[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 14 21:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f71c4a0 by security tracker role at 2022-04-14T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-29265
+ RESERVED
+CVE-2022-1364
+ RESERVED
+CVE-2022-1363
+ RESERVED
+CVE-2022-1362
+ RESERVED
+CVE-2022-1361
+ RESERVED
+CVE-2022-1360
+ RESERVED
+CVE-2022-1359
+ RESERVED
+CVE-2022-1358
+ RESERVED
+CVE-2022-1357
+ RESERVED
+CVE-2022-1356
+ RESERVED
+CVE-2022-1355
+ RESERVED
+CVE-2022-1354
+ RESERVED
+CVE-2022-1353
+ RESERVED
+CVE-2022-1352
+ RESERVED
+CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...)
+ TODO: check
CVE-2022-29264
RESERVED
CVE-2022-28719
@@ -1414,8 +1444,8 @@ CVE-2022-1281
CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
-CVE-2022-1279
- RESERVED
+CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS messages in ...)
+ TODO: check
CVE-2022-1278
RESERVED
CVE-2022-1277
@@ -1454,12 +1484,12 @@ CVE-2022-1260
RESERVED
CVE-2022-1259
RESERVED
-CVE-2022-1258
- RESERVED
-CVE-2022-1257
- RESERVED
-CVE-2022-1256
- RESERVED
+CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) ...)
+ TODO: check
+CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for Linu ...)
+ TODO: check
+CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to ...)
+ TODO: check
CVE-2022-1255
RESERVED
CVE-2022-1254
@@ -2264,6 +2294,7 @@ CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Dj
NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13)
NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28)
CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...)
+ {DLA-2982-1}
- python-django 2:3.2.13-1 (bug #1009677)
NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main)
@@ -3975,14 +4006,14 @@ CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An informat
NOT-FOR-US: SWHKD
CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...)
NOT-FOR-US: SWHKD
-CVE-2022-27817
- RESERVED
+CVE-2022-27817 (SWHKD 1.1.5 consumes the keyboard events of unintended users. This cou ...)
+ TODO: check
CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...)
NOT-FOR-US: SWHKD
CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an ...)
NOT-FOR-US: SWHKD
-CVE-2022-27814
- RESERVED
+CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. ...)
+ TODO: check
CVE-2022-27813
RESERVED
CVE-2022-27812
@@ -4778,36 +4809,36 @@ CVE-2022-27460
RESERVED
CVE-2022-27459
RESERVED
-CVE-2022-27458
- RESERVED
-CVE-2022-27457
- RESERVED
-CVE-2022-27456
- RESERVED
-CVE-2022-27455
- RESERVED
+CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ TODO: check
+CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ TODO: check
+CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ TODO: check
+CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ TODO: check
CVE-2022-27454
RESERVED
CVE-2022-27453
RESERVED
-CVE-2022-27452
- RESERVED
-CVE-2022-27451
- RESERVED
+CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ TODO: check
+CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ TODO: check
CVE-2022-27450
RESERVED
-CVE-2022-27449
- RESERVED
-CVE-2022-27448
- RESERVED
-CVE-2022-27447
- RESERVED
-CVE-2022-27446
- RESERVED
-CVE-2022-27445
- RESERVED
-CVE-2022-27444
- RESERVED
+CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ TODO: check
+CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and below via 'n ...)
+ TODO: check
+CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-after-f ...)
+ TODO: check
+CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ TODO: check
+CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ TODO: check
+CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ TODO: check
CVE-2022-27443
RESERVED
CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log directory and o ...)
@@ -6037,10 +6068,10 @@ CVE-2022-27010
RESERVED
CVE-2022-27009
RESERVED
-CVE-2022-27008
- RESERVED
-CVE-2022-27007
- RESERVED
+CVE-2022-27008 (nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Arr ...)
+ TODO: check
+CVE-2022-27007 (nginx njs 0.7.2 is affected suffers from Use-after-free in njs_functio ...)
+ TODO: check
CVE-2022-27006
RESERVED
CVE-2022-27005 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...)
@@ -7266,8 +7297,8 @@ CVE-2022-0870 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs
NOT-FOR-US: Go Git Service
CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.1 ...)
NOT-FOR-US: Spirit forum software
-CVE-2022-26507
- RESERVED
+CVE-2022-26507 (** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in ...)
+ TODO: check
CVE-2022-26506
RESERVED
CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 a ...)
@@ -11028,10 +11059,10 @@ CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2
NOT-FOR-US: Jenkins plugin
CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25166
- RESERVED
-CVE-2022-25165
- RESERVED
+CVE-2022-25166 (An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible ...)
