[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 8 21:10:41 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fd1de5a1 by security tracker role at 2022-06-08T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2022-32551
+ RESERVED
+CVE-2022-32550
+ RESERVED
+CVE-2022-32549
+ RESERVED
+CVE-2022-32289
+ RESERVED
+CVE-2022-32280
+ RESERVED
+CVE-2022-31475
+ RESERVED
+CVE-2022-30536
+ RESERVED
+CVE-2022-30337
+ RESERVED
+CVE-2022-29923
+ RESERVED
+CVE-2022-28700
+ RESERVED
+CVE-2022-28666
+ RESERVED
+CVE-2022-28612
+ RESERVED
+CVE-2022-25649
+ RESERVED
+CVE-2022-2035
+ RESERVED
+CVE-2022-2034
+ RESERVED
+CVE-2022-2033
+ RESERVED
+CVE-2022-2032
+ RESERVED
+CVE-2022-2031
+ RESERVED
+CVE-2022-2030
+ RESERVED
+CVE-2022-2029 (Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra ...)
+ TODO: check
+CVE-2022-2028 (Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/t ...)
+ TODO: check
+CVE-2022-2027 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
+ TODO: check
+CVE-2022-2026 (Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/ti ...)
+ TODO: check
+CVE-2022-2025
+ RESERVED
+CVE-2017-20051
+ RESERVED
CVE-2022-32548
RESERVED
CVE-2022-32547
@@ -60,10 +110,10 @@ CVE-2022-2017 (A vulnerability was found in SourceCodester Prison Management Sys
NOT-FOR-US: SourceCodester Prison Management System
CVE-2022-2016 (Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/ ...)
NOT-FOR-US: neorazorx/facturascripts
-CVE-2022-2015
- RESERVED
-CVE-2022-2014
- RESERVED
+CVE-2022-2015 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
+ TODO: check
+CVE-2022-2014 (Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. ...)
+ TODO: check
CVE-2022-32530
RESERVED
CVE-2022-32529
@@ -752,10 +802,10 @@ CVE-2022-29465
RESERVED
CVE-2022-25958
RESERVED
-CVE-2022-1993
- RESERVED
-CVE-2022-1992
- RESERVED
+CVE-2022-1993 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. ...)
+ TODO: check
+CVE-2022-1992 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. ...)
+ TODO: check
CVE-2022-1991 (A vulnerability classified as problematic has been found in Fast Food ...)
NOT-FOR-US: Fast Food Ordering System
CVE-2022-1990
@@ -766,8 +816,8 @@ CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazo
NOT-FOR-US: neorazorx/facturascripts
CVE-2022-32274
RESERVED
-CVE-2022-32273
- RESERVED
+CVE-2022-32273 (As a result of an observable discrepancy in returned messages, OPSWAT ...)
+ TODO: check
CVE-2022-32272
RESERVED
CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...)
@@ -1822,8 +1872,7 @@ CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk pr
NOT-FOR-US: Trudesk
CVE-2022-1946
RESERVED
-CVE-2022-31813 [mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism]
- RESERVED
+CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...)
- apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/8
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813
@@ -1942,6 +1991,7 @@ CVE-2022-1933
CVE-2022-1932
RESERVED
CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding. ...)
+ {DLA-3048-1}
- python-bottle 0.12.20-1
NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 (0.12.20)
CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk prior t ...)
@@ -2998,8 +3048,8 @@ CVE-2022-31499
RESERVED
CVE-2022-31498 (LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialo ...)
NOT-FOR-US: LibreHealth EHR Base
-CVE-2022-31497
- RESERVED
+CVE-2022-31497 (LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigat ...)
+ TODO: check
CVE-2022-31496
RESERVED
CVE-2022-31495 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page ...)
@@ -3338,8 +3388,8 @@ CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL Inje
NOT-FOR-US: Online Ordering System
CVE-2022-31326
RESERVED
-CVE-2022-31325
- RESERVED
+CVE-2022-31325 (There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'Per ...)
+ TODO: check
CVE-2022-31324
RESERVED
CVE-2022-31323
@@ -4029,8 +4079,8 @@ CVE-2022-31040
RESERVED
CVE-2022-31039
RESERVED
-CVE-2022-31038
- RESERVED
+CVE-2022-31038 (Gogs is an open source self-hosted Git service. In versions of gogs pr ...)
+ TODO: check
CVE-2022-31037
RESERVED
CVE-2022-31036
@@ -4598,42 +4648,42 @@ CVE-2022-30928
RESERVED
CVE-2022-30927 (A SQL injection vulnerability exists in Simple Task Scheduling System ...)
