[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 2 09:10:23 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c0cb529 by security tracker role at 2022-07-02T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-34910
+	RESERVED
+CVE-2022-34909
+	RESERVED
+CVE-2022-34908
+	RESERVED
+CVE-2022-34907
+	RESERVED
+CVE-2022-34906
+	RESERVED
+CVE-2022-34905
+	RESERVED
+CVE-2022-34904
+	RESERVED
+CVE-2022-34863
+	RESERVED
+CVE-2022-34856
+	RESERVED
+CVE-2022-34854
+	RESERVED
+CVE-2022-34841
+	RESERVED
+CVE-2022-34488
+	RESERVED
+CVE-2022-34346
+	RESERVED
+CVE-2022-33972
+	RESERVED
+CVE-2022-33197
+	RESERVED
+CVE-2022-32581
+	RESERVED
+CVE-2022-30531
+	RESERVED
+CVE-2022-2287
+	RESERVED
+CVE-2022-2286
+	RESERVED
 CVE-2022-34902
 	RESERVED
 CVE-2022-34901
@@ -77,7 +115,7 @@ CVE-2022-34877
 	RESERVED
 CVE-2022-34876
 	RESERVED
-CVE-2022-34903 [vulnerable to status injection]
+CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker possesses ...)
 	- gnupg2 2.2.35-3 (bug #1014157)
 	NOTE: https://dev.gnupg.org/T6027
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1
@@ -5794,8 +5832,8 @@ CVE-2022-28697
 	RESERVED
 CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
 	NOT-FOR-US: francoisjacquet/rosariosis
-CVE-2022-32551
-	RESERVED
+CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traver ...)
+	TODO: check
 CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...)
 	NOT-FOR-US: AgileBits 1Password
 CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 ...)
@@ -6238,8 +6276,8 @@ CVE-2022-32422
 	RESERVED
 CVE-2022-32421
 	RESERVED
-CVE-2022-32420
-	RESERVED
+CVE-2022-32420 (College Management System v1.0 was discovered to contain a remote code ...)
+	TODO: check
 CVE-2022-32419
 	RESERVED
 CVE-2022-32418
@@ -6254,10 +6292,10 @@ CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat
 	NOT-FOR-US: njs
 CVE-2022-32413
 	RESERVED
-CVE-2022-32412
-	RESERVED
-CVE-2022-32411
-	RESERVED
+CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0 allows attack ...)
+	TODO: check
+CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows attackers ...)
+	TODO: check
 CVE-2022-32410
 	RESERVED
 CVE-2022-32409
@@ -6310,8 +6348,8 @@ CVE-2022-32386
 	RESERVED
 CVE-2022-32385
 	RESERVED
-CVE-2022-32384
-	RESERVED
+CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...)
+	TODO: check
 CVE-2022-32383
 	RESERVED
 CVE-2022-32382
@@ -6428,10 +6466,10 @@ CVE-2022-32327
 	RESERVED
 CVE-2022-32326
 	RESERVED
-CVE-2022-32325
-	RESERVED
-CVE-2022-32324
-	RESERVED
+CVE-2022-32325 (JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation wh ...)
+	TODO: check
+CVE-2022-32324 (PDFAlto v0.4 was discovered to contain a heap buffer overflow via the  ...)
+	TODO: check
 CVE-2022-32323
 	RESERVED
 CVE-2022-32322
@@ -7187,36 +7225,36 @@ CVE-2022-32097
 	RESERVED
 CVE-2022-32096
 	RESERVED
-CVE-2022-32095
-	RESERVED
-CVE-2022-32094
-	RESERVED
-CVE-2022-32093
-	RESERVED
+CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2022-32093 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
+	TODO: check
 CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...)
 	NOT-FOR-US: D-Link
-CVE-2022-32091
-	RESERVED
+CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in in __in ...)
