[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 10 09:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f148fbd5 by security tracker role at 2022-06-10T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,407 @@
+CVE-2022-32957
+ RESERVED
+CVE-2022-32956
+ RESERVED
+CVE-2022-32955
+ RESERVED
+CVE-2022-32954
+ RESERVED
+CVE-2022-32953
+ RESERVED
+CVE-2022-32952
+ RESERVED
+CVE-2022-32951
+ RESERVED
+CVE-2022-32950
+ RESERVED
+CVE-2022-32949
+ RESERVED
+CVE-2022-32948
+ RESERVED
+CVE-2022-32947
+ RESERVED
+CVE-2022-32946
+ RESERVED
+CVE-2022-32945
+ RESERVED
+CVE-2022-32944
+ RESERVED
+CVE-2022-32943
+ RESERVED
+CVE-2022-32942
+ RESERVED
+CVE-2022-32941
+ RESERVED
+CVE-2022-32940
+ RESERVED
+CVE-2022-32939
+ RESERVED
+CVE-2022-32938
+ RESERVED
+CVE-2022-32937
+ RESERVED
+CVE-2022-32936
+ RESERVED
+CVE-2022-32935
+ RESERVED
+CVE-2022-32934
+ RESERVED
+CVE-2022-32933
+ RESERVED
+CVE-2022-32932
+ RESERVED
+CVE-2022-32931
+ RESERVED
+CVE-2022-32930
+ RESERVED
+CVE-2022-32929
+ RESERVED
+CVE-2022-32928
+ RESERVED
+CVE-2022-32927
+ RESERVED
+CVE-2022-32926
+ RESERVED
+CVE-2022-32925
+ RESERVED
+CVE-2022-32924
+ RESERVED
+CVE-2022-32923
+ RESERVED
+CVE-2022-32922
+ RESERVED
+CVE-2022-32921
+ RESERVED
+CVE-2022-32920
+ RESERVED
+CVE-2022-32919
+ RESERVED
+CVE-2022-32918
+ RESERVED
+CVE-2022-32917
+ RESERVED
+CVE-2022-32916
+ RESERVED
+CVE-2022-32915
+ RESERVED
+CVE-2022-32914
+ RESERVED
+CVE-2022-32913
+ RESERVED
+CVE-2022-32912
+ RESERVED
+CVE-2022-32911
+ RESERVED
+CVE-2022-32910
+ RESERVED
+CVE-2022-32909
+ RESERVED
+CVE-2022-32908
+ RESERVED
+CVE-2022-32907
+ RESERVED
+CVE-2022-32906
+ RESERVED
+CVE-2022-32905
+ RESERVED
+CVE-2022-32904
+ RESERVED
+CVE-2022-32903
+ RESERVED
+CVE-2022-32902
+ RESERVED
+CVE-2022-32901
+ RESERVED
+CVE-2022-32900
+ RESERVED
+CVE-2022-32899
+ RESERVED
+CVE-2022-32898
+ RESERVED
+CVE-2022-32897
+ RESERVED
+CVE-2022-32896
+ RESERVED
+CVE-2022-32895
+ RESERVED
+CVE-2022-32894
+ RESERVED
+CVE-2022-32893
+ RESERVED
+CVE-2022-32892
+ RESERVED
+CVE-2022-32891
+ RESERVED
+CVE-2022-32890
+ RESERVED
+CVE-2022-32889
+ RESERVED
+CVE-2022-32888
+ RESERVED
+CVE-2022-32887
+ RESERVED
+CVE-2022-32886
+ RESERVED
+CVE-2022-32885
+ RESERVED
+CVE-2022-32884
+ RESERVED
+CVE-2022-32883
+ RESERVED
+CVE-2022-32882
+ RESERVED
+CVE-2022-32881
+ RESERVED
+CVE-2022-32880
+ RESERVED
+CVE-2022-32879
+ RESERVED
+CVE-2022-32878
+ RESERVED
+CVE-2022-32877
+ RESERVED
+CVE-2022-32876
+ RESERVED
+CVE-2022-32875
+ RESERVED
+CVE-2022-32874
+ RESERVED
+CVE-2022-32873
+ RESERVED
+CVE-2022-32872
+ RESERVED
+CVE-2022-32871
+ RESERVED
+CVE-2022-32870
+ RESERVED
+CVE-2022-32869
+ RESERVED
+CVE-2022-32868
+ RESERVED
+CVE-2022-32867
+ RESERVED
+CVE-2022-32866
+ RESERVED
+CVE-2022-32865
+ RESERVED
+CVE-2022-32864
