[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 28 21:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dac05b8c by security tracker role at 2022-04-28T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2022-29901
+ RESERVED
+CVE-2022-29900
+ RESERVED
+CVE-2022-29899
+ RESERVED
+CVE-2022-29898
+ RESERVED
+CVE-2022-29897
+ RESERVED
+CVE-2022-29892
+ RESERVED
+CVE-2022-29885
+ RESERVED
+CVE-2022-29884
+ RESERVED
+CVE-2022-29883
+ RESERVED
+CVE-2022-29882
+ RESERVED
+CVE-2022-29881
+ RESERVED
+CVE-2022-29880
+ RESERVED
+CVE-2022-29879
+ RESERVED
+CVE-2022-29878
+ RESERVED
+CVE-2022-29877
+ RESERVED
+CVE-2022-29876
+ RESERVED
+CVE-2022-29875
+ RESERVED
+CVE-2022-29874
+ RESERVED
+CVE-2022-29873
+ RESERVED
+CVE-2022-29872
+ RESERVED
+CVE-2022-29518
+ RESERVED
+CVE-2022-29513
+ RESERVED
+CVE-2022-29484
+ RESERVED
+CVE-2022-29471
+ RESERVED
+CVE-2022-29467
+ RESERVED
+CVE-2022-28718
+ RESERVED
+CVE-2022-28713
+ RESERVED
+CVE-2022-28692
+ RESERVED
+CVE-2022-27807
+ RESERVED
+CVE-2022-27803
+ RESERVED
+CVE-2022-27661
+ RESERVED
+CVE-2022-27627
+ RESERVED
+CVE-2022-26368
+ RESERVED
+CVE-2022-26054
+ RESERVED
+CVE-2022-26051
+ RESERVED
+CVE-2022-1525
+ RESERVED
+CVE-2022-1524
+ RESERVED
+CVE-2022-1523
+ RESERVED
+CVE-2022-1522
+ RESERVED
+CVE-2022-1521
+ RESERVED
+CVE-2022-1520
+ RESERVED
+CVE-2022-1519
+ RESERVED
+CVE-2022-1518
+ RESERVED
+CVE-2022-1517
+ RESERVED
+CVE-2022-1516
+ RESERVED
+CVE-2022-1515
+ RESERVED
+CVE-2022-1514 (Stored XSS via upload plugin functionality in zip format in GitHub rep ...)
+ TODO: check
+CVE-2022-1513
+ RESERVED
+CVE-2022-1512
+ RESERVED
+CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it prior to 5 ...)
+ TODO: check
+CVE-2022-1510
+ RESERVED
+CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
+ TODO: check
CVE-2022-29868
RESERVED
CVE-2022-29867
@@ -94,28 +198,28 @@ CVE-2022-29823
RESERVED
CVE-2022-29822
RESERVED
-CVE-2022-29821
- RESERVED
-CVE-2022-29820
- RESERVED
-CVE-2022-29819
- RESERVED
-CVE-2022-29818
- RESERVED
-CVE-2022-29817
- RESERVED
-CVE-2022-29816
- RESERVED
-CVE-2022-29815
- RESERVED
-CVE-2022-29814
- RESERVED
-CVE-2022-29813
- RESERVED
-CVE-2022-29812
- RESERVED
-CVE-2022-29811
- RESERVED
+CVE-2022-29821 (In JetBrains Rider before 2022.1 local code execution via links in ReS ...)
+ TODO: check
+CVE-2022-29820 (In JetBrains PyCharm before 2022.1 exposure of the debugger port to th ...)
+ TODO: check
+CVE-2022-29819 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via link ...)
+ TODO: check
+CVE-2022-29818 (In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal ...)
+ TODO: check
+CVE-2022-29817 (In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messa ...)
+ TODO: check
+CVE-2022-29816 (In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messa ...)
+ TODO: check
+CVE-2022-29815 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via work ...)
+ TODO: check
+CVE-2022-29814 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML ...)
+ TODO: check
+CVE-2022-29813 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via cust ...)
+ TODO: check
+CVE-2022-29812 (In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about ...)
+ TODO: check
+CVE-2022-29811 (In JetBrains Hub before 2022.1.14638 stored XSS via project icon was p ...)
+ TODO: check
CVE-2022-1508
RESERVED
- linux 5.15.3-1
@@ -849,10 +953,10 @@ CVE-2022-29587
RESERVED
CVE-2022-29586
RESERVED
-CVE-2022-29585
- RESERVED
-CVE-2022-29584
- RESERVED
+CVE-2022-29585 (In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using ...)
+ TODO: check
+CVE-2022-29584 (Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS ...)
+ TODO: check
CVE-2022-29583 (service_windows.go in the kardianos service package for Go omits quoti ...)
