[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 7 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25a30897 by security tracker role at 2022-06-07T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2022-32530
+ RESERVED
+CVE-2022-32529
+ RESERVED
+CVE-2022-32528
+ RESERVED
+CVE-2022-32527
+ RESERVED
+CVE-2022-32526
+ RESERVED
+CVE-2022-32525
+ RESERVED
+CVE-2022-32524
+ RESERVED
+CVE-2022-32523
+ RESERVED
+CVE-2022-32522
+ RESERVED
+CVE-2022-32521
+ RESERVED
+CVE-2022-32520
+ RESERVED
+CVE-2022-32519
+ RESERVED
+CVE-2022-32518
+ RESERVED
+CVE-2022-32517
+ RESERVED
+CVE-2022-32516
+ RESERVED
+CVE-2022-32515
+ RESERVED
+CVE-2022-32514
+ RESERVED
+CVE-2022-32513
+ RESERVED
+CVE-2022-32512
+ RESERVED
+CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a s ...)
+ TODO: check
+CVE-2022-32510
+ RESERVED
+CVE-2022-32509
+ RESERVED
+CVE-2022-32508
+ RESERVED
+CVE-2022-32507
+ RESERVED
+CVE-2022-32506
+ RESERVED
+CVE-2022-32505
+ RESERVED
+CVE-2022-32504
+ RESERVED
+CVE-2022-32503
+ RESERVED
+CVE-2022-32502
+ RESERVED
+CVE-2022-32501
+ RESERVED
+CVE-2022-32500
+ RESERVED
+CVE-2022-32499
+ RESERVED
+CVE-2022-2013
+ RESERVED
+CVE-2022-2012
+ RESERVED
+CVE-2022-2011
+ RESERVED
+CVE-2022-2010
+ RESERVED
+CVE-2022-2009
+ RESERVED
+CVE-2022-2008
+ RESERVED
+CVE-2022-2007
+ RESERVED
+CVE-2022-2006
+ RESERVED
+CVE-2022-2005
+ RESERVED
+CVE-2022-2004
+ RESERVED
+CVE-2022-2003
+ RESERVED
+CVE-2022-2002
+ RESERVED
+CVE-2022-2001
+ RESERVED
CVE-2022-32498
RESERVED
CVE-2022-32497
@@ -2822,20 +2912,20 @@ CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer s
NOT-FOR-US: KNIME Analytics Platform
CVE-2022-31499
RESERVED
-CVE-2022-31498
- RESERVED
+CVE-2022-31498 (LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialo ...)
+ TODO: check
CVE-2022-31497
RESERVED
CVE-2022-31496
RESERVED
CVE-2022-31495
RESERVED
-CVE-2022-31494
- RESERVED
+CVE-2022-31494 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. ...)
+ TODO: check
CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. ...)
NOT-FOR-US: LibreHealth EHR Base
-CVE-2022-31492
- RESERVED
+CVE-2022-31492 (Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 ...)
+ TODO: check
CVE-2022-31491
RESERVED
CVE-2022-31490
@@ -3866,18 +3956,17 @@ CVE-2022-31032
RESERVED
CVE-2022-31031
RESERVED
-CVE-2022-31030
- RESERVED
+CVE-2022-31030 (containerd is an open source container runtime. A bug was found in the ...)
- containerd 1.6.6~ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
CVE-2022-31029
RESERVED
CVE-2022-31028 (MinIO is a multi-cloud object storage solution. Starting with version ...)
NOT-FOR-US: MinIO
-CVE-2022-31027
- RESERVED
-CVE-2022-31026
- RESERVED
+CVE-2022-31027 (OAuthenticator is an OAuth token library for the JupyerHub login handl ...)
+ TODO: check
+CVE-2022-31026 (Trilogy is a client library for MySQL. When authenticating, a maliciou ...)
+ TODO: check
CVE-2022-31025 (Discourse is an open source platform for community discussion. Prior t ...)
NOT-FOR-US: Discourse
CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...)
@@ -3890,8 +3979,8 @@ CVE-2022-31021
RESERVED
CVE-2022-31020
RESERVED
-CVE-2022-31019
- RESERVED
+CVE-2022-31019 (Vapor is a server-side Swift HTTP web framework. When using automatic ...)
+ TODO: check
CVE-2022-31018 (Play Framework is a web framework for Java and Scala. A denial of serv ...)
NOT-FOR-US: Play Framework
CVE-2022-31017
@@ -4418,8 +4507,8 @@ CVE-2022-30929
RESERVED
CVE-2022-30928
RESERVED
-CVE-2022-30927
- RESERVED
+CVE-2022-30927 (A SQL injection vulnerability exists in Simple Task Scheduling System ...)
+ TODO: check
CVE-2022-30926
RESERVED
CVE-2022-30925
@@ -5157,8 +5246,8 @@ CVE-2022-30589
RESERVED
CVE-2022-30588
RESERVED
-CVE-2022-30587
- RESERVED
+CVE-2022-30587 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...)
+ TODO: check
CVE-2022-30586 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...)
TODO: check
CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an ...)
@@ -5600,8 +5689,8 @@ CVE-2022-30471
RESERVED
CVE-2022-30470 (In Afian Filerun 20220202 Changing the "search_tika_path" variable to ...)
NOT-FOR-US: Afian Filerun
-CVE-2022-30469
- RESERVED
+CVE-2022-30469 (In Afian Filerun 20220202, lack of sanitization of the POST parameter ...)
