[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 14 09:10:23 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
846efafd by security tracker role at 2022-04-14T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2022-29264
+	RESERVED
+CVE-2022-28719
+	RESERVED
+CVE-2022-1350 (A vulnerability classified as problematic was found in Ghostscript 9.5 ...)
+	TODO: check
+CVE-2022-1349
+	RESERVED
+CVE-2022-1348
+	RESERVED
+CVE-2022-1347 (Stored XSS in the "Username" & "Email" input fields leads to accou ...)
+	TODO: check
+CVE-2022-1346 (Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1 ...)
+	TODO: check
+CVE-2022-1345 (Stored XSS viva .svg file upload in GitHub repository causefx/organizr ...)
+	TODO: check
 CVE-2022-29261
 	RESERVED
 CVE-2022-29260
@@ -4707,8 +4723,8 @@ CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All
 	NOT-FOR-US: Siemens SCALANCE
 CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...)
 	TODO: check
-CVE-2022-27479
-	RESERVED
+CVE-2022-27479 (Apache Superset before 1.4.2 is vulnerable to SQL injection in chart d ...)
+	TODO: check
 CVE-2022-27478
 	RESERVED
 CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload  ...)
@@ -5187,7 +5203,7 @@ CVE-2022-27258
 	RESERVED
 CVE-2022-27257
 	RESERVED
-CVE-2022-27256 (An open redirect vulnerability in Hubzilla before version 7.2 allows r ...)
+CVE-2022-27256 (A PHP Local File inclusion vulnerability in the Redbasic theme for Hub ...)
 	TODO: check
 CVE-2022-27255
 	RESERVED
@@ -11871,16 +11887,16 @@ CVE-2022-24849
 	RESERVED
 CVE-2022-24848
 	RESERVED
-CVE-2022-24847
-	RESERVED
+CVE-2022-24847 (GeoServer is an open source software server written in Java that allow ...)
+	TODO: check
 CVE-2022-24846
 	RESERVED
-CVE-2022-24845
-	RESERVED
-CVE-2022-24844
-	RESERVED
-CVE-2022-24843
-	RESERVED
+CVE-2022-24845 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
+	TODO: check
+CVE-2022-24844 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
+	TODO: check
+CVE-2022-24843 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
+	TODO: check
 CVE-2022-24842 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
 	TODO: check
 CVE-2022-24841
@@ -11911,8 +11927,8 @@ CVE-2022-24830
 	RESERVED
 CVE-2022-24829 (Garden is an automation platform for Kubernetes development and testin ...)
 	TODO: check
-CVE-2022-24828
-	RESERVED
+CVE-2022-24828 (Composer is a dependency manager for the PHP programming language. Int ...)
+	TODO: check
 CVE-2022-24827 (Elide is a Java library that lets you stand up a GraphQL/JSON-API web  ...)
 	TODO: check
 CVE-2022-24826
@@ -11931,12 +11947,12 @@ CVE-2022-24820 (XWiki Platform is a generic wiki platform offering runtime servi
 	NOT-FOR-US: XWiki
 CVE-2022-24819 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
 	NOT-FOR-US: XWiki
-CVE-2022-24818
-	RESERVED
+CVE-2022-24818 (GeoTools is an open source Java library that provides tools for geospa ...)
+	TODO: check
 CVE-2022-24817
 	RESERVED
-CVE-2022-24816
-	RESERVED
+CVE-2022-24816 (JAI-EXT is an open-source project which aims to extend the Java Advanc ...)
+	TODO: check
 CVE-2022-24815 (JHipster is a development platform to quickly generate, develop, & ...)
 	TODO: check
 CVE-2022-24814 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -12004,8 +12020,8 @@ CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server
 	NOTE: https://github.com/puma/puma/commit/6c514e70f5ae0ff14c9b0091fa84bfa39b022025 (v5.6.3)
 CVE-2022-24789 (C1 CMS is an open-source, .NET based Content Management System (CMS).  ...)
 	NOT-FOR-US: C1 CMS
-CVE-2022-24788
-	RESERVED
+CVE-2022-24788 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
+	TODO: check
 CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
 	NOT-FOR-US: Vyper
 CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -21644,8 +21660,8 @@ CVE-2022-0025
 	RESERVED
 CVE-2022-0024
 	RESERVED
-CVE-2022-0023
-	RESERVED
+CVE-2022-0023 (An improper handling of exceptional conditions vulnerability exists in ...)
+	TODO: check
 CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...)
@@ -32586,8 +32602,8 @@ CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability
 	NOT-FOR-US: ProjectWorlds Online Book Store PHP
 CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
 	NOT-FOR-US: ProjectWorlds Online Book Store PHP
-CVE-2021-43154
-	RESERVED
+CVE-2021-43154 (Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2 ...)
+	TODO: check
 CVE-2021-43153
 	RESERVED
 CVE-2021-43152
@@ -38809,8 +38825,8 @@ CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affe
 	NOT-FOR-US: Vyper
 CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...)
 	NOT-FOR-US: sylius/paypal-plugin
-CVE-2021-41119
-	RESERVED
+CVE-2021-41119 (Wire-server is the system server for the wire back-end services. Relea ...)
+	TODO: check
 CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
 	NOT-FOR-US: DynamicPageList3 MediaWiki Extension
 CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/846efafdbf9429f3c850993533237ecf6410848f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/846efafdbf9429f3c850993533237ecf6410848f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220414/dacff74e/attachment.htm>

More information about the debian-security-tracker-commits mailing list