[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 13 09:10:36 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb9fece1 by security tracker role at 2022-04-13T08:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2022-29157
+	RESERVED
+CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16 ...)
+	TODO: check
+CVE-2022-29155
+	RESERVED
+CVE-2022-29154
+	RESERVED
+CVE-2022-29153
+	RESERVED
+CVE-2022-29152
+	RESERVED
+CVE-2022-29151
+	RESERVED
+CVE-2022-29150
+	RESERVED
+CVE-2022-29149
+	RESERVED
+CVE-2022-29148
+	RESERVED
+CVE-2022-29147
+	RESERVED
+CVE-2022-29146
+	RESERVED
+CVE-2022-29145
+	RESERVED
+CVE-2022-29144
+	RESERVED
+CVE-2022-29143
+	RESERVED
+CVE-2022-29142
+	RESERVED
+CVE-2022-29141
+	RESERVED
+CVE-2022-29140
+	RESERVED
+CVE-2022-29139
+	RESERVED
+CVE-2022-29138
+	RESERVED
+CVE-2022-29137
+	RESERVED
+CVE-2022-29136
+	RESERVED
+CVE-2022-29135
+	RESERVED
+CVE-2022-29134
+	RESERVED
+CVE-2022-29133
+	RESERVED
+CVE-2022-29132
+	RESERVED
+CVE-2022-29131
+	RESERVED
+CVE-2022-29130
+	RESERVED
+CVE-2022-29129
+	RESERVED
+CVE-2022-29128
+	RESERVED
+CVE-2022-29127
+	RESERVED
+CVE-2022-29126
+	RESERVED
+CVE-2022-29125
+	RESERVED
+CVE-2022-29124
+	RESERVED
+CVE-2022-29123
+	RESERVED
+CVE-2022-29122
+	RESERVED
+CVE-2022-29121
+	RESERVED
+CVE-2022-29120
+	RESERVED
+CVE-2022-29119
+	RESERVED
+CVE-2022-29118
+	RESERVED
+CVE-2022-29117
+	RESERVED
+CVE-2022-29116
+	RESERVED
+CVE-2022-29115
+	RESERVED
+CVE-2022-29114
+	RESERVED
+CVE-2022-29113
+	RESERVED
+CVE-2022-29112
+	RESERVED
+CVE-2022-29111
+	RESERVED
+CVE-2022-29110
+	RESERVED
+CVE-2022-29109
+	RESERVED
+CVE-2022-29108
+	RESERVED
+CVE-2022-29107
+	RESERVED
+CVE-2022-29106
+	RESERVED
+CVE-2022-29105
+	RESERVED
+CVE-2022-29104
+	RESERVED
+CVE-2022-29103
+	RESERVED
+CVE-2022-29102
+	RESERVED
+CVE-2022-29101
+	RESERVED
+CVE-2022-29100
+	RESERVED
+CVE-2022-29099
+	RESERVED
+CVE-2022-29098
+	RESERVED
+CVE-2022-29097
+	RESERVED
+CVE-2022-29096
+	RESERVED
+CVE-2022-29095
+	RESERVED
+CVE-2022-29094
+	RESERVED
+CVE-2022-29093
+	RESERVED
+CVE-2022-29092
+	RESERVED
+CVE-2022-29091
+	RESERVED
+CVE-2022-29090
+	RESERVED
+CVE-2022-29089
+	RESERVED
+CVE-2022-29088
+	RESERVED
+CVE-2022-29087
+	RESERVED
+CVE-2022-29086
+	RESERVED
+CVE-2022-29085
+	RESERVED
+CVE-2022-29084
+	RESERVED
+CVE-2022-29083
+	RESERVED
+CVE-2022-29082
+	RESERVED
+CVE-2022-1332
+	RESERVED
+CVE-2022-1331
+	RESERVED
+CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...)
+	TODO: check
+CVE-2022-1329
+	RESERVED
 CVE-2022-1328
 	RESERVED
 CVE-2022-1327
@@ -82,40 +242,40 @@ CVE-2022-29054
 	RESERVED
 CVE-2022-29053
 	RESERVED
-CVE-2022-29052
-	RESERVED
-CVE-2022-29051
-	RESERVED
-CVE-2022-29050
-	RESERVED
-CVE-2022-29049
-	RESERVED
-CVE-2022-29048
-	RESERVED
-CVE-2022-29047
-	RESERVED
-CVE-2022-29046
-	RESERVED
-CVE-2022-29045
-	RESERVED
-CVE-2022-29044
-	RESERVED
-CVE-2022-29043
-	RESERVED
-CVE-2022-29042
-	RESERVED
-CVE-2022-29041
-	RESERVED
-CVE-2022-29040
-	RESERVED
-CVE-2022-29039
-	RESERVED
-CVE-2022-29038
-	RESERVED
-CVE-2022-29037
-	RESERVED
-CVE-2022-29036
-	RESERVED
+CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private  ...)
+	TODO: check
+CVE-2022-29051 (Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and  ...)
+	TODO: check
+CVE-2022-29050 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...)
+	TODO: check
+CVE-2022-29049 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except  ...)
+	TODO: check
+CVE-2022-29048 (A cross-site request forgery (CSRF) vulnerability in Jenkins Subversio ...)
+	TODO: check
+CVE-2022-29047 (Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039  ...)
+	TODO: check
+CVE-2022-29046 (Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name  ...)
+	TODO: check
+CVE-2022-29045 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except  ...)
+	TODO: check
+CVE-2022-29044 (Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not es ...)
+	TODO: check
+CVE-2022-29043 (Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name ...)
+	TODO: check
+CVE-2022-29042 (Jenkins Job Generator Plugin 1.22 and earlier does not escape the name ...)
+	TODO: check
+CVE-2022-29041 (Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the ...)
+	TODO: check
+CVE-2022-29040 (Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the na ...)
+	TODO: check
+CVE-2022-29039 (Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the n ...)
+	TODO: check
+CVE-2022-29038 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...)
+	TODO: check
+CVE-2022-29037 (Jenkins CVS Plugin 2.19 and earlier does not escape the name and descr ...)
+	TODO: check
+CVE-2022-29036 (Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 108 ...)
+	TODO: check
 CVE-2022-29035 (In JetBrains Ktor Native before version 2.0.0 random values used for n ...)
 	NOT-FOR-US: JetBrains Ktor
 CVE-2022-29034
@@ -136,51 +296,61 @@ CVE-2022-1315
 	RESERVED
 CVE-2022-1314
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1313
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1312
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1311
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1310
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1309
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1308
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1307
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1306
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1305
 	RESERVED
+	{DSA-5120-1}
 	- chromium 100.0.4896.88-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -4420,14 +4590,14 @@ CVE-2022-27421
 	RESERVED
 CVE-2022-27420
 	RESERVED
-CVE-2022-27419
-	RESERVED
-CVE-2022-27418
-	RESERVED
+CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...)
+	TODO: check
+CVE-2022-27418 (Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math  ...)
+	TODO: check
 CVE-2022-27417
 	RESERVED
-CVE-2022-27416
-	RESERVED
+CVE-2022-27416 (Tcpreplay v4.4.1 was discovered to contain a double-free via __interce ...)
+	TODO: check
 CVE-2022-27415
 	RESERVED
 CVE-2022-27414
@@ -4484,30 +4654,30 @@ CVE-2022-27389
 	RESERVED
 CVE-2022-27388
 	RESERVED
-CVE-2022-27387
-	RESERVED
-CVE-2022-27386
-	RESERVED
-CVE-2022-27385
-	RESERVED
-CVE-2022-27384
-	RESERVED
-CVE-2022-27383
-	RESERVED
-CVE-2022-27382
-	RESERVED
-CVE-2022-27381
-	RESERVED
-CVE-2022-27380
-	RESERVED
-CVE-2022-27379
-	RESERVED
-CVE-2022-27378
-	RESERVED
-CVE-2022-27377
-	RESERVED
-CVE-2022-27376
-	RESERVED
+CVE-2022-27387 (MariaDB Server v10.7 and below was discovered to contain a global buff ...)
+	TODO: check
+CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
+	TODO: check
+CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...)
+	TODO: check
+CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracker of M ...)
+	TODO: check
+CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-after- ...)
+	TODO: check
+CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
+	TODO: check
+CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v10.6 a ...)
+	TODO: check
+CVE-2022-27380 (An issue in the component my_decimal::operator= of MariaDB Server v10. ...)
+	TODO: check
+CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of MariaD ...)
+	TODO: check
+CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB Server ...)
+	TODO: check
+CVE-2022-27377 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+	TODO: check
+CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an use-afte ...)
+	TODO: check
 CVE-2022-27375
 	RESERVED
 CVE-2022-27374
@@ -6010,8 +6180,8 @@ CVE-2022-0917
 	RESERVED
 CVE-2022-0916
 	RESERVED
-CVE-2022-0915
-	RESERVED
+CVE-2022-0915 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...)
+	TODO: check
 CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have CSRF in  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...)
@@ -6653,8 +6823,8 @@ CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated
 	NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
 CVE-2022-26590
 	RESERVED
-CVE-2022-26589
-	RESERVED
+CVE-2022-26589 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...)
+	TODO: check
 CVE-2022-26588 (A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attacke ...)
 	NOT-FOR-US: IceHrm
 CVE-2022-26587
@@ -7808,8 +7978,8 @@ CVE-2022-26153
 	RESERVED
 CVE-2022-26152
 	RESERVED
-CVE-2022-26151
-	RESERVED
+CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10. ...)
+	TODO: check
 CVE-2022-26150
 	RESERVED
 CVE-2022-26080
@@ -13247,8 +13417,8 @@ CVE-2022-24283
 	RESERVED
 CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...)
 	NOT-FOR-US: Node karma
-CVE-2022-0436
-	RESERVED
+CVE-2022-0436 (Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. ...)
+	TODO: check
 CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
 	- mariadb-10.6 1:10.6.7-1
 	- mariadb-10.5 <removed>
@@ -13938,6 +14108,7 @@ CVE-2022-24072 (The devtools API in Whale browser before 3.12.129.18 allowed ext
 CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
 	NOT-FOR-US: Whale browser
 CVE-2022-24070 (Subversion's mod_dav_svn is vulnerable to memory corruption. While loo ...)
+	{DSA-5119-1}
 	- subversion 1.14.2-1
 	NOTE: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
 CVE-2022-0396 (BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S ...)
@@ -21063,8 +21234,8 @@ CVE-2022-22281
 	RESERVED
 CVE-2022-22280
 	RESERVED
-CVE-2022-22279
-	RESERVED
+CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file r ...)
+	TODO: check
 CVE-2022-22278
 	RESERVED
 CVE-2022-22277
@@ -26207,8 +26378,8 @@ CVE-2021-4040
 	NOT-FOR-US: Red Hat AMQ Broker
 CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyxel NW ...)
 	NOT-FOR-US: Zyxel
-CVE-2021-44520
-	RESERVED
+CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
+	TODO: check
 CVE-2021-44519
 	RESERVED
 CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
@@ -70194,6 +70365,7 @@ CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
 CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-28544 (Apache Subversion SVN authz protected copyfrom paths regression Subver ...)
+	{DSA-5119-1}
 	- subversion 1.14.2-1
 	NOTE: https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
 CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb9fece1e1efd5e95a3479f7ddfbcffcc030f04b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb9fece1e1efd5e95a3479f7ddfbcffcc030f04b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220413/5d5b62bd/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list