[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 1 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22a83aa9 by security tracker role at 2022-06-01T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-32204
+ RESERVED
+CVE-2022-32203
+ RESERVED
+CVE-2022-1971
+ RESERVED
+CVE-2022-1970
+ RESERVED
+CVE-2022-1969
+ RESERVED
+CVE-2022-1968
+ RESERVED
+CVE-2022-1967
+ RESERVED
+CVE-2022-1966
+ RESERVED
+CVE-2022-1965
+ RESERVED
+CVE-2022-1964
+ RESERVED
CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...)
- libjpeg <unfixed> (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7
@@ -177,8 +197,8 @@ CVE-2022-1951
RESERVED
CVE-2022-1950
RESERVED
-CVE-2022-1949
- RESERVED
+CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...)
+ TODO: check
CVE-2022-32135
RESERVED
CVE-2022-32134
@@ -519,48 +539,48 @@ CVE-2022-31967
RESERVED
CVE-2022-31966
RESERVED
-CVE-2022-31965
- RESERVED
-CVE-2022-31964
- RESERVED
+CVE-2022-31965 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31964 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31963
RESERVED
-CVE-2022-31962
- RESERVED
-CVE-2022-31961
- RESERVED
+CVE-2022-31962 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31961 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31960
RESERVED
-CVE-2022-31959
- RESERVED
+CVE-2022-31959 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31958
RESERVED
-CVE-2022-31957
- RESERVED
-CVE-2022-31956
- RESERVED
+CVE-2022-31957 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31956 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31955
RESERVED
CVE-2022-31954
RESERVED
-CVE-2022-31953
- RESERVED
-CVE-2022-31952
- RESERVED
-CVE-2022-31951
- RESERVED
+CVE-2022-31953 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31952 (Rescue Dispatch Management System v1.0 is vulnerable to SQL injection ...)
+ TODO: check
+CVE-2022-31951 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31950
RESERVED
CVE-2022-31949
RESERVED
-CVE-2022-31948
- RESERVED
+CVE-2022-31948 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31947
RESERVED
-CVE-2022-31946
- RESERVED
-CVE-2022-31945
- RESERVED
+CVE-2022-31946 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31945 (Rescue Dispatch Management System v1.0 is vulnerable to Delete any fil ...)
+ TODO: check
CVE-2022-31944
RESERVED
CVE-2022-31943
@@ -861,8 +881,7 @@ CVE-2022-1945
RESERVED
CVE-2022-1944
RESERVED
-CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse]
- RESERVED
+CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file system ...)
- linux 5.17.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1139,6 +1158,7 @@ CVE-2022-31748
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748
CVE-2022-31747
RESERVED
+ {DSA-5156-1}
- firefox <unfixed>
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1161,6 +1181,7 @@ CVE-2022-31743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743
CVE-2022-31742
RESERVED
+ {DSA-5156-1}
- firefox <unfixed>
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1169,6 +1190,7 @@ CVE-2022-31742
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742
CVE-2022-31741
RESERVED
+ {DSA-5156-1}
- firefox <unfixed>
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1177,6 +1199,7 @@ CVE-2022-31741
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741
CVE-2022-31740
RESERVED
+ {DSA-5156-1}
- firefox <unfixed>
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1193,6 +1216,7 @@ CVE-2022-31739
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739
CVE-2022-31738
RESERVED
+ {DSA-5156-1}
- firefox <unfixed>
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1201,6 +1225,7 @@ CVE-2022-31738
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738
CVE-2022-31737
RESERVED
+ {DSA-5156-1}
- firefox <unfixed>
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1209,6 +1234,7 @@ CVE-2022-31737
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737
CVE-2022-31736
RESERVED
+ {DSA-5156-1}
- firefox <unfixed>
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -2270,38 +2296,38 @@ CVE-2022-31356
RESERVED
CVE-2022-31355
RESERVED
-CVE-2022-31354
- RESERVED
-CVE-2022-31353
- RESERVED
-CVE-2022-31352
- RESERVED
-CVE-2022-31351
- RESERVED
-CVE-2022-31350
- RESERVED
+CVE-2022-31354 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31353 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31352 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in ...)
+ TODO: check
+CVE-2022-31351 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via ...)
+ TODO: check
+CVE-2022-31350 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2022-31349
RESERVED
-CVE-2022-31348
- RESERVED
-CVE-2022-31347
- RESERVED
-CVE-2022-31346
- RESERVED
-CVE-2022-31345
- RESERVED
-CVE-2022-31344
- RESERVED
-CVE-2022-31343
- RESERVED
-CVE-2022-31342
- RESERVED
+CVE-2022-31348 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31347 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31346 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31345 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31344 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31343 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-31342 (Online Car Wash Booking System v1.0 is vulnerable to Delete any file v ...)
