[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 22 09:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51b02391 by security tracker role at 2022-04-22T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-29578
+ RESERVED
+CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...)
+ TODO: check
+CVE-2022-29576
+ RESERVED
+CVE-2022-29575
+ RESERVED
+CVE-2022-29574
+ RESERVED
+CVE-2022-29573
+ RESERVED
+CVE-2022-29572
+ RESERVED
+CVE-2022-29571
+ RESERVED
+CVE-2022-29570
+ RESERVED
+CVE-2022-29569
+ RESERVED
+CVE-2022-29568
+ RESERVED
+CVE-2022-29567
+ RESERVED
+CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...)
+ TODO: check
+CVE-2022-1427
+ RESERVED
CVE-2022-29565
RESERVED
CVE-2022-29564
@@ -692,7 +720,7 @@ CVE-2022-29282
CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of ...)
NOT-FOR-US: Notable
CVE-2022-29280
- RESERVED
+ REJECTED
CVE-2022-29279
RESERVED
CVE-2022-29278
@@ -2054,8 +2082,8 @@ CVE-2022-28745
RESERVED
CVE-2022-28744
RESERVED
-CVE-2022-28743
- RESERVED
+CVE-2022-28743 (Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Fosc ...)
+ TODO: check
CVE-2022-28742
RESERVED
CVE-2022-28741
@@ -2870,78 +2898,78 @@ CVE-2022-28447
RESERVED
CVE-2022-28446
RESERVED
-CVE-2022-28445
- RESERVED
-CVE-2022-28444
- RESERVED
-CVE-2022-28443
- RESERVED
+CVE-2022-28445 (KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulner ...)
+ TODO: check
+CVE-2022-28444 (UCMS v1.6 was discovered to contain an arbitrary file read vulnerabili ...)
+ TODO: check
+CVE-2022-28443 (UCMS v1.6 was discovered to contain an arbitrary file deletion vulnera ...)
+ TODO: check
CVE-2022-28442
RESERVED
CVE-2022-28441
RESERVED
-CVE-2022-28440
- RESERVED
-CVE-2022-28439
- RESERVED
-CVE-2022-28438
- RESERVED
-CVE-2022-28437
- RESERVED
-CVE-2022-28436
- RESERVED
-CVE-2022-28435
- RESERVED
-CVE-2022-28434
- RESERVED
-CVE-2022-28433
- RESERVED
-CVE-2022-28432
- RESERVED
-CVE-2022-28431
- RESERVED
+CVE-2022-28440 (An arbitrary file upload vulnerability in UCMS v1.6 allows attackers t ...)
+ TODO: check
+CVE-2022-28439 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28438 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28437 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28436 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28435 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28434 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28433 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28432 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28431 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
CVE-2022-28430
RESERVED
-CVE-2022-28429
- RESERVED
+CVE-2022-28429 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
CVE-2022-28428
RESERVED
-CVE-2022-28427
- RESERVED
-CVE-2022-28426
- RESERVED
-CVE-2022-28425
- RESERVED
-CVE-2022-28424
- RESERVED
-CVE-2022-28423
- RESERVED
-CVE-2022-28422
- RESERVED
-CVE-2022-28421
- RESERVED
-CVE-2022-28420
- RESERVED
+CVE-2022-28427 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28426 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28425 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28424 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28423 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28422 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28421 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
+CVE-2022-28420 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...)
+ TODO: check
CVE-2022-28419
RESERVED
CVE-2022-28418
RESERVED
-CVE-2022-28417
- RESERVED
-CVE-2022-28416
- RESERVED
-CVE-2022-28415
- RESERVED
-CVE-2022-28414
- RESERVED
-CVE-2022-28413
- RESERVED
-CVE-2022-28412
- RESERVED
-CVE-2022-28411
- RESERVED
-CVE-2022-28410
- RESERVED
+CVE-2022-28417 (Home Owners Collection Management System v1.0 was discovered to contai ...)
+ TODO: check
+CVE-2022-28416 (Home Owners Collection Management System v1.0 was discovered to contai ...)
+ TODO: check
+CVE-2022-28415 (Home Owners Collection Management System v1.0 was discovered to contai ...)
+ TODO: check
+CVE-2022-28414 (Home Owners Collection Management System v1.0 was discovered to contai ...)
+ TODO: check
+CVE-2022-28413 (Car Driving School Management System v1.0 was discovered to contain a ...)
+ TODO: check
+CVE-2022-28412 (Car Driving School Managment System v1.0 was discovered to contain a S ...)
