[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 12 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56fd0842 by security tracker role at 2022-08-12T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider could ...)
+ TODO: check
+CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Downloa ...)
+ TODO: check
+CVE-2022-38178
+ RESERVED
+CVE-2022-38177
+ RESERVED
+CVE-2022-2808
+ RESERVED
+CVE-2022-2807
+ RESERVED
+CVE-2022-2806
+ RESERVED
+CVE-2022-2805
+ RESERVED
+CVE-2022-2804
+ RESERVED
+CVE-2022-2803
+ RESERVED
+CVE-2022-2802
+ RESERVED
+CVE-2022-2801
+ RESERVED
+CVE-2022-2800
+ RESERVED
+CVE-2022-2799
+ RESERVED
+CVE-2022-2798
+ RESERVED
+CVE-2022-2797
+ RESERVED
+CVE-2022-2796
+ RESERVED
+CVE-2022-2795
+ RESERVED
CVE-2022-38176
RESERVED
CVE-2022-38175
@@ -44,8 +80,8 @@ CVE-2022-2781
RESERVED
CVE-2022-2780
RESERVED
-CVE-2022-2779
- RESERVED
+CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...)
+ TODO: check
CVE-2022-2778
RESERVED
CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
@@ -1783,8 +1819,8 @@ CVE-2022-37425
RESERVED
CVE-2022-37424
RESERVED
-CVE-2022-37423
- RESERVED
+CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x befor ...)
+ TODO: check
CVE-2022-37422
RESERVED
CVE-2022-37421
@@ -4505,8 +4541,8 @@ CVE-2022-2505
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505
CVE-2022-2504
RESERVED
-CVE-2022-2503
- RESERVED
+CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems. Loa ...)
+ TODO: check
CVE-2022-2502
RESERVED
CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...)
@@ -5563,8 +5599,8 @@ CVE-2022-35934
RESERVED
CVE-2022-35933
RESERVED
-CVE-2022-35932
- RESERVED
+CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. Pr ...)
+ TODO: check
CVE-2022-35931
RESERVED
CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...)
@@ -6263,8 +6299,8 @@ CVE-2022-2392
RESERVED
CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2390
- RESERVED
+CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had the mutab ...)
+ TODO: check
CVE-2022-2389
RESERVED
CVE-2022-2388
@@ -6430,18 +6466,18 @@ CVE-2022-35592
RESERVED
CVE-2022-35591
RESERVED
-CVE-2022-35590
- RESERVED
-CVE-2022-35589
- RESERVED
+CVE-2022-35590 (A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows ...)
+ TODO: check
+CVE-2022-35589 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows re ...)
+ TODO: check
CVE-2022-35588
RESERVED
-CVE-2022-35587
- RESERVED
+CVE-2022-35587 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows re ...)
+ TODO: check
CVE-2022-35586
RESERVED
-CVE-2022-35585
- RESERVED
+CVE-2022-35585 (A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 ...)
+ TODO: check
CVE-2022-35584
RESERVED
CVE-2022-35583
@@ -7886,7 +7922,8 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL
NOT-FOR-US: Pharmacy Management System
CVE-2022-34944
RESERVED
-CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution (RCE) v ...)
+CVE-2022-34943
+ REJECTED
- php-laravel-framework <unfixed> (bug #1016977)
NOTE: https://github.com/beicheng-maker/vulns/issues/1
CVE-2022-34942
@@ -16242,12 +16279,15 @@ CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-ba
CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expressio ...)
NOT-FOR-US: Apache Tapestry
CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...)
+ {DSA-5206-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...)
+ {DSA-5206-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-31778 (Improper Input Validation vulnerability in handling the Transfer-Encod ...)
+ {DSA-5206-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-31777
@@ -17776,7 +17816,8 @@ CVE-2022-31281
RESERVED
CVE-2022-31280
RESERVED
-CVE-2022-31279 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
+CVE-2022-31279
+ REJECTED
NOT-FOR-US: Laravel
CVE-2022-31278
RESERVED
@@ -19402,9 +19443,11 @@ CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause
NOTE: https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service
NOTE: https://redmine.lighttpd.net/issues/3059
NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b03b86f47b0d5a553137f081fadc482b4af1372d (lighttpd-1.4.59)
-CVE-2022-30779 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
+CVE-2022-30779
+ REJECTED
NOT-FOR-US: Disputed Laravel issue
-CVE-2022-30778 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
+CVE-2022-30778
+ REJECTED
NOT-FOR-US: Disputed Laravel issue
CVE-2022-30777 (Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from param ...)
NOT-FOR-US: Parallels H-Sphere
@@ -27256,6 +27299,7 @@ CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go
CVE-2022-28130
RESERVED
CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsing of ...)
+ {DSA-5206-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...)
@@ -33942,6 +33986,7 @@ CVE-2022-25769
CVE-2022-25768
RESERVED
CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...)
+ {DSA-5206-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...)
@@ -56017,7 +56062,8 @@ CVE-2021-43505 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in Sso
NOT-FOR-US: Sourcecodester Simple Client Management System
CVE-2021-43504
RESERVED
-CVE-2021-43503 (A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 ...)
+CVE-2021-43503
+ REJECTED
NOTE: Disputed Laravel issue
CVE-2021-43502
RESERVED
@@ -58928,10 +58974,10 @@ CVE-2021-42753 (An improper limitation of a pathname to a restricted directory (
NOT-FOR-US: FortiGuard
CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
-CVE-2021-42751
- RESERVED
-CVE-2021-42750
- RESERVED
+CVE-2021-42751 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...)
+ TODO: check
+CVE-2021-42750 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...)
+ TODO: check
CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...)
NOT-FOR-US: Beaver
CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...)
@@ -74154,7 +74200,8 @@ CVE-2021-37300
RESERVED
CVE-2021-37299
RESERVED
-CVE-2021-37298 (Laravel v5.1 was discovered to contain a deserialization vulnerability ...)
+CVE-2021-37298
+ REJECTED
- php-laravel-framework <unfixed> (bug #1014830)
NOTE: https://github.com/Stakcery/happywd/issues/1
CVE-2021-37297
@@ -74509,6 +74556,7 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel
[buster] - linux 4.19.208-1
NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
+ {DSA-5206-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fd08429f85b0a4eec95cc24c2eeed2b875cf4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fd08429f85b0a4eec95cc24c2eeed2b875cf4e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220812/9391084d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list