+ RESERVED
+CVE-2022-32863
+ RESERVED
+CVE-2022-32862
+ RESERVED
+CVE-2022-32861
+ RESERVED
+CVE-2022-32860
+ RESERVED
+CVE-2022-32859
+ RESERVED
+CVE-2022-32858
+ RESERVED
+CVE-2022-32857
+ RESERVED
+CVE-2022-32856
+ RESERVED
+CVE-2022-32855
+ RESERVED
+CVE-2022-32854
+ RESERVED
+CVE-2022-32853
+ RESERVED
+CVE-2022-32852
+ RESERVED
+CVE-2022-32851
+ RESERVED
+CVE-2022-32850
+ RESERVED
+CVE-2022-32849
+ RESERVED
+CVE-2022-32848
+ RESERVED
+CVE-2022-32847
+ RESERVED
+CVE-2022-32846
+ RESERVED
+CVE-2022-32845
+ RESERVED
+CVE-2022-32844
+ RESERVED
+CVE-2022-32843
+ RESERVED
+CVE-2022-32842
+ RESERVED
+CVE-2022-32841
+ RESERVED
+CVE-2022-32840
+ RESERVED
+CVE-2022-32839
+ RESERVED
+CVE-2022-32838
+ RESERVED
+CVE-2022-32837
+ RESERVED
+CVE-2022-32836
+ RESERVED
+CVE-2022-32835
+ RESERVED
+CVE-2022-32834
+ RESERVED
+CVE-2022-32833
+ RESERVED
+CVE-2022-32832
+ RESERVED
+CVE-2022-32831
+ RESERVED
+CVE-2022-32830
+ RESERVED
+CVE-2022-32829
+ RESERVED
+CVE-2022-32828
+ RESERVED
+CVE-2022-32827
+ RESERVED
+CVE-2022-32826
+ RESERVED
+CVE-2022-32825
+ RESERVED
+CVE-2022-32824
+ RESERVED
+CVE-2022-32823
+ RESERVED
+CVE-2022-32822
+ RESERVED
+CVE-2022-32821
+ RESERVED
+CVE-2022-32820
+ RESERVED
+CVE-2022-32819
+ RESERVED
+CVE-2022-32818
+ RESERVED
+CVE-2022-32817
+ RESERVED
+CVE-2022-32816
+ RESERVED
+CVE-2022-32815
+ RESERVED
+CVE-2022-32814
+ RESERVED
+CVE-2022-32813
+ RESERVED
+CVE-2022-32812
+ RESERVED
+CVE-2022-32811
+ RESERVED
+CVE-2022-32810
+ RESERVED
+CVE-2022-32809
+ RESERVED
+CVE-2022-32808
+ RESERVED
+CVE-2022-32807
+ RESERVED
+CVE-2022-32806
+ RESERVED
+CVE-2022-32805
+ RESERVED
+CVE-2022-32804
+ RESERVED
+CVE-2022-32803
+ RESERVED
+CVE-2022-32802
+ RESERVED
+CVE-2022-32801
+ RESERVED
+CVE-2022-32800
+ RESERVED
+CVE-2022-32799
+ RESERVED
+CVE-2022-32798
+ RESERVED
+CVE-2022-32797
+ RESERVED
+CVE-2022-32796
+ RESERVED
+CVE-2022-32795
+ RESERVED
+CVE-2022-32794
+ RESERVED
+CVE-2022-32793
+ RESERVED
+CVE-2022-32792
+ RESERVED
+CVE-2022-32791
+ RESERVED
+CVE-2022-32790
+ RESERVED
+CVE-2022-32789
+ RESERVED
+CVE-2022-32788
+ RESERVED
+CVE-2022-32787
+ RESERVED
+CVE-2022-32786
+ RESERVED
+CVE-2022-32785
+ RESERVED
+CVE-2022-32784
+ RESERVED
+CVE-2022-32783
+ RESERVED
+CVE-2022-32782
+ RESERVED
+CVE-2022-32781
+ RESERVED
+CVE-2022-32780
+ RESERVED
+CVE-2022-32779
+ RESERVED
+CVE-2022-32778
+ RESERVED
+CVE-2022-32777
+ RESERVED
+CVE-2022-32772
+ RESERVED
+CVE-2022-32771
+ RESERVED
+CVE-2022-32770
+ RESERVED
+CVE-2022-32763
+ RESERVED
+CVE-2022-30690
+ RESERVED
+CVE-2022-28712
+ RESERVED
+CVE-2022-26842
+ RESERVED
+CVE-2022-2049
+ RESERVED
+CVE-2022-2048
+ RESERVED
+CVE-2022-2047
+ RESERVED
+CVE-2022-2046
+ RESERVED
+CVE-2022-2045
+ RESERVED
+CVE-2022-2044
+ RESERVED
+CVE-2022-2043
+ RESERVED
+CVE-2022-2042