+ TODO: check
CVE-2022-31341
RESERVED
-CVE-2022-31340
- RESERVED
-CVE-2022-31339
- RESERVED
+CVE-2022-31340 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...)
+ TODO: check
+CVE-2022-31339 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...)
+ TODO: check
CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...)
NOT-FOR-US: Online Ordering System
CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...)
@@ -2440,14 +2466,14 @@ CVE-2022-31271
RESERVED
CVE-2022-31270
RESERVED
-CVE-2022-30540
- RESERVED
-CVE-2022-29488
- RESERVED
-CVE-2022-28690
- RESERVED
-CVE-2022-27184
- RESERVED
+CVE-2022-30540 (The affected product is vulnerable to a heap-based buffer overflow via ...)
+ TODO: check
+CVE-2022-29488 (The affected product is vulnerable to an out-of-bounds read via uninit ...)
+ TODO: check
+CVE-2022-28690 (The affected product is vulnerable to an out-of-bounds write via unini ...)
+ TODO: check
+CVE-2022-27184 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
+ TODO: check
CVE-2022-1836 [floppy: disable FDRAWCMD by default]
RESERVED
- linux 5.17.6-1
@@ -4705,8 +4731,8 @@ CVE-2022-30472 (Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based
NOT-FOR-US: Tenda
CVE-2022-30471
RESERVED
-CVE-2022-30470
- RESERVED
+CVE-2022-30470 (In Afian Filerun 20220202 Changing the "search_tika_path" variable to ...)
+ TODO: check
CVE-2022-30469
RESERVED
CVE-2022-30468
@@ -6294,8 +6320,8 @@ CVE-2022-29877 (A vulnerability has been identified in SICAM P850 (All versions
NOT-FOR-US: Siemens
CVE-2022-29876 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
NOT-FOR-US: Siemens
-CVE-2022-29875
- RESERVED
+CVE-2022-29875 (A vulnerability has been identified in Biograph Horizon PET/CT Systems ...)
+ TODO: check
CVE-2022-29874 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
NOT-FOR-US: Siemens
CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
@@ -6810,10 +6836,10 @@ CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat
NOT-FOR-US: njs
CVE-2022-29778
RESERVED
-CVE-2022-29777
- RESERVED
-CVE-2022-29776
- RESERVED
+CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
+ TODO: check
+CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...)
+ TODO: check
CVE-2022-29775
RESERVED
CVE-2022-29774
@@ -8629,8 +8655,8 @@ CVE-2022-29100
RESERVED
CVE-2022-29099
RESERVED
-CVE-2022-29098
- RESERVED
+CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak ...)
+ TODO: check
CVE-2022-29097
RESERVED
CVE-2022-29096
@@ -14847,22 +14873,22 @@ CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRow
NOTE: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows
CVE-2022-26979
RESERVED
-CVE-2022-26978
- RESERVED
-CVE-2022-26977
- RESERVED
-CVE-2022-26976
- RESERVED
-CVE-2022-26975
- RESERVED
-CVE-2022-26974
- RESERVED
-CVE-2022-26973
- RESERVED
-CVE-2022-26972
- RESERVED
-CVE-2022-26971
- RESERVED
+CVE-2022-26978 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
+CVE-2022-26977 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
+CVE-2022-26976 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
+CVE-2022-26975 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
+CVE-2022-26974 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
+CVE-2022-26973 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
+CVE-2022-26972 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
+CVE-2022-26971 (Barco Control Room Management Suite web application, which is part of ...)
+ TODO: check
CVE-2022-26970
RESERVED
CVE-2022-26969
@@ -26590,10 +26616,10 @@ CVE-2022-23239
RESERVED
CVE-2022-23238
RESERVED
-CVE-2022-23237
- RESERVED
-CVE-2022-23236
- RESERVED
+CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...)
+ TODO: check
+CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40 through 11.7 ...)
+ TODO: check
CVE-2022-23235
RESERVED
CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a vulnerability wh ...)
@@ -36706,7 +36732,7 @@ CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4014
- RESERVED
+ REJECTED
CVE-2021-4013
RESERVED
CVE-2021-4012
@@ -42994,21 +43020,21 @@ CVE-2021-42706 (This vulnerability could allow an attacker to disclose informati
NOT-FOR-US: Advantech
CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...)
NOT-FOR-US: PLC Editor
-CVE-2021-42704 (Inkscape version 0.19 is vulnerable to an out-of-bounds write, which m ...)
