[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 19 21:10:34 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13a4ad70 by security tracker role at 2022-07-19T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-36305
+ RESERVED
+CVE-2022-36304
+ RESERVED
+CVE-2022-36303
+ RESERVED
+CVE-2022-36302
+ RESERVED
+CVE-2022-36301
+ RESERVED
+CVE-2022-36300
+ RESERVED
+CVE-2022-30706
+ RESERVED
+CVE-2022-2476
+ RESERVED
+CVE-2022-2475
+ RESERVED
+CVE-2022-2474
+ RESERVED
+CVE-2022-2473
+ RESERVED
+CVE-2022-2472
+ RESERVED
+CVE-2022-2471
+ RESERVED
+CVE-2022-2470
+ RESERVED
+CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious authen ...)
+ TODO: check
+CVE-2022-2468 (A vulnerability was found in SourceCodester Garage Management System 1 ...)
+ TODO: check
+CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage Management Sys ...)
+ TODO: check
+CVE-2016-15004
+ RESERVED
CVE-2022-35735
RESERVED
CVE-2022-35728
@@ -366,10 +402,10 @@ CVE-2022-36128
RESERVED
CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The ...)
NOT-FOR-US: Apache SkyWalking
-CVE-2022-2454
- RESERVED
-CVE-2022-2453
- RESERVED
+CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
+ TODO: check
+CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. ...)
+ TODO: check
CVE-2022-2452
RESERVED
CVE-2022-2451
@@ -824,8 +860,8 @@ CVE-2022-35914
RESERVED
CVE-2022-35913
RESERVED
-CVE-2022-35912
- RESERVED
+CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...)
+ TODO: check
CVE-2022-35911
RESERVED
CVE-2022-35910
@@ -1332,8 +1368,8 @@ CVE-2022-27170
RESERVED
CVE-2022-2395
RESERVED
-CVE-2022-2394
- RESERVED
+CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...)
+ TODO: check
CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...)
NOT-FOR-US: Oxygen XML WebHelp
CVE-2022-35713
@@ -2062,8 +2098,8 @@ CVE-2022-35407
RESERVED
CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If ...)
- burpsuite <itp> (bug #832943)
-CVE-2022-35405
- RESERVED
+CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before ...)
+ TODO: check
CVE-2022-35404 (ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 ...)
NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2022-35403 (Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP ...)
@@ -4789,10 +4825,10 @@ CVE-2022-34364
RESERVED
CVE-2022-34363
RESERVED
-CVE-2022-2193
- RESERVED
-CVE-2022-2192
- RESERVED
+CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server before v ...)
+ TODO: check
+CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 al ...)
+ TODO: check
CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 v ...)
TODO: check, claims to affect only 10.x and 11.x series, check for jetty9
CVE-2022-34362
@@ -5266,8 +5302,8 @@ CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1
- jenkins <removed>
CVE-2022-2166
RESERVED
-CVE-2022-34169
- RESERVED
+CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...)
+ TODO: check
CVE-2022-34168
RESERVED
CVE-2022-34151 (Use of hard-coded credentials vulnerability exists in Machine automati ...)
@@ -5660,10 +5696,10 @@ CVE-2022-34026
RESERVED
CVE-2022-34025
RESERVED
-CVE-2022-34024
- RESERVED
-CVE-2022-34023
- RESERVED
+CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an arbitrary ...)
+ TODO: check
+CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-34022
RESERVED
CVE-2022-34021
@@ -5706,8 +5742,8 @@ CVE-2022-34003
RESERVED
CVE-2022-34002
RESERVED
-CVE-2022-34001
- RESERVED
+CVE-2022-34001 (Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronousl ...)
+ TODO: check
CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init ...)
- jpeg-xl <unfixed> (bug #1013265)
NOTE: https://github.com/libjxl/libjxl/issues/1477
@@ -9478,8 +9514,8 @@ CVE-2022-32456
RESERVED
CVE-2022-30707 (Violation of secure design principles exists in the communication of C ...)
NOT-FOR-US: CAMS for HIS
-CVE-2022-30532
- RESERVED
+CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of changes ...)
+ TODO: check
CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be customi ...)
NOT-FOR-US: Octopus Server
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
@@ -10124,8 +10160,8 @@ CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor issue
NOT-FOR-US: Cybozu
CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflected C ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1984
- RESERVED
+CVE-2022-1984 (This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Des ...)
+ TODO: check
CVE-2022-1983 (Incorrect authorization in GitLab EE affecting all versions from 10.7 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0 and earl ...)
@@ -14953,8 +14989,8 @@ CVE-2022-30572
RESERVED
CVE-2022-30571
RESERVED
-CVE-2022-30570
- RESERVED
+CVE-2022-30570 (The Column Based Security component of TIBCO Software Inc.'s TIBCO Dat ...)
