Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e54423dd by security tracker role at 2022-03-26T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,107 @@ -CVE-2022-27887 +CVE-2022-27927 RESERVED -CVE-2022-27886 +CVE-2022-27926 RESERVED -CVE-2022-27885 +CVE-2022-27925 RESERVED -CVE-2022-27884 +CVE-2022-27924 RESERVED +CVE-2022-27923 + RESERVED +CVE-2022-27922 + RESERVED +CVE-2022-27921 + RESERVED +CVE-2022-27920 (libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functi ...) + TODO: check +CVE-2022-27919 (Gradle Enterprise before 2022.1 allows remote code execution if the in ...) + TODO: check +CVE-2022-27918 + RESERVED +CVE-2022-27917 + RESERVED +CVE-2022-27916 + RESERVED +CVE-2022-27915 + RESERVED +CVE-2022-27914 + RESERVED +CVE-2022-27913 + RESERVED +CVE-2022-27912 + RESERVED +CVE-2022-27911 + RESERVED +CVE-2022-27910 + RESERVED +CVE-2022-27909 + RESERVED +CVE-2022-27908 + RESERVED +CVE-2022-27907 + RESERVED +CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To ...) + TODO: check +CVE-2022-27905 + RESERVED +CVE-2022-27904 + RESERVED +CVE-2022-27903 + RESERVED +CVE-2022-27902 + RESERVED +CVE-2022-27901 + RESERVED +CVE-2022-27900 + RESERVED +CVE-2022-27899 + RESERVED +CVE-2022-27898 + RESERVED +CVE-2022-27897 + RESERVED +CVE-2022-27896 + RESERVED +CVE-2022-27895 + RESERVED +CVE-2022-27894 + RESERVED +CVE-2022-27893 + RESERVED +CVE-2022-27892 + RESERVED +CVE-2022-27891 + RESERVED +CVE-2022-27890 + RESERVED +CVE-2022-27889 + RESERVED +CVE-2022-27888 + RESERVED +CVE-2022-1102 + RESERVED +CVE-2022-1101 + RESERVED +CVE-2022-1100 + RESERVED +CVE-2022-1099 + RESERVED +CVE-2022-1098 + RESERVED +CVE-2021-46742 + RESERVED +CVE-2021-46741 + RESERVED +CVE-2021-46740 + RESERVED +CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) + TODO: check +CVE-2022-27886 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) + TODO: check +CVE-2022-27885 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...) + TODO: check +CVE-2022-27884 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) + TODO: check CVE-2022-27883 RESERVED CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedn ...) @@ -98,8 +194,8 @@ CVE-2022-27494 RESERVED CVE-2022-26423 RESERVED -CVE-2022-1071 - RESERVED +CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...) + TODO: check CVE-2022-1070 RESERVED CVE-2022-1069 @@ -3130,8 +3226,8 @@ CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Serv NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 CVE-2022-26660 (RunAsSpc 4.0 uses a universal and recoverable encryption key. In posse ...) NOT-FOR-US: RunAsSpc -CVE-2022-26659 - RESERVED +CVE-2022-26659 (Docker Desktop installer on Windows in versions before 4.6.0 allows an ...) + TODO: check CVE-2022-26658 RESERVED CVE-2022-26657 @@ -3306,8 +3402,8 @@ CVE-2022-26575 RESERVED CVE-2022-26574 RESERVED -CVE-2022-26573 - RESERVED +CVE-2022-26573 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...) + TODO: check CVE-2022-26572 RESERVED CVE-2022-26571 @@ -4294,8 +4390,8 @@ CVE-2022-26199 RESERVED CVE-2022-26198 RESERVED -CVE-2022-26197 - RESERVED +CVE-2022-26197 (Joget DX 7 was discovered to contain a cross-site scripting (XSS) vuln ...) + TODO: check CVE-2022-26196 RESERVED CVE-2022-26195 @@ -5965,8 +6061,8 @@ CVE-2022-25592 RESERVED CVE-2022-25591 RESERVED -CVE-2022-25590 - RESERVED +CVE-2022-25590 (SurveyKing v0.2.0 was discovered to retain users' session cookies afte ...) + TODO: check CVE-2022-25589 RESERVED CVE-2022-25588 @@ -6099,8 +6195,8 @@ CVE-2022-25525 RESERVED CVE-2022-25524 RESERVED -CVE-2022-25523 - RESERVED +CVE-2022-25523 (TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forg ...) + TODO: check CVE-2022-25522 RESERVED CVE-2022-25521 @@ -8172,10 +8268,10 @@ CVE-2022-24786 RESERVED CVE-2022-24785 RESERVED -CVE-2022-24784 - RESERVED -CVE-2022-24783 - RESERVED +CVE-2022-24784 (Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and ...) + TODO: check +CVE-2022-24783 (Deno is a runtime for JavaScript and TypeScript. The versions of Deno ...) + TODO: check CVE-2022-24782 (Discourse is an open source discussion platform. Versions 2.8.2 and pr ...) NOT-FOR-US: Discourse CVE-2022-24781 (Geon is a board game based on solving questions about the Pythagorean ...) @@ -8719,8 +8815,8 @@ CVE-2022-24645 RESERVED CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code e ...) NOT-FOR-US: KeyMouse -CVE-2022-24643 - RESERVED +CVE-2022-24643 (A stored cross-site scripting (XSS) issue was discovered in the OpenEM ...) + TODO: check CVE-2022-24642 RESERVED CVE-2022-24641 @@ -14487,8 +14583,8 @@ CVE-2022-22997 RESERVED CVE-2022-22996 RESERVED -CVE-2022-22995 - RESERVED +CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default ...) + TODO: check CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...) NOT-FOR-US: Western Digital CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...) @@ -17534,8 +17630,8 @@ CVE-2022-22276 RESERVED CVE-2022-22275 RESERVED -CVE-2022-22274 - RESERVED +CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via HTTP re ...) + TODO: check CVE-2022-22273 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Ele ...) NOT-FOR-US: Sonicwall CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...) @@ -21299,8 +21395,8 @@ CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via fil NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 NOTE: The initial fix for prototype pollution (cf. SNYK-JS-MINIMIST-559764) in setKey() NOTE: was insufficient. -CVE-2021-44905 - RESERVED +CVE-2021-44905 (Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD ...) + TODO: check CVE-2021-44904 RESERVED CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable ...) @@ -22080,8 +22176,8 @@ CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches NOT-FOR-US: git-it CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...) NOT-FOR-US: naholyr github-todos -CVE-2021-44683 - RESERVED +CVE-2021-44683 (The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due t ...) + TODO: check CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...) NOT-FOR-US: Veritas CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...) @@ -35319,12 +35415,12 @@ CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purch NOT-FOR-US: Sourcecodester CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...) NOT-FOR-US: Sourcecodester -CVE-2021-40906 - RESERVED -CVE-2021-40905 - RESERVED -CVE-2021-40904 - RESERVED +CVE-2021-40906 (CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not saniti ...) + TODO: check +CVE-2021-40905 (The web management console of CheckMK Enterprise Edition (versions 1.5 ...) + TODO: check +CVE-2021-40904 (The web management console of CheckMK Raw Edition (versions 1.5.0 to 1 ...) + TODO: check CVE-2021-40903 RESERVED CVE-2021-40902 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54423dd4e1691db894355c2c70e950e41802509 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54423dd4e1691db894355c2c70e950e41802509 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits