[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 13 09:10:36 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cb9fece1 by security tracker role at 2022-04-13T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2022-29157
+ RESERVED
+CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16 ...)
+ TODO: check
+CVE-2022-29155
+ RESERVED
+CVE-2022-29154
+ RESERVED
+CVE-2022-29153
+ RESERVED
+CVE-2022-29152
+ RESERVED
+CVE-2022-29151
+ RESERVED
+CVE-2022-29150
+ RESERVED
+CVE-2022-29149
+ RESERVED
+CVE-2022-29148
+ RESERVED
+CVE-2022-29147
+ RESERVED
+CVE-2022-29146
+ RESERVED
+CVE-2022-29145
+ RESERVED
+CVE-2022-29144
+ RESERVED
+CVE-2022-29143
+ RESERVED
+CVE-2022-29142
+ RESERVED
+CVE-2022-29141
+ RESERVED
+CVE-2022-29140
+ RESERVED
+CVE-2022-29139
+ RESERVED
+CVE-2022-29138
+ RESERVED
+CVE-2022-29137
+ RESERVED
+CVE-2022-29136
+ RESERVED
+CVE-2022-29135
+ RESERVED
+CVE-2022-29134
+ RESERVED
+CVE-2022-29133
+ RESERVED
+CVE-2022-29132
+ RESERVED
+CVE-2022-29131
+ RESERVED
+CVE-2022-29130
+ RESERVED
+CVE-2022-29129
+ RESERVED
+CVE-2022-29128
+ RESERVED
+CVE-2022-29127
+ RESERVED
+CVE-2022-29126
+ RESERVED
+CVE-2022-29125
+ RESERVED
+CVE-2022-29124
+ RESERVED
+CVE-2022-29123
+ RESERVED
+CVE-2022-29122
+ RESERVED
+CVE-2022-29121
+ RESERVED
+CVE-2022-29120
+ RESERVED
+CVE-2022-29119
+ RESERVED
+CVE-2022-29118
+ RESERVED
+CVE-2022-29117
+ RESERVED
+CVE-2022-29116
+ RESERVED
+CVE-2022-29115
+ RESERVED
+CVE-2022-29114
+ RESERVED
+CVE-2022-29113
+ RESERVED
+CVE-2022-29112
+ RESERVED
+CVE-2022-29111
+ RESERVED
+CVE-2022-29110
+ RESERVED
+CVE-2022-29109
+ RESERVED
+CVE-2022-29108
+ RESERVED
+CVE-2022-29107
+ RESERVED
+CVE-2022-29106
+ RESERVED
+CVE-2022-29105
+ RESERVED
+CVE-2022-29104
+ RESERVED
+CVE-2022-29103
+ RESERVED
+CVE-2022-29102
+ RESERVED
+CVE-2022-29101
+ RESERVED
+CVE-2022-29100
+ RESERVED
+CVE-2022-29099
+ RESERVED
+CVE-2022-29098
+ RESERVED
+CVE-2022-29097
+ RESERVED
+CVE-2022-29096
+ RESERVED
+CVE-2022-29095
+ RESERVED
+CVE-2022-29094
+ RESERVED
+CVE-2022-29093
+ RESERVED
+CVE-2022-29092
+ RESERVED
+CVE-2022-29091
+ RESERVED
+CVE-2022-29090
+ RESERVED
+CVE-2022-29089
+ RESERVED
+CVE-2022-29088
+ RESERVED
+CVE-2022-29087
+ RESERVED
+CVE-2022-29086
+ RESERVED
+CVE-2022-29085
+ RESERVED
+CVE-2022-29084
+ RESERVED
+CVE-2022-29083
+ RESERVED
+CVE-2022-29082
+ RESERVED
+CVE-2022-1332
+ RESERVED
+CVE-2022-1331
+ RESERVED
+CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...)
+ TODO: check
+CVE-2022-1329
+ RESERVED
CVE-2022-1328
RESERVED
CVE-2022-1327
@@ -82,40 +242,40 @@ CVE-2022-29054
RESERVED
CVE-2022-29053
RESERVED
-CVE-2022-29052
- RESERVED
-CVE-2022-29051
- RESERVED
-CVE-2022-29050
- RESERVED
-CVE-2022-29049
- RESERVED
-CVE-2022-29048
- RESERVED
-CVE-2022-29047
- RESERVED
-CVE-2022-29046
- RESERVED
-CVE-2022-29045
- RESERVED
-CVE-2022-29044
- RESERVED
-CVE-2022-29043
- RESERVED
-CVE-2022-29042
- RESERVED
-CVE-2022-29041
- RESERVED
-CVE-2022-29040
- RESERVED
-CVE-2022-29039
- RESERVED
-CVE-2022-29038
- RESERVED
-CVE-2022-29037
- RESERVED
-CVE-2022-29036
- RESERVED
+CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private ...)
+ TODO: check
+CVE-2022-29051 (Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and ...)
+ TODO: check
+CVE-2022-29050 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...)
+ TODO: check
+CVE-2022-29049 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except ...)
+ TODO: check
+CVE-2022-29048 (A cross-site request forgery (CSRF) vulnerability in Jenkins Subversio ...)
+ TODO: check
+CVE-2022-29047 (Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 ...)
+ TODO: check
+CVE-2022-29046 (Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name ...)
+ TODO: check
+CVE-2022-29045 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except ...)
+ TODO: check
+CVE-2022-29044 (Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not es ...)
+ TODO: check
+CVE-2022-29043 (Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name ...)
+ TODO: check
+CVE-2022-29042 (Jenkins Job Generator Plugin 1.22 and earlier does not escape the name ...)
