[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 1 21:10:32 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af1e8b32 by security tracker role at 2022-07-01T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-34902
+ RESERVED
+CVE-2022-34901
+ RESERVED
+CVE-2022-34900
+ RESERVED
+CVE-2022-34899
+ RESERVED
+CVE-2022-34898
+ RESERVED
+CVE-2022-34897
+ RESERVED
+CVE-2022-34896
+ RESERVED
+CVE-2022-34895
+ RESERVED
+CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...)
+ TODO: check
+CVE-2022-2285
+ RESERVED
+CVE-2022-2284
+ RESERVED
+CVE-2022-2283
+ RESERVED
+CVE-2022-2282 (Improper Authorization in GitHub repository saltstack/salt prior to 30 ...)
+ TODO: check
+CVE-2022-2281 (An information disclosure vulnerability in GitLab EE affecting all ver ...)
+ TODO: check
+CVE-2022-2280 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+ TODO: check
+CVE-2022-2279 (NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi pri ...)
+ TODO: check
+CVE-2022-2278
+ RESERVED
+CVE-2022-2277
+ RESERVED
+CVE-2021-4234
+ RESERVED
CVE-2022-34893
RESERVED
CVE-2022-34892
@@ -121,16 +159,16 @@ CVE-2022-2276
RESERVED
CVE-2022-2275
RESERVED
-CVE-2022-2274
- RESERVED
+CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA implemen ...)
+ TODO: check
CVE-2022-2273
RESERVED
CVE-2022-2272
RESERVED
CVE-2022-2271
RESERVED
-CVE-2022-2270
- RESERVED
+CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-2269
RESERVED
CVE-2022-2268
@@ -141,8 +179,8 @@ CVE-2022-2266
RESERVED
CVE-2022-2265
RESERVED
-CVE-2022-2264
- RESERVED
+CVE-2022-2264 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
+ TODO: check
CVE-2022-2263
RESERVED
CVE-2022-2262
@@ -308,16 +346,16 @@ CVE-2022-34767
RESERVED
CVE-2022-34766
RESERVED
-CVE-2022-2254
- RESERVED
-CVE-2022-2253
- RESERVED
+CVE-2022-2254 (A user with administrative privileges in Distributed Data Systems WebH ...)
+ TODO: check
+CVE-2022-2253 (A user with administrative privileges in Distributed Data Systems WebH ...)
+ TODO: check
CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
CVE-2022-2251
RESERVED
-CVE-2022-2250
- RESERVED
+CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...)
+ TODO: check
CVE-2021-46826
RESERVED
CVE-2021-46825
@@ -392,10 +430,10 @@ CVE-2022-34735
RESERVED
CVE-2022-2245
RESERVED
-CVE-2022-2244
- RESERVED
-CVE-2022-2243
- RESERVED
+CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all ...)
+ TODO: check
+CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...)
+ TODO: check
CVE-2022-2242
RESERVED
CVE-2022-2241
@@ -411,8 +449,8 @@ CVE-2022-2237
RESERVED
CVE-2022-2236
RESERVED
-CVE-2022-2235
- RESERVED
+CVE-2022-2235 (Insufficient sanitization in GitLab EE's external issue tracker affect ...)
+ TODO: check
CVE-2017-20138
RESERVED
CVE-2017-20137
@@ -454,14 +492,14 @@ CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
NOTE: https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5
NOTE: https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (v8.2.5169)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-2230
- RESERVED
-CVE-2022-2229
- RESERVED
-CVE-2022-2228
- RESERVED
-CVE-2022-2227
- RESERVED
+CVE-2022-2230 (A Stored Cross-Site Scripting vulnerability in the project settings pa ...)
+ TODO: check
+CVE-2022-2229 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2022-2228 (Information exposure in GitLab EE affecting all versions from 12.0 pri ...)
+ TODO: check
+CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE affecti ...)
+ TODO: check
CVE-2022-2226
RESERVED
- thunderbird <unfixed>
@@ -1537,8 +1575,8 @@ CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=a
NOT-FOR-US: PMB
CVE-2022-32284
RESERVED
-CVE-2022-2185
- RESERVED
+CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions ...)
