[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 19 21:10:23 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65898cb4 by security tracker role at 2022-04-19T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-29504
+	RESERVED
+CVE-2022-29503
+	RESERVED
+CVE-2022-1405
+	RESERVED
+CVE-2022-1404
+	RESERVED
+CVE-2022-1403
+	RESERVED
+CVE-2022-1402
+	RESERVED
+CVE-2022-1401
+	RESERVED
+CVE-2022-1400
+	RESERVED
+CVE-2022-1399
+	RESERVED
+CVE-2022-1398
+	RESERVED
+CVE-2022-1397
+	RESERVED
+CVE-2022-1396
+	RESERVED
+CVE-2022-1395
+	RESERVED
+CVE-2022-1394
+	RESERVED
+CVE-2022-1393
+	RESERVED
+CVE-2022-1392
+	RESERVED
+CVE-2022-1391
+	RESERVED
+CVE-2022-1390
+	RESERVED
 CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
 	- snort <unfixed> (bug #1009820)
 	[bullseye] - snort <no-dsa> (Minor issue)
@@ -427,8 +463,8 @@ CVE-2022-29317
 	RESERVED
 CVE-2022-29316
 	RESERVED
-CVE-2022-29315
-	RESERVED
+CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the Description fi ...)
+	TODO: check
 CVE-2022-29314
 	RESERVED
 CVE-2022-29313
@@ -873,8 +909,8 @@ CVE-2022-29155
 	RESERVED
 CVE-2022-29154
 	RESERVED
-CVE-2022-29153
-	RESERVED
+CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...)
+	TODO: check
 CVE-2022-29152
 	RESERVED
 CVE-2022-29151
@@ -1065,7 +1101,7 @@ CVE-2022-29074
 	RESERVED
 CVE-2022-29073
 	RESERVED
-CVE-2022-29072 (7-Zip through 21.07 on Windows allows privilege escalation and command ...)
+CVE-2022-29072 (** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalat ...)
 	TODO: check
 CVE-2022-29071
 	RESERVED
@@ -4265,8 +4301,8 @@ CVE-2022-1104
 	RESERVED
 CVE-2022-1103
 	RESERVED
-CVE-2022-27927
-	RESERVED
+CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance Management System ...)
+	TODO: check
 CVE-2022-27926
 	RESERVED
 CVE-2022-27925
@@ -4531,8 +4567,8 @@ CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Bac
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1066
 	RESERVED
-CVE-2022-1065
-	RESERVED
+CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP allows ...)
+	TODO: check
 CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub  ...)
 	NOT-FOR-US: forkcms
 CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...)
@@ -6580,8 +6616,8 @@ CVE-2022-27106
 	RESERVED
 CVE-2022-27105
 	RESERVED
-CVE-2022-27104
-	RESERVED
+CVE-2022-27104 (An Unauthenticated time-based blind SQL injection vulnerability exists ...)
+	TODO: check
 CVE-2022-27103
 	RESERVED
 CVE-2022-27102
@@ -6678,8 +6714,8 @@ CVE-2022-27057
 	RESERVED
 CVE-2022-27056
 	RESERVED
-CVE-2022-27055
-	RESERVED
+CVE-2022-27055 (** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to inform ...)
+	TODO: check
 CVE-2022-27054
 	RESERVED
 CVE-2022-27053
@@ -7830,12 +7866,12 @@ CVE-2022-26597
 	RESERVED
 CVE-2022-26596
 	RESERVED
-CVE-2022-26595
-	RESERVED
+CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 1 ...)
+	TODO: check
 CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal  ...)
 	NOT-FOR-US: Liferay
-CVE-2022-26593
-	RESERVED
+CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's asset c ...)
+	TODO: check
 CVE-2022-26592
 	RESERVED
 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...)
@@ -9301,6 +9337,7 @@ CVE-2021-4224
 CVE-2022-26111
 	RESERVED
 CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before  ...)
