[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 7 21:10:40 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f4e2d76 by security tracker role at 2022-07-07T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-2343
+ RESERVED
+CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
+ TODO: check
+CVE-2022-2341
+ RESERVED
+CVE-2022-2340
+ RESERVED
CVE-2022-35299
RESERVED
CVE-2022-35298
@@ -1323,8 +1331,8 @@ CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all vers
- gitlab <unfixed>
CVE-2021-46826
RESERVED
-CVE-2021-46825
- RESERVED
+CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to ...)
+ TODO: check
CVE-2022-33967
RESERVED
CVE-2022-2249
@@ -1825,8 +1833,8 @@ CVE-2022-34594
RESERVED
CVE-2022-34593
RESERVED
-CVE-2022-34592
- RESERVED
+CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...)
+ TODO: check
CVE-2022-34591
RESERVED
CVE-2022-34590
@@ -3354,8 +3362,8 @@ CVE-2022-34009
RESERVED
CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...)
NOT-FOR-US: Comodo Antivirus
-CVE-2022-34007
- RESERVED
+CVE-2022-34007 (EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafte ...)
+ TODO: check
CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
NOT-FOR-US: TitanFTP
CVE-2022-34005 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
@@ -3379,8 +3387,8 @@ CVE-2022-33998
RESERVED
CVE-2022-33997
RESERVED
-CVE-2022-33996
- RESERVED
+CVE-2022-33996 (Incorrect permission management in Devolutions Server before 2022.2 al ...)
+ TODO: check
CVE-2022-33995 (A path traversal issue in entry attachments in Devolutions Remote Desk ...)
NOT-FOR-US: Devolutions
CVE-2022-33994
@@ -6737,8 +6745,8 @@ CVE-2022-32569
RESERVED
CVE-2022-32568
RESERVED
-CVE-2022-32567
- RESERVED
+CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jir ...)
+ TODO: check
CVE-2022-32566
RESERVED
CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The Backup S ...)
@@ -7175,8 +7183,8 @@ CVE-2022-32451
RESERVED
CVE-2022-32450
RESERVED
-CVE-2022-32449
- RESERVED
+CVE-2022-32449 (TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command inj ...)
+ TODO: check
CVE-2022-32448
RESERVED
CVE-2022-32447
@@ -7191,8 +7199,8 @@ CVE-2022-32443
RESERVED
CVE-2022-32442 (u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When ...)
NOT-FOR-US: u5cms
-CVE-2022-32441
- RESERVED
+CVE-2022-32441 (A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause ...)
+ TODO: check
CVE-2022-32440
RESERVED
CVE-2022-32439
@@ -7828,28 +7836,24 @@ CVE-2022-32209 (# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a
NOTE: https://hackerone.com/reports/1530898
NOTE: https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800
NOTE: https://github.com/rails/rails-html-sanitizer/commit/45a5c10fed3d9aa141594c80afa06d748fa0967d (v1.4.3)
-CVE-2022-32208 [FTP-KRB bad message verification]
- RESERVED
+CVE-2022-32208 (When curl < 7.84.0 does FTP transfers secured by krb5, it handles m ...)
- curl 7.84.0-1
NOTE: https://curl.se/docs/CVE-2022-32208.html
NOTE: Introduced by: https://github.com/curl/curl/commit/54967d2a3ab5559631407f7b7f67ef48c2dda6dd (curl-7_16_4)
NOTE: Fixed by: https://github.com/curl/curl/commit/6ecdf5136b52af747e7bda08db9a748256b1cd09 (curl-7_84_0)
-CVE-2022-32207 [Unpreserved file permissions]
- RESERVED
+CVE-2022-32207 (When curl < 7.84.0 saves cookies, alt-svc and hsts data to local fi ...)
- curl 7.84.0-1
[buster] - curl <not-affected> (Vulnerable code introduced later)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2022-32207.html
NOTE: Introduced by: https://github.com/curl/curl/commit/b834890a3fa3f525cd8ef4e99554cdb4558d7e1b (curl-7_69_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f (curl-7_84_0)
-CVE-2022-32206 [HTTP compression denial of service]
- RESERVED
+CVE-2022-32206 (curl < 7.84.0 supports "chained" HTTP compression algorithms, meani ...)
- curl 7.84.0-1
NOTE: https://curl.se/docs/CVE-2022-32206.html
NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/3a09fbb7f264c67c438d01a30669ce325aa508e2 (curl-7_84_0)
-CVE-2022-32205 [Set-Cookie denial of service]
- RESERVED
+CVE-2022-32205 (A malicious server can serve excessive amounts of `Set-Cookie:` header ...)
- curl 7.84.0-1
[buster] - curl <not-affected> (Vulnerable code introduced later)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
@@ -8291,16 +8295,16 @@ CVE-2022-32060
RESERVED
CVE-2022-32059
RESERVED
-CVE-2022-32058
- RESERVED
+CVE-2022-32058 (An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-W ...)
