[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jul 13 21:10:33 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a88ea321 by security tracker role at 2022-07-13T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-35741
+	RESERVED
+CVE-2022-2398
+	RESERVED
+CVE-2022-2397
+	RESERVED
+CVE-2022-2396
+	RESERVED
 CVE-2022-35740
 	RESERVED
 CVE-2022-35739
@@ -2482,12 +2490,12 @@ CVE-2017-20130
 	RESERVED
 CVE-2017-20129
 	RESERVED
-CVE-2017-20128
-	RESERVED
-CVE-2017-20127
-	RESERVED
-CVE-2017-20126
-	RESERVED
+CVE-2017-20128 (A vulnerability has been found in KB Messages PHP Script 1.0 and class ...)
+	TODO: check
+CVE-2017-20127 (A vulnerability was found in KB Login Authentication Script 1.1 and cl ...)
+	TODO: check
+CVE-2017-20126 (A vulnerability was found in KB Affiliate Referral Script 1.0. It has  ...)
+	TODO: check
 CVE-2022-34745
 	RESERVED
 CVE-2022-34744
@@ -3510,8 +3518,8 @@ CVE-2022-34360
 	RESERVED
 CVE-2022-34359
 	RESERVED
-CVE-2022-34358
-	RESERVED
+CVE-2022-34358 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Th ...)
+	TODO: check
 CVE-2022-34357
 	RESERVED
 CVE-2022-34356
@@ -8715,8 +8723,8 @@ CVE-2022-1989
 	RESERVED
 CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/fa ...)
 	NOT-FOR-US: neorazorx/facturascripts
-CVE-2022-32274
-	RESERVED
+CVE-2022-32274 (The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to s ...)
+	TODO: check
 CVE-2022-32273 (As a result of an observable discrepancy in returned messages, OPSWAT  ...)
 	NOT-FOR-US: OPSWAT MetaDefender Core
 CVE-2022-32272 (OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1 ...)
@@ -9259,8 +9267,8 @@ CVE-2022-32098
 	RESERVED
 CVE-2022-32097
 	RESERVED
-CVE-2022-32096
-	RESERVED
+CVE-2022-32096 (Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via ...)
+	TODO: check
 CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
 	NOT-FOR-US: Hospital Management System
 CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
@@ -9337,10 +9345,10 @@ CVE-2022-32076
 	RESERVED
 CVE-2022-32075
 	RESERVED
-CVE-2022-32074
-	RESERVED
-CVE-2022-32073
-	RESERVED
+CVE-2022-32074 (A stored cross-site scripting (XSS) vulnerability in the component aud ...)
+	TODO: check
+CVE-2022-32073 (WolfSSH v1.4.7 was discovered to contain an integer overflow via the f ...)
+	TODO: check
 CVE-2022-32072
 	RESERVED
 CVE-2022-32071
@@ -9355,8 +9363,8 @@ CVE-2022-32067
 	RESERVED
 CVE-2022-32066
 	RESERVED
-CVE-2022-32065
-	RESERVED
+CVE-2022-32065 (An arbitrary file upload vulnerability in the background management mo ...)
+	TODO: check
 CVE-2022-32064
 	RESERVED
 CVE-2022-32063
@@ -10037,8 +10045,7 @@ CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-ba
 	- freetype 2.12.1+dfsg-3 (unimportant)
 	NOTE: https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8
 	NOTE: Only impact the ftbench in freetype2-demos
-CVE-2022-31781
-	RESERVED
+CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expressio ...)
 	NOT-FOR-US: Apache Tapestry
 CVE-2022-31780
 	RESERVED
@@ -18675,8 +18682,8 @@ CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repo
 	[stretch] - mruby <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9
 	NOTE: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/
-CVE-2022-28888
-	RESERVED
+CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution. ...)
+	TODO: check
 CVE-2022-28887
 	RESERVED
 CVE-2022-28886
@@ -18839,7 +18846,7 @@ CVE-2022-28807
 	RESERVED
 CVE-2022-28806 (An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9 ...)
 	NOT-FOR-US: Fujitsu
-CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2a ...)
+CVE-2022-28805 (singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) ...)
 	- lua5.4 5.4.4-2 (bug #1010265)
 	[bullseye] - lua5.4 <no-dsa> (Minor issue)
 	- lua5.3 <not-affected> (Specific to 5.4, see #1010265)
@@ -18859,7 +18866,7 @@ CVE-2022-28801
 	RESERVED
 CVE-2022-28800
 	RESERVED
-CVE-2022-28799 (The TikTok application before 23.8.4 for Android allows account takeov ...)
+CVE-2022-28799 (The TikTok application before 27.7.3 for Android allows account takeov ...)
 	NOT-FOR-US: TikTok Android app
 CVE-2022-28798
 	RESERVED
@@ -27570,6 +27577,7 @@ CVE-2022-25803
 	- request-tracker5 <unfixed>
 CVE-2022-25802
 	RESERVED
+	{DSA-5181-1}
 	- request-tracker5 <unfixed>
 	- request-tracker4 <unfixed>
 CVE-2022-25801
@@ -29341,7 +29349,7 @@ CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...)
+CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 1.10 and ea ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...)
 	NOT-FOR-US: Jenkins plugin
@@ -93047,7 +93055,7 @@ CVE-2021-27296
 CVE-2021-27295
 	RESERVED
 CVE-2021-27294
-	RESERVED
+	REJECTED
 CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is  ...)
 	NOT-FOR-US: RestSharp
 CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression  ...)
@@ -113313,11 +113321,11 @@ CVE-2020-35261
 CVE-2020-35260
 	RESERVED
 CVE-2020-35259
-	RESERVED
+	REJECTED
 CVE-2020-35258
 	RESERVED
 CVE-2020-35257
-	RESERVED
+	REJECTED
 CVE-2020-35256
 	RESERVED
 CVE-2020-35255
@@ -219837,8 +219845,8 @@ CVE-2019-10802 (giting version prior to 0.0.8 allows execution of arbritary comm
 	NOT-FOR-US: Node giting
 CVE-2019-10801 (enpeem through 2.2.0 allows execution of arbitrary commands. The "opti ...)
 	NOT-FOR-US: Node enpeem
-CVE-2019-10800
-	RESERVED
+CVE-2019-10800 (This affects the package codecov before 2.0.16. The vulnerability occu ...)
+	TODO: check
 CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...)
 	NOT-FOR-US: Node module compile-sass
 CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects r ...)
@@ -219937,8 +219945,8 @@ CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An
 	NOT-FOR-US: Pimcore
 CVE-2019-10762 (columnQuote in medoo before 1.7.5 allows remote attackers to perform a ...)
 	NOT-FOR-US: medoo
-CVE-2019-10761
-	RESERVED
+CVE-2019-10761 (This affects the package vm2 before 3.6.11. It is possible to trigger  ...)
+	TODO: check
 CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A  ...)
 	NOT-FOR-US: safer-eval Node module
 CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a88ea3216ac28ee520b6a32e55417d73ed07c240

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a88ea3216ac28ee520b6a32e55417d73ed07c240
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220713/b6854169/attachment.htm>

More information about the debian-security-tracker-commits mailing list