[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 26 21:10:28 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52f5f6e1 by security tracker role at 2022-04-26T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2022-1476
+	RESERVED
+CVE-2022-1475
+	RESERVED
+CVE-2022-1474
+	RESERVED
+CVE-2022-1473
+	RESERVED
+CVE-2022-1472
+	RESERVED
+CVE-2022-1471
+	RESERVED
+CVE-2022-1470
+	RESERVED
+CVE-2022-1469
+	RESERVED
 CVE-2022-29808
 	RESERVED
 CVE-2022-29807
@@ -19,8 +35,8 @@ CVE-2022-1468
 	RESERVED
 CVE-2022-1467
 	RESERVED
-CVE-2022-1466
-	RESERVED
+CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...)
+	TODO: check
 CVE-2022-29801
 	RESERVED
 CVE-2022-29800
@@ -4230,8 +4246,8 @@ CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14
 	- gitlab <unfixed>
 CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions  ...)
 	- gitlab <unfixed>
-CVE-2022-1173
-	RESERVED
+CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33. ...)
+	TODO: check
 CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <ignored> (Minor issue)
@@ -4257,8 +4273,8 @@ CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in t
 	NOT-FOR-US: Wordpress theme
 CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthe ...)
 	NOT-FOR-US: Zoho ManageEngine
-CVE-2022-28218
-	RESERVED
+CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1 through  ...)
+	TODO: check
 CVE-2022-28217
 	RESERVED
 CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...)
@@ -4983,10 +4999,10 @@ CVE-2022-27987
 	RESERVED
 CVE-2022-27986
 	RESERVED
-CVE-2022-27985
-	RESERVED
-CVE-2022-27984
-	RESERVED
+CVE-2022-27985 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability  ...)
+	TODO: check
+CVE-2022-27984 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability  ...)
+	TODO: check
 CVE-2022-27983
 	RESERVED
 CVE-2022-27982
@@ -5376,8 +5392,8 @@ CVE-2022-27856
 	RESERVED
 CVE-2022-27855
 	RESERVED
-CVE-2022-27854
-	RESERVED
+CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
+	TODO: check
 CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...)
@@ -6254,10 +6270,10 @@ CVE-2022-27471
 	RESERVED
 CVE-2022-27470
 	RESERVED
-CVE-2022-27469
-	RESERVED
-CVE-2022-27468
-	RESERVED
+CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute Server- ...)
+	TODO: check
+CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file upload w ...)
+	TODO: check
 CVE-2022-27467
 	RESERVED
 CVE-2022-27466
@@ -6721,8 +6737,8 @@ CVE-2022-27301
 	RESERVED
 CVE-2022-27300
 	RESERVED
-CVE-2022-27299
-	RESERVED
+CVE-2022-27299 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
 CVE-2022-27298
 	RESERVED
 CVE-2022-27297
@@ -13494,12 +13510,12 @@ CVE-2022-24885
 	RESERVED
 CVE-2022-24884
 	RESERVED
-CVE-2022-24883
-	RESERVED
-CVE-2022-24882
-	RESERVED
-CVE-2022-24881
-	RESERVED
+CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
+	TODO: check
+CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
+	TODO: check
+CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...)
+	TODO: check
 CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask  ...)
 	NOT-FOR-US: flask-session-captcha
 CVE-2022-24879
@@ -13531,8 +13547,8 @@ CVE-2022-24868 (GLPI is a Free Asset and IT Management Software package, that pr
 CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that provides ...)
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-24866
-	RESERVED
+CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in Discour ...)
+	TODO: check
 CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...)
 	NOT-FOR-US: HumHub
 CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...)
@@ -14016,8 +14032,7 @@ CVE-2022-24708 (Anuko Time Tracker is an open source, web-based time tracking ap
 	NOT-FOR-US: Anuko Time Tracker
 CVE-2022-24707 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
 	NOT-FOR-US: Anuko Time Tracker
-CVE-2022-24706
-	RESERVED
+CVE-2022-24706 (In Apache CouchDB prior to 3.2.2, an attacker can access an improperly ...)
 	- couchdb <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/26/1
 CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy  ...)
@@ -16712,8 +16727,7 @@ CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Serv
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943
 	NOTE: Fixed by: https://svn.apache.org/r1898695
 	NOTE: Fixed by: https://svn.apache.org/r1898772
-CVE-2022-23942
-	RESERVED
+CVE-2022-23942 (Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initializ ...)
 	NOT-FOR-US: Apache Doris (different from src:doris)
 CVE-2022-21184
 	RESERVED
@@ -51277,8 +51291,8 @@ CVE-2021-36897
 	RESERVED
 CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-36895
-	RESERVED
+CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's ...)
+	TODO: check
 CVE-2021-36894
 	RESERVED
 CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -51333,8 +51347,8 @@ CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36868
 	RESERVED
-CVE-2021-36867
-	RESERVED
+CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...)
+	TODO: check
 CVE-2021-36866
 	RESERVED
 CVE-2021-36865
@@ -77126,10 +77140,10 @@ CVE-2021-26631
 	RESERVED
 CVE-2021-26630
 	RESERVED
-CVE-2021-26629
-	RESERVED
-CVE-2021-26628
-	RESERVED
+CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...)
+	TODO: check
+CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...)
+	TODO: check
 CVE-2021-26627 (Real-time image information exposure is caused by insufficient authent ...)
 	NOT-FOR-US: EDrhyme QCP camera
 CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's execBrowser met ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f5f6e163894ceaf0ff866e83d854cb19bd44d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f5f6e163894ceaf0ff866e83d854cb19bd44d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220426/e805489d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list