[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 27 21:10:38 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23ab3fc7 by security tracker role at 2022-07-27T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,86 +1,144 @@
-CVE-2022-36922
+CVE-2022-36943
+ RESERVED
+CVE-2022-36942
+ RESERVED
+CVE-2022-36941
+ RESERVED
+CVE-2022-36940
+ RESERVED
+CVE-2022-36939
+ RESERVED
+CVE-2022-36938
+ RESERVED
+CVE-2022-36937
+ RESERVED
+CVE-2022-36936
+ RESERVED
+CVE-2022-36935
+ RESERVED
+CVE-2022-36934
+ RESERVED
+CVE-2022-36933
+ RESERVED
+CVE-2022-36932
+ RESERVED
+CVE-2022-36931
+ RESERVED
+CVE-2022-36930
+ RESERVED
+CVE-2022-36929
+ RESERVED
+CVE-2022-36928
+ RESERVED
+CVE-2022-36927
+ RESERVED
+CVE-2022-36926
+ RESERVED
+CVE-2022-36925
+ RESERVED
+CVE-2022-36924
+ RESERVED
+CVE-2022-36923
+ RESERVED
+CVE-2022-2556
+ RESERVED
+CVE-2022-2555
+ RESERVED
+CVE-2022-2554
+ RESERVED
+CVE-2022-2553
+ RESERVED
+CVE-2022-2552
+ RESERVED
+CVE-2022-2551
+ RESERVED
+CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...)
+ TODO: check
+CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...)
+ TODO: check
+CVE-2022-36922 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not es ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36921
+CVE-2022-36921 (A missing permission check in Jenkins Coverity Plugin 1.11.4 and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36920
+CVE-2022-36920 (A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36919
+CVE-2022-36919 (A missing permission check in Jenkins Coverity Plugin 1.11.4 and earli ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36918
+CVE-2022-36918 (Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permis ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36917
+CVE-2022-36917 (A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36916
+CVE-2022-36916 (A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36915
+CVE-2022-36915 (Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a pe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36914
+CVE-2022-36914 (Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36913
+CVE-2022-36913 (Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permiss ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36912
+CVE-2022-36912 (A missing permission check in Jenkins Openstack Heat Plugin 1.5 and ea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36911
+CVE-2022-36911 (A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36910
+CVE-2022-36910 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not pe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36909
+CVE-2022-36909 (A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36908
+CVE-2022-36908 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36907
+CVE-2022-36907 (A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36906
+CVE-2022-36906 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36905
+CVE-2022-36905 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36904
+CVE-2022-36904 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36903
+CVE-2022-36903 (A missing permission check in Jenkins Repository Connector Plugin 2.2. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36902
+CVE-2022-36902 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36901
+CVE-2022-36901 (Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passw ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36900
+CVE-2022-36900 (Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36899
+CVE-2022-36899 (Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not re ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36898
+CVE-2022-36898 (A missing permission check in Jenkins Compuware ISPW Operations Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36897
+CVE-2022-36897 (A missing permission check in Jenkins Compuware Xpediter Code Coverage ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36896
+CVE-2022-36896 (A missing permission check in Jenkins Compuware Source Code Download f ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36895
+CVE-2022-36895 (A missing permission check in Jenkins Compuware Topaz Utilities Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36894
+CVE-2022-36894 (An arbitrary file write vulnerability in Jenkins CLIF Performance Test ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36893
+CVE-2022-36893 (Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a per ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36892
+CVE-2022-36892 (Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a per ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36891
+CVE-2022-36891 (A missing permission check in Jenkins Deployer Framework Plugin 85.v1d ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36890
+CVE-2022-36890 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does no ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36889
+CVE-2022-36889 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does no ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36888
+CVE-2022-36888 (A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_8 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36887
+CVE-2022-36887 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job Confi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36886
+CVE-2022-36886 (A cross-site request forgery (CSRF) vulnerability in Jenkins External ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36885
+CVE-2022-36885 (Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comp ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36884
+CVE-2022-36884 (The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36883
+CVE-2022-36883 (A missing permission check in Jenkins Git Plugin 4.11.3 and earlier al ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36882
+CVE-2022-36882 (A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-36881
+CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows ...)
NOT-FOR-US: Webmin module
@@ -1174,12 +1232,12 @@ CVE-2022-34344
RESERVED
CVE-2022-34154
RESERVED
-CVE-2022-33970
- RESERVED
+CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in Biplob018 Shor ...)
+ TODO: check
CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob Adhikar ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-33943
- RESERVED
+CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site Scripting ( ...)
+ TODO: check
CVE-2022-33201
RESERVED
CVE-2022-33142
@@ -1326,12 +1384,14 @@ CVE-2022-36320
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320
CVE-2022-36319
RESERVED
+ {DSA-5193-1}
- firefox 103.0-1
- firefox-esr 91.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36319
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36319
CVE-2022-36318
RESERVED
+ {DSA-5193-1}
- firefox 103.0-1
- firefox-esr 91.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320
@@ -2916,14 +2976,14 @@ CVE-2022-35674
RESERVED
CVE-2022-35673
RESERVED
-CVE-2022-35672
- RESERVED
+CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 ...)