+ TODO: check
CVE-2022-30569
RESERVED
CVE-2022-30568
@@ -23883,10 +23919,10 @@ CVE-2022-27582
RESERVED
CVE-2022-27581
RESERVED
-CVE-2022-27580
- RESERVED
-CVE-2022-27579
- RESERVED
+CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used and not ...)
+ TODO: check
+CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used and not ...)
+ TODO: check
CVE-2022-27578 (An attacker can perform a privilege escalation through the SICK OEE if ...)
NOT-FOR-US: SICK
CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15 allows for ...)
@@ -23953,10 +23989,10 @@ CVE-2022-27547
RESERVED
CVE-2022-27546
RESERVED
-CVE-2022-27545
- RESERVED
-CVE-2022-27544
- RESERVED
+CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection for the ...)
+ TODO: check
+CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials in clear ...)
+ TODO: check
CVE-2022-27543
RESERVED
CVE-2022-27542
@@ -24447,8 +24483,8 @@ CVE-2022-27375 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Sit
NOT-FOR-US: Tenda
CVE-2022-27374 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...)
NOT-FOR-US: Tenda
-CVE-2022-27373
- RESERVED
+CVE-2022-27373 (Shanghai Feixun Data Communication Technology Co., Ltd router fir302b ...)
+ TODO: check
CVE-2022-27372
RESERVED
CVE-2022-27371
@@ -34240,8 +34276,8 @@ CVE-2022-24084
RESERVED
CVE-2022-24083
RESERVED
-CVE-2022-24082
- RESERVED
+CVE-2022-24082 (If an on-premise installation of the Pega Platform is configured with ...)
+ TODO: check
CVE-2022-24081
RESERVED
CVE-2022-24080
@@ -40591,10 +40627,10 @@ CVE-2022-22419
RESERVED
CVE-2022-22418
RESERVED
-CVE-2022-22417
- RESERVED
-CVE-2022-22416
- RESERVED
+CVE-2022-22417 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...)
+ TODO: check
+CVE-2022-22416 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...)
+ TODO: check
CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 21.0.1 ...)
NOT-FOR-US: IBM
CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user to obta ...)
@@ -40705,12 +40741,12 @@ CVE-2022-22362
RESERVED
CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20 ...)
NOT-FOR-US: IBM
-CVE-2022-22360
- RESERVED
-CVE-2022-22359
- RESERVED
-CVE-2022-22358
- RESERVED
+CVE-2022-22360 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...)
+ TODO: check
+CVE-2022-22359 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...)
+ TODO: check
+CVE-2022-22358 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...)
+ TODO: check
CVE-2022-22357
RESERVED
CVE-2022-22356 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumera ...)
@@ -78045,7 +78081,7 @@ CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able
NOTE: https://docs.inspircd.org/security/2021-01/
NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d
CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
- {DLA-2742-1}
+ {DSA-5126-1 DLA-2742-1}
- ffmpeg 7:4.3-2
NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532 (4.3)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/97ee4a451b5b1eb0010664b4a8c048d6c8c06a8a (4.1.9)
@@ -80838,8 +80874,8 @@ CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storag
NOT-FOR-US: QSAN
CVE-2021-32505
REJECTED
-CVE-2021-32504
- RESERVED
+CVE-2021-32504 (Unauthenticated users can access sensitive web URLs through GET reques ...)
+ TODO: check
CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through GET reques ...)
NOT-FOR-US: SICK FTMg flow sensors
CVE-2021-32502
@@ -139175,7 +139211,7 @@ CVE-2020-21699
CVE-2020-21698
RESERVED
CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
- {DSA-4998-1}
+ {DSA-5126-1 DSA-4998-1}
- ffmpeg 7:4.4-5
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://trac.ffmpeg.org/ticket/8188
@@ -139198,7 +139234,7 @@ CVE-2020-21690
CVE-2020-21689
RESERVED
CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
- {DSA-4998-1}
+ {DSA-5126-1 DSA-4998-1}
- ffmpeg 7:4.4-5
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://trac.ffmpeg.org/ticket/8186
@@ -140962,6 +140998,7 @@ CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in l
CVE-2020-20897
REJECTED
CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
+ {DSA-5126-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
@@ -140974,12 +141011,14 @@ CVE-2020-20894
CVE-2020-20893
REJECTED
CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
+ {DSA-5126-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db (4.1.9)
NOTE: https://trac.ffmpeg.org/ticket/8265
CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
+ {DSA-5126-1}
- ffmpeg 7:4.3-2
[stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a4ad70107a47216da07c96aacf8b5ac5ffd3b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13a4ad70107a47216da07c96aacf8b5ac5ffd3b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220719/26a805a4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list