[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 14 21:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9adface2 by security tracker role at 2022-07-14T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-35873
+ RESERVED
+CVE-2022-35872
+ RESERVED
+CVE-2022-35871
+ RESERVED
+CVE-2022-35870
+ RESERVED
+CVE-2022-35869
+ RESERVED
+CVE-2022-35868
+ RESERVED
+CVE-2022-35867
+ RESERVED
+CVE-2022-35866
+ RESERVED
+CVE-2022-35865
+ RESERVED
+CVE-2022-35864
+ RESERVED
+CVE-2022-2414
+ RESERVED
+CVE-2022-2413
+ RESERVED
+CVE-2022-2412
+ RESERVED
+CVE-2022-2411
+ RESERVED
+CVE-2022-2410
+ RESERVED
+CVE-2022-2409
+ RESERVED
+CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...)
+ TODO: check
+CVE-2022-2407
+ RESERVED
+CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...)
+ TODO: check
+CVE-2022-2405
+ RESERVED
+CVE-2022-2404
+ RESERVED
+CVE-2022-2403
+ RESERVED
CVE-2022-35863
RESERVED
CVE-2022-35862
@@ -244,8 +288,8 @@ CVE-2022-35742
RESERVED
CVE-2022-2402
RESERVED
-CVE-2022-2401
- RESERVED
+CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost version ...)
+ TODO: check
CVE-2022-2400
RESERVED
CVE-2022-2399
@@ -256,8 +300,8 @@ CVE-2022-2398
RESERVED
CVE-2022-2397
RESERVED
-CVE-2022-2396
- RESERVED
+CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
CVE-2022-35740
RESERVED
CVE-2022-35739
@@ -448,8 +492,7 @@ CVE-2022-33977
RESERVED
CVE-2022-31471
RESERVED
-CVE-2022-2393
- RESERVED
+CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a certif ...)
- dogtag-pki <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046
CVE-2022-2392
@@ -1323,8 +1366,8 @@ CVE-2022-35285
RESERVED
CVE-2022-35284
RESERVED
-CVE-2022-35283
- RESERVED
+CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an authentica ...)
+ TODO: check
CVE-2022-35282
RESERVED
CVE-2022-35281
@@ -8789,8 +8832,8 @@ CVE-2022-32299 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vuln
NOT-FOR-US: YoudianCMS
CVE-2022-32298
RESERVED
-CVE-2022-32297
- RESERVED
+CVE-2022-32297 (Piwigo v12.2.0 was discovered to contain SQL injection vulnerability v ...)
+ TODO: check
CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra re ...)
NOT-FOR-US: Ampere devices
CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...)
@@ -9102,16 +9145,14 @@ CVE-2022-32227
RESERVED
CVE-2022-32226
RESERVED
-CVE-2022-32225
- RESERVED
+CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in the Hel ...)
+ TODO: check
CVE-2022-32224
RESERVED
-CVE-2022-32223
- RESERVED
+CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under ce ...)
- nodejs <not-affected> (Only affects Windows)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223
-CVE-2022-32222
- RESERVED
+CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in versions o ...)
- nodejs <not-affected> (Specific to Node 18 and nodejs-distributed binaries)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222
NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
@@ -9127,37 +9168,32 @@ CVE-2022-32217
RESERVED
CVE-2022-32216
RESERVED
-CVE-2022-32215 [HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding]
- RESERVED
+CVE-2022-32215 (The llhttp parser in the http module in Node v17.6.0 does not correctl ...)
- nodejs <unfixed>
- llhttp <itp> (bug #977716)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-incorrect-parsing-of-multi-line-transfer-encoding-medium-cve-2022-32215
NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x)
NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
-CVE-2022-32214 [HTTP Request Smuggling - Improper Delimiting of Header Fields]
- RESERVED
+CVE-2022-32214 (The llhttp parser in the http module in Node.js does not strictly use ...)
- nodejs <unfixed>
- llhttp <itp> (bug #977716)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-improper-delimiting-of-header-fields-medium-cve-2022-32214
NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x)
NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
-CVE-2022-32213 [HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding]
- RESERVED
+CVE-2022-32213 (The llhttp parser in the http module in Node.js v17.x does not correct ...)
- nodejs <unfixed>
- llhttp <itp> (bug #977716)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-flawed-parsing-of-transfer-encoding-medium-cve-2022-32213
NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x)
NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main)
-CVE-2022-32212
- RESERVED
+CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions <14 ...)
