[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 8 09:10:22 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5003ce59 by security tracker role at 2022-07-08T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,217 @@
+CVE-2022-35399
+ RESERVED
+CVE-2022-35398
+ RESERVED
+CVE-2022-35397
+ RESERVED
+CVE-2022-35396
+ RESERVED
+CVE-2022-35395
+ RESERVED
+CVE-2022-35394
+ RESERVED
+CVE-2022-35393
+ RESERVED
+CVE-2022-35392
+ RESERVED
+CVE-2022-35391
+ RESERVED
+CVE-2022-35390
+ RESERVED
+CVE-2022-35389
+ RESERVED
+CVE-2022-35388
+ RESERVED
+CVE-2022-35387
+ RESERVED
+CVE-2022-35386
+ RESERVED
+CVE-2022-35385
+ RESERVED
+CVE-2022-35384
+ RESERVED
+CVE-2022-35383
+ RESERVED
+CVE-2022-35382
+ RESERVED
+CVE-2022-35381
+ RESERVED
+CVE-2022-35380
+ RESERVED
+CVE-2022-35379
+ RESERVED
+CVE-2022-35378
+ RESERVED
+CVE-2022-35377
+ RESERVED
+CVE-2022-35376
+ RESERVED
+CVE-2022-35375
+ RESERVED
+CVE-2022-35374
+ RESERVED
+CVE-2022-35373
+ RESERVED
+CVE-2022-35372
+ RESERVED
+CVE-2022-35371
+ RESERVED
+CVE-2022-35370
+ RESERVED
+CVE-2022-35369
+ RESERVED
+CVE-2022-35368
+ RESERVED
+CVE-2022-35367
+ RESERVED
+CVE-2022-35366
+ RESERVED
+CVE-2022-35365
+ RESERVED
+CVE-2022-35364
+ RESERVED
+CVE-2022-35363
+ RESERVED
+CVE-2022-35362
+ RESERVED
+CVE-2022-35361
+ RESERVED
+CVE-2022-35360
+ RESERVED
+CVE-2022-35359
+ RESERVED
+CVE-2022-35358
+ RESERVED
+CVE-2022-35357
+ RESERVED
+CVE-2022-35356
+ RESERVED
+CVE-2022-35355
+ RESERVED
+CVE-2022-35354
+ RESERVED
+CVE-2022-35353
+ RESERVED
+CVE-2022-35352
+ RESERVED
+CVE-2022-35351
+ RESERVED
+CVE-2022-35350
+ RESERVED
+CVE-2022-35349
+ RESERVED
+CVE-2022-35348
+ RESERVED
+CVE-2022-35347
+ RESERVED
+CVE-2022-35346
+ RESERVED
+CVE-2022-35345
+ RESERVED
+CVE-2022-35344
+ RESERVED
+CVE-2022-35343
+ RESERVED
+CVE-2022-35342
+ RESERVED
+CVE-2022-35341
+ RESERVED
+CVE-2022-35340
+ RESERVED
+CVE-2022-35339
+ RESERVED
+CVE-2022-35338
+ RESERVED
+CVE-2022-35337
+ RESERVED
+CVE-2022-35336
+ RESERVED
+CVE-2022-35335
+ RESERVED
+CVE-2022-35334
+ RESERVED
+CVE-2022-35333
+ RESERVED
+CVE-2022-35332
+ RESERVED
+CVE-2022-35331
+ RESERVED
+CVE-2022-35330
+ RESERVED
+CVE-2022-35329
+ RESERVED
+CVE-2022-35328
+ RESERVED
+CVE-2022-35327
+ RESERVED
+CVE-2022-35326
+ RESERVED
+CVE-2022-35325
+ RESERVED
+CVE-2022-35324
+ RESERVED
+CVE-2022-35323
+ RESERVED
+CVE-2022-35322
+ RESERVED
+CVE-2022-35321
+ RESERVED
+CVE-2022-35320
+ RESERVED
+CVE-2022-35319
+ RESERVED
+CVE-2022-35318
+ RESERVED
+CVE-2022-35317
+ RESERVED
+CVE-2022-35316
+ RESERVED
+CVE-2022-35315
+ RESERVED
+CVE-2022-35314
+ RESERVED
+CVE-2022-35313
+ RESERVED
+CVE-2022-35312
+ RESERVED
+CVE-2022-35311
+ RESERVED
+CVE-2022-35310
+ RESERVED
+CVE-2022-35309
+ RESERVED
+CVE-2022-35308
+ RESERVED
+CVE-2022-35307
+ RESERVED
+CVE-2022-35306
+ RESERVED
+CVE-2022-35305
+ RESERVED
+CVE-2022-35304
+ RESERVED
+CVE-2022-35303
+ RESERVED
+CVE-2022-35302
+ RESERVED
+CVE-2022-35301
+ RESERVED
+CVE-2022-35300
+ RESERVED
+CVE-2022-33939
+ RESERVED
+CVE-2022-2346
+ RESERVED
+CVE-2022-2345
+ RESERVED
+CVE-2022-2344
+ RESERVED
+CVE-2020-36556
+ RESERVED
+CVE-2020-36555
+ RESERVED
+CVE-2020-36554
+ RESERVED
CVE-2022-2343
RESERVED
CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
@@ -2461,8 +2675,8 @@ CVE-2022-2193
RESERVED
CVE-2022-2192
RESERVED
-CVE-2022-2191
- RESERVED
+CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 v ...)