+CVE-2021-42704 (Inkscape version 0.91 is vulnerable to an out-of-bounds write, which m ...)
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches)
TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
NOT-FOR-US: Advantech
-CVE-2021-42702 (Inkscape version 0.19 can access an uninitialized pointer, which may a ...)
+CVE-2021-42702 (Inkscape version 0.91 can access an uninitialized pointer, which may a ...)
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches)
TODO: Unclear if this is really fixed in 1.0+
CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
NOT-FOR-US: AzeoTech
-CVE-2021-42700 (Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow ...)
+CVE-2021-42700 (Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow ...)
- inkscape 1.0-1
NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches)
@@ -65536,20 +65562,20 @@ CVE-2021-34085 (Read access violation in the III_dequantize_sample function in m
- mp3gain 1.6.2-1
NOTE: Vulnerable code removed in https://sourceforge.net/p/mp3gain/code/ci/aea83203960fc6d3237b1ae38e8434ec8681b21a/ (v1.6.0)
NOTE: https://drive.google.com/drive/folders/1epm65c4_iC0zE5V_leoet4Jyk1Prz2p5?usp=sharing
-CVE-2021-34084
- RESERVED
-CVE-2021-34083
- RESERVED
-CVE-2021-34082
- RESERVED
-CVE-2021-34081
- RESERVED
-CVE-2021-34080
- RESERVED
-CVE-2021-34079
- RESERVED
-CVE-2021-34078
- RESERVED
+CVE-2021-34084 (OS command injection vulnerability in Turistforeningen node-s3-uploade ...)
+ TODO: check
+CVE-2021-34083 (Google-it is a Node.js package which allows its users to send search q ...)
+ TODO: check
+CVE-2021-34082 (OS Command Injection vulnerability in allenhwkim proctree through 0.1. ...)
+ TODO: check
+CVE-2021-34081 (OS Command Injection vulnerability in bbultman gitsome through 0.2.3 a ...)
+ TODO: check
+CVE-2021-34080 (OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.j ...)
+ TODO: check
+CVE-2021-34079 (OS Command injection vulnerability in Mintzo Docker-Tester through 1.2 ...)
+ TODO: check
+CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS command i ...)
+ TODO: check
CVE-2021-34077
RESERVED
CVE-2021-34076
@@ -67595,8 +67621,8 @@ CVE-2021-33256 (** DISPUTED ** A CSV injection vulnerability on the login panel
NOT-FOR-US: ManageEngine
CVE-2021-33255
RESERVED
-CVE-2021-33254
- RESERVED
+CVE-2021-33254 (An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Comm ...)
+ TODO: check
CVE-2021-33253
RESERVED
CVE-2021-33252
@@ -81794,8 +81820,8 @@ CVE-2021-27916
RESERVED
CVE-2021-27915
RESERVED
-CVE-2021-27914
- RESERVED
+CVE-2021-27914 (A cross-site scripting (XSS) vulnerability in the installer component ...)
+ TODO: check
CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)
NOT-FOR-US: Mautic
CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
@@ -84784,12 +84810,12 @@ CVE-2021-26637
RESERVED
CVE-2021-26636
RESERVED
-CVE-2021-26635
- RESERVED
-CVE-2021-26634
- RESERVED
-CVE-2021-26633
- RESERVED
+CVE-2021-26635 (In the code that verifies the file size in the ark library, it is poss ...)
+ TODO: check
+CVE-2021-26634 (SQL injection and file upload attacks are possible due to insufficient ...)
+ TODO: check
+CVE-2021-26633 (SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoa ...)
+ TODO: check
CVE-2021-26632
RESERVED
CVE-2021-26631 (Improper input validation vulnerability in Mangboard commerce package ...)
@@ -117666,10 +117692,10 @@ CVE-2020-26187
RESERVED
CVE-2020-26186 (Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS Ru ...)
NOT-FOR-US: Dell Inspiron 5675 BIOS
-CVE-2020-26185
- RESERVED
-CVE-2020-26184
- RESERVED
+CVE-2020-26185 (Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buf ...)
+ TODO: check
+CVE-2020-26184 (Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Im ...)
+ TODO: check
CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper auth ...)
NOT-FOR-US: EMC
CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...)
@@ -129593,8 +129619,8 @@ CVE-2020-20973
RESERVED
CVE-2020-20972
RESERVED
-CVE-2020-20971
- RESERVED
+CVE-2020-20971 (Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via ...)
+ TODO: check
CVE-2020-20970
RESERVED
CVE-2020-20969
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22a83aa91ea254a15842522bb22c5fc6c08c5ddd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22a83aa91ea254a15842522bb22c5fc6c08c5ddd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220601/493fe535/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list