[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 14 21:10:25 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f71c4a0 by security tracker role at 2022-04-14T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-29265
+	RESERVED
+CVE-2022-1364
+	RESERVED
+CVE-2022-1363
+	RESERVED
+CVE-2022-1362
+	RESERVED
+CVE-2022-1361
+	RESERVED
+CVE-2022-1360
+	RESERVED
+CVE-2022-1359
+	RESERVED
+CVE-2022-1358
+	RESERVED
+CVE-2022-1357
+	RESERVED
+CVE-2022-1356
+	RESERVED
+CVE-2022-1355
+	RESERVED
+CVE-2022-1354
+	RESERVED
+CVE-2022-1353
+	RESERVED
+CVE-2022-1352
+	RESERVED
+CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...)
+	TODO: check
 CVE-2022-29264
 	RESERVED
 CVE-2022-28719
@@ -1414,8 +1444,8 @@ CVE-2022-1281
 CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
-CVE-2022-1279
-	RESERVED
+CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS messages in  ...)
+	TODO: check
 CVE-2022-1278
 	RESERVED
 CVE-2022-1277
@@ -1454,12 +1484,12 @@ CVE-2022-1260
 	RESERVED
 CVE-2022-1259
 	RESERVED
-CVE-2022-1258
-	RESERVED
-CVE-2022-1257
-	RESERVED
-CVE-2022-1256
-	RESERVED
+CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO)  ...)
+	TODO: check
+CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for Linu ...)
+	TODO: check
+CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to  ...)
+	TODO: check
 CVE-2022-1255
 	RESERVED
 CVE-2022-1254
@@ -2264,6 +2294,7 @@ CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Dj
 	NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13)
 	NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28)
 CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...)
+	{DLA-2982-1}
 	- python-django 2:3.2.13-1 (bug #1009677)
 	NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
 	NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main)
@@ -3975,14 +4006,14 @@ CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An informat
 	NOT-FOR-US: SWHKD
 CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...)
 	NOT-FOR-US: SWHKD
-CVE-2022-27817
-	RESERVED
+CVE-2022-27817 (SWHKD 1.1.5 consumes the keyboard events of unintended users. This cou ...)
+	TODO: check
 CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...)
 	NOT-FOR-US: SWHKD
 CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an ...)
 	NOT-FOR-US: SWHKD
-CVE-2022-27814
-	RESERVED
+CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. ...)
+	TODO: check
 CVE-2022-27813
 	RESERVED
 CVE-2022-27812
@@ -4778,36 +4809,36 @@ CVE-2022-27460
 	RESERVED
 CVE-2022-27459
 	RESERVED
-CVE-2022-27458
-	RESERVED
-CVE-2022-27457
-	RESERVED
-CVE-2022-27456
-	RESERVED
-CVE-2022-27455
-	RESERVED
+CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+	TODO: check
+CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+	TODO: check
+CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+	TODO: check
+CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+	TODO: check
 CVE-2022-27454
 	RESERVED
 CVE-2022-27453
 	RESERVED
-CVE-2022-27452
-	RESERVED
-CVE-2022-27451
-	RESERVED
+CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+	TODO: check
+CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+	TODO: check
 CVE-2022-27450
 	RESERVED
-CVE-2022-27449
-	RESERVED
-CVE-2022-27448
-	RESERVED
-CVE-2022-27447
-	RESERVED
-CVE-2022-27446
-	RESERVED
-CVE-2022-27445
-	RESERVED
-CVE-2022-27444
-	RESERVED
+CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+	TODO: check
+CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and below via 'n ...)
+	TODO: check
+CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-after-f ...)
+	TODO: check
+CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+	TODO: check
+CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+	TODO: check
+CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+	TODO: check
 CVE-2022-27443
 	RESERVED
 CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log directory and o ...)
@@ -6037,10 +6068,10 @@ CVE-2022-27010
 	RESERVED
 CVE-2022-27009
 	RESERVED
-CVE-2022-27008
-	RESERVED
-CVE-2022-27007
-	RESERVED
+CVE-2022-27008 (nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Arr ...)
+	TODO: check
+CVE-2022-27007 (nginx njs 0.7.2 is affected suffers from Use-after-free in njs_functio ...)
+	TODO: check
 CVE-2022-27006
 	RESERVED
 CVE-2022-27005 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...)
@@ -7266,8 +7297,8 @@ CVE-2022-0870 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs
 	NOT-FOR-US: Go Git Service
 CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.1 ...)
 	NOT-FOR-US: Spirit forum software
-CVE-2022-26507
-	RESERVED
+CVE-2022-26507 (** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in ...)
+	TODO: check
 CVE-2022-26506
 	RESERVED
 CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 a ...)