+	{DLA-2984-1}
 	- condor <unfixed> (bug #1008634)
 	NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
 	NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16)
@@ -9688,8 +9725,8 @@ CVE-2022-25759
 	RESERVED
 CVE-2022-25758
 	RESERVED
-CVE-2022-25648
-	RESERVED
+CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
+	TODO: check
 CVE-2022-25647
 	RESERVED
 CVE-2022-25646
@@ -11492,8 +11529,8 @@ CVE-2022-0647 (The Bulk Creator WordPress plugin through 1.0.1 does not sanitize
 CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
 	- linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
-CVE-2022-0645
-	RESERVED
+CVE-2022-0645 (Open redirect vulnerability via endpoint authorize_and_redirect/?redir ...)
+	TODO: check
 CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
 	RESERVED
 	{DSA-5096-1 DLA-2941-1}
@@ -27435,8 +27472,8 @@ CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyx
 	NOT-FOR-US: Zyxel
 CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
 	NOT-FOR-US: Citrix XenMobile Server
-CVE-2021-44519
-	RESERVED
+CVE-2021-44519 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
+	TODO: check
 CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
 	NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android
 CVE-2021-44517
@@ -33457,8 +33494,8 @@ CVE-2021-43131
 	RESERVED
 CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...)
 	NOT-FOR-US: Sourcecodester
-CVE-2021-43129
-	RESERVED
+CVE-2021-43129 (An Access Control vulnerability exists in Desire2Learn/D2L Learning Ma ...)
+	TODO: check
 CVE-2021-43128
 	RESERVED
 CVE-2021-43127
@@ -38511,8 +38548,8 @@ CVE-2021-41572
 	RESERVED
 CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...)
 	NOT-FOR-US: Apache Pulsar
-CVE-2021-41570
-	RESERVED
+CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup ...)
+	TODO: check
 CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
 	NOT-FOR-US: SAS/Intrnet
 CVE-2021-3826
@@ -44779,20 +44816,20 @@ CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android
 	NOT-FOR-US: IBM
 CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version  ...)
 	NOT-FOR-US: IBM
-CVE-2021-39078
-	RESERVED
+CVE-2021-39078 (IBM Security Guardium 10.5 stores user credentials in plain clear text ...)
+	TODO: check
 CVE-2021-39077
 	RESERVED
-CVE-2021-39076
-	RESERVED
+CVE-2021-39076 (IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptogr ...)
+	TODO: check
 CVE-2021-39075
 	RESERVED
 CVE-2021-39074
 	RESERVED
 CVE-2021-39073
 	RESERVED
-CVE-2021-39072
-	RESERVED
+CVE-2021-39072 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...)
+	TODO: check
 CVE-2021-39071
 	RESERVED
 CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...)
@@ -44869,8 +44906,8 @@ CVE-2021-39035
 	RESERVED
 CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
 	NOT-FOR-US: IBM
-CVE-2021-39033
-	RESERVED
+CVE-2021-39033 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...)
+	TODO: check
 CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...)
 	NOT-FOR-US: IBM
 CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...)
@@ -46691,13 +46728,13 @@ CVE-2021-38271
 	RESERVED
 CVE-2021-38270
 	RESERVED
-CVE-2021-38269 (Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discov ...)
+CVE-2021-38269 (Cross-site scripting (XSS) vulnerability in the Gogo Shell module in L ...)
 	NOT-FOR-US: Liferay
 CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, ...)
 	NOT-FOR-US: Liferay
-CVE-2021-38267 (Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discov ...)
+CVE-2021-38267 (Cross-site scripting (XSS) vulnerability in the Blogs module's edit bl ...)
 	NOT-FOR-US: Liferay
-CVE-2021-38266 (Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not co ...)
+CVE-2021-38266 (The Portal Security module in Liferay Portal 7.2.1 and earlier, and Li ...)
 	NOT-FOR-US: Liferay
 CVE-2021-38265 (Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were di ...)
 	NOT-FOR-US: Liferay



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65898cb43224ff0d14050ff527ede3cdd3852e0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65898cb43224ff0d14050ff527ede3cdd3852e0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220419/249ce22b/attachment.htm>


More information about the debian-security-tracker-commits mailing list