[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 10 09:10:25 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f148fbd5 by security tracker role at 2022-06-10T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,407 @@
+CVE-2022-32957
+	RESERVED
+CVE-2022-32956
+	RESERVED
+CVE-2022-32955
+	RESERVED
+CVE-2022-32954
+	RESERVED
+CVE-2022-32953
+	RESERVED
+CVE-2022-32952
+	RESERVED
+CVE-2022-32951
+	RESERVED
+CVE-2022-32950
+	RESERVED
+CVE-2022-32949
+	RESERVED
+CVE-2022-32948
+	RESERVED
+CVE-2022-32947
+	RESERVED
+CVE-2022-32946
+	RESERVED
+CVE-2022-32945
+	RESERVED
+CVE-2022-32944
+	RESERVED
+CVE-2022-32943
+	RESERVED
+CVE-2022-32942
+	RESERVED
+CVE-2022-32941
+	RESERVED
+CVE-2022-32940
+	RESERVED
+CVE-2022-32939
+	RESERVED
+CVE-2022-32938
+	RESERVED
+CVE-2022-32937
+	RESERVED
+CVE-2022-32936
+	RESERVED
+CVE-2022-32935
+	RESERVED
+CVE-2022-32934
+	RESERVED
+CVE-2022-32933
+	RESERVED
+CVE-2022-32932
+	RESERVED
+CVE-2022-32931
+	RESERVED
+CVE-2022-32930
+	RESERVED
+CVE-2022-32929
+	RESERVED
+CVE-2022-32928
+	RESERVED
+CVE-2022-32927
+	RESERVED
+CVE-2022-32926
+	RESERVED
+CVE-2022-32925
+	RESERVED
+CVE-2022-32924
+	RESERVED
+CVE-2022-32923
+	RESERVED
+CVE-2022-32922
+	RESERVED
+CVE-2022-32921
+	RESERVED
+CVE-2022-32920
+	RESERVED
+CVE-2022-32919
+	RESERVED
+CVE-2022-32918
+	RESERVED
+CVE-2022-32917
+	RESERVED
+CVE-2022-32916
+	RESERVED
+CVE-2022-32915
+	RESERVED
+CVE-2022-32914
+	RESERVED
+CVE-2022-32913
+	RESERVED
+CVE-2022-32912
+	RESERVED
+CVE-2022-32911
+	RESERVED
+CVE-2022-32910
+	RESERVED
+CVE-2022-32909
+	RESERVED
+CVE-2022-32908
+	RESERVED
+CVE-2022-32907
+	RESERVED
+CVE-2022-32906
+	RESERVED
+CVE-2022-32905
+	RESERVED
+CVE-2022-32904
+	RESERVED
+CVE-2022-32903
+	RESERVED
+CVE-2022-32902
+	RESERVED
+CVE-2022-32901
+	RESERVED
+CVE-2022-32900
+	RESERVED
+CVE-2022-32899
+	RESERVED
+CVE-2022-32898
+	RESERVED
+CVE-2022-32897
+	RESERVED
+CVE-2022-32896
+	RESERVED
+CVE-2022-32895
+	RESERVED
+CVE-2022-32894
+	RESERVED
+CVE-2022-32893
+	RESERVED
+CVE-2022-32892
+	RESERVED
+CVE-2022-32891
+	RESERVED
+CVE-2022-32890
+	RESERVED
+CVE-2022-32889
+	RESERVED
+CVE-2022-32888
+	RESERVED
+CVE-2022-32887
+	RESERVED
+CVE-2022-32886
+	RESERVED
+CVE-2022-32885
+	RESERVED
+CVE-2022-32884
+	RESERVED
+CVE-2022-32883
+	RESERVED
+CVE-2022-32882
+