- nodejs <unfixed>
NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212
NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x)
NOTE: https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464 (main)
CVE-2022-32211
RESERVED
-CVE-2022-32210
- RESERVED
+CVE-2022-32210 (`Undici.ProxyAgent` never verifies the remote server's certificate, an ...)
- node-undici 5.6.1+dfsg1+~cs18.9.16-1
NOTE: https://github.com/advisories/GHSA-pgw7-wx7w-2w33
CVE-2022-32209 (# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possi ...)
@@ -12163,8 +12199,8 @@ CVE-2022-31144
RESERVED
CVE-2022-31143
RESERVED
-CVE-2022-31142
- RESERVED
+CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer Authorizati ...)
+ TODO: check
CVE-2022-31141
RESERVED
CVE-2022-31140 (Valinor is a PHP library that helps to map any input into a strongly-t ...)
@@ -13104,7 +13140,7 @@ CVE-2022-30887 (Pharmacy Management System v1.0 was discovered to contain a remo
NOT-FOR-US: Pharmacy Management System
CVE-2022-30886 (School Dormitory Management System v1.0 was discovered to contain a SQ ...)
NOT-FOR-US: School Dormitory Management System
-CVE-2022-30885 (** Reserved ** The pyesasky for python, as distributed on PyPI, includ ...)
+CVE-2022-30885 (The pyesasky for python, as distributed on PyPI, included a code-execu ...)
NOT-FOR-US: pyesasky
CVE-2022-30884
RESERVED
@@ -14027,8 +14063,7 @@ CVE-2022-30528
RESERVED
CVE-2022-30527
RESERVED
-CVE-2022-1662
- RESERVED
+CVE-2022-1662 (In convert2rhel, there's an ansible playbook named ansible/run-convert ...)
NOT-FOR-US: Red Hat convert2rhel
CVE-2022-1661 (The affected products are vulnerable to directory traversal, which may ...)
NOT-FOR-US: Keysight N6854A and N6841A
@@ -15297,8 +15332,8 @@ CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through 1.5.2
NOT-FOR-US: WordPress plugin
CVE-2022-30114
RESERVED
-CVE-2022-30113
- RESERVED
+CVE-2022-30113 (Electronic mall system 1.0_build20200203 is affected vulnerable to SQL ...)
+ TODO: check
CVE-2022-30112
RESERVED
CVE-2022-30111 (Due to the use of an insecure algorithm for rolling codes in MCK Smart ...)
@@ -15492,8 +15527,8 @@ CVE-2022-30026
RESERVED
CVE-2022-30025
RESERVED
-CVE-2022-30024
- RESERVED
+CVE-2022-30024 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmwa ...)
+ TODO: check
CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...)
NOT-FOR-US: Tenda
CVE-2022-30022
@@ -16858,8 +16893,8 @@ CVE-2022-29595
RESERVED
CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escalation o ...)
NOT-FOR-US: eG Agent
-CVE-2022-29593
- RESERVED
+CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...)
+ TODO: check
CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...)
- gpac <unfixed>
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -18959,8 +18994,8 @@ CVE-2022-28878
RESERVED
CVE-2022-28877
RESERVED
-CVE-2022-28876
- RESERVED
+CVE-2022-28876 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ TODO: check
CVE-2022-28875 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2022-28874 (Multiple Denial-of-Service vulnerabilities was discovered in the F-Sec ...)
@@ -20263,24 +20298,24 @@ CVE-2022-28378 (Craft CMS before 3.7.29 allows XSS. ...)
NOT-FOR-US: Craft CMS
CVE-2022-1211 (A vulnerability classified as critical has been found in tildearrow Fu ...)
- furnace <itp> (bug #1008592)
-CVE-2022-28377
- RESERVED
+CVE-2022-28377 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...)
+ TODO: check
CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyon ...)
NOT-FOR-US: Verizon
-CVE-2022-28375
- RESERVED
-CVE-2022-28374
- RESERVED
-CVE-2022-28373
- RESERVED
-CVE-2022-28372
- RESERVED
-CVE-2022-28371
- RESERVED
-CVE-2022-28370
- RESERVED
-CVE-2022-28369
- RESERVED
+CVE-2022-28375 (Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property ...)
+ TODO: check
+CVE-2022-28374 (Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property ...)
+ TODO: check
+CVE-2022-28373 (Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly ...)
+ TODO: check
+CVE-2022-28372 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...)
+ TODO: check
+CVE-2022-28371 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...)
+ TODO: check
+CVE-2022-28370 (On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the R ...)
+ TODO: check
+CVE-2022-28369 (Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate ...)
