[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 2 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
65634a1d by security tracker role at 2022-08-02T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2022-37392
+ RESERVED
+CVE-2022-37391
+ RESERVED
+CVE-2022-37390
+ RESERVED
+CVE-2022-37389
+ RESERVED
+CVE-2022-37388
+ RESERVED
+CVE-2022-37387
+ RESERVED
+CVE-2022-37386
+ RESERVED
+CVE-2022-37385
+ RESERVED
+CVE-2022-37384
+ RESERVED
+CVE-2022-37383
+ RESERVED
+CVE-2022-37382
+ RESERVED
+CVE-2022-37381
+ RESERVED
+CVE-2022-37380
+ RESERVED
+CVE-2022-37379
+ RESERVED
+CVE-2022-37378
+ RESERVED
+CVE-2022-37377
+ RESERVED
+CVE-2022-37376
+ RESERVED
+CVE-2022-37375
+ RESERVED
+CVE-2022-37374
+ RESERVED
+CVE-2022-37373
+ RESERVED
+CVE-2022-37372
+ RESERVED
+CVE-2022-37371
+ RESERVED
+CVE-2022-37370
+ RESERVED
+CVE-2022-37369
+ RESERVED
+CVE-2022-37368
+ RESERVED
+CVE-2022-37367
+ RESERVED
+CVE-2022-37366
+ RESERVED
+CVE-2022-37365
+ RESERVED
+CVE-2022-37364
+ RESERVED
+CVE-2022-37363
+ RESERVED
+CVE-2022-37362
+ RESERVED
+CVE-2022-37361
+ RESERVED
+CVE-2022-37360
+ RESERVED
+CVE-2022-37359
+ RESERVED
+CVE-2022-37358
+ RESERVED
+CVE-2022-37357
+ RESERVED
+CVE-2022-37356
+ RESERVED
+CVE-2022-37355
+ RESERVED
+CVE-2022-37354
+ RESERVED
+CVE-2022-37353
+ RESERVED
+CVE-2022-37352
+ RESERVED
+CVE-2022-37351
+ RESERVED
+CVE-2022-37350
+ RESERVED
+CVE-2022-37349
+ RESERVED
+CVE-2022-2633
+ RESERVED
+CVE-2022-2632
+ RESERVED
+CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prior to ...)
+ TODO: check
+CVE-2022-2630
+ RESERVED
+CVE-2022-2629
+ RESERVED
+CVE-2022-2628
+ RESERVED
+CVE-2022-2627
+ RESERVED
+CVE-2022-2626
+ RESERVED
CVE-2022-37348
RESERVED
CVE-2022-37347
@@ -3415,8 +3519,8 @@ CVE-2022-35926
RESERVED
CVE-2022-35925
RESERVED
-CVE-2022-35924
- RESERVED
+CVE-2022-35924 (NextAuth.js is a complete open source authentication solution for Next ...)
+ TODO: check
CVE-2022-35923
RESERVED
CVE-2022-35922 (Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In ve ...)
@@ -5116,18 +5220,18 @@ CVE-2022-35225 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.3
NOT-FOR-US: SAP
CVE-2022-35224 (SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7 ...)
NOT-FOR-US: SAP
-CVE-2022-35223
- RESERVED
-CVE-2022-35222
- RESERVED
-CVE-2022-35221
- RESERVED
-CVE-2022-35220
- RESERVED
-CVE-2022-35219
- RESERVED
-CVE-2022-35218
- RESERVED
+CVE-2022-35223 (EasyUse MailHunter Ultimate’s cookie deserialization function ha ...)
+ TODO: check
+CVE-2022-35222 (HiCOS Citizen verification component has a stack-based buffer overflow ...)
+ TODO: check
+CVE-2022-35221 (Teamplus Pro community discussion has an ‘allocation of resource ...)
+ TODO: check
+CVE-2022-35220 (Teamplus Pro community discussion function has an ‘allocation of ...)
+ TODO: check
+CVE-2022-35219 (The NHI card’s web service component has a stack-based buffer ov ...)
+ TODO: check
+CVE-2022-35218 (The NHI card’s web service component has a heap-based buffer ove ...)
+ TODO: check
CVE-2022-35217 (The NHI card’s web service component has a stack-based buffer ov ...)
NOT-FOR-US: NHI card
CVE-2022-35216
@@ -6728,8 +6832,8 @@ CVE-2022-34627
RESERVED
CVE-2022-34626
RESERVED
-CVE-2022-34625
- RESERVED
+CVE-2022-34625 (Mealie1.0.0beta3 was discovered to contain a Server-Side Template Inje ...)
+ TODO: check
CVE-2022-34624
RESERVED
CVE-2022-34623
@@ -6742,8 +6846,8 @@ CVE-2022-34620
RESERVED
CVE-2022-34619
RESERVED
-CVE-2022-34618
- RESERVED
+CVE-2022-34618 (A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 ...)
+ TODO: check
CVE-2022-34617
RESERVED
CVE-2022-34616
@@ -6752,8 +6856,8 @@ CVE-2022-34615
RESERVED
CVE-2022-34614
RESERVED
-CVE-2022-34613
- RESERVED
+CVE-2022-34613 (Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability whic ...)
+ TODO: check
CVE-2022-34612 (Rizin v0.4.0 and below was discovered to contain an integer overflow v ...)
NOT-FOR-US: Rizin
CVE-2022-34611 (A cross-site scripting (XSS) vulnerability in /index.php/?p=report of ...)
@@ -11344,10 +11448,12 @@ CVE-2022-26842
CVE-2022-2049
RESERVED
CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...)
+ {DSA-5198-1}
- jetty9 9.4.48-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j
NOTE: https://github.com/eclipse/jetty.project/issues/7935
CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, a ...)
+ {DSA-5198-1}
- jetty9 9.4.48-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
NOTE: https://github.com/eclipse/jetty.project/pull/8146
@@ -17648,10 +17754,10 @@ CVE-2022-30574
RESERVED
CVE-2022-30573
RESERVED
-CVE-2022-30572
- RESERVED
-CVE-2022-30571
- RESERVED
+CVE-2022-30572 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...)
+ TODO: check
+CVE-2022-30571 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...)
+ TODO: check
CVE-2022-30570 (The Column Based Security component of TIBCO Software Inc.'s TIBCO Dat ...)
NOT-FOR-US: TIBCO
CVE-2022-30569
@@ -21950,8 +22056,7 @@ CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL inje
NOTE: https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 (master)
NOTE: https://git.openldap.org/openldap/openldap/-/commit/40f3ae4f5c9a8baf75b237220f62c436a571d66e (OPENLDAP_REL_ENG_2_5_12)
NOTE: back-sql backend to slapd is enabled but considered experimental upstream.
-CVE-2022-29154
- RESERVED
+CVE-2022-29154 (An issue was discovered in rsync before 3.2.5 that allows malicious re ...)
- rsync <unfixed> (bug #1016543)
[bullseye] - rsync <no-dsa> (Minor issue; for untrusted remote sending hosts additional protective measures can be taken)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/02/1
@@ -22347,8 +22452,8 @@ CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js
NOT-FOR-US: fullpage.js
CVE-2022-1294 (The IMDB info box WordPress plugin through 2.0 does not sanitize and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1293
- RESERVED
+CVE-2022-1293 (The embedded neutralization of Script-Related HTML Tag, was by-passed ...)
+ TODO: check
CVE-2022-1292 (The c_rehash script does not properly sanitise shell metacharacters to ...)
{DSA-5139-1 DLA-3008-1}
- openssl 1.1.1o-1
@@ -31165,8 +31270,8 @@ CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pol
CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...)
- angular.js <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
-CVE-2022-25867
- RESERVED
+CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are vulnerable to ...)
+ TODO: check
CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to Command I ...)
NOT-FOR-US: git-php
CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to Command In ...)
@@ -38605,8 +38710,8 @@ CVE-2022-23735
RESERVED
CVE-2022-23734
RESERVED
-CVE-2022-23733
- RESERVED
+CVE-2022-23733 (A stored XSS vulnerability was identified in GitHub Enterprise Server ...)
+ TODO: check
CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: Github Enterprise Server
CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...)
@@ -106690,8 +106795,8 @@ CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open R
NOT-FOR-US: Node trailing-slash
CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
NOT-FOR-US: Node dns-packet
-CVE-2021-23385
- RESERVED
+CVE-2021-23385 (This affects all versions of package Flask-Security. When using the ge ...)
+ TODO: check
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
NOT-FOR-US: Node koa-remove-trailing-slashes before
CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
@@ -123804,12 +123909,12 @@ CVE-2020-28455 (This affects all versions of package markdown-it-toc. The title
NOT-FOR-US: Node markdown-it-toc
CVE-2020-28454
RESERVED
-CVE-2020-28453
- RESERVED
+CVE-2020-28453 (This affects all versions of package npos-tesseract. The injection poi ...)
+ TODO: check
CVE-2020-28452 (This affects the package com.softwaremill.akka-http-session:core_2.12 ...)
NOT-FOR-US: akka-http-session
-CVE-2020-28451
- RESERVED
+CVE-2020-28451 (This affects the package image-tiler before 2.0.2. ...)
+ TODO: check
CVE-2020-28450 (This affects all versions of package decal. The vulnerability is in th ...)
NOT-FOR-US: Node decal
CVE-2020-28449 (This affects all versions of package decal. The vulnerability is in th ...)
@@ -123836,16 +123941,16 @@ CVE-2020-28439 (This affects all versions of package corenlp-js-prefab. The inje
NOT-FOR-US: corenlp-js-prefab
CVE-2020-28438 (This affects all versions of package deferred-exec. The injection poin ...)
NOT-FOR-US: Node deferred-exec
-CVE-2020-28437
- RESERVED
+CVE-2020-28437 (This affects all versions of package heroku-env. The injection point i ...)
+ TODO: check
CVE-2020-28436 (This affects all versions of package google-cloudstorage-commands. ...)
NOT-FOR-US: Node google-cloudstorage-commands
CVE-2020-28435 (This affects all versions of package ffmpeg-sdk. The injection point i ...)
NOT-FOR-US: Node ffmpeg-sdk
-CVE-2020-28434
- RESERVED
-CVE-2020-28433
- RESERVED
+CVE-2020-28434 (This affects all versions of package gitblame. The injection point is ...)
+ TODO: check
+CVE-2020-28433 (This affects all versions of package node-latex-pdf. ...)
+ TODO: check
CVE-2020-28432
REJECTED
CVE-2020-28431
@@ -123860,12 +123965,12 @@ CVE-2020-28427
RESERVED
CVE-2020-28426 (All versions of package kill-process-on-port are vulnerable to Command ...)
NOT-FOR-US: Node kill-process-on-port
-CVE-2020-28425
- RESERVED
-CVE-2020-28424
- RESERVED
-CVE-2020-28423
- RESERVED
+CVE-2020-28425 (This affects all versions of package curljs. ...)
+ TODO: check
+CVE-2020-28424 (This affects all versions of package s3-kilatstorage. ...)
+ TODO: check
+CVE-2020-28423 (This affects all versions of package monorepo-build. ...)
+ TODO: check
CVE-2020-28422 (All versions of package git-archive are vulnerable to Command Injectio ...)
NOT-FOR-US: Node git-archive
CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains a vulne ...)
@@ -177422,8 +177527,8 @@ CVE-2020-7797
RESERVED
CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...)
NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
-CVE-2020-7795
- RESERVED
+CVE-2020-7795 (The package get-npm-package-version before 1.0.7 are vulnerable to Com ...)
+ TODO: check
CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...)
NOT-FOR-US: Node buns
CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65634a1d9eaeb915d76fb757f1302a1bca2cfbb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65634a1d9eaeb915d76fb757f1302a1bca2cfbb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220802/af5e7114/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list