[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 2 21:10:29 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9d6bd0f by security tracker role at 2022-06-02T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-32234
+ RESERVED
+CVE-2022-30943
+ RESERVED
+CVE-2022-30602
+ RESERVED
+CVE-2022-29926
+ RESERVED
+CVE-2022-29512
+ RESERVED
+CVE-2022-1985
+ RESERVED
+CVE-2022-1984
+ RESERVED
+CVE-2022-1983
+ RESERVED
+CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0 and earl ...)
+ TODO: check
+CVE-2022-1981
+ RESERVED
+CVE-2022-1980 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...)
+ TODO: check
+CVE-2022-1979 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...)
+ TODO: check
+CVE-2022-1978
+ RESERVED
+CVE-2022-1977
+ RESERVED
CVE-2022-32230
RESERVED
CVE-2022-32229
@@ -76,8 +104,8 @@ CVE-2022-1970
RESERVED
CVE-2022-1969
RESERVED
-CVE-2022-1968
- RESERVED
+CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1967
RESERVED
CVE-2022-1966
@@ -483,94 +511,94 @@ CVE-2022-32030
RESERVED
CVE-2022-32029
RESERVED
-CVE-2022-32028
- RESERVED
-CVE-2022-32027
- RESERVED
-CVE-2022-32026
- RESERVED
-CVE-2022-32025
- RESERVED
-CVE-2022-32024
- RESERVED
+CVE-2022-32028 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...)
+ TODO: check
+CVE-2022-32027 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...)
+ TODO: check
+CVE-2022-32026 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...)
+ TODO: check
+CVE-2022-32025 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...)
+ TODO: check
+CVE-2022-32024 (Car Rental Management System v1.0 is vulnerable to SQL Injection via c ...)
+ TODO: check
CVE-2022-32023
RESERVED
-CVE-2022-32022
- RESERVED
-CVE-2022-32021
- RESERVED
-CVE-2022-32020
- RESERVED
-CVE-2022-32019
- RESERVED
-CVE-2022-32018
- RESERVED
-CVE-2022-32017
- RESERVED
-CVE-2022-32016
- RESERVED
-CVE-2022-32015
- RESERVED
-CVE-2022-32014
- RESERVED
-CVE-2022-32013
- RESERVED
-CVE-2022-32012
- RESERVED
-CVE-2022-32011
- RESERVED
-CVE-2022-32010
- RESERVED
+CVE-2022-32022 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...)
+ TODO: check
+CVE-2022-32021 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...)
+ TODO: check
+CVE-2022-32020 (Car Rental Management System v1.0 is vulnerable to Arbitrary code exec ...)
+ TODO: check
+CVE-2022-32019 (Car Rental Management System v1.0 is vulnerable to Arbitrary code exec ...)
+ TODO: check
+CVE-2022-32018 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32017 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32016 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32015 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32014 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32013 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32012 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32011 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32010 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-32009
RESERVED
-CVE-2022-32008
- RESERVED
-CVE-2022-32007
- RESERVED
-CVE-2022-32006
- RESERVED
-CVE-2022-32005
- RESERVED
-CVE-2022-32004
- RESERVED
-CVE-2022-32003
- RESERVED
-CVE-2022-32002
- RESERVED
-CVE-2022-32001
- RESERVED
-CVE-2022-32000
- RESERVED
+CVE-2022-32008 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32007 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32006 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32005 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32004 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32003 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32002 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32001 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-32000 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31999
RESERVED
-CVE-2022-31998
- RESERVED
+CVE-2022-31998 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31997
RESERVED
-CVE-2022-31996
- RESERVED
+CVE-2022-31996 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31995
RESERVED
-CVE-2022-31994
- RESERVED
-CVE-2022-31993
- RESERVED
-CVE-2022-31992
- RESERVED
-CVE-2022-31991
- RESERVED
-CVE-2022-31990
- RESERVED
-CVE-2022-31989
- RESERVED
-CVE-2022-31988
- RESERVED
+CVE-2022-31994 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31993 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31992 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31991 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31990 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31989 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31988 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31987
RESERVED
-CVE-2022-31986
- RESERVED
-CVE-2022-31985
- RESERVED
+CVE-2022-31986 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31985 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-31984 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
NOT-FOR-US: Online Fire Reporting System
CVE-2022-31983 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...)
@@ -3153,8 +3181,8 @@ CVE-2022-31025
RESERVED
CVE-2022-31024
RESERVED
-CVE-2022-31023
- RESERVED
+CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions prior to ...)
+ TODO: check
CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP utilities ...)
TODO: check
CVE-2022-31021
@@ -3163,8 +3191,8 @@ CVE-2022-31020
RESERVED
CVE-2022-31019
RESERVED
-CVE-2022-31018
- RESERVED
+CVE-2022-31018 (Play Framework is a web framework for Java and Scala. A denial of serv ...)
+ TODO: check
CVE-2022-31017
RESERVED
CVE-2022-31016
@@ -4053,8 +4081,8 @@ CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows r
- webmin <removed>
CVE-2022-1717
RESERVED
-CVE-2022-1716
- RESERVED
+CVE-2022-1716 (An attacker with physical access to the victim's device can bypass the ...)