+ RESERVED
+CVE-2022-2041
+ RESERVED
+CVE-2022-2040
+ RESERVED
+CVE-2021-46819
+ RESERVED
+CVE-2021-46818
+ RESERVED
+CVE-2021-46817
+ RESERVED
+CVE-2021-46816
+ RESERVED
CVE-2022-32769
RESERVED
CVE-2022-32768
@@ -1114,28 +1518,28 @@ CVE-2017-20030
RESERVED
CVE-2017-20029
RESERVED
-CVE-2017-20028
- RESERVED
-CVE-2017-20027
- RESERVED
-CVE-2017-20026
- RESERVED
-CVE-2017-20025
- RESERVED
-CVE-2017-20024
- RESERVED
-CVE-2017-20023
- RESERVED
-CVE-2017-20022
- RESERVED
-CVE-2017-20021
- RESERVED
-CVE-2017-20020
- RESERVED
-CVE-2017-20019
- RESERVED
-CVE-2017-20018
- RESERVED
+CVE-2017-20028 (A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been c ...)
+ TODO: check
+CVE-2017-20027 (A vulnerability was found in HumHub up to 1.0.1 and classified as prob ...)
+ TODO: check
+CVE-2017-20026 (A vulnerability has been found in HumHub up to 1.0.1 and classified as ...)
+ TODO: check
+CVE-2017-20025 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...)
+ TODO: check
+CVE-2017-20024 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...)
+ TODO: check
+CVE-2017-20023 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and cl ...)
+ TODO: check
+CVE-2017-20022 (A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 a ...)
+ TODO: check
+CVE-2017-20021 (A vulnerability, which was classified as critical, was found in Solare ...)
+ TODO: check
+CVE-2017-20020 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2017-20019 (A vulnerability classified as problematic was found in Solare Solar-Lo ...)
+ TODO: check
+CVE-2017-20018 (A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classifie ...)
+ TODO: check
CVE-2016-15002 (A vulnerability, which was classified as critical, was found in MONyog ...)
NOT-FOR-US: MONyog Ultimate
CVE-2019-25070 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS u ...)
@@ -2428,7 +2832,7 @@ CVE-2022-1933
CVE-2022-1932
RESERVED
CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding. ...)
- {DLA-3048-1}
+ {DSA-5159-1 DLA-3048-1}
- python-bottle 0.12.20-1
NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 (0.12.20)
CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk prior t ...)
@@ -4489,8 +4893,8 @@ CVE-2022-31053
RESERVED
CVE-2022-31052
RESERVED
-CVE-2022-31051
- RESERVED
+CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...)
+ TODO: check
CVE-2022-31050
RESERVED
CVE-2022-31049
@@ -4501,17 +4905,15 @@ CVE-2022-31047
RESERVED
CVE-2022-31046
RESERVED
-CVE-2022-31045
- RESERVED
+CVE-2022-31045 (Istio is an open platform to connect, manage, and secure microservices ...)
+ TODO: check
CVE-2022-31044
RESERVED
-CVE-2022-31043 [Fix failure to strip Authorization header on HTTP downgrade]
- RESERVED
+CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...)
