[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 20 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bdcd84cf by security tracker role at 2022-04-20T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable ...)
+ TODO: check
+CVE-2022-29526
+ RESERVED
+CVE-2022-1417
+ RESERVED
+CVE-2022-1416
+ RESERVED
+CVE-2022-1415
+ RESERVED
+CVE-2022-1414
+ RESERVED
+CVE-2022-1413
+ RESERVED
+CVE-2022-1412
+ RESERVED
+CVE-2022-1411
+ RESERVED
+CVE-2022-1410
+ RESERVED
+CVE-2022-1409
+ RESERVED
+CVE-2022-1408
+ RESERVED
+CVE-2022-1407
+ RESERVED
CVE-2022-29510
RESERVED
CVE-2022-29505
@@ -581,7 +607,8 @@ CVE-2022-29270
RESERVED
CVE-2022-29269
RESERVED
-CVE-2022-29268 (Bitrix through 7.5.0 allows remote attackers to execute arbitrary code ...)
+CVE-2022-29268
+ REJECTED
NOT-FOR-US: Bitrix
CVE-2022-29267
RESERVED
@@ -589,8 +616,8 @@ CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter
NOT-FOR-US: snipe-it
CVE-2022-1379
RESERVED
-CVE-2022-29266
- RESERVED
+CVE-2022-29266 (In APache APISIX before 3.13.1, an attacker can obtain a plugin-config ...)
+ TODO: check
CVE-2022-1378
RESERVED
CVE-2022-1377
@@ -1149,8 +1176,8 @@ CVE-2022-29064
RESERVED
CVE-2022-1319
RESERVED
-CVE-2022-1318
- RESERVED
+CVE-2022-1318 (Hills ComNav version 3002-19 suffers from a weak communication channel ...)
+ TODO: check
CVE-2022-1317
RESERVED
CVE-2022-1316 (ZeroTierOne for windows local privilege escalation because of incorrec ...)
@@ -2138,8 +2165,8 @@ CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prio
NOT-FOR-US: McAfee
CVE-2022-1255
RESERVED
-CVE-2022-1254
- RESERVED
+CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...)
+ TODO: check
CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...)
- libde265 <unfixed>
[stretch] - libde265 <no-dsa> (Minor issue)
@@ -3019,8 +3046,7 @@ CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub repo
[buster] - mruby <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b
NOTE: https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae
-CVE-2022-28327 [crypto/elliptic: tolerate all oversized scalars in generic P-256]
- RESERVED
+CVE-2022-28327 (The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1 ...)
- golang-1.18 1.18.1-1
- golang-1.17 1.17.9-1
NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
@@ -5302,8 +5328,7 @@ CVE-2022-27538
RESERVED
CVE-2022-27537
RESERVED
-CVE-2022-27536 [crypto/x509: non-compliant certificates can cause a panic in Verify on macOS]
- RESERVED
+CVE-2022-27536 (Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be ca ...)
- golang-1.18 <not-affected> (MacOS-specific)
- golang-1.17 <not-affected> (MacOS-specific)
NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
@@ -5404,8 +5429,8 @@ CVE-2022-25841
RESERVED
CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...)
NOT-FOR-US: Sophos
-CVE-2022-1039
- RESERVED
+CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP ...)
+ TODO: check
CVE-2022-1038
RESERVED
CVE-2022-27492
@@ -5983,12 +6008,12 @@ CVE-2022-27259
RESERVED
CVE-2022-27232
RESERVED
-CVE-2022-27179
- RESERVED
-CVE-2022-26519
- RESERVED
-CVE-2022-26516
- RESERVED
+CVE-2022-27179 (A malicious actor having access to the exported configuration file may ...)
+ TODO: check
+CVE-2022-26519 (There is no limit to the number of attempts to authenticate for the lo ...)
+ TODO: check
+CVE-2022-26516 (Authorized users may install a maliciously modified package file when ...)
+ TODO: check
CVE-2022-26419 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple ...)
NOT-FOR-US: Omron CX-Position
CVE-2022-26417 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use af ...)
@@ -9067,7 +9092,7 @@ CVE-2022-26153
RESERVED
CVE-2022-26152
RESERVED
-CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP6, and 10. ...)
+CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10. ...)
NOT-FOR-US: Citrix XenMobile Server
CVE-2022-26150
RESERVED
@@ -9286,8 +9311,8 @@ CVE-2022-26135
RESERVED
CVE-2022-26134
RESERVED
-CVE-2022-26133
- RESERVED
+CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...)
+ TODO: check
CVE-2022-26132
RESERVED
CVE-2022-0767 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...)
@@ -11174,12 +11199,12 @@ CVE-2022-25357
RESERVED
CVE-2022-25356 (Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dl ...)
NOT-FOR-US: Alt-N Technologies Mdaemon
-CVE-2022-25344
- RESERVED
-CVE-2022-25343
- RESERVED
-CVE-2022-25342
- RESERVED
+CVE-2022-25344 (An XSS issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 ...)
+ TODO: check
+CVE-2022-25343 (An issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 dev ...)
+ TODO: check
+CVE-2022-25342 (An issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 dev ...)