NOT-FOR-US: Simple Task Scheduling System
-CVE-2022-30926
- RESERVED
-CVE-2022-30925
- RESERVED
-CVE-2022-30924
- RESERVED
-CVE-2022-30923
- RESERVED
-CVE-2022-30922
- RESERVED
-CVE-2022-30921
- RESERVED
-CVE-2022-30920
- RESERVED
-CVE-2022-30919
- RESERVED
-CVE-2022-30918
- RESERVED
-CVE-2022-30917
- RESERVED
-CVE-2022-30916
- RESERVED
-CVE-2022-30915
- RESERVED
-CVE-2022-30914
- RESERVED
-CVE-2022-30913
- RESERVED
-CVE-2022-30912
- RESERVED
+CVE-2022-30926 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30925 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30924 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30923 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30922 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30921 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30920 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30919 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30918 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30917 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30916 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30915 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30914 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30913 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30912 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2022-30911
RESERVED
-CVE-2022-30910
- RESERVED
-CVE-2022-30909
- RESERVED
+CVE-2022-30910 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2022-30909 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2022-30908
RESERVED
CVE-2022-30907
@@ -4652,8 +4702,8 @@ CVE-2022-30901
RESERVED
CVE-2022-30900
RESERVED
-CVE-2022-30899
- RESERVED
+CVE-2022-30899 (A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the ...)
+ TODO: check
CVE-2022-30898
RESERVED
CVE-2022-30897
@@ -4686,8 +4736,8 @@ CVE-2022-30884
RESERVED
CVE-2022-30883
RESERVED
-CVE-2022-30882
- RESERVED
+CVE-2022-30882 (pyanxdns package in PyPI version 0.2 is vulnerable to code execution b ...)
+ TODO: check
CVE-2022-30881
RESERVED
CVE-2022-30880
@@ -4696,12 +4746,12 @@ CVE-2022-30879
RESERVED
CVE-2022-30878
RESERVED
-CVE-2022-30877
- RESERVED
+CVE-2022-30877 (The keep for python, as distributed on PyPI, included a code-execution ...)
+ TODO: check
CVE-2022-30876
RESERVED
-CVE-2022-30875
- RESERVED
+CVE-2022-30875 (Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Er ...)
+ TODO: check
CVE-2022-30874
RESERVED
CVE-2022-30873
@@ -4866,8 +4916,8 @@ CVE-2022-30794 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL In
NOT-FOR-US: Online Ordering System
CVE-2022-30793
RESERVED
-CVE-2022-30790
- RESERVED
+CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2 ...)
+ TODO: check
CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...)
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
@@ -5442,8 +5492,7 @@ CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. T
[bullseye] - linux 5.10.113-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2276
NOTE: https://git.kernel.org/linus/ee1fee900537b5d9560e9f937402de5ddc8412f3 (5.18-rc1)
-CVE-2022-30556 [Information Disclosure in mod_lua with websockets]
- RESERVED
+CVE-2022-30556 (Apache HTTP Server 2.4.53 and earlier may return lengths to applicatio ...)
- apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/7
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556
@@ -5453,8 +5502,8 @@ CVE-2022-30554
RESERVED
CVE-2022-30553
RESERVED
-CVE-2022-30552
- RESERVED
+CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow. ...)
+ TODO: check
CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause ...)
TODO: check
CVE-2022-30550
@@ -5617,8 +5666,7 @@ CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextO
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below i ...)
NOT-FOR-US: Trend Micro
-CVE-2022-30522 [mod_sed denial of service]
- RESERVED
+CVE-2022-30522 (If Apache HTTP Server 2.4.53 is configured to do transformations with ...)
- apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522
@@ -8920,8 +8968,7 @@ CVE-2022-1382 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1
NOTE: https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44
-CVE-2022-29404 [Denial of service in mod_lua r:parsebody]
- RESERVED
+CVE-2022-29404 (In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua ...)
- apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/5
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404
@@ -11119,13 +11166,11 @@ CVE-2022-28617 (A remote bypass security restrictions vulnerability was discover
NOT-FOR-US: HPE OneView
CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
NOT-FOR-US: HPE OneView
-CVE-2022-28615 [Read beyond bounds in ap_strcmp_match()]
- RESERVED
+CVE-2022-28615 (Apache HTTP Server 2.4.53 and earlier may crash or disclose informatio ...)
- apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/9
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615
-CVE-2022-28614 [read beyond bounds via ap_rwrite()]
- RESERVED
+CVE-2022-28614 (The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may ...)
- apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
@@ -11653,18 +11698,18 @@ CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Lin
{DSA-5127-1}
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1)
-CVE-2022-28387
- RESERVED
-CVE-2022-28386
- RESERVED
-CVE-2022-28385
- RESERVED
-CVE-2022-28384
- RESERVED
-CVE-2022-28383
- RESERVED
-CVE-2022-28382
- RESERVED
+CVE-2022-28387 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...)
+ TODO: check
+CVE-2022-28386 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...)
+ TODO: check
+CVE-2022-28385 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...)
+ TODO: check
+CVE-2022-28384 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...)
+ TODO: check
+CVE-2022-28383 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...)
+ TODO: check
+CVE-2022-28382 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...)
+ TODO: check
CVE-2022-1214
REJECTED
CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/li ...)
@@ -11828,8 +11873,7 @@ CVE-2022-28332
RESERVED
CVE-2022-28331
RESERVED
-CVE-2022-28330 [read beyond bounds in mod_isapi]
- RESERVED
+CVE-2022-28330 (Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bound ...)
- apache2 <not-affected> (Windows specific)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/3
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28330
@@ -17604,8 +17648,7 @@ CVE-2022-26379
RESERVED
CVE-2022-26378
RESERVED
-CVE-2022-26377 [mod_proxy_ajp: Possible request smuggling]
- RESERVED
+CVE-2022-26377 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...)
- apache2 <unfixed> (bug #1012513)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/2
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377
@@ -21027,12 +21070,12 @@ CVE-2022-25155 (Use of Password Hash Instead of Password for Authentication vuln
NOT-FOR-US: Mitsubishi
CVE-2022-25154 (A DLL hijacking vulnerability in Samsung portable SSD T5 PC software b ...)
NOT-FOR-US: Samsung portable SSD T5
-CVE-2022-25153
- RESERVED
-CVE-2022-25152
- RESERVED
-CVE-2022-25151
- RESERVED
+CVE-2022-25153 (The ITarian Endpoint Manage Communication Client, prior to version 6.4 ...)
+ TODO: check
+CVE-2022-25152 (The ITarian platform (SAAS / on-premise) offers the possibility to run ...)
+ TODO: check
+CVE-2022-25151 (Within the Service Desk module of the ITarian platform (SAAS and on-pr ...)
+ TODO: check
CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...)
NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
CVE-2022-25149 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
@@ -23627,8 +23670,8 @@ CVE-2022-24302 (In Paramiko before 2.10.1, a race condition (between creation an
{DLA-2959-1}
- paramiko 2.10.3-1 (bug #1008012)
NOTE: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1)
-CVE-2022-24296
- RESERVED
+CVE-2022-24296 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air ...)
+ TODO: check
CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...)
NOT-FOR-US: Okta Advanced Server Access Client
CVE-2022-22986 (Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, ...)
@@ -38169,7 +38212,7 @@ CVE-2021-44097 (EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 i
NOT-FOR-US: EgavilanMedia
CVE-2021-44096 (EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 ...)
NOT-FOR-US: EgavilanMedia
-CVE-2021-44095 (Project Worlds Official Hospital Management System in php 1.0 is vulne ...)
+CVE-2021-44095 (A SQL injection vulnerability exists in ProjectWorlds Hospital Managem ...)
NOT-FOR-US: projectworldsofficial/hospital-management-system-in-php
CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...)
NOT-FOR-US: zrlog
@@ -50738,14 +50781,14 @@ CVE-2021-40594
RESERVED
CVE-2021-40593
RESERVED
-CVE-2021-40592
- RESERVED
+CVE-2021-40592 (GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (v ...)
+ TODO: check
CVE-2021-40591
RESERVED
CVE-2021-40590
RESERVED
-CVE-2021-40589
- RESERVED
+CVE-2021-40589 (ZAngband zangband-data 2.7.5 is affected by an integer underflow vulne ...)
+ TODO: check
CVE-2021-40588
RESERVED
CVE-2021-40587
@@ -60613,8 +60656,8 @@ CVE-2021-36712
RESERVED
CVE-2021-36711
RESERVED
-CVE-2021-36710
- RESERVED
+CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the kernel. ...)
+ TODO: check
CVE-2021-36709
RESERVED
CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...)
@@ -146784,8 +146827,8 @@ CVE-2020-14127
RESERVED
CVE-2020-14126
RESERVED
-CVE-2020-14125
- RESERVED
+CVE-2020-14125 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
+ TODO: check
CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...)
NOT-FOR-US: Xiaomi
CVE-2020-14123 (There is a pointer double free vulnerability in Some MIUI Services. Wh ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd1de5a1b1743afa04648e4f99394e09be579f96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd1de5a1b1743afa04648e4f99394e09be579f96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220608/1b57665f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list