- golang-github-kardianos-service <not-affected> (Windows-specific issue)
NOTE: https://github.com/kardianos/service/pull/290
@@ -1330,18 +1434,18 @@ CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel
NOT-FOR-US: WordPress plugin
CVE-2022-29416
RESERVED
-CVE-2022-29415
- RESERVED
+CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2022-29414
RESERVED
-CVE-2022-29413
- RESERVED
-CVE-2022-29412
- RESERVED
-CVE-2022-29411
- RESERVED
-CVE-2022-29410
- RESERVED
+CVE-2022-29413 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...)
+ TODO: check
+CVE-2022-29412 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit & ...)
+ TODO: check
+CVE-2022-29411 (SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐 ...)
+ TODO: check
+CVE-2022-29410 (Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit &# ...)
+ TODO: check
CVE-2022-29409
RESERVED
CVE-2022-29408
@@ -1737,8 +1841,8 @@ CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior
NOT-FOR-US: pimcore
CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...)
- coreboot <itp> (bug #381727)
-CVE-2022-28719
- RESERVED
+CVE-2022-28719 (Missing authentication for critical function in AssetView prior to Ver ...)
+ TODO: check
CVE-2022-1350 (A vulnerability classified as problematic was found in GhostPCL 9.55.0 ...)
- ghostscript <unfixed> (unimportant)
NOTE: https://vuldb.com/?id.197290
@@ -2021,8 +2125,8 @@ CVE-2022-29154
CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...)
- consul <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
-CVE-2022-29152
- RESERVED
+CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...)
+ TODO: check
CVE-2022-29151
RESERVED
CVE-2022-29150
@@ -2684,8 +2788,8 @@ CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can call
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f00432063db1a0db484e85193eccc6845435b80e (5.18-rc2)
-CVE-2022-28892
- RESERVED
+CVE-2022-28892 (Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to ...)
+ TODO: check
CVE-2022-28891
RESERVED
CVE-2022-27629 (Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Pa ...)
@@ -5040,14 +5144,14 @@ CVE-2022-28119
RESERVED
CVE-2022-28118
RESERVED
-CVE-2022-28117
- RESERVED
+CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate ...)
+ TODO: check
CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
NOT-FOR-US: Online Banking System
CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...)
NOT-FOR-US: Online Sports Complex Booking
-CVE-2022-28114
- RESERVED
+CVE-2022-28114 (DSCMS v3.0 was discovered to contain an arbitrary file deletion vulner ...)
+ TODO: check
CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 al ...)
NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware
CVE-2022-28112
@@ -5070,10 +5174,10 @@ CVE-2022-28104
RESERVED
CVE-2022-28103
RESERVED
-CVE-2022-28102
- RESERVED
-CVE-2022-28101
- RESERVED
+CVE-2022-28102 (A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Ge ...)
+ TODO: check
+CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag dur ...)
+ TODO: check
CVE-2022-28100
RESERVED
CVE-2022-28099
@@ -5701,8 +5805,8 @@ CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Ho
NOT-FOR-US: Vikbooking
CVE-2022-27861
RESERVED
-CVE-2022-27860
- RESERVED
+CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...)
+ TODO: check
CVE-2022-27859
RESERVED
CVE-2022-27858
@@ -13740,8 +13844,8 @@ CVE-2022-24937
RESERVED
CVE-2022-24936
RESERVED
-CVE-2022-24935
- RESERVED
+CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access Control. ...)
+ TODO: check
CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remo ...)
NOT-FOR-US: Kingsoft WPS Office
CVE-2022-24933
@@ -13769,6 +13873,7 @@ CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget pr
CVE-2022-24922
RESERVED
CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows st ...)
+ {DLA-2986-1 DLA-2985-1}
- golang-1.18 1.18~rc1-1
- golang-1.17 1.17.8-1
- golang-1.15 <removed>
@@ -13836,8 +13941,8 @@ CVE-2022-24894
RESERVED
CVE-2022-24893
RESERVED
-CVE-2022-24892
- RESERVED
+CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...)
+ TODO: check
CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
TODO: check
CVE-2022-24890
@@ -13870,8 +13975,8 @@ CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to
NOT-FOR-US: Ballcat Codegen
CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...)
NOT-FOR-US: flask-session-captcha
-CVE-2022-24879
- RESERVED
+CVE-2022-24879 (Shopware is an open source e-commerce software platform. Versions prio ...)
+ TODO: check
CVE-2022-24878
RESERVED
CVE-2022-24877
@@ -13882,8 +13987,8 @@ CVE-2022-24875 (The CVEProject/cve-services is an open source project used to op
NOT-FOR-US: CVEProject cve-services
CVE-2022-24874
REJECTED
-CVE-2022-24873
- RESERVED
+CVE-2022-24873 (Shopware is an open source e-commerce software platform. Prior to vers ...)
+ TODO: check
CVE-2022-24872 (Shopware is an open commerce platform based on Symfony Framework and V ...)
NOT-FOR-US: Shopware
CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...)
@@ -17886,6 +17991,7 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b
NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
NOTE: 2FA support is not packaged in Debian
CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...)
+ {DLA-2986-1 DLA-2985-1}
- golang-1.18 1.18~rc1-1
- golang-1.17 1.17.7-1
- golang-1.15 <removed>
@@ -18028,6 +18134,7 @@ CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinte
NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7)
CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...)
+ {DLA-2986-1 DLA-2985-1}
- golang-1.18 1.18~beta2-1
- golang-1.17 1.17.7-1
- golang-1.15 <removed>
@@ -21412,12 +21519,12 @@ CVE-2022-22785
RESERVED
CVE-2022-22784
RESERVED
-CVE-2022-22783
- RESERVED
-CVE-2022-22782
- RESERVED
-CVE-2022-22781
- RESERVED
+CVE-2022-22783 (A vulnerability in Zoom On-Premise Meeting Connector Controller versio ...)
+ TODO: check
+CVE-2022-22782 (The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom ...)
+ TODO: check
+CVE-2022-22781 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) pri ...)
+ TODO: check
CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...)
NOT-FOR-US: Zoom
CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
@@ -22632,12 +22739,12 @@ CVE-2022-22445
RESERVED
CVE-2022-22444
RESERVED
-CVE-2022-22443
- RESERVED
+CVE-2022-22443 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2022-22442
RESERVED
-CVE-2022-22441
- RESERVED
+CVE-2022-22441 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+ TODO: check
CVE-2022-22440
RESERVED
CVE-2022-22439
@@ -22664,8 +22771,8 @@ CVE-2022-22429
RESERVED
CVE-2022-22428
RESERVED
-CVE-2022-22427
- RESERVED
+CVE-2022-22427 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2022-22426
RESERVED
CVE-2022-22425
@@ -22874,8 +22981,8 @@ CVE-2022-22324
RESERVED
CVE-2022-22323 (IBM Security Identity Manager (IBM Security Verify Password Synchroniz ...)
NOT-FOR-US: IBM
-CVE-2022-22322
- RESERVED
+CVE-2022-22322 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2022-22321 (IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with ...)
NOT-FOR-US: IBM
CVE-2022-22320
@@ -30837,8 +30944,8 @@ CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow
NOT-FOR-US: Atlassian
CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
NOT-FOR-US: Atlassian Confluence
-CVE-2021-43939
- RESERVED
+CVE-2021-43939 (Elcomplus SmartPTT is vulnerable when a low-authenticated user can acc ...)
+ TODO: check
CVE-2021-43938
RESERVED
CVE-2021-43937
@@ -30847,16 +30954,16 @@ CVE-2021-43936 (The software allows the attacker to upload or transfer files of
NOT-FOR-US: Distributed Data Systems
CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...)
NOT-FOR-US: Hillrom
-CVE-2021-43934
- RESERVED
+CVE-2021-43934 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...)
+ TODO: check
CVE-2021-43933 (The affected product is vulnerable to a network-based attack by threat ...)
NOT-FOR-US: FANUC Roboguide
-CVE-2021-43932
- RESERVED
+CVE-2021-43932 (Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript c ...)
+ TODO: check
CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)
NOT-FOR-US: Distributed Data Systems
-CVE-2021-43930
- RESERVED
+CVE-2021-43930 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...)
+ TODO: check
CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
NOT-FOR-US: Synology
CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
@@ -39033,8 +39140,8 @@ CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in th
NOT-FOR-US: Subrion CMS
CVE-2021-41946
RESERVED
-CVE-2021-41945
- RESERVED
+CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input valida ...)
+ TODO: check
CVE-2021-41944
RESERVED
CVE-2021-41943
@@ -39081,8 +39188,8 @@ CVE-2021-41923
RESERVED
CVE-2021-41922
RESERVED
-CVE-2021-41921
- RESERVED
+CVE-2021-41921 (novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file ...)
+ TODO: check
CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...)
NOT-FOR-US: webTareas
CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...)
@@ -46494,8 +46601,8 @@ CVE-2021-38954
RESERVED
CVE-2021-38953
RESERVED
-CVE-2021-38952
- RESERVED
+CVE-2021-38952 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
@@ -59929,8 +60036,8 @@ CVE-2021-33438
RESERVED
CVE-2021-33437
RESERVED
-CVE-2021-33436
- RESERVED
+CVE-2021-33436 (NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from lo ...)
+ TODO: check
CVE-2021-33435
RESERVED
CVE-2021-33434
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac05b8c5c6d47b5529a3a94f0e31526f9c98143
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac05b8c5c6d47b5529a3a94f0e31526f9c98143
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220428/9ed10ff1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list