+ TODO: check
CVE-2022-34362
RESERVED
CVE-2022-34361
@@ -3720,8 +3934,8 @@ CVE-2014-125002 (A vulnerability was found in FFmpeg 2.0. It has been classified
NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b (n2.2-rc1)
CVE-2022-33937
RESERVED
-CVE-2022-33936
- RESERVED
+CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerab ...)
+ TODO: check
CVE-2022-33935
RESERVED
CVE-2022-33934
@@ -4342,8 +4556,8 @@ CVE-2022-33682
RESERVED
CVE-2022-33681
RESERVED
-CVE-2022-33680
- RESERVED
+CVE-2022-33680 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-33679
RESERVED
CVE-2022-33678
@@ -5538,8 +5752,8 @@ CVE-2022-33099 (An issue in the component luaG_runerror of Lua v5.4.4 and below
NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00042.html
NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00073.html
TODO: check older lua versions
-CVE-2022-33098
- RESERVED
+CVE-2022-33098 (Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting ...)
+ TODO: check
CVE-2022-33097 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
NOT-FOR-US: 74cmsSE
CVE-2022-33096 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
@@ -6341,10 +6555,10 @@ CVE-2022-26842
RESERVED
CVE-2022-2049
RESERVED
-CVE-2022-2048
- RESERVED
-CVE-2022-2047
- RESERVED
+CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...)
+ TODO: check
+CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, a ...)
+ TODO: check
CVE-2022-2046
RESERVED
CVE-2022-2045
@@ -7082,8 +7296,8 @@ CVE-2022-32483
RESERVED
CVE-2022-32482
RESERVED
-CVE-2022-32481
- RESERVED
+CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...)
+ TODO: check
CVE-2022-32480
RESERVED
CVE-2022-32479
@@ -8289,10 +8503,10 @@ CVE-2022-32063
RESERVED
CVE-2022-32062
RESERVED
-CVE-2022-32061
- RESERVED
-CVE-2022-32060
- RESERVED
+CVE-2022-32061 (An arbitrary file upload vulnerability in the Select User function und ...)
+ TODO: check
+CVE-2022-32060 (An arbitrary file upload vulnerability in the Update Branding Settings ...)
+ TODO: check
CVE-2022-32059
RESERVED
CVE-2022-32058 (An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-W ...)
@@ -11125,8 +11339,8 @@ CVE-2022-31030 (containerd is an open source container runtime. A bug was found
{DSA-5162-1}
- containerd 1.6.6~ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
-CVE-2022-31029
- RESERVED
+CVE-2022-31029 (AdminLTE is a Pi-hole Dashboard for stats and configuration. In affect ...)
+ TODO: check
CVE-2022-31028 (MinIO is a multi-cloud object storage solution. Starting with version ...)
NOT-FOR-US: MinIO
CVE-2022-31027 (OAuthenticator is an OAuth token library for the JupyerHub login handl ...)
@@ -17550,8 +17764,8 @@ CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an a
TODO: check, possibly not affected as according to upstrema 4.2.x and 4.3.x doe not allow external entities, double check
CVE-2021-4226
RESERVED
-CVE-2022-28889
- RESERVED
+CVE-2022-28889 (In Apache Druid 0.22.1 and earlier, the server did not set appropriate ...)
+ TODO: check
CVE-2022-1288 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: School Club Application System
CVE-2022-1287 (A vulnerability classified as critical was found in School Club Applic ...)
@@ -18152,8 +18366,7 @@ CVE-2022-1247
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066799
CVE-2022-1246
REJECTED
-CVE-2022-1245
- RESERVED
+CVE-2022-1245 (A privilege escalation flaw was found in the token exchange feature of ...)
NOT-FOR-US: Keycloak
CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...)
- radare2 <unfixed> (bug #1014478)
@@ -33410,7 +33623,7 @@ CVE-2022-23746
RESERVED
CVE-2022-23745
RESERVED
-CVE-2022-23744 (ZoneAlarm Anti-Bad-Stuff before version 15.8.109.18436 allow an attack ...)