+	TODO: check
 CVE-2022-32090
 	RESERVED
-CVE-2022-32089
-	RESERVED
-CVE-2022-32088
-	RESERVED
-CVE-2022-32087
-	RESERVED
-CVE-2022-32086
-	RESERVED
-CVE-2022-32085
-	RESERVED
-CVE-2022-32084
-	RESERVED
-CVE-2022-32083
-	RESERVED
-CVE-2022-32082
-	RESERVED
-CVE-2022-32081
-	RESERVED
+CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault  ...)
+	TODO: check
+CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault  ...)
+	TODO: check
+CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault  ...)
+	TODO: check
+CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault  ...)
+	TODO: check
+CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault  ...)
+	TODO: check
+CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault  ...)
+	TODO: check
+CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation faul ...)
+	TODO: check
+CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion failure  ...)
+	TODO: check
+CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison i ...)
+	TODO: check
 CVE-2022-32080
 	RESERVED
 CVE-2022-32079
@@ -7491,8 +7529,8 @@ CVE-2022-31945 (Rescue Dispatch Management System v1.0 is vulnerable to Delete a
 	NOT-FOR-US: Rescue Dispatch Management System
 CVE-2022-31944
 	RESERVED
-CVE-2022-31943
-	RESERVED
+CVE-2022-31943 (MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnera ...)
+	TODO: check
 CVE-2022-31942
 	RESERVED
 CVE-2022-31941 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection  ...)
@@ -16234,7 +16272,7 @@ CVE-2022-28989
 	RESERVED
 CVE-2022-28988
 	RESERVED
-CVE-2022-28987 (ManageEngine ADSelfService Plus v6.1 allows attackers to perform usern ...)
+CVE-2022-28987 (Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to p ...)
 	NOT-FOR-US: ZOHO ManageEngine
 CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected:  ...)
 	NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
@@ -18434,7 +18472,7 @@ CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses hea
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...)
 	NOT-FOR-US: Wordpress theme
-CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthe ...)
+CVE-2022-28219 (Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1 through  ...)
 	NOT-FOR-US: CipherMail Webmail Messenger
@@ -18497,8 +18535,8 @@ CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite recursion
 	[stretch] - mediawiki <postponed> (Fix along in next security release)
 	NOTE: https://phabricator.wikimedia.org/T297571
 	NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
-CVE-2022-28200
-	RESERVED
+CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool,  ...)
+	TODO: check
 CVE-2022-28199
 	RESERVED
 CVE-2022-28198 (NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its conf ...)
@@ -24886,14 +24924,14 @@ CVE-2022-25902
 	RESERVED
 CVE-2022-25901
 	RESERVED
-CVE-2022-25900
-	RESERVED
-CVE-2022-25898
-	RESERVED
+CVE-2022-25900 (All versions of package git-clone are vulnerable to Command Injection  ...)
+	TODO: check
+CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to Improper Verifi ...)
+	TODO: check
 CVE-2022-25897
 	RESERVED
-CVE-2022-25896
-	RESERVED
+CVE-2022-25896 (This affects the package passport before 0.6.0. When a user logs in or ...)
+	TODO: check
 CVE-2022-25895
 	RESERVED
 CVE-2022-25894
@@ -24928,8 +24966,8 @@ CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to Prototype
 	NOT-FOR-US: protobufjs/protobuf.js
 CVE-2022-25877
 	RESERVED
-CVE-2022-25876
-	RESERVED
+CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to Server-sid ...)
+	TODO: check
 CVE-2022-25875
 	RESERVED
 CVE-2022-25874
@@ -25012,8 +25050,8 @@ CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Co
 	NOT-FOR-US: accesslog Nodejs module
 CVE-2022-25759
 	RESERVED
-CVE-2022-25758
-	RESERVED
+CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...)
+	TODO: check
 CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via  ...)
 	- ruby-git <unfixed> (bug #1009926)
 	NOTE: https://github.com/ruby-git/ruby-git/pull/569



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0cb5296b7d0f189969702f8925968e064cf2a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0cb5296b7d0f189969702f8925968e064cf2a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220702/ecdfabe5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list