[Git][security-tracker-team/security-tracker][master] automatic update

Thu Apr 28 09:10:30 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23e9602f by security tracker role at 2022-04-28T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2022-29868
+	RESERVED
+CVE-2022-29867
+	RESERVED
+CVE-2022-29866
+	RESERVED
+CVE-2022-29865
+	RESERVED
+CVE-2022-29864
+	RESERVED
+CVE-2022-29863
+	RESERVED
+CVE-2022-29862
+	RESERVED
+CVE-2022-29861
+	RESERVED
+CVE-2022-29860
+	RESERVED
+CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for  ...)
+	TODO: check
+CVE-2022-29858
+	RESERVED
+CVE-2022-29857
+	RESERVED
+CVE-2022-29856
+	RESERVED
+CVE-2022-29855
+	RESERVED
+CVE-2022-29854
+	RESERVED
+CVE-2022-29853
+	RESERVED
+CVE-2022-29852
+	RESERVED
+CVE-2022-29851
+	RESERVED
+CVE-2022-29850
+	RESERVED
+CVE-2022-29849
+	RESERVED
+CVE-2022-29848
+	RESERVED
+CVE-2022-29847
+	RESERVED
+CVE-2022-29846
+	RESERVED
+CVE-2022-29845
+	RESERVED
+CVE-2022-29844
+	RESERVED
+CVE-2022-29843
+	RESERVED
+CVE-2022-29842
+	RESERVED
+CVE-2022-29841
+	RESERVED
+CVE-2022-29840
+	RESERVED
+CVE-2022-29839
+	RESERVED
+CVE-2022-29838
+	RESERVED
+CVE-2022-29837
+	RESERVED
+CVE-2022-29836
+	RESERVED
+CVE-2022-29835
+	RESERVED
+CVE-2022-29834
+	RESERVED
+CVE-2022-29833
+	RESERVED
+CVE-2022-29832
+	RESERVED
+CVE-2022-29831
+	RESERVED
+CVE-2022-29830
+	RESERVED
+CVE-2022-29829
+	RESERVED
+CVE-2022-29828
+	RESERVED
+CVE-2022-29827
+	RESERVED
+CVE-2022-29826
+	RESERVED
+CVE-2022-29825
+	RESERVED
+CVE-2022-29824
+	RESERVED
+CVE-2022-29516
+	RESERVED
 CVE-2022-29823
 	RESERVED
 CVE-2022-29822
@@ -7157,7 +7249,7 @@ CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a
 	[bullseye] - glewlwyd 2.5.2-2+deb11u3
 	[buster] - glewlwyd <no-dsa> (Minor issue)
 	NOTE: https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a (v2.6.2)
-CVE-2022-29869
+CVE-2022-29869 (cifs-utils through 6.14, with verbose logging, can cause an informatio ...)
 	- cifs-utils <unfixed>
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15026
 	NOTE: https://github.com/piastry/cifs-utils/pull/7
@@ -13744,8 +13836,8 @@ CVE-2022-24893
 	RESERVED
 CVE-2022-24892
 	RESERVED
-CVE-2022-24891
-	RESERVED
+CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web  ...)
+	TODO: check
 CVE-2022-24890
 	RESERVED
 CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
@@ -14193,10 +14285,10 @@ CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical c
 	[stretch] - httpie <no-dsa> (Minor issue)
 	NOTE: https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq
 	NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0)
-CVE-2022-24736
-	RESERVED
-CVE-2022-24735
-	RESERVED
+CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to version ...)
+	TODO: check
+CVE-2022-24735 (Redis is an in-memory database that persists on disk. By exploiting we ...)
+	TODO: check
 CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...)
 	NOT-FOR-US: MyBB
 CVE-2022-24733 (Sylius is an open source eCommerce platform. Prior to versions 1.9.10, ...)
@@ -63786,8 +63878,7 @@ CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object
 	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
 	NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1
-CVE-2021-3523
-	RESERVED
+CVE-2021-3523 (A flaw was found in 3Scale APICast in versions prior to 2.11.0, where  ...)
 	NOT-FOR-US: Red Hat 3scale API gateway
 CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...)
 	NOT-FOR-US: Istio



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e9602f27529a98be4f39e31c9fb1b4cc715be6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e9602f27529a98be4f39e31c9fb1b4cc715be6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220428/71d01ae4/attachment.htm>