- guzzle <unfixed>
NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
-CVE-2022-31042 [Failure to strip the Cookie header on change in host or HTTP downgrade]
- RESERVED
+CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions the `Co ...)
- guzzle <unfixed>
NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
@@ -4531,8 +4933,8 @@ CVE-2022-31035
RESERVED
CVE-2022-31034
RESERVED
-CVE-2022-31033
- RESERVED
+CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
+ TODO: check
CVE-2022-31032
RESERVED
CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -5149,8 +5551,8 @@ CVE-2022-30900
RESERVED
CVE-2022-30899 (A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the ...)
TODO: check
-CVE-2022-30898
- RESERVED
+CVE-2022-30898 (A Cross-site request forgery (CSRF) vulnerability in Cscms music porta ...)
+ TODO: check
CVE-2022-30897
RESERVED
CVE-2022-30896
@@ -5484,10 +5886,10 @@ CVE-2022-1717
RESERVED
CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...)
NOT-FOR-US: Keep My Notes
-CVE-2022-30703
- RESERVED
-CVE-2022-30702
- RESERVED
+CVE-2022-30703 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an expo ...)
+ TODO: check
+CVE-2022-30702 (Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out- ...)
+ TODO: check
CVE-2022-30701 (An uncontrolled search path element vulnerability in Trend Micro Apex ...)
NOT-FOR-US: Trend Micro
CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
@@ -9859,8 +10261,8 @@ CVE-2022-29252 (XWiki Platform Wiki UI Main Wiki is a package for managing subwi
NOT-FOR-US: XWiki
CVE-2022-29251 (XWiki Platform Flamingo Theme UI is a tool that allows customization a ...)
NOT-FOR-US: XWiki
-CVE-2022-29250
- RESERVED
+CVE-2022-29250 (GLPI is a Free Asset and IT Management Software package, that provides ...)
+ TODO: check
CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier. A wea ...)
NOT-FOR-US: JavaEZLib/JavaEZ
CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 ...)
@@ -9910,20 +10312,15 @@ CVE-2022-29230 (Hydrogen is a React-based framework for building dynamic, Shopif
NOT-FOR-US: Shopify/hydrogen
CVE-2022-29229 (CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject ...)
NOT-FOR-US: cassproject/CASS
-CVE-2022-29228
- RESERVED
+CVE-2022-29228 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...)
- envoyproxy <itp> (bug #987544)
-CVE-2022-29227
- RESERVED
+CVE-2022-29227 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
- envoyproxy <itp> (bug #987544)
-CVE-2022-29226
- RESERVED
+CVE-2022-29226 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...)
- envoyproxy <itp> (bug #987544)
-CVE-2022-29225
- RESERVED
+CVE-2022-29225 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...)
- envoyproxy <itp> (bug #987544)
-CVE-2022-29224
- RESERVED
+CVE-2022-29224 (Envoy is a cloud-native high-performance proxy. Versions of envoy prio ...)
- envoyproxy <itp> (bug #987544)
CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
NOT-FOR-US: Microsoft
@@ -22368,8 +22765,7 @@ CVE-2022-24878 (Flux is an open and extensible continuous delivery solution for
NOT-FOR-US: Flux project fluxcd
CVE-2022-24877 (Flux is an open and extensible continuous delivery solution for Kubern ...)
NOT-FOR-US: Flux project fluxcd
-CVE-2022-24876
- RESERVED
+CVE-2022-24876 (GLPI is a Free Asset and IT Management Software package, that provides ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr
NOTE: https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6
@@ -40211,8 +40607,7 @@ CVE-2022-21501
RESERVED
CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage Proxies). ...)
NOT-FOR-US: Oracle
-CVE-2022-21499 [lockdown: also lock down previous kgdb use]
- RESERVED
+CVE-2022-21499 (KGDB and KDB allow read and write access to kernel memory, and thus sh ...)
- linux 5.17.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -174827,7 +175222,7 @@ CVE-2020-4010
RESERVED
CVE-2020-4009
RESERVED
-CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud prior ...)
+CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud (prior ...)
NOT-FOR-US: VMware
CVE-2020-4007
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f148fbd56555949a2abbfff83b966c4163b4c799
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f148fbd56555949a2abbfff83b966c4163b4c799
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220610/ee26ffcc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list