[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 4 21:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53b4e904 by security tracker role at 2022-08-04T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-2663
+ RESERVED
+CVE-2022-2662
+ RESERVED
+CVE-2022-2661
+ RESERVED
+CVE-2022-2660
+ RESERVED
+CVE-2022-2659
+ RESERVED
+CVE-2022-2658
+ RESERVED
+CVE-2022-2657
+ RESERVED
+CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2022-2655
+ RESERVED
+CVE-2022-2654
+ RESERVED
+CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...)
+ TODO: check
+CVE-2022-2652 (Depending on the way the format strings in the card label are crafted ...)
+ TODO: check
+CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository bookwyr ...)
+ TODO: check
+CVE-2022-2650
+ RESERVED
+CVE-2022-2649
+ RESERVED
+CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language Hotel Manag ...)
+ TODO: check
+CVE-2022-2647 (A vulnerability was found in jeecg-boot. It has been declared as criti ...)
+ TODO: check
CVE-2022-37397
RESERVED
CVE-2022-37345
@@ -20,14 +54,14 @@ CVE-2022-34152
RESERVED
CVE-2022-32766
RESERVED
-CVE-2022-2646
- RESERVED
-CVE-2022-2645
- RESERVED
-CVE-2022-2644
- RESERVED
-CVE-2022-2643
- RESERVED
+CVE-2022-2646 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2022-2645 (A vulnerability has been found in SourceCodester Garage Management Sys ...)
+ TODO: check
+CVE-2022-2644 (A vulnerability was found in SourceCodester Online Admission System an ...)
+ TODO: check
+CVE-2022-2643 (A vulnerability has been found in SourceCodester Online Admission Syst ...)
+ TODO: check
CVE-2022-2642
RESERVED
CVE-2022-2641
@@ -2816,48 +2850,48 @@ CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage Managemen
NOT-FOR-US: SourceCodester Garage Management
CVE-2016-15004 (A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. I ...)
NOT-FOR-US: InfiniteWP
-CVE-2022-35735
- RESERVED
-CVE-2022-35728
- RESERVED
-CVE-2022-35272
- RESERVED
-CVE-2022-35245
- RESERVED
-CVE-2022-35243
- RESERVED
-CVE-2022-35241
- RESERVED
-CVE-2022-35240
- RESERVED
-CVE-2022-35236
- RESERVED
-CVE-2022-34865
- RESERVED
-CVE-2022-34862
- RESERVED
-CVE-2022-34851
- RESERVED
-CVE-2022-34844
- RESERVED
-CVE-2022-34655
- RESERVED
-CVE-2022-34651
- RESERVED
-CVE-2022-33968
- RESERVED
-CVE-2022-33962
- RESERVED
-CVE-2022-33947
- RESERVED
-CVE-2022-33203
- RESERVED
-CVE-2022-32455
- RESERVED
-CVE-2022-31473
- RESERVED
-CVE-2022-30535
- RESERVED
+CVE-2022-35735 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14. ...)
+ TODO: check
+CVE-2022-35728 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
+CVE-2022-35272 (In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, ...)
+ TODO: check
+CVE-2022-35245 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and ...)
+ TODO: check
+CVE-2022-35243 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1. ...)
+ TODO: check
+CVE-2022-35241 (In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Insta ...)
+ TODO: check
+CVE-2022-35240 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and ...)
+ TODO: check
+CVE-2022-35236 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and ...)
+ TODO: check
+CVE-2022-34865 (In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and a ...)
+ TODO: check
+CVE-2022-34862 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14. ...)
+ TODO: check
+CVE-2022-34851 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
+CVE-2022-34844 (In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, ...)
+ TODO: check
+CVE-2022-34655 (In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and ...)
+ TODO: check
+CVE-2022-34651 (In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, ...)
+ TODO: check
+CVE-2022-33968 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
+CVE-2022-33962 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
+ TODO: check
+CVE-2022-33947 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1. ...)
+ TODO: check
+CVE-2022-33203 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 1 ...)
+ TODO: check
+CVE-2022-32455 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14. ...)
+ TODO: check
+CVE-2022-31473 (In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when ...)
+ TODO: check
+CVE-2022-30535 (In versions 2.x before 2.3.0 and all versions of 1.x, An attacker auth ...)
+ TODO: check
CVE-2022-2466
RESERVED
CVE-2022-2465
@@ -5346,10 +5380,11 @@ CVE-2022-35218 (The NHI card’s web service component has a heap-based buff
NOT-FOR-US: The NHI card
CVE-2022-35217 (The NHI card’s web service component has a stack-based buffer ov ...)
NOT-FOR-US: NHI card
-CVE-2022-35216
- RESERVED
+CVE-2022-35216 (OMICARD EDM’s mail image relay function has a path traversal vul ...)