+ TODO: check
CVE-2022-25341
RESERVED
CVE-2022-25340
@@ -12463,8 +12488,7 @@ CVE-2022-24962
RESERVED
CVE-2022-0568
RESERVED
-CVE-2022-0567
- RESERVED
+CVE-2022-0567 (A flaw was found in ovn-kubernetes. This flaw allows a system administ ...)
NOT-FOR-US: Openshift/ovn-kubernetes
CVE-2022-0566
RESERVED
@@ -12676,8 +12700,8 @@ CVE-2022-24873
RESERVED
CVE-2022-24872
RESERVED
-CVE-2022-24871
- RESERVED
+CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...)
+ TODO: check
CVE-2022-24870
RESERVED
CVE-2022-24869
@@ -12690,14 +12714,14 @@ CVE-2022-24866
RESERVED
CVE-2022-24865
RESERVED
-CVE-2022-24864
- RESERVED
+CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...)
+ TODO: check
CVE-2022-24863 (http-swagger is an open source wrapper to automatically generate RESTf ...)
TODO: check
-CVE-2022-24862
- RESERVED
-CVE-2022-24861
- RESERVED
+CVE-2022-24862 (Databasir is a team-oriented relational database model document manage ...)
+ TODO: check
+CVE-2022-24861 (Databasir is a team-oriented relational database model document manage ...)
+ TODO: check
CVE-2022-24860 (Databasir is a team-oriented relational database model document manage ...)
NOT-FOR-US: Databasir
CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
@@ -12840,8 +12864,8 @@ CVE-2022-24801 (Twisted is an event-based framework for internet applications, s
NOTE: https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac (twisted-22.04.0rc1)
CVE-2022-24800
RESERVED
-CVE-2022-24799
- RESERVED
+CVE-2022-24799 (wire-webapp is the web application interface for the wire messaging se ...)
+ TODO: check
CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database server, ...)
NOT-FOR-US: Internet Routing Registry daemon (iird)
CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed service mod ...)
@@ -13268,8 +13292,7 @@ CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution b
NOT-FOR-US: HYBBS2
CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...)
NOT-FOR-US: HYBBS2
-CVE-2022-24675 [golang: encoding/pem: fix stack overflow in Decode]
- RESERVED
+CVE-2022-24675 (encoding/pem in Go before 1.17.9 and 1.8.x before 1.8.1 has a Decode s ...)
- golang-1.18 1.18.1-1
- golang-1.17 1.17.9-1
NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
@@ -13326,8 +13349,8 @@ CVE-2022-0542
RESERVED
CVE-2022-0541
RESERVED
-CVE-2022-0540
- RESERVED
+CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...)
+ TODO: check
CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
NOT-FOR-US: beanstalk_console
CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
@@ -19367,11 +19390,11 @@ CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may
[stretch] - libspring-java <end-of-life>
NOTE: https://bugalert.org/content/notices/2022-03-30-spring.html
NOTE: https://tanzu.vmware.com/security/cve-2022-22965
-CVE-2022-22964 (VMware Horizon Client for Linux (prior to 22.x) contains a local privi ...)
+CVE-2022-22964 (VMware Horizon Agent for Linux (prior to 22.x) contains a local privil ...)
NOT-FOR-US: VMware
CVE-2022-22963 (In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported v ...)
NOT-FOR-US: Spring Cloud Function
-CVE-2022-22962 (VMware Horizon Client for Linux (prior to 22.x) contains a local privi ...)
+CVE-2022-22962 (VMware Horizon Agent for Linux (prior to 22.x) contains a local privil ...)
NOT-FOR-US: VMware
CVE-2022-22961 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
NOT-FOR-US: VMware
@@ -29124,16 +29147,16 @@ CVE-2021-43992
RESERVED
CVE-2021-43991 (The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable t ...)
NOT-FOR-US: Kentico Xperience CMS
-CVE-2021-43990
- RESERVED
+CVE-2021-43990 (The affected product is vulnerable to a network-based attack by threat ...)
+ TODO: check
CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2021-43988
- RESERVED
+CVE-2021-43988 (The affected product is vulnerable to a network-based attack by threat ...)
+ TODO: check
CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2021-43986
- RESERVED
+CVE-2021-43986 (The setup program for the affected product configures its files and fo ...)
+ TODO: check
CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...)
NOT-FOR-US: mySCADA myPRO
CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...)
@@ -29593,8 +29616,8 @@ CVE-2021-43935 (The impacted products, when configured to use SSO, are affected
NOT-FOR-US: Hillrom
CVE-2021-43934
RESERVED
-CVE-2021-43933
- RESERVED
+CVE-2021-43933 (The affected product is vulnerable to a network-based attack by threat ...)
+ TODO: check
CVE-2021-43932
RESERVED
CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)
@@ -46363,8 +46386,8 @@ CVE-2021-38485 (The affected product is vulnerable to improper input validation
NOT-FOR-US: Emerson
CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
NOT-FOR-US: InHand Networks IR615 Router
-CVE-2021-38483
- RESERVED
+CVE-2021-38483 (The affected product is vulnerable to misconfigured binaries, allowing ...)
+ TODO: check
CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdcd84cf7797ee4148ac6e5532e2884cd76eccc2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdcd84cf7797ee4148ac6e5532e2884cd76eccc2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/0e4b8ee6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list