[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 9 21:10:35 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1317d53e by security tracker role at 2022-06-09T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2022-32769
+ RESERVED
+CVE-2022-32768
+ RESERVED
+CVE-2022-32759
+ RESERVED
+CVE-2022-32758
+ RESERVED
+CVE-2022-32757
+ RESERVED
+CVE-2022-32756
+ RESERVED
+CVE-2022-32755
+ RESERVED
+CVE-2022-32754
+ RESERVED
+CVE-2022-32753
+ RESERVED
+CVE-2022-32752
+ RESERVED
+CVE-2022-32751
+ RESERVED
+CVE-2022-32750
+ RESERVED
+CVE-2022-32749
+ RESERVED
+CVE-2022-32748
+ RESERVED
+CVE-2022-32747
+ RESERVED
+CVE-2022-32746
+ RESERVED
+CVE-2022-32745
+ RESERVED
+CVE-2022-32744
+ RESERVED
+CVE-2022-32743
+ RESERVED
+CVE-2022-32742
+ RESERVED
+CVE-2022-32741
+ RESERVED
+CVE-2022-32740
+ RESERVED
+CVE-2022-32739
+ RESERVED
+CVE-2022-32573
+ RESERVED
+CVE-2022-30605
+ RESERVED
+CVE-2022-29886
+ RESERVED
+CVE-2022-29517
+ RESERVED
+CVE-2022-29511
+ RESERVED
+CVE-2022-29468
+ RESERVED
+CVE-2022-28703
+ RESERVED
+CVE-2022-27498
+ RESERVED
+CVE-2022-2039
+ RESERVED
+CVE-2022-2038
+ RESERVED
+CVE-2022-2037 (Excessive Attack Surface in GitHub repository tooljet/tooljet prior to ...)
+ TODO: check
CVE-2022-32738
RESERVED
CVE-2022-32737
@@ -380,8 +448,8 @@ CVE-2022-28612
RESERVED
CVE-2022-25649
RESERVED
-CVE-2022-2035
- RESERVED
+CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in the pla ...)
+ TODO: check
CVE-2022-2034
RESERVED
CVE-2022-2033
@@ -662,8 +730,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063)
CVE-2022-1999
RESERVED
-CVE-2022-1998 [fanotify: Fix stale file descriptor in copy_event_to_user()]
- RESERVED
+CVE-2022-1998 (A use after free in the Linux kernel File System notify functionality ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1059,18 +1126,18 @@ CVE-2017-20018
RESERVED
CVE-2016-15002 (A vulnerability, which was classified as critical, was found in MONyog ...)
NOT-FOR-US: MONyog Ultimate
-CVE-2019-25070
- RESERVED
-CVE-2019-25069
- RESERVED
-CVE-2019-25068
- RESERVED
-CVE-2019-25067
- RESERVED
-CVE-2019-25066
- RESERVED
-CVE-2019-25065
- RESERVED
+CVE-2019-25070 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS u ...)
+ TODO: check
+CVE-2019-25069 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2019-25068 (A vulnerability classified as critical was found in Axios Italia Axios ...)
+ TODO: check
+CVE-2019-25067 (A vulnerability, which was classified as critical, was found in Podman ...)
+ TODO: check
+CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified as crit ...)
+ TODO: check
+CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as ...)
+ TODO: check
CVE-2018-25044
RESERVED
CVE-2018-25043
@@ -1127,8 +1194,8 @@ CVE-2020-36530 (A vulnerability classified as critical was found in SevOne Netwo
NOT-FOR-US: SevOne Network Management System
CVE-2020-36529 (A vulnerability classified as critical has been found in SevOne Networ ...)
NOT-FOR-US: SevOne Network Management System
-CVE-2019-25064
- RESERVED
+CVE-2019-25064 (A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has b ...)
+ TODO: check
CVE-2019-25063 (A vulnerability was found in Sricam IP CCTV Camera. It has been classi ...)
NOT-FOR-US: Sricam IP CCTV Camera
CVE-2019-25062 (A vulnerability was found in Sricam IP CCTV Camera and classified as c ...)
@@ -1176,8 +1243,8 @@ CVE-2022-32274
RESERVED
CVE-2022-32273 (As a result of an observable discrepancy in returned messages, OPSWAT ...)
TODO: check
-CVE-2022-32272
- RESERVED
+CVE-2022-32272 (OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access co ...)
+ TODO: check
CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...)
NOT-FOR-US: Real Player
CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows do ...)
@@ -2188,14 +2255,14 @@ CVE-2022-31832
RESERVED
CVE-2022-31831
RESERVED
-CVE-2022-31830
- RESERVED
+CVE-2022-31830 (Kity Minder v1.3.5 was discovered to contain a Server-Side Request For ...)
+ TODO: check
CVE-2022-31829
RESERVED
CVE-2022-31828
RESERVED
-CVE-2022-31827
- RESERVED
+CVE-2022-31827 (MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forg ...)