+ TODO: check
CVE-2022-32057
RESERVED
-CVE-2022-32056
- RESERVED
-CVE-2022-32055
- RESERVED
-CVE-2022-32054
- RESERVED
+CVE-2022-32056 (Online Accreditation Management v1.0 was discovered to contain a SQL i ...)
+ TODO: check
+CVE-2022-32055 (Inout Homestay v2.2 was discovered to contain a SQL injection vulnerab ...)
+ TODO: check
+CVE-2022-32054 (Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to co ...)
+ TODO: check
CVE-2022-32053 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
NOT-FOR-US: TOTOLINK
CVE-2022-32052 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...)
@@ -8699,8 +8703,8 @@ CVE-2022-31856 (Newsletter Module v3.x was discovered to contain a SQL injection
NOT-FOR-US: OpenCart Newsletter Module
CVE-2022-31855
RESERVED
-CVE-2022-31854
- RESERVED
+CVE-2022-31854 (Codoforum v5.1 was discovered to contain an arbitrary file upload vuln ...)
+ TODO: check
CVE-2022-31853
RESERVED
CVE-2022-31852
@@ -10838,14 +10842,14 @@ CVE-2022-31138
RESERVED
CVE-2022-31137
RESERVED
-CVE-2022-31136
- RESERVED
-CVE-2022-31135
- RESERVED
+CVE-2022-31136 (Bookwyrm is an open source social reading and reviewing program. Versi ...)
+ TODO: check
+CVE-2022-31135 (Akashi is an open source server implementation of the Attorney Online ...)
+ TODO: check
CVE-2022-31134
RESERVED
-CVE-2022-31133
- RESERVED
+CVE-2022-31133 (HumHub is an Open Source Enterprise Social Network. Affected versions ...)
+ TODO: check
CVE-2022-31132
RESERVED
CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...)
@@ -10868,8 +10872,8 @@ CVE-2022-31123
RESERVED
CVE-2022-31122
RESERVED
-CVE-2022-31121
- RESERVED
+CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In ...)
+ TODO: check
CVE-2022-31120
RESERVED
CVE-2022-31119
@@ -28599,12 +28603,12 @@ CVE-2022-25050 (rtl_433 21.12 was discovered to contain a stack overflow in the
NOTE: https://huntr.dev/bounties/6c9cd35f-a206-4fdf-b6d1-fcd50926c2d9/
CVE-2022-25049
RESERVED
-CVE-2022-25048
- RESERVED
-CVE-2022-25047
- RESERVED
-CVE-2022-25046
- RESERVED
+CVE-2022-25048 (Command injection vulnerability in CWP v0.9.8.1126 that allows normal ...)
+ TODO: check
+CVE-2022-25047 (The password reset token in CWP v0.9.8.1126 is generated using known o ...)
+ TODO: check
+CVE-2022-25046 (A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows ...)
+ TODO: check
CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered to contai ...)
NOT-FOR-US: Home Owners Collection Management System
CVE-2022-25044 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...)
@@ -33406,8 +33410,8 @@ CVE-2022-23746
RESERVED
CVE-2022-23745
RESERVED
-CVE-2022-23744
- RESERVED
+CVE-2022-23744 (ZoneAlarm Anti-Bad-Stuff before version 15.8.109.18436 allow an attack ...)
+ TODO: check
CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...)
NOT-FOR-US: Check Point ZoneAlarm
CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...)
@@ -109712,7 +109716,7 @@ CVE-2021-20602
REJECTED
CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 model a ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
+CVE-2021-20600 (Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R s ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
NOT-FOR-US: Mitsubishi
@@ -395507,8 +395511,7 @@ CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-ba
- protobuf <unfixed> (unimportant)
NOTE: https://github.com/google/protobuf/issues/760
NOTE: Upstream doesn't consider this a real issue in practice.
-CVE-2015-5236
- RESERVED
+CVE-2015-5236 (It was discovered that the IcedTea-Web used codebase attribute of the ...)
- icedtea-web <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1256403
NOTE: Negligible impact
@@ -401312,8 +401315,8 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows
NOTE: http://xenbits.xen.org/xsa/advisory-135.html
CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...)
NOT-FOR-US: HornetQ
-CVE-2015-3207
- RESERVED
+CVE-2015-3207 (In Openshift Origin 3 the cookies being set in console have no 'secure ...)
+ TODO: check
CVE-2015-3206 (The checkPassword function in python-kerberos does not authenticate th ...)
{DLA-265-2 DLA-265-1}
- pykerberos 1.1.5-1 (bug #796195)
@@ -405663,10 +405666,10 @@ CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL
CVE-2015-1786 (Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf ...)
- zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series)
NOTE: http://framework.zend.com/security/advisory/ZF2015-03
-CVE-2015-1785
- RESERVED
-CVE-2015-1784
- RESERVED
+CVE-2015-1785 (In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulne ...)
+ TODO: check
+CVE-2015-1784 (In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulne ...)
+ TODO: check
CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso before c ...)
- lasso 2.4.1-1
[wheezy] - lasso <not-affected> (Vulnerable code introduced later)
@@ -415615,7 +415618,7 @@ CVE-2014-8115 (The default authorization constrains in KIE Workbench 6.0.x allow
CVE-2014-8114 (The UberFire Framework 0.3.x does not properly restrict paths, which a ...)
NOT-FOR-US: UberFire Framework
CVE-2014-8113
- RESERVED
+ REJECTED
CVE-2014-8112 (389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x bef ...)
- 389-ds-base 1.3.3.5-4 (bug #779909)
CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rule ...)
@@ -416354,7 +416357,7 @@ CVE-2014-7856
CVE-2014-7855
REJECTED
CVE-2014-7854
- RESERVED
+ REJECTED
CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBo ...)
NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7852 (Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used i ...)
@@ -425661,7 +425664,7 @@ CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard befor
CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp ...)
NOT-FOR-US: Netgear
CVE-2014-3918
- RESERVED
+ REJECTED
CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 all ...)
- ruby2.1 <removed> (unimportant)
- ruby2.0 <removed> (unimportant)
@@ -426145,7 +426148,7 @@ CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0
CVE-2014-3706 (ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attac ...)
NOT-FOR-US: ovirt-engine
CVE-2014-3705
- RESERVED
+ REJECTED
CVE-2014-3704 (The expandArguments function in the database abstraction API in Drupal ...)
{DSA-3051-1}
- drupal7 7.32-1 (bug #765507)
@@ -426304,7 +426307,7 @@ CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity
CVE-2014-3659
REJECTED
CVE-2014-3658
- RESERVED
+ REJECTED
CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt be ...)
- libvirt 1.2.9-1
[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -426351,7 +426354,7 @@ CVE-2014-3645 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel befor
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bfd0a56b90005f8c8a004baf407ad90045c2b11e (v3.12-rc1)
CVE-2014-3644
- RESERVED
+ REJECTED
CVE-2014-3643 (jersey: XXE via parameter entities not disabled by the jersey SAX pars ...)
NOT-FOR-US: Jersey SAX parser
CVE-2014-3642 (vmdb/app/controllers/application_controller/performance.rb in Red Hat ...)
@@ -426580,7 +426583,7 @@ CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow
[squeeze] - python-imaging 1.1.7-2+deb6u1
NOTE: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
CVE-2014-3588
- RESERVED
+ REJECTED
CVE-2014-3587 (Integer overflow in the cdf_read_property_info function in cdf.c in fi ...)
{DSA-3021-1 DSA-3008-1 DLA-67-1 DLA-50-1}
- php5 5.6.0+dfsg-1
@@ -426895,7 +426898,7 @@ CVE-2014-3517 (api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2
- nova 2014.1.1-8 (bug #755042)
[wheezy] - nova <not-affected> (Only exploitable when used with neutron, which is not in stable)
CVE-2014-3516
- RESERVED
+ REJECTED
CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ...)
{DSA-2974-1 DLA-0018-1}
- php5 5.6.0~rc2+dfsg-1
@@ -428624,12 +428627,12 @@ CVE-2014-2905 (fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check
[wheezy] - fish <no-dsa> (Minor issue)
NOTE: https://github.com/fish-shell/fish-shell/issues/1436
CVE-2014-2895
- RESERVED
+ REJECTED
CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of s ...)
{DSA-2922-1}
- strongswan 5.1.2-1
CVE-2014-2887
- RESERVED
+ REJECTED
CVE-2014-2886 (GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) chara ...)
- gksu <removed>
[stretch] - gksu <ignored> (Minor issue)
@@ -431285,7 +431288,7 @@ CVE-2014-1929 (python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers t
{DSA-2946-1}
- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1926
- RESERVED
+ REJECTED
CVE-2014-1920
RESERVED
CVE-2014-1919
@@ -437223,7 +437226,7 @@ CVE-2014-0026 (katello-headpin is vulnerable to CSRF in REST API ...)
CVE-2014-0025
REJECTED
CVE-2014-0024
- RESERVED
+ REJECTED
CVE-2014-0023 (OpenShift: Install script has temporary file creation vulnerability wh ...)
NOT-FOR-US: OpenShift
CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and e ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4e2d76149fbdbeb66b873cbda7f689c9846b8d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4e2d76149fbdbeb66b873cbda7f689c9846b8d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220707/1b37b1d0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list