+ TODO: check
CVE-2022-2184
RESERVED
CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
@@ -4477,16 +4515,16 @@ CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the compo
NOTE: https://github.com/redis/redis/pull/10829
CVE-2022-33104
RESERVED
-CVE-2022-33103
- RESERVED
+CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an ...)
+ TODO: check
CVE-2022-33102
RESERVED
CVE-2022-33101
RESERVED
CVE-2022-33100
RESERVED
-CVE-2022-33099
- RESERVED
+CVE-2022-33099 (An issue in the component luaG_runerror of Lua v5.4.4 and below leads ...)
+ TODO: check
CVE-2022-33098
RESERVED
CVE-2022-33097 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
@@ -6094,8 +6132,8 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063)
-CVE-2022-1999
- RESERVED
+CVE-2022-1999 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
CVE-2022-1998 (A use after free in the Linux kernel File System notify functionality ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
@@ -6721,12 +6759,12 @@ CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflec
NOT-FOR-US: WordPress plugin
CVE-2022-1984
RESERVED
-CVE-2022-1983
- RESERVED
+CVE-2022-1983 (Incorrect authorization in GitLab EE affecting all versions from 10.7 ...)
+ TODO: check
CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0 and earl ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-1981
- RESERVED
+CVE-2022-1981 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
CVE-2022-1980 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...)
NOT-FOR-US: SourceCodester Product Show Room Site
CVE-2022-1979 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...)
@@ -6973,8 +7011,8 @@ CVE-2022-32160
RESERVED
CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...)
NOT-FOR-US: openlibrary
-CVE-2022-1963
- RESERVED
+CVE-2022-1963 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2021-4233
RESERVED
CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 9.0 let client ...)
@@ -7043,8 +7081,8 @@ CVE-2022-1956
RESERVED
CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...)
TODO: check
-CVE-2022-1954
- RESERVED
+CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...)
+ TODO: check
CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1952
@@ -7221,54 +7259,54 @@ CVE-2022-32055
RESERVED
CVE-2022-32054
RESERVED
-CVE-2022-32053
- RESERVED
-CVE-2022-32052
- RESERVED
-CVE-2022-32051
- RESERVED
-CVE-2022-32050
- RESERVED
-CVE-2022-32049
- RESERVED
-CVE-2022-32048
- RESERVED
-CVE-2022-32047
- RESERVED
-CVE-2022-32046
- RESERVED
-CVE-2022-32045
- RESERVED
-CVE-2022-32044
- RESERVED
-CVE-2022-32043
- RESERVED
+CVE-2022-32053 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32052 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32051 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32050 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32049 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32048 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32047 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32046 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32045 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32044 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
+ TODO: check
+CVE-2022-32043 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...)
+ TODO: check
CVE-2022-32042
RESERVED
-CVE-2022-32041
- RESERVED
-CVE-2022-32040
- RESERVED
-CVE-2022-32039
- RESERVED
+CVE-2022-32041 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...)
+ TODO: check
+CVE-2022-32040 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...)
+ TODO: check
+CVE-2022-32039 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...)
+ TODO: check
CVE-2022-32038
RESERVED
-CVE-2022-32037
- RESERVED
-CVE-2022-32036
- RESERVED
-CVE-2022-32035
- RESERVED
-CVE-2022-32034
- RESERVED
-CVE-2022-32033
- RESERVED
-CVE-2022-32032
- RESERVED
-CVE-2022-32031
- RESERVED
-CVE-2022-32030
- RESERVED
+CVE-2022-32037 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...)
+ TODO: check
+CVE-2022-32036 (Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow v ...)
+ TODO: check
+CVE-2022-32035 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...)
+ TODO: check
+CVE-2022-32034 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...)
+ TODO: check
+CVE-2022-32033 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
+CVE-2022-32032 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
+CVE-2022-32031 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
+CVE-2022-32030 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
CVE-2022-32029
RESERVED
CVE-2022-32028 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...)
@@ -8505,10 +8543,10 @@ CVE-2022-31607
RESERVED
CVE-2022-31606
RESERVED
-CVE-2022-31605
- RESERVED
-CVE-2022-31604
- RESERVED
+CVE-2022-31605 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its util ...)
+ TODO: check
+CVE-2022-31604 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI ...)