+ TODO: check
CVE-2022-31826
RESERVED
CVE-2022-31825
@@ -3610,22 +3677,22 @@ CVE-2022-31395
RESERVED
CVE-2022-31394
RESERVED
-CVE-2022-31393
- RESERVED
+CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...)
+ TODO: check
CVE-2022-31392
RESERVED
CVE-2022-31391
RESERVED
-CVE-2022-31390
- RESERVED
+CVE-2022-31390 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...)
+ TODO: check
CVE-2022-31389
RESERVED
CVE-2022-31388
RESERVED
CVE-2022-31387
RESERVED
-CVE-2022-31386
- RESERVED
+CVE-2022-31386 (A Server-Side Request Forgery (SSRF) in the getFileBinary function of ...)
+ TODO: check
CVE-2022-31385
RESERVED
CVE-2022-31384
@@ -4078,8 +4145,7 @@ CVE-2022-1798
RESERVED
CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...)
NOT-FOR-US: Goverlan
-CVE-2022-31214 [local root exploit reachable via --join logic]
- RESERVED
+CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c in Fireja ...)
- firejail 0.9.68-4 (bug #1012510)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10
NOTE: https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50
@@ -5390,8 +5456,8 @@ CVE-2022-30762
RESERVED
CVE-2022-30761
RESERVED
-CVE-2022-30760
- RESERVED
+CVE-2022-30760 (An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG F ...)
+ TODO: check
CVE-2022-30759
RESERVED
CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows remote ...)
@@ -6709,7 +6775,7 @@ CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared
NOT-FOR-US: Bludit
CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reserv ...)
+CVE-2022-30292 (Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lac ...)
- squirrel3 <unfixed>
[bullseye] - squirrel3 <no-dsa> (Minor issue)
[buster] - squirrel3 <no-dsa> (Minor issue)
@@ -18051,20 +18117,17 @@ CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanit
NOT-FOR-US: WordPress plugin
CVE-2022-26365
RESERVED
-CVE-2022-26364
- RESERVED
+CVE-2022-26364 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-402.html
-CVE-2022-26363
- RESERVED
+CVE-2022-26363 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-402.html
-CVE-2022-26362 [x86 pv: Race condition in typeref acquisition]
- RESERVED
+CVE-2022-26362 (x86 pv: Race condition in typeref acquisition Xen maintains a type ref ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -28592,8 +28655,8 @@ CVE-2022-23140
RESERVED
CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control vulnerabil ...)
NOT-FOR-US: ZTE ZXMP M721
-CVE-2022-23138
- RESERVED
+CVE-2022-23138 (ZTE's MF297D product has cryptographic issues vulnerability. Due to th ...)
+ TODO: check
CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker c ...)
NOT-FOR-US: ZXCDN
CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway product. An at ...)
@@ -38190,6 +38253,7 @@ CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used t
NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main)
NOTE: Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3)
CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...)
+ {DLA-3049-1}
- mailman <removed>
[buster] - mailman 1:2.1.29-1+deb10u4
NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
@@ -41947,6 +42011,7 @@ CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name o
CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
NOT-FOR-US: Datalogic
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
+ {DLA-3049-1}
- mailman <removed> (bug #1000367)
[buster] - mailman 1:2.1.29-1+deb10u3
NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
@@ -41954,6 +42019,7 @@ CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb
NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1876 (2.1.36)
NOTE: Regression fix: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1878 (2.1.37)
CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...)
+ {DLA-3049-1}
- mailman <removed> (bug #1000367)
[buster] - mailman 1:2.1.29-1+deb10u3
NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
@@ -50285,8 +50351,8 @@ CVE-2021-40963
RESERVED
CVE-2021-40962
RESERVED
-CVE-2021-40961
- RESERVED
+CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected by SQL injection in modules/Ne ...)
+ TODO: check
CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
NOT-FOR-US: Galera WebTemplate
CVE-2021-40959
@@ -51005,8 +51071,8 @@ CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the ke
NOT-FOR-US: Wuzhi CMS
CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
NOT-FOR-US: Wuzhi CMS
-CVE-2021-40668
- RESERVED
+CVE-2021-40668 (The Android application HTTP File Server (Version 1.4.1) by 'slowscrip ...)
+ TODO: check
CVE-2021-40667
RESERVED
CVE-2021-40666
@@ -51127,8 +51193,8 @@ CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. With
NOT-FOR-US: Opmantek Open-AudIT
CVE-2021-40611
RESERVED
-CVE-2021-40610
- RESERVED
+CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background m ...)
+ TODO: check
CVE-2021-40609
RESERVED
CVE-2021-40608
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1317d53e93197e84f3320af1c448b9a1b9e525ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1317d53e93197e84f3320af1c448b9a1b9e525ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220609/96047ec6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list