[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 21 09:10:25 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7aa30694 by security tracker role at 2022-04-21T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2022-29559
+	RESERVED
+CVE-2022-29558
+	RESERVED
+CVE-2022-29557
+	RESERVED
+CVE-2022-29556
+	RESERVED
+CVE-2022-29555
+	RESERVED
+CVE-2022-29554
+	RESERVED
+CVE-2022-29553
+	RESERVED
+CVE-2022-29552
+	RESERVED
+CVE-2022-29551
+	RESERVED
+CVE-2022-29550
+	RESERVED
+CVE-2022-29549
+	RESERVED
+CVE-2022-29548 (A reflected XSS issue exists in the Management Console of several WSO2 ...)
+	TODO: check
+CVE-2022-29547 (The CreateRedirect extension before 2022-04-14 for MediaWiki does not  ...)
+	TODO: check
+CVE-2022-29546
+	RESERVED
+CVE-2022-29545
+	RESERVED
+CVE-2022-29544
+	RESERVED
+CVE-2022-29543
+	RESERVED
+CVE-2022-29542
+	RESERVED
+CVE-2022-29541
+	RESERVED
+CVE-2022-29540
+	RESERVED
+CVE-2022-29539
+	RESERVED
+CVE-2022-29538
+	RESERVED
+CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...)
+	TODO: check
+CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...)
+	TODO: check
+CVE-2022-29535
+	RESERVED
+CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In UsersController.php ...)
+	TODO: check
+CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS in app/Co ...)
+	TODO: check
+CVE-2022-29532 (An issue was discovered in MISP before 2.4.158. There is XSS in the ce ...)
+	TODO: check
+CVE-2022-29531 (An issue was discovered in MISP before 2.4.158. There is stored XSS in ...)
+	TODO: check
+CVE-2022-29530 (An issue was discovered in MISP before 2.4.158. There is stored XSS in ...)
+	TODO: check
+CVE-2022-29529 (An issue was discovered in MISP before 2.4.158. There is stored XSS vi ...)
+	TODO: check
+CVE-2022-29528 (An issue was discovered in MISP before 2.4.158. PHAR deserialization c ...)
+	TODO: check
+CVE-2022-1419
+	RESERVED
+CVE-2022-1418
+	RESERVED
 CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable ...)
 	NOT-FOR-US: Amazon AWS amazon-ssm-agent
 CVE-2022-29526
@@ -96,8 +164,8 @@ CVE-2022-29500
 	RESERVED
 CVE-2022-29499
 	RESERVED
-CVE-2022-29498
-	RESERVED
+CVE-2022-29498 (Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an ...)
+	TODO: check
 CVE-2022-29497
 	RESERVED
 CVE-2022-29491
@@ -4377,12 +4445,12 @@ CVE-2022-1103
 	RESERVED
 CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance Management System ...)
 	NOT-FOR-US: Microfinance Management System
-CVE-2022-27926
-	RESERVED
-CVE-2022-27925
-	RESERVED
-CVE-2022-27924
-	RESERVED
+CVE-2022-27926 (A reflected cross-site scripting (XSS) vulnerability in the /public/la ...)
+	TODO: check
+CVE-2022-27925 (Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functiona ...)
+	TODO: check
+CVE-2022-27924 (Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticate ...)
+	TODO: check
 CVE-2022-27923
 	RESERVED
 CVE-2022-27922
@@ -6124,8 +6192,8 @@ CVE-2022-27239
 	RESERVED
 CVE-2022-27238
 	RESERVED
-CVE-2022-27237
-	RESERVED
+CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI Web Serve ...)
+	TODO: check
 CVE-2022-27236
 	RESERVED
 CVE-2022-26887 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)
@@ -11252,7 +11320,7 @@ CVE-2022-21198
 	RESERVED
 CVE-2022-21183
 	RESERVED
-CVE-2016-20014 [free() call on uninitialized memory]
+CVE-2016-20014 (In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does no ...)
 	- libpam-tacplus <unfixed>
 	NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab (v1.4.1)
 CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...)
@@ -12716,12 +12784,12 @@ CVE-2022-24876
 	RESERVED
 CVE-2022-24875
 	RESERVED
-CVE-2022-24874
-	RESERVED
+CVE-2022-24874 (acs commons is an open source framework for AEM projects. ACS Commons  ...)
+	TODO: check
 CVE-2022-24873
 	RESERVED
-CVE-2022-24872
-	RESERVED
+CVE-2022-24872 (Shopware is an open commerce platform based on Symfony Framework and V ...)
+	TODO: check
 CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...)
 	NOT-FOR-US: Shopware
 CVE-2022-24870
@@ -12734,8 +12802,8 @@ CVE-2022-24867
 	RESERVED
 CVE-2022-24866
 	RESERVED
-CVE-2022-24865
-	RESERVED
+CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...)
+	TODO: check
 CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...)
 	TODO: check
 CVE-2022-24863 (http-swagger is an open source wrapper to automatically generate RESTf ...)
@@ -31774,8 +31842,8 @@ CVE-2021-43483 (An Access Control vulnerability exists in CLARO KAON CG3000 1.00
 	NOT-FOR-US: CLARO KAON
 CVE-2021-43482
 	RESERVED
-CVE-2021-43481
-	RESERVED
+CVE-2021-43481 (An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier v ...)
+	TODO: check
 CVE-2021-43480
 	RESERVED
 CVE-2021-43479 (A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2. ...)
@@ -46918,7 +46986,7 @@ CVE-2021-38267 (Cross-site scripting (XSS) vulnerability in the Blogs module's e
 	NOT-FOR-US: Liferay
 CVE-2021-38266 (The Portal Security module in Liferay Portal 7.2.1 and earlier, and Li ...)
 	NOT-FOR-US: Liferay
-CVE-2021-38265 (Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were di ...)
+CVE-2021-38265 (Cross-site scripting (XSS) vulnerability in the Asset module in Lifera ...)
 	NOT-FOR-US: Liferay
 CVE-2021-38264 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...)
 	NOT-FOR-US: Liferay
@@ -48444,8 +48512,8 @@ CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP
 	NOT-FOR-US: MISP
 CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...)
 	NOT-FOR-US: ManageEngine
-CVE-2021-37740
-	RESERVED
+CVE-2021-37740 (A denial of service vulnerability exists in MDT's firmware for the KNX ...)
+	TODO: check
 CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...)
 	NOT-FOR-US: Aruba
 CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa30694ba297b0b882ede0614dc8a8c4905005d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7aa30694ba297b0b882ede0614dc8a8c4905005d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220421/304b8a6c/attachment.htm>

More information about the debian-security-tracker-commits mailing list