+ TODO: check
CVE-2022-31603
RESERVED
CVE-2022-31602
@@ -9804,8 +9842,8 @@ CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of elast
TODO: check
CVE-2022-31114
RESERVED
-CVE-2022-31113
- RESERVED
+CVE-2022-31113 (Canarytokens is an open source tool which helps track activity and act ...)
+ TODO: check
CVE-2022-31112 (Parse Server is an open source backend that can be deployed to any inf ...)
TODO: check
CVE-2022-31111
@@ -13961,7 +13999,7 @@ CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 an
NOT-FOR-US: Onlyoffice Document Server
CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication vi ...)
NOT-FOR-US: iSpyConnect iSpy
-CVE-2022-29774 (iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. ...)
+CVE-2022-29774 (iSpy v7.2.2.0 is vulnerable to remote command execution via path trave ...)
NOT-FOR-US: iSpyConnect iSpy
CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...)
NOT-FOR-US: AlekSIS
@@ -35155,8 +35193,8 @@ CVE-2022-0168
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386
-CVE-2022-0167
- RESERVED
+CVE-2022-0167 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...)
NOT-FOR-US: McAfee
CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6 does not ...)
@@ -37007,8 +37045,8 @@ CVE-2022-22375
RESERVED
CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subj ...)
NOT-FOR-US: IBM
-CVE-2022-22373
- RESERVED
+CVE-2022-22373 (An improper validation vulnerability in IBM InfoSphere Information Ser ...)
+ TODO: check
CVE-2022-22372
RESERVED
CVE-2022-22371
@@ -37019,10 +37057,10 @@ CVE-2022-22369
RESERVED
CVE-2022-22368 (IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cry ...)
NOT-FOR-US: IBM
-CVE-2022-22367
- RESERVED
-CVE-2022-22366
- RESERVED
+CVE-2022-22367 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 co ...)
+ TODO: check
+CVE-2022-22366 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 st ...)
+ TODO: check
CVE-2022-22365 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax ...)
NOT-FOR-US: IBM
CVE-2022-22364
@@ -64907,8 +64945,8 @@ CVE-2021-37526
RESERVED
CVE-2021-37525
RESERVED
-CVE-2021-37524
- RESERVED
+CVE-2021-37524 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows re ...)
+ TODO: check
CVE-2021-37523
RESERVED
CVE-2021-37522
@@ -65723,6 +65761,7 @@ CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3
CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...)
NOT-FOR-US: CyberArk Identity
CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...)
+ {DLA-3066-1}
- isync 1.4.4-1
[bullseye] - isync 1.3.0-2.2+deb11u1
[buster] - isync <no-dsa> (Minor issue)
@@ -73718,6 +73757,7 @@ CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in ges
CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
NOT-FOR-US: Bitdefender
CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
+ {DLA-3066-1}
- isync 1.3.0-2.2 (bug #989564)
[buster] - isync 1.3.0-2.2~deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1
@@ -109460,6 +109500,7 @@ CVE-2021-20249
CVE-2021-20248
REJECTED
CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...)
+ {DLA-3066-1}
- isync 1.3.0-2.1 (bug #983351)
[buster] - isync 1.3.0-2.2~deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
@@ -155250,7 +155291,7 @@ CVE-2020-13302 (A vulnerability was discovered in GitLab versions before 13.1.10
CVE-2020-13301 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13300 (GitLab before version 13.3.4 was vulnerable to an OAuth authorization ...)
+CVE-2020-13300 (GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth a ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
CVE-2020-13299 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
@@ -425149,13 +425190,12 @@ CVE-2014-3652 (JBoss KeyCloak: Open redirect vulnerability via failure to valida
NOT-FOR-US: JBoss KeyCloak
CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a d ...)
NOT-FOR-US: JBoss KeyCloak
-CVE-2014-3650
- RESERVED
+CVE-2014-3650 (Multiple persistent cross-site scripting (XSS) flaws were found in the ...)
NOT-FOR-US: JBoss AeroGear
CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...)
NOT-FOR-US: JBoss AeroGear
-CVE-2014-3648
- RESERVED
+CVE-2014-3648 (The simplepush server iterates through the application installations a ...)
+ TODO: check
CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel throug ...)
{DSA-3060-1}
- linux 3.16.7-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af1e8b32a4964fa5fd2c043b5c5248d40d31a941
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af1e8b32a4964fa5fd2c043b5c5248d40d31a941
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/21ad8375/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list