+CVE-2022-23744 (Check Point Endpoint Security Client E83 through E86 before E86.50 doe ...)
TODO: check
CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...)
NOT-FOR-US: Check Point ZoneAlarm
@@ -43263,8 +43476,8 @@ CVE-2021-44793 (Single Connect does not perform an authorization check when usin
NOT-FOR-US: Single Connect
CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...)
NOT-FOR-US: Kron Single Connect
-CVE-2021-44791
- RESERVED
+CVE-2021-44791 (In Apache Druid 0.22.1 and earlier, certain specially-crafted links re ...)
+ TODO: check
CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
{DSA-5035-1 DLA-2907-1}
- apache2 2.4.52-1
@@ -57064,8 +57277,8 @@ CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other c
[stretch] - tcpslice <no-dsa> (Minor issue)
NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5)
-CVE-2021-41042
- RESERVED
+CVE-2021-41042 (In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initia ...)
+ TODO: check
CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...)
@@ -57078,8 +57291,8 @@ CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 clien
NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12)
CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...)
NOT-FOR-US: Eclipse Theia
-CVE-2021-41037
- RESERVED
+CVE-2021-41037 (In Eclipse p2, installable units are able to alter the Eclipse Platfor ...)
+ TODO: check
CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
- paho.mqtt.c <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/eclipse/paho.mqtt.embedded-c/issues/96
@@ -71487,8 +71700,8 @@ CVE-2021-35285
RESERVED
CVE-2021-35284
RESERVED
-CVE-2021-35283
- RESERVED
+CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, ...)
+ TODO: check
CVE-2021-35282
RESERVED
CVE-2021-35281
@@ -80684,8 +80897,8 @@ CVE-2021-31647
RESERVED
CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...)
NOT-FOR-US: Gestsup
-CVE-2021-31645
- RESERVED
+CVE-2021-31645 (An issue was discovered in glFTPd 2.11a that allows remote attackers t ...)
+ TODO: check
CVE-2021-31644
RESERVED
CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...)
@@ -87011,8 +87224,8 @@ CVE-2021-29283
RESERVED
CVE-2021-29282
RESERVED
-CVE-2021-29281
- RESERVED
+CVE-2021-29281 (File upload vulnerability in GFI Mail Archiver versions up to and incl ...)
+ TODO: check
CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause ...)
NOT-FOR-US: TP-Link
CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...)
@@ -122281,9 +122494,9 @@ CVE-2020-27734
CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 allows an ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2020-27732
- RESERVED
+ REJECTED
CVE-2020-27731
- RESERVED
+ REJECTED
CVE-2020-27730 (In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...)
NOT-FOR-US: NGINX Controller
CVE-2020-27729 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13 ...)
@@ -128059,19 +128272,19 @@ CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates
NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
NOTE: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/09/25
CVE-2020-25591
- RESERVED
+ REJECTED
CVE-2020-25590
- RESERVED
+ REJECTED
CVE-2020-25589
- RESERVED
+ REJECTED
CVE-2020-25588
- RESERVED
+ REJECTED
CVE-2020-25587
- RESERVED
+ REJECTED
CVE-2020-25586
- RESERVED
+ REJECTED
CVE-2020-25585
- RESERVED
+ REJECTED
CVE-2020-25584 (In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11. ...)
NOT-FOR-US: FreeBSD
CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...)
@@ -189764,21 +189977,21 @@ CVE-2019-19161 (CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files r
CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could allow an arb ...)
NOT-FOR-US: Reportexpress ProPlus
CVE-2019-19159
- RESERVED
+ REJECTED
CVE-2019-19158
- RESERVED
+ REJECTED
CVE-2019-19157
- RESERVED
+ REJECTED
CVE-2019-19156
- RESERVED
+ REJECTED
CVE-2019-19155
- RESERVED
+ REJECTED
CVE-2019-19154
- RESERVED
+ REJECTED
CVE-2019-19153
- RESERVED
+ REJECTED
CVE-2019-19152
- RESERVED
+ REJECTED
CVE-2019-19151 (On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1 ...)
@@ -395248,8 +395461,7 @@ CVE-2015-5299 (The shadow_copy2_get_shadow_copy_data function in modules/vfs_sha
{DSA-3433-1 DLA-379-1}
- samba 2:4.1.22+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2015-5299.html
-CVE-2015-5298 [Google Login Plugin for Jenkins authentication bypass]
- RESERVED
+CVE-2015-5298 (The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonym ...)
NOT-FOR-US: Plugin not packaged in Debian
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-10-12
CVE-2015-5297 (An integer overflow issue has been reported in the general_composite_r ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5003ce59e112511d400ca77a42cb11b95fa0d3e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5003ce59e112511d400ca77a42cb11b95fa0d3e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220708/1f1fc6a8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list