+ TODO: check
+CVE-2022-29041 (Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the ...)
+ TODO: check
+CVE-2022-29040 (Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the na ...)
+ TODO: check
+CVE-2022-29039 (Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the n ...)
+ TODO: check
+CVE-2022-29038 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...)
+ TODO: check
+CVE-2022-29037 (Jenkins CVS Plugin 2.19 and earlier does not escape the name and descr ...)
+ TODO: check
+CVE-2022-29036 (Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 108 ...)
+ TODO: check
CVE-2022-29035 (In JetBrains Ktor Native before version 2.0.0 random values used for n ...)
NOT-FOR-US: JetBrains Ktor
CVE-2022-29034
@@ -136,51 +296,61 @@ CVE-2022-1315
RESERVED
CVE-2022-1314
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1313
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1312
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1311
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1310
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1309
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1308
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1307
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1306
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1305
RESERVED
+ {DSA-5120-1}
- chromium 100.0.4896.88-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -4420,14 +4590,14 @@ CVE-2022-27421
RESERVED
CVE-2022-27420
RESERVED
-CVE-2022-27419
- RESERVED
-CVE-2022-27418
- RESERVED
+CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...)
+ TODO: check
+CVE-2022-27418 (Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math ...)
+ TODO: check
CVE-2022-27417
RESERVED
-CVE-2022-27416
- RESERVED
+CVE-2022-27416 (Tcpreplay v4.4.1 was discovered to contain a double-free via __interce ...)
+ TODO: check
CVE-2022-27415
RESERVED
CVE-2022-27414
@@ -4484,30 +4654,30 @@ CVE-2022-27389
RESERVED
CVE-2022-27388
RESERVED
-CVE-2022-27387
- RESERVED
-CVE-2022-27386
- RESERVED
-CVE-2022-27385
- RESERVED
-CVE-2022-27384
- RESERVED
-CVE-2022-27383
- RESERVED
-CVE-2022-27382
- RESERVED
-CVE-2022-27381
- RESERVED
-CVE-2022-27380
- RESERVED
-CVE-2022-27379
- RESERVED
-CVE-2022-27378
- RESERVED
-CVE-2022-27377
- RESERVED
-CVE-2022-27376
- RESERVED
+CVE-2022-27387 (MariaDB Server v10.7 and below was discovered to contain a global buff ...)
+ TODO: check
+CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
+ TODO: check
+CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...)
+ TODO: check
+CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracker of M ...)
+ TODO: check
+CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-after- ...)
+ TODO: check
+CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
+ TODO: check
+CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v10.6 a ...)
+ TODO: check
+CVE-2022-27380 (An issue in the component my_decimal::operator= of MariaDB Server v10. ...)
+ TODO: check
+CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of MariaD ...)
+ TODO: check
+CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB Server ...)
+ TODO: check
+CVE-2022-27377 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ TODO: check
+CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an use-afte ...)
+ TODO: check
CVE-2022-27375
RESERVED
CVE-2022-27374
@@ -6010,8 +6180,8 @@ CVE-2022-0917
RESERVED
CVE-2022-0916
RESERVED
-CVE-2022-0915
- RESERVED
+CVE-2022-0915 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...)
+ TODO: check
CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have CSRF in ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...)
@@ -6653,8 +6823,8 @@ CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated
NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-26590
RESERVED
-CVE-2022-26589
- RESERVED
+CVE-2022-26589 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...)
+ TODO: check
CVE-2022-26588 (A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attacke ...)
NOT-FOR-US: IceHrm
CVE-2022-26587
@@ -7808,8 +7978,8 @@ CVE-2022-26153
RESERVED
CVE-2022-26152
RESERVED
-CVE-2022-26151
- RESERVED
+CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10. ...)
+ TODO: check
CVE-2022-26150
RESERVED
CVE-2022-26080
@@ -13247,8 +13417,8 @@ CVE-2022-24283
RESERVED
CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...)
NOT-FOR-US: Node karma
-CVE-2022-0436
- RESERVED
+CVE-2022-0436 (Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. ...)
+ TODO: check
CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
@@ -13938,6 +14108,7 @@ CVE-2022-24072 (The devtools API in Whale browser before 3.12.129.18 allowed ext
CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
NOT-FOR-US: Whale browser
CVE-2022-24070 (Subversion's mod_dav_svn is vulnerable to memory corruption. While loo ...)
+ {DSA-5119-1}
- subversion 1.14.2-1
NOTE: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
CVE-2022-0396 (BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S ...)
@@ -21063,8 +21234,8 @@ CVE-2022-22281
RESERVED
CVE-2022-22280
RESERVED
-CVE-2022-22279
- RESERVED
+CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file r ...)
+ TODO: check
CVE-2022-22278
RESERVED
CVE-2022-22277
@@ -26207,8 +26378,8 @@ CVE-2021-4040
NOT-FOR-US: Red Hat AMQ Broker
CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyxel NW ...)
NOT-FOR-US: Zyxel
-CVE-2021-44520
- RESERVED
+CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
+ TODO: check
CVE-2021-44519
RESERVED
CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
@@ -70194,6 +70365,7 @@ CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier)
CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
NOT-FOR-US: Adobe
CVE-2021-28544 (Apache Subversion SVN authz protected copyfrom paths regression Subver ...)
+ {DSA-5119-1}
- subversion 1.14.2-1
NOTE: https://subversion.apache.org/security/CVE-2021-28544-advisory.txt
CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb9fece1e1efd5e95a3479f7ddfbcffcc030f04b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb9fece1e1efd5e95a3479f7ddfbcffcc030f04b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220413/5d5b62bd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list