+ TODO: check
CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the src:u ...)
- php-dompdf <not-affected> (Vulnerable code introduced in 0.8.0, fixed in 1.2.1)
NOTE: https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/
@@ -27825,18 +27860,16 @@ CVE-2022-25805 (An issue was discovered in the IGEL Universal Management Suite (
NOT-FOR-US: IGEL UMS
CVE-2022-25804 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...)
NOT-FOR-US: IGEL UMS
-CVE-2022-25803
- RESERVED
+CVE-2022-25803 (Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect ...)
- request-tracker5 <unfixed>
-CVE-2022-25802
- RESERVED
+CVE-2022-25802 (Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 ...)
{DSA-5181-1}
- request-tracker5 <unfixed>
- request-tracker4 <unfixed>
-CVE-2022-25801
- RESERVED
-CVE-2022-25800
- RESERVED
+CVE-2022-25801 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...)
+ TODO: check
+CVE-2022-25800 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...)
+ TODO: check
CVE-2022-25799
RESERVED
CVE-2022-25798
@@ -39364,16 +39397,16 @@ CVE-2022-22479 (IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vul
NOT-FOR-US: IBM
CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user crede ...)
NOT-FOR-US: IBM
-CVE-2022-22477
- RESERVED
+CVE-2022-22477 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
+ TODO: check
CVE-2022-22476 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and ...)
NOT-FOR-US: IBM
CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 thr ...)
NOT-FOR-US: IBM
CVE-2022-22474 (IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsv ...)
NOT-FOR-US: IBM
-CVE-2022-22473
- RESERVED
+CVE-2022-22473 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through ...)
NOT-FOR-US: IBM
CVE-2022-22471
@@ -39398,8 +39431,8 @@ CVE-2022-22462
RESERVED
CVE-2022-22461
RESERVED
-CVE-2022-22460
- RESERVED
+CVE-2022-22460 (IBM Security Verify Identity Manager 10.0 contains sensitive informati ...)
+ TODO: check
CVE-2022-22459
RESERVED
CVE-2022-22458
@@ -39412,14 +39445,14 @@ CVE-2022-22455
RESERVED
CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally authentic ...)
NOT-FOR-US: IBM
-CVE-2022-22453
- RESERVED
-CVE-2022-22452
- RESERVED
+CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than expected cr ...)
+ TODO: check
+CVE-2022-22452 (IBM Security Verify Identity Manager 10.0 uses an inadequate account l ...)
+ TODO: check
CVE-2022-22451
RESERVED
-CVE-2022-22450
- RESERVED
+CVE-2022-22450 (IBM Security Verify Identity Manager 10.0 could allow a privileged use ...)
+ TODO: check
CVE-2022-22449
RESERVED
CVE-2022-22448
@@ -41685,8 +41718,8 @@ CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input Dur
NOT-FOR-US: calibre-web
CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
-CVE-2021-45492
- RESERVED
+CVE-2021-45492 (In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configu ...)
+ TODO: check
CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: ShowDoc
CVE-2021-45491 (3CX System through 2022-03-17 stores cleartext passwords in a database ...)
@@ -63534,8 +63567,8 @@ CVE-2021-39030
RESERVED
CVE-2021-39029
RESERVED
-CVE-2021-39028
- RESERVED
+CVE-2021-39028 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
+ TODO: check
CVE-2021-39027 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structur ...)
NOT-FOR-US: IBM
CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
@@ -63552,16 +63585,16 @@ CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently o
NOT-FOR-US: IBM
CVE-2021-39020 (IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive ...)
NOT-FOR-US: IBM
-CVE-2021-39019
- RESERVED
-CVE-2021-39018
- RESERVED
-CVE-2021-39017
- RESERVED
-CVE-2021-39016
- RESERVED
-CVE-2021-39015
- RESERVED
+CVE-2021-39019 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
+ TODO: check
+CVE-2021-39018 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
+ TODO: check
+CVE-2021-39017 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
+ TODO: check
+CVE-2021-39016 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...)
+ TODO: check
+CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7. ...)
+ TODO: check
CVE-2021-39014
RESERVED
CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...)
@@ -155577,8 +155610,8 @@ CVE-2020-14129
RESERVED
CVE-2020-14128
RESERVED
-CVE-2020-14127
- RESERVED
+CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
+ TODO: check
CVE-2020-14126
RESERVED
CVE-2020-14125 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9adface273562b237dd52ccd5765ed5933bfb86f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9adface273562b237dd52ccd5765ed5933bfb86f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220714/600e47a2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list