[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 16 21:10:26 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5fdf4ce by security tracker role at 2022-04-16T20:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-29404
+	RESERVED
+CVE-2022-1381
+	RESERVED
 CVE-2022-29403
 	RESERVED
 CVE-2022-29402
@@ -272,8 +276,8 @@ CVE-2022-29268 (Bitrix through 7.5.0 allows remote attackers to execute arbitrar
 	NOT-FOR-US: Bitrix
 CVE-2022-29267
 	RESERVED
-CVE-2022-1380
-	RESERVED
+CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter in Gi ...)
+	TODO: check
 CVE-2022-1379
 	RESERVED
 CVE-2022-29266
@@ -310,6 +314,7 @@ CVE-2022-29265
 	RESERVED
 CVE-2022-1364
 	RESERVED
+	{DSA-5121-1}
 	- chromium 100.0.4896.127-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -1120,8 +1125,8 @@ CVE-2022-28968
 	RESERVED
 CVE-2022-28967
 	RESERVED
-CVE-2022-28966
-	RESERVED
+CVE-2022-28966 (Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code ...)
+	TODO: check
 CVE-2022-28965
 	RESERVED
 CVE-2022-28964
@@ -7133,8 +7138,8 @@ CVE-2021-46705 (A Insecure Temporary File vulnerability in grub-once of grub2 in
 	- grub2 <not-affected> (SuSE-specific code change)
 CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network destination p ...)
 	NOT-FOR-US: Veritas
-CVE-2022-26777
-	RESERVED
+CVE-2022-26777 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest  ...)
+	TODO: check
 CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in tiffcrop.c i ...)
 	{DSA-5108-1}
 	- tiff 4.3.0-6
@@ -7426,8 +7431,8 @@ CVE-2022-26655
 	RESERVED
 CVE-2022-26654
 	RESERVED
-CVE-2022-26653
-	RESERVED
+CVE-2022-26653 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest  ...)
+	TODO: check
 CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...)
 	NOT-FOR-US: nats-server
 CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fdf4ce9a7c674cd669816e0cd9aef6795a1b11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5fdf4ce9a7c674cd669816e0cd9aef6795a1b11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220416/375e1a72/attachment.htm>

More information about the debian-security-tracker-commits mailing list