+ TODO: check
CVE-2022-30468
RESERVED
CVE-2022-30467
@@ -8012,8 +8101,8 @@ CVE-2022-29633 (An access control issue in Linglong v1.0 allows attackers to acc
NOT-FOR-US: Linglong
CVE-2022-29632 (An arbitrary file upload vulnerability in the component /course/api/up ...)
NOT-FOR-US: Roncoo Education
-CVE-2022-29631
- RESERVED
+CVE-2022-29631 (Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vul ...)
+ TODO: check
CVE-2022-29630
RESERVED
CVE-2022-29629
@@ -8044,8 +8133,8 @@ CVE-2022-29619
RESERVED
CVE-2022-29618
RESERVED
-CVE-2022-29617
- RESERVED
+CVE-2022-29617 (Due to improper error handling an authenticated user can crash CLA ass ...)
+ TODO: check
CVE-2022-29616 (SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to l ...)
NOT-FOR-US: SAP
CVE-2022-29615
@@ -8949,8 +9038,8 @@ CVE-2022-29298 (SolarView Compact ver.6.00 allows attackers to access sensitive
NOT-FOR-US: SolarView Compact
CVE-2022-29297
RESERVED
-CVE-2022-29296
- RESERVED
+CVE-2022-29296 (A reflected cross-site scripting (XSS) vulnerability in the login port ...)
+ TODO: check
CVE-2022-29295
RESERVED
CVE-2022-29294
@@ -9135,10 +9224,10 @@ CVE-2022-29257
RESERVED
CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...)
NOT-FOR-US: lovell/sharp
-CVE-2022-29255
- RESERVED
-CVE-2022-29254
- RESERVED
+CVE-2022-29255 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...)
+ TODO: check
+CVE-2022-29254 (silverstripe-omnipay is a SilverStripe integration with Omnipay PHP pa ...)
+ TODO: check
CVE-2022-29253 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2022-29252 (XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. S ...)
@@ -11226,10 +11315,10 @@ CVE-2022-28481 (CSV-Safe gem < 3.0.0 doesn't filter out special characters wh
NOT-FOR-US: zvory/csv-safe
CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.ex ...)
NOT-FOR-US: ALLMediaServer
-CVE-2022-28479
- RESERVED
-CVE-2022-28478
- RESERVED
+CVE-2022-28479 (SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored ...)
+ TODO: check
+CVE-2022-28478 (SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The " ...)
+ TODO: check
CVE-2022-28477 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). ...)
NOT-FOR-US: WBCE CMS
CVE-2022-28476
@@ -12747,8 +12836,8 @@ CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file uplo
NOT-FOR-US: Typemill
CVE-2022-28052 (Directory Traversal vulnerability in file cn/roothub/store/FileSystemS ...)
NOT-FOR-US: Roothub
-CVE-2022-28051
- RESERVED
+CVE-2022-28051 (The "Add category" functionality inside the "Global Keywords" menu in ...)
+ TODO: check
CVE-2022-28050
RESERVED
CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference v ...)
@@ -14326,8 +14415,8 @@ CVE-2022-27440
RESERVED
CVE-2022-27439
RESERVED
-CVE-2022-27438
- RESERVED
+CVE-2022-27438 (Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote ...)
+ TODO: check
CVE-2022-27437
RESERVED
CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...)
@@ -17483,8 +17572,8 @@ CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper au
NOT-FOR-US: WordPress plugin
CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository ...)
- webmin <removed>
-CVE-2022-0823
- RESERVED
+CVE-2022-0823 (An improper control of interaction frequency vulnerability in Zyxel GS ...)
+ TODO: check
CVE-2022-26352
RESERVED
CVE-2022-26351
@@ -21367,8 +21456,8 @@ CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Foxit
CVE-2022-24970
RESERVED
-CVE-2022-24969
- RESERVED
+CVE-2022-24969 (bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, ...)
+ TODO: check
CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...)
NOT-FOR-US: Mellium
CVE-2022-24967 (Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting ( ...)
@@ -21555,8 +21644,8 @@ CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by o
NOT-FOR-US: Xwiki
CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...)
NOT-FOR-US: Xwiki
-CVE-2022-24896
- RESERVED
+CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developmen ...)
+ TODO: check
CVE-2022-24895
RESERVED
CVE-2022-24894
@@ -21697,8 +21786,8 @@ CVE-2022-24842 (MinIO is a High Performance Object Storage released under GNU Af
NOT-FOR-US: MinIO
CVE-2022-24841 (fleetdm/fleet is an open source device management, built on osquery. A ...)
NOT-FOR-US: Fleet
-CVE-2022-24840
- RESERVED
+CVE-2022-24840 (django-s3file is a lightweight file upload input for Django and Amazon ...)
+ TODO: check
CVE-2022-24839 (org.cyberneko.html is an html parser written in Java. The fork of `org ...)
- nekohtml <unfixed>
[bullseye] - nekohtml <no-dsa> (Minor issue)
@@ -168608,8 +168697,8 @@ CVE-2020-6222 (SAP Business Objects Business Intelligence Platform (Web Intellig
NOT-FOR-US: SAP
CVE-2020-6221 (Web Intelligence HTML interface in SAP Business Objects Business Intel ...)
NOT-FOR-US: SAP
-CVE-2020-6220
- RESERVED
+CVE-2020-6220 (BI Launchpad and CMC in SAP Business Objects Business Intelligence Pla ...)
+ TODO: check
CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalReports We ...)
NOT-FOR-US: SAP
CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a30897ccba52f92bf68859d2d1975aac3309c8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a30897ccba52f92bf68859d2d1975aac3309c8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220607/8ea89e9f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list