+ TODO: check
CVE-2022-30703
RESERVED
CVE-2022-30702
@@ -4919,8 +4947,8 @@ CVE-2022-30431
RESERVED
CVE-2022-30430
RESERVED
-CVE-2022-30429
- RESERVED
+CVE-2022-30429 (Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow ...)
+ TODO: check
CVE-2022-30428 (In ginadmin through 05-10-2022, the incoming path value is not filtere ...)
NOT-FOR-US: ginadmin
CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not filtered ...)
@@ -6923,8 +6951,8 @@ CVE-2021-46786 (The audio module has a vulnerability in verifying the parameters
NOT-FOR-US: Huawei
CVE-2021-46785 (The Property module has a vulnerability in permission control.This vul ...)
NOT-FOR-US: Huawei
-CVE-2022-29788
- RESERVED
+CVE-2022-29788 (libmobi before v0.10 contains a NULL pointer dereference via the compo ...)
+ TODO: check
CVE-2022-29787
RESERVED
CVE-2022-29786
@@ -7091,8 +7119,8 @@ CVE-2022-29706
RESERVED
CVE-2022-29705
RESERVED
-CVE-2022-29704
- RESERVED
+CVE-2022-29704 (BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
CVE-2022-29703
RESERVED
CVE-2022-29702
@@ -7351,8 +7379,8 @@ CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive informati
NOT-FOR-US: WordPress plugin
CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...)
NOT-FOR-US: Solutions Atlantic Regulatory Reporting System (RRS
-CVE-2022-29597
- RESERVED
+CVE-2022-29597 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...)
+ TODO: check
CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypass by ...)
NOT-FOR-US: MicroStrategy Enterprise Manager
CVE-2022-29595
@@ -15064,8 +15092,8 @@ CVE-2022-26945 (HashiCorp go-getter before 2.0.2 allows Command Injection. ...)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
NOTE: https://github.com/hashicorp/go-getter/pull/359
NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0)
-CVE-2022-26944
- RESERVED
+CVE-2022-26944 (Percona XtraBackup 2.4.20 unintentionally writes the command line to a ...)
+ TODO: check
CVE-2022-26943
RESERVED
CVE-2022-26942
@@ -16190,8 +16218,8 @@ CVE-2022-26498 (An issue was discovered in Asterisk through 19.x. When using STI
[stretch] - asterisk <not-affected> (Vulnerable code not present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29872
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-001.html
-CVE-2022-26497
- RESERVED
+CVE-2022-26497 (BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have ...)
+ TODO: check
CVE-2022-26496 (In nbd-server in nbd before 3.24, there is a stack-based buffer overfl ...)
{DSA-5100-1}
- nbd 1:3.24-1 (bug #1006915)
@@ -19985,8 +20013,8 @@ CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU
NOT-FOR-US: Amazon AWS VPN Client
CVE-2022-25164
RESERVED
-CVE-2022-25163
- RESERVED
+CVE-2022-25163 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC- ...)
+ TODO: check
CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...)
NOT-FOR-US: Mitsubishi
CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...)
@@ -30382,12 +30410,12 @@ CVE-2022-0081
RESERVED
CVE-2021-45984
RESERVED
-CVE-2021-45983
- RESERVED
-CVE-2021-45982
- RESERVED
-CVE-2021-45981
- RESERVED
+CVE-2021-45983 (NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. ...)
+ TODO: check
+CVE-2021-45982 (NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged ...)
+ TODO: check
+CVE-2021-45981 (NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. ...)
+ TODO: check
CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
NOT-FOR-US: Foxit
CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
@@ -55536,8 +55564,8 @@ CVE-2021-38223
RESERVED
CVE-2021-38222
RESERVED
-CVE-2021-38221
- RESERVED
+CVE-2021-38221 (bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XS ...)
+ TODO: check
CVE-2021-38220
RESERVED
CVE-2021-38219
@@ -66838,8 +66866,8 @@ CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows
NOT-FOR-US: Zoho ManageEngine
CVE-2021-33616 (RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. ...)
NOT-FOR-US: RSA Archer
-CVE-2021-33615
- RESERVED
+CVE-2021-33615 (RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with ...)
+ TODO: check
CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...)
{DSA-4924-1 DLA-2685-1}
- squid 4.13-10
@@ -205720,12 +205748,12 @@ CVE-2019-12353
RESERVED
CVE-2019-12352
RESERVED
-CVE-2019-12351
- RESERVED
-CVE-2019-12350
- RESERVED
-CVE-2019-12349
- RESERVED
+CVE-2019-12351 (An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_p ...)
+ TODO: check
+CVE-2019-12350 (An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_d ...)
+ TODO: check
+CVE-2019-12349 (An issue was discovered in zzcms 2019. SQL Injection exists in /admin/ ...)
+ TODO: check
CVE-2019-12348 (An issue was discovered in zzcms 2019. SQL Injection exists in user/zt ...)
NOT-FOR-US: zzcms
CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9d6bd0fdfa1e8e82a7958e5af3adc6257a721e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9d6bd0fdfa1e8e82a7958e5af3adc6257a721e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220602/d543bf9c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list