+ TODO: check
+CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race ...)
+ TODO: check
CVE-2022-25164
RESERVED
CVE-2022-25163
@@ -20641,8 +20672,8 @@ CVE-2022-22393
RESERVED
CVE-2022-22392
RESERVED
-CVE-2022-22391
- RESERVED
+CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authen ...)
+ TODO: check
CVE-2022-22390
RESERVED
CVE-2022-22389
@@ -23033,42 +23064,42 @@ CVE-2022-22200
RESERVED
CVE-2022-22199
RESERVED
-CVE-2022-22198
- RESERVED
-CVE-2022-22197
- RESERVED
-CVE-2022-22196
- RESERVED
-CVE-2022-22195
- RESERVED
-CVE-2022-22194
- RESERVED
-CVE-2022-22193
- RESERVED
+CVE-2022-22198 (An Access of Uninitialized Pointer vulnerability in the SIP ALG of Jun ...)
+ TODO: check
+CVE-2022-22197 (An Operation on a Resource after Expiration or Release vulnerability i ...)
+ TODO: check
+CVE-2022-22196 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2022-22195 (An Improper Update of Reference Count vulnerability in the kernel of J ...)
+ TODO: check
+CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ TODO: check
+CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in the Rout ...)
+ TODO: check
CVE-2022-22192
RESERVED
-CVE-2022-22191
- RESERVED
-CVE-2022-22190
- RESERVED
-CVE-2022-22189
- RESERVED
-CVE-2022-22188
- RESERVED
-CVE-2022-22187
- RESERVED
-CVE-2022-22186
- RESERVED
-CVE-2022-22185
- RESERVED
+CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a flood o ...)
+ TODO: check
+CVE-2022-22190 (An Improper Access Control vulnerability in the Juniper Networks Parag ...)
+ TODO: check
+CVE-2022-22189 (An Incorrect Ownership Assignment vulnerability in Juniper Networks Co ...)
+ TODO: check
+CVE-2022-22188 (An Uncontrolled Memory Allocation vulnerability leading to a Heap-base ...)
+ TODO: check
+CVE-2022-22187 (An Improper Privilege Management vulnerability in the Windows Installe ...)
+ TODO: check
+CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...)
+ TODO: check
+CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series, allows a n ...)
+ TODO: check
CVE-2022-22184
RESERVED
-CVE-2022-22183
- RESERVED
-CVE-2022-22182
- RESERVED
-CVE-2022-22181
- RESERVED
+CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks Junos OS ...)
+ TODO: check
+CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos O ...)
+ TODO: check
+CVE-2022-22181 (A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Junip ...)
+ TODO: check
CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...)
@@ -24144,10 +24175,10 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific
- airflow <itp> (bug #819700)
CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen was suscep ...)
- airflow <itp> (bug #819700)
-CVE-2021-45228
- RESERVED
-CVE-2021-45227
- RESERVED
+CVE-2021-45228 (An XSS issue was discovered in COINS Construction Cloud 11.12. Due to ...)
+ TODO: check
+CVE-2021-45227 (An issue was discovered in COINS Construction Cloud 11.12. Due to an i ...)
+ TODO: check
CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
NOT-FOR-US: COINS Construction Cloud
CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
@@ -30250,8 +30281,8 @@ CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex befor
NOT-FOR-US: Codex
CVE-2021-43634
RESERVED
-CVE-2021-43633
- RESERVED
+CVE-2021-43633 (Sourcecodester Messaging Web Application 1.0 is vulnerable to stored X ...)
+ TODO: check
CVE-2021-43632
RESERVED
CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
@@ -31311,16 +31342,16 @@ CVE-2021-43292
RESERVED
CVE-2021-43291
RESERVED
-CVE-2021-43290
- RESERVED
-CVE-2021-43289
- RESERVED
-CVE-2021-43288
- RESERVED
-CVE-2021-43287
- RESERVED
-CVE-2021-43286
- RESERVED
+CVE-2021-43290 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+ TODO: check
+CVE-2021-43289 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+ TODO: check
+CVE-2021-43288 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+ TODO: check
+CVE-2021-43287 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. The busine ...)
+ TODO: check
+CVE-2021-43286 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+ TODO: check
CVE-2021-43285
RESERVED
CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f71c4a02ca9ce9ae3d67690324ffdf870c602ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f71c4a02ca9ce9ae3d67690324ffdf870c602ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220414/ed2b5790/attachment.htm>
More information about the debian-security-tracker-commits
mailing list