+ TODO: check
+CVE-2022-28411 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-28410 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-28409
RESERVED
CVE-2022-28408
@@ -3047,10 +3075,10 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the
NOTE: https://github.com/dompdf/dompdf/issues/2598
NOTE: https://github.com/dompdf/dompdf/pull/2808
NOTE: https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d (v1.2.1)
-CVE-2022-28367
- RESERVED
-CVE-2022-28366
- RESERVED
+CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...)
+ TODO: check
+CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...)
+ TODO: check
CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...)
NOT-FOR-US: Reprise License Manager
CVE-2022-28364 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
@@ -4256,56 +4284,56 @@ CVE-2022-28032 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_aj
NOT-FOR-US: AtomCMS
CVE-2022-28031
RESERVED
-CVE-2022-28030
- RESERVED
-CVE-2022-28029
- RESERVED
-CVE-2022-28028
- RESERVED
+CVE-2022-28030 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-28029 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-28028 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-28027
RESERVED
-CVE-2022-28026
- RESERVED
-CVE-2022-28025
- RESERVED
-CVE-2022-28024
- RESERVED
-CVE-2022-28023
- RESERVED
-CVE-2022-28022
- RESERVED
-CVE-2022-28021
- RESERVED
-CVE-2022-28020
- RESERVED
-CVE-2022-28019
- RESERVED
-CVE-2022-28018
- RESERVED
-CVE-2022-28017
- RESERVED
-CVE-2022-28016
- RESERVED
-CVE-2022-28015
- RESERVED
-CVE-2022-28014
- RESERVED
-CVE-2022-28013
- RESERVED
-CVE-2022-28012
- RESERVED
-CVE-2022-28011
- RESERVED
-CVE-2022-28010
- RESERVED
-CVE-2022-28009
- RESERVED
-CVE-2022-28008
- RESERVED
-CVE-2022-28007
- RESERVED
-CVE-2022-28006
- RESERVED
+CVE-2022-28026 (Student Grading System v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2022-28025 (Student Grading System v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2022-28024 (Student Grading System v1.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2022-28023 (Purchase Order Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-28022 (Purchase Order Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-28021 (Purchase Order Management System v1.0 was discovered to contain a remo ...)
+ TODO: check
+CVE-2022-28020 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28019 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28018 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28017 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28016 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28015 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28014 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28013 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28012 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28011 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28010 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28009 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28008 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
CVE-2022-28005
RESERVED
CVE-2022-28004
@@ -5599,8 +5627,8 @@ CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All
NOT-FOR-US: Siemens
CVE-2022-27479 (Apache Superset before 1.4.2 is vulnerable to SQL injection in chart d ...)
NOT-FOR-US: Apache Superset
-CVE-2022-27478
- RESERVED
+CVE-2022-27478 (Victor v1.0 was discovered to contain a remote code execution (RCE) vu ...)
+ TODO: check
CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload ...)
NOT-FOR-US: Newbee-Mall
CVE-2022-27476 (A cross-site scripting (XSS) vulnerability at /admin/goods/update in N ...)
@@ -7381,8 +7409,8 @@ CVE-2022-26858
RESERVED
CVE-2022-26857
RESERVED
-CVE-2022-26856
- RESERVED
+CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...)
+ TODO: check
CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect d ...)
NOT-FOR-US: Dell
CVE-2022-26854 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptograph ...)
@@ -7893,12 +7921,12 @@ CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an unauthen
NOT-FOR-US: aEnrich a+HRD
CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters in URLs. ...)
NOT-FOR-US: aEnrich a+HRD
-CVE-2022-26674
- RESERVED
-CVE-2022-26673
- RESERVED
-CVE-2022-26672
- RESERVED
+CVE-2022-26674 (ASUS RT-AX88U has a Format String vulnerability, which allows an unaut ...)
+ TODO: check
+CVE-2022-26673 (ASUS RT-AX88U has insufficient filtering for special characters in the ...)
+ TODO: check
+CVE-2022-26672 (ASUS WebStorage has a hardcoded API Token in the APP source code. An u ...)
+ TODO: check
CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page has a hard ...)
NOT-FOR-US: Taiwan Secom Dr.ID Access Control system
CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...)
@@ -14098,10 +14126,10 @@ CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update version
NOT-FOR-US: Dell
CVE-2022-24425
RESERVED
-CVE-2022-24424
- RESERVED
-CVE-2022-24423
- RESERVED
+CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vul ...)
+ TODO: check
+CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of servi ...)
+ TODO: check
CVE-2022-24422
RESERVED
CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...)
@@ -17095,8 +17123,7 @@ CVE-2022-23713
RESERVED
CVE-2022-23712
RESERVED
-CVE-2022-23711
- RESERVED
+CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information related t ...)
- kibana <itp> (bug #700337)
CVE-2022-23710 (A cross-site-scripting (XSS) vulnerability was discovered in the Data ...)