+ TODO: check
CVE-2022-2320 [ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access]
RESERVED
+ {DLA-3068-1}
- xorg-server 2:21.1.4-1 (bug #1014903)
NOTE: Introduced by: https://github.com/freedesktop/xorg-xserver/commit/c06e27b2f6fd9f7b9f827623a48876a225264132 (xorg-server-1.5.99.1)
NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc
@@ -5357,6 +5392,7 @@ CVE-2022-2320 [ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Ac
NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1
CVE-2022-2319 [ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access]
RESERVED
+ {DLA-3068-1}
- xorg-server 2:21.1.4-1 (bug #1014903)
NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/6907b6ea2b4ce949cb07271f5b678d5966d9df42
NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac
@@ -8243,8 +8279,7 @@ CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML inj
NOT-FOR-US: IBM
CVE-2022-34159
RESERVED
-CVE-2022-34158
- RESERVED
+CVE-2022-34158 (A carefully crafted invocation on the Image plugin could trigger an CS ...)
- jspwiki <removed>
CVE-2022-2143 (The affected product is vulnerable to two instances of command injecti ...)
NOT-FOR-US: iView
@@ -11153,12 +11188,12 @@ CVE-2022-32967
RESERVED
CVE-2022-32966
RESERVED
-CVE-2022-32965
- RESERVED
-CVE-2022-32964
- RESERVED
-CVE-2022-32963
- RESERVED
+CVE-2022-32965 (OMICARD EDM has a hard-coded machine key. An unauthenticated remote at ...)
+ TODO: check
+CVE-2022-32964 (OMICARD EDM’s API function has insufficient validation for user ...)
+ TODO: check
+CVE-2022-32963 (OMICARD EDM’s mail file relay function has a path traversal vuln ...)
+ TODO: check
CVE-2022-32962 (HiCOS’ client-side citizen certificate component has a double fr ...)
NOT-FOR-US: HICOS
CVE-2022-32961 (HICOS’ client-side citizen digital certificate component has a s ...)
@@ -16224,8 +16259,8 @@ CVE-2022-31134 (Zulip is an open-source team collaboration tool. Zulip Server ve
NOT-FOR-US: Zulip
CVE-2022-31133 (HumHub is an Open Source Enterprise Social Network. Affected versions ...)
NOT-FOR-US: HumHub
-CVE-2022-31132
- RESERVED
+CVE-2022-31132 (Nextcloud Mail is an email application for the nextcloud personal clou ...)
+ TODO: check
CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...)
NOT-FOR-US: Nextcloud Mail app
CVE-2022-31130
@@ -16253,12 +16288,12 @@ CVE-2022-31122
RESERVED
CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In ...)
NOT-FOR-US: Hyperledger Fabric
-CVE-2022-31120
- RESERVED
-CVE-2022-31119
- RESERVED
-CVE-2022-31118
- RESERVED
+CVE-2022-31120 (Nextcloud server is an open source personal cloud solution. The audit ...)
+ TODO: check
+CVE-2022-31119 (Nextcloud Mail is an email application for the nextcloud personal clou ...)
+ TODO: check
+CVE-2022-31118 (Nextcloud server is an open source personal cloud solution. In affecte ...)
+ TODO: check
CVE-2022-31117 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
- ujson 5.4.0-1
[bullseye] - ujson <no-dsa> (Minor issue)
@@ -23163,7 +23198,7 @@ CVE-2022-28801
RESERVED
CVE-2022-28800
RESERVED
-CVE-2022-28799 (The TikTok application before 27.7.3 for Android allows account takeov ...)
+CVE-2022-28799 (The TikTok application before 23.7.3 for Android allows account takeov ...)
NOT-FOR-US: TikTok Android app
CVE-2022-28798
RESERVED
@@ -23342,14 +23377,11 @@ CVE-2022-28733
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2022-28732
- RESERVED
+CVE-2022-28732 (A carefully crafted request on WeblogPlugin could trigger an XSS vulne ...)
- jspwiki <removed>
-CVE-2022-28731
- RESERVED
+CVE-2022-28731 (A carefully crafted request on UserPreferences.jsp could trigger an CS ...)
- jspwiki <removed>
-CVE-2022-28730
- RESERVED
+CVE-2022-28730 (A carefully crafted request on AJAXPreview.jsp could trigger an XSS vu ...)
- jspwiki <removed>
CVE-2022-28729
RESERVED
@@ -28089,8 +28121,7 @@ CVE-2022-27169 (An information disclosure vulnerability exists in the OAS Engine
NOT-FOR-US: Open Automation Software
CVE-2022-27167 (Privilege escalation vulnerability in Windows products of ESET, spol. ...)
NOT-FOR-US: ESET
-CVE-2022-27166
- RESERVED
+CVE-2022-27166 (A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS ...)
- jspwiki <removed>
CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...)
NOT-FOR-US: WPS Presentation
@@ -33579,8 +33610,8 @@ CVE-2022-25169 (The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.
[bullseye] - tika <no-dsa> (Minor issue)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/4
-CVE-2022-25168
- RESERVED
+CVE-2022-25168 (Apache Hadoop's FileUtil.unTar(File, File) API does not escape the inp ...)
+ TODO: check
CVE-2022-25167 (Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote c ...)
NOT-FOR-US: Apache Flume
CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and earlier all ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53b4e9045813e2e84da23d9f618ce51bc8e8a6f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53b4e9045813e2e84da23d9f618ce51bc8e8a6f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220804/72d275d8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list