@@ -11028,10 +11059,10 @@ CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25166
-	RESERVED
-CVE-2022-25165
-	RESERVED
+CVE-2022-25166 (An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible ...)
+	TODO: check
+CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race  ...)
+	TODO: check
 CVE-2022-25164
 	RESERVED
 CVE-2022-25163
@@ -20641,8 +20672,8 @@ CVE-2022-22393
 	RESERVED
 CVE-2022-22392
 	RESERVED
-CVE-2022-22391
-	RESERVED
+CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authen ...)
+	TODO: check
 CVE-2022-22390
 	RESERVED
 CVE-2022-22389
@@ -23033,42 +23064,42 @@ CVE-2022-22200
 	RESERVED
 CVE-2022-22199
 	RESERVED
-CVE-2022-22198
-	RESERVED
-CVE-2022-22197
-	RESERVED
-CVE-2022-22196
-	RESERVED
-CVE-2022-22195
-	RESERVED
-CVE-2022-22194
-	RESERVED
-CVE-2022-22193
-	RESERVED
+CVE-2022-22198 (An Access of Uninitialized Pointer vulnerability in the SIP ALG of Jun ...)
+	TODO: check
+CVE-2022-22197 (An Operation on a Resource after Expiration or Release vulnerability i ...)
+	TODO: check
+CVE-2022-22196 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2022-22195 (An Improper Update of Reference Count vulnerability in the kernel of J ...)
+	TODO: check
+CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in the Rout ...)
+	TODO: check
 CVE-2022-22192
 	RESERVED
-CVE-2022-22191
-	RESERVED
-CVE-2022-22190
-	RESERVED
-CVE-2022-22189
-	RESERVED
-CVE-2022-22188
-	RESERVED
-CVE-2022-22187
-	RESERVED
-CVE-2022-22186
-	RESERVED
-CVE-2022-22185
-	RESERVED
+CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a flood o ...)
+	TODO: check
+CVE-2022-22190 (An Improper Access Control vulnerability in the Juniper Networks Parag ...)
+	TODO: check
+CVE-2022-22189 (An Incorrect Ownership Assignment vulnerability in Juniper Networks Co ...)
+	TODO: check
+CVE-2022-22188 (An Uncontrolled Memory Allocation vulnerability leading to a Heap-base ...)
+	TODO: check
+CVE-2022-22187 (An Improper Privilege Management vulnerability in the Windows Installe ...)
+	TODO: check
+CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...)
+	TODO: check
+CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series, allows a n ...)
+	TODO: check
 CVE-2022-22184
 	RESERVED
-CVE-2022-22183
-	RESERVED
-CVE-2022-22182
-	RESERVED
-CVE-2022-22181
-	RESERVED
+CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks Junos OS  ...)
+	TODO: check
+CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos O ...)
+	TODO: check
+CVE-2022-22181 (A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Junip ...)
+	TODO: check
 CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
 CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...)
@@ -24144,10 +24175,10 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific
 	- airflow <itp> (bug #819700)
 CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen was suscep ...)
 	- airflow <itp> (bug #819700)
-CVE-2021-45228
-	RESERVED
-CVE-2021-45227
-	RESERVED
+CVE-2021-45228 (An XSS issue was discovered in COINS Construction Cloud 11.12. Due to  ...)
+	TODO: check
+CVE-2021-45227 (An issue was discovered in COINS Construction Cloud 11.12. Due to an i ...)
+	TODO: check
 CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
 	NOT-FOR-US: COINS Construction Cloud
 CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
@@ -30250,8 +30281,8 @@ CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex befor
 	NOT-FOR-US: Codex
 CVE-2021-43634
 	RESERVED
-CVE-2021-43633
-	RESERVED
+CVE-2021-43633 (Sourcecodester Messaging Web Application 1.0 is vulnerable to stored X ...)
+	TODO: check
 CVE-2021-43632
 	RESERVED
 CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
@@ -31311,16 +31342,16 @@ CVE-2021-43292
 	RESERVED
 CVE-2021-43291
 	RESERVED
-CVE-2021-43290
-	RESERVED
-CVE-2021-43289
-	RESERVED
-CVE-2021-43288
-	RESERVED
-CVE-2021-43287
-	RESERVED
-CVE-2021-43286
-	RESERVED
+CVE-2021-43290 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+	TODO: check
+CVE-2021-43289 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+	TODO: check
+CVE-2021-43288 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+	TODO: check
+CVE-2021-43287 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. The busine ...)
+	TODO: check
+CVE-2021-43286 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...)
+	TODO: check
 CVE-2021-43285
 	RESERVED
 CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f71c4a02ca9ce9ae3d67690324ffdf870c602ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f71c4a02ca9ce9ae3d67690324ffdf870c602ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220414/ed2b5790/attachment.htm>


More information about the debian-security-tracker-commits mailing list