- kibana <itp> (bug #700337)
@@ -19539,8 +19566,8 @@ CVE-2022-22971
RESERVED
CVE-2022-22970
RESERVED
-CVE-2022-22969
- RESERVED
+CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x prior t ...)
+ TODO: check
CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...)
- libspring-java <unfixed>
[bullseye] - libspring-java <no-dsa> (Minor issue)
@@ -21153,8 +21180,8 @@ CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded crede
NOT-FOR-US: EMC
CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...)
NOT-FOR-US: Dell PowerScale OneFS
-CVE-2022-22558
- RESERVED
+CVE-2022-22558 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)
+ TODO: check
CVE-2022-22557
RESERVED
CVE-2022-22556
@@ -31211,8 +31238,8 @@ CVE-2021-43710
RESERVED
CVE-2021-43709
RESERVED
-CVE-2021-43708
- RESERVED
+CVE-2021-43708 (The Labeling tool in Titus Classification Suite 18.8.1910.140 allows u ...)
+ TODO: check
CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link ...)
NOT-FOR-US: Maccms
CVE-2021-43706
@@ -33133,10 +33160,10 @@ CVE-2022-20807
RESERVED
CVE-2022-20806
RESERVED
-CVE-2022-20805
- RESERVED
-CVE-2022-20804
- RESERVED
+CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella ...)
+ TODO: check
+CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...)
+ TODO: check
CVE-2022-20803
RESERVED
CVE-2022-20802
@@ -33153,8 +33180,8 @@ CVE-2022-20797
RESERVED
CVE-2022-20796
RESERVED
-CVE-2022-20795
- RESERVED
+CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS) proto ...)
+ TODO: check
CVE-2022-20794
RESERVED
CVE-2022-20793
@@ -33163,22 +33190,22 @@ CVE-2022-20792
RESERVED
CVE-2022-20791
RESERVED
-CVE-2022-20790
- RESERVED
-CVE-2022-20789
- RESERVED
-CVE-2022-20788
- RESERVED
-CVE-2022-20787
- RESERVED
-CVE-2022-20786
- RESERVED
+CVE-2022-20790 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2022-20789 (A vulnerability in the software upgrade process of Cisco Unified Commu ...)
+ TODO: check
+CVE-2022-20788 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2022-20787 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
+CVE-2022-20786 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2022-20785
RESERVED
CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cis ...)
NOT-FOR-US: Cisco
-CVE-2022-20783
- RESERVED
+CVE-2022-20783 (A vulnerability in the packet processing functionality of Cisco TelePr ...)
+ TODO: check
CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
@@ -33187,8 +33214,8 @@ CVE-2022-20780
RESERVED
CVE-2022-20779
RESERVED
-CVE-2022-20778
- RESERVED
+CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex Meeting ...)
+ TODO: check
CVE-2022-20777
RESERVED
CVE-2022-20776
@@ -33197,8 +33224,8 @@ CVE-2022-20775
RESERVED
CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
NOT-FOR-US: Cisco
-CVE-2022-20773
- RESERVED
+CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
+ TODO: check
CVE-2022-20772
RESERVED
CVE-2022-20771
@@ -33279,8 +33306,8 @@ CVE-2022-20734
RESERVED
CVE-2022-20733
RESERVED
-CVE-2022-20732
- RESERVED
+CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...)
+ TODO: check
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
NOT-FOR-US: Cisco
CVE-2022-20730
@@ -33798,7 +33825,7 @@ CVE-2021-43131
RESERVED
CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-43129 (An Access Control vulnerability exists in Desire2Learn/D2L Learning Ma ...)
+CVE-2021-43129 (A bypass exists for Desire2Learn/D2L Brightspace’s “Disabl ...)
NOT-FOR-US: D2L Brightspace LMS
CVE-2021-43128
RESERVED
@@ -54578,8 +54605,8 @@ CVE-2021-35231 (As a result of an unquoted service path vulnerability present in
NOT-FOR-US: Kiwi Syslog Server Installation Wizard
CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
NOT-FOR-US: Kiwi CatTools Installation Wizard
-CVE-2021-35229
- RESERVED
+CVE-2021-35229 (Cross-site scripting vulnerability is present in Database Performance ...)
+ TODO: check
CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...)
NOT-FOR-US: Solarwinds
CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...)
@@ -85053,8 +85080,8 @@ CVE-2021-23057
RESERVED
CVE-2021-23056
RESERVED
-CVE-2021-23055
- RESERVED
+CVE-2021-23055 (On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line re ...)
+ TODO: check
CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b0239166b92f6e0d022998ef6b921bee72c8a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b0239166b92f6e0d022998ef6b921bee72c8a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220422/f6ee33b6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list