
- RESERVED
+CVE-2022-0145 (Cross-site Scripting (XSS) - Stored in GitHub repository
forkcms/forkc ...)
+ TODO: check
CVE-2021-46162 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
NOT-FOR-US: Siemens
CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2
(All ve ...)
@@ -16480,8 +16538,8 @@ CVE-2022-22376
RESERVED
CVE-2022-22375
RESERVED
-CVE-2022-22374
- RESERVED
+CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may
be subj ...)
+ TODO: check
CVE-2022-22373
RESERVED
CVE-2022-22372
@@ -21437,8 +21495,8 @@ CVE-2022-21822 (NVIDIA FLARE contains a vulnerability
in the admin interface, wh
NOT-FOR-US: NVIDIA
CVE-2022-21821
RESERVED
-CVE-2022-21820
- RESERVED
+CVE-2022-21820 (NVIDIA DCGM contains a vulnerability in nvhostengine, where a
network ...)
+ TODO: check
CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability
where an ...)
NOT-FOR-US: NVIDIA
CVE-2022-21818 (NVIDIA License System contains a vulnerability in the
installation scr ...)
@@ -25880,8 +25938,8 @@ CVE-2021-43702
RESERVED
CVE-2021-43701
RESERVED
-CVE-2021-43700
- RESERVED
+CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql
injection vuln ...)
+ TODO: check
CVE-2021-43699
RESERVED
CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site
Scripti ...)
@@ -25949,8 +26007,8 @@ CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial
of service) after receivi
NOTE: https://github.com/ethereum/go-ethereum/issues/23866
CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric
v1.4.0, v2.0.0 ...)
NOT-FOR-US: HyperLedger
-CVE-2021-43666
- RESERVED
+CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and
earlier ...)
+ TODO: check
CVE-2021-43665
RESERVED
CVE-2021-43664
@@ -25963,8 +26021,8 @@ CVE-2021-43661
RESERVED
CVE-2021-43660
RESERVED
-CVE-2021-43659
- RESERVED
+CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar,
any file c ...)
+ TODO: check
CVE-2021-43658
RESERVED
CVE-2021-43657
@@ -28512,10 +28570,10 @@ CVE-2021-43087
RESERVED
CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the
compressi ...)
NOT-FOR-US: ARM astcenc
-CVE-2021-43085
- RESERVED
-CVE-2021-43084
- RESERVED
+CVE-2021-43085 (An Insecure Permissions vulnerability exists in the OpenSSL
Project 3. ...)
+ TODO: check
+CVE-2021-43084 (An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via
the tab ...)
+ TODO: check
CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to
a Rest ...)
NOT-FOR-US: bookstack
CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF
check whe ...)
@@ -38577,8 +38635,8 @@ CVE-2021-39493
RESERVED
CVE-2021-39492
RESERVED
-CVE-2021-39491
- RESERVED
+CVE-2021-39491 (A Cross Site Scripting (XSS) vulnerability exists in Yogesh
Ojha reNgi ...)
+ TODO: check
CVE-2021-39490
RESERVED
CVE-2021-39489
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c94b874f7f615a6d69c9f1740c3c2e3a33a4059
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c94b874f7f615a6d69c9f1740c3c2e3a33a4059
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