+ TODO: check
CVE-2022-35671
RESERVED
CVE-2022-35670
RESERVED
-CVE-2022-35669
- RESERVED
+CVE-2022-35669 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...)
+ TODO: check
CVE-2022-35668
RESERVED
CVE-2022-35667
@@ -3541,7 +3601,7 @@ CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows .
NOTE: https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
NOTE: https://0xacab.org/jvoisin/mat2/-/issues/174
NOTE: https://dustri.org/b/mat2-0130.html
-CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0 ...)
+CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0 ...)
- mbedtls 2.28.1-1
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/5e9790353d2d9e41e85262eebe52fd90bb49f1e0/security-advisories/advisories/mbedtls-security-advisory-2022-07.md
NOTE: https://github.com/Mbed-TLS/mbedtls/commit/f333dfab4a6c2d8a604a61558a8f783145161de4 (v2.28.1)
@@ -3830,8 +3890,8 @@ CVE-2022-35293
RESERVED
CVE-2022-35292
RESERVED
-CVE-2022-35291
- RESERVED
+CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors attachm ...)
+ TODO: check
CVE-2022-35290
RESERVED
CVE-2022-35289
@@ -4027,14 +4087,14 @@ CVE-2022-2315
RESERVED
CVE-2022-2314
RESERVED
-CVE-2022-2313
- RESERVED
+CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...)
+ TODO: check
CVE-2022-2312
RESERVED
CVE-2022-2311
RESERVED
-CVE-2022-2310
- RESERVED
+CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...)
+ TODO: check
CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service ...)
- lxml 4.9.1-1 (bug #1014766)
[bullseye] - lxml <no-dsa> (Minor issue)
@@ -5751,12 +5811,12 @@ CVE-2022-34553
RESERVED
CVE-2022-34552
RESERVED
-CVE-2022-34551
- RESERVED
-CVE-2022-34550
- RESERVED
-CVE-2022-34549
- RESERVED
+CVE-2022-34551 (Sims v1.0 was discovered to allow path traversal when downloading atta ...)
+ TODO: check
+CVE-2022-34550 (Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulne ...)
+ TODO: check
+CVE-2022-34549 (Sims v1.0 was discovered to contain an arbitrary file upload vulnerabi ...)
+ TODO: check
CVE-2022-34548
RESERVED
CVE-2022-34547
@@ -5795,8 +5855,8 @@ CVE-2022-34531
RESERVED
CVE-2022-34530
RESERVED
-CVE-2022-34529
- RESERVED
+CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
+ TODO: check
CVE-2022-34528
RESERVED
CVE-2022-34527
@@ -6986,10 +7046,10 @@ CVE-2022-34123
RESERVED
CVE-2022-34122
RESERVED
-CVE-2022-34121
- RESERVED
-CVE-2022-34120
- RESERVED
+CVE-2022-34121 (Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) ...)
+ TODO: check
+CVE-2022-34120 (Barangay Management System v1.0 was discovered to contain a remote cod ...)
+ TODO: check
CVE-2022-34119
RESERVED
CVE-2022-34118
@@ -25334,8 +25394,8 @@ CVE-2022-27612
RESERVED
CVE-2022-27611
RESERVED
-CVE-2022-27610
- RESERVED
+CVE-2022-27610 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ TODO: check
CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...)
NOT-FOR-US: Forcepoint One Endpoint
CVE-2022-27608 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...)
@@ -34604,10 +34664,10 @@ CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c
NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28)
NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480 (master)
NOTE: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
-CVE-2022-24406
- RESERVED
-CVE-2022-24405
- RESERVED
+CVE-2022-24406 (OX App Suite through 7.10.6 allows SSRF because multipart/form-data bo ...)
+ TODO: check
+CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a serializ ...)
+ TODO: check
CVE-2022-24404
RESERVED
CVE-2022-24403
@@ -39659,12 +39719,12 @@ CVE-2022-0183 (Missing encryption of sensitive data vulnerability in 'MIRUPASS'
NOT-FOR-US: MIRUPASS
CVE-2020-36515
RESERVED
-CVE-2022-23101
- RESERVED
-CVE-2022-23100
- RESERVED
-CVE-2022-23099
- RESERVED
+CVE-2022-23101 (OX App Suite through 7.10.6 allows XSS via appHandler in a deep link i ...)
+ TODO: check
+CVE-2022-23100 (OX App Suite through 7.10.6 allows OS Command Injection via Documentco ...)
+ TODO: check
+CVE-2022-23099 (OX App Suite through 7.10.6 allows XSS by forcing block-wise read. ...)
+ TODO: check
CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
{DLA-2915-1}
- connman 1.36-2.4 (bug #1004935)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ab3fc76b94b2fb5b908097dbf510c031836a38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ab3fc76b94b2fb5b908097dbf510c031836a38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220727/e4b00021/attachment.htm>
More information about the debian-security-tracker-commits
mailing list