[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 19 21:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65898cb4 by security tracker role at 2022-04-19T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-29504
+ RESERVED
+CVE-2022-29503
+ RESERVED
+CVE-2022-1405
+ RESERVED
+CVE-2022-1404
+ RESERVED
+CVE-2022-1403
+ RESERVED
+CVE-2022-1402
+ RESERVED
+CVE-2022-1401
+ RESERVED
+CVE-2022-1400
+ RESERVED
+CVE-2022-1399
+ RESERVED
+CVE-2022-1398
+ RESERVED
+CVE-2022-1397
+ RESERVED
+CVE-2022-1396
+ RESERVED
+CVE-2022-1395
+ RESERVED
+CVE-2022-1394
+ RESERVED
+CVE-2022-1393
+ RESERVED
+CVE-2022-1392
+ RESERVED
+CVE-2022-1391
+ RESERVED
+CVE-2022-1390
+ RESERVED
CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
- snort <unfixed> (bug #1009820)
[bullseye] - snort <no-dsa> (Minor issue)
@@ -427,8 +463,8 @@ CVE-2022-29317
RESERVED
CVE-2022-29316
RESERVED
-CVE-2022-29315
- RESERVED
+CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the Description fi ...)
+ TODO: check
CVE-2022-29314
RESERVED
CVE-2022-29313
@@ -873,8 +909,8 @@ CVE-2022-29155
RESERVED
CVE-2022-29154
RESERVED
-CVE-2022-29153
- RESERVED
+CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...)
+ TODO: check
CVE-2022-29152
RESERVED
CVE-2022-29151
@@ -1065,7 +1101,7 @@ CVE-2022-29074
RESERVED
CVE-2022-29073
RESERVED
-CVE-2022-29072 (7-Zip through 21.07 on Windows allows privilege escalation and command ...)
+CVE-2022-29072 (** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalat ...)
TODO: check
CVE-2022-29071
RESERVED
@@ -4265,8 +4301,8 @@ CVE-2022-1104
RESERVED
CVE-2022-1103
RESERVED
-CVE-2022-27927
- RESERVED
+CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance Management System ...)
+ TODO: check
CVE-2022-27926
RESERVED
CVE-2022-27925
@@ -4531,8 +4567,8 @@ CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Bac
NOT-FOR-US: WordPress plugin
CVE-2022-1066
RESERVED
-CVE-2022-1065
- RESERVED
+CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP allows ...)
+ TODO: check
CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...)
NOT-FOR-US: forkcms
CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...)
@@ -6580,8 +6616,8 @@ CVE-2022-27106
RESERVED
CVE-2022-27105
RESERVED
-CVE-2022-27104
- RESERVED
+CVE-2022-27104 (An Unauthenticated time-based blind SQL injection vulnerability exists ...)
+ TODO: check
CVE-2022-27103
RESERVED
CVE-2022-27102
@@ -6678,8 +6714,8 @@ CVE-2022-27057
RESERVED
CVE-2022-27056
RESERVED
-CVE-2022-27055
- RESERVED
+CVE-2022-27055 (** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to inform ...)
+ TODO: check
CVE-2022-27054
RESERVED
CVE-2022-27053
@@ -7830,12 +7866,12 @@ CVE-2022-26597
RESERVED
CVE-2022-26596
RESERVED
-CVE-2022-26595
- RESERVED
+CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 1 ...)
+ TODO: check
CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...)
NOT-FOR-US: Liferay
-CVE-2022-26593
- RESERVED
+CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's asset c ...)
+ TODO: check
CVE-2022-26592
RESERVED
CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...)
@@ -9301,6 +9337,7 @@ CVE-2021-4224
CVE-2022-26111
RESERVED
CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before ...)
+ {DLA-2984-1}
- condor <unfixed> (bug #1008634)
NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16)
@@ -9688,8 +9725,8 @@ CVE-2022-25759
RESERVED
CVE-2022-25758
RESERVED
-CVE-2022-25648
- RESERVED
+CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via ...)
+ TODO: check
CVE-2022-25647
RESERVED
CVE-2022-25646
@@ -11492,8 +11529,8 @@ CVE-2022-0647 (The Bulk Creator WordPress plugin through 1.0.1 does not sanitize
CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
-CVE-2022-0645
- RESERVED
+CVE-2022-0645 (Open redirect vulnerability via endpoint authorize_and_redirect/?redir ...)
+ TODO: check
CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
RESERVED
{DSA-5096-1 DLA-2941-1}
@@ -27435,8 +27472,8 @@ CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyx
NOT-FOR-US: Zyxel
CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
NOT-FOR-US: Citrix XenMobile Server
-CVE-2021-44519
- RESERVED
+CVE-2021-44519 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...)
+ TODO: check
CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android
CVE-2021-44517
@@ -33457,8 +33494,8 @@ CVE-2021-43131
RESERVED
CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-43129
- RESERVED
+CVE-2021-43129 (An Access Control vulnerability exists in Desire2Learn/D2L Learning Ma ...)
+ TODO: check
CVE-2021-43128
RESERVED
CVE-2021-43127
@@ -38511,8 +38548,8 @@ CVE-2021-41572
RESERVED
CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...)
NOT-FOR-US: Apache Pulsar
-CVE-2021-41570
- RESERVED
+CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup ...)
+ TODO: check
CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
NOT-FOR-US: SAS/Intrnet
CVE-2021-3826
@@ -44779,20 +44816,20 @@ CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android
NOT-FOR-US: IBM
CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...)
NOT-FOR-US: IBM
-CVE-2021-39078
- RESERVED
+CVE-2021-39078 (IBM Security Guardium 10.5 stores user credentials in plain clear text ...)
+ TODO: check
CVE-2021-39077
RESERVED
-CVE-2021-39076
- RESERVED
+CVE-2021-39076 (IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptogr ...)
+ TODO: check
CVE-2021-39075
RESERVED
CVE-2021-39074
RESERVED
CVE-2021-39073
RESERVED
-CVE-2021-39072
- RESERVED
+CVE-2021-39072 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...)
+ TODO: check
CVE-2021-39071
RESERVED
CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...)
@@ -44869,8 +44906,8 @@ CVE-2021-39035
RESERVED
CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
NOT-FOR-US: IBM
-CVE-2021-39033
- RESERVED
+CVE-2021-39033 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...)
+ TODO: check
CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...)
NOT-FOR-US: IBM
CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...)
@@ -46691,13 +46728,13 @@ CVE-2021-38271
RESERVED
CVE-2021-38270
RESERVED
-CVE-2021-38269 (Liferay Portal through v7.4.0 and Liferay DXP through v7.1 were discov ...)
+CVE-2021-38269 (Cross-site scripting (XSS) vulnerability in the Gogo Shell module in L ...)
NOT-FOR-US: Liferay
CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, ...)
NOT-FOR-US: Liferay
-CVE-2021-38267 (Liferay Portal through v7.3.6 and Liferay DXP through v7.3 were discov ...)
+CVE-2021-38267 (Cross-site scripting (XSS) vulnerability in the Blogs module's edit bl ...)
NOT-FOR-US: Liferay
-CVE-2021-38266 (Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not co ...)
+CVE-2021-38266 (The Portal Security module in Liferay Portal 7.2.1 and earlier, and Li ...)
NOT-FOR-US: Liferay
CVE-2021-38265 (Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were di ...)
NOT-FOR-US: Liferay
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65898cb43224ff0d14050ff527ede3cdd3852e0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65898cb43224ff0d14050ff527ede3cdd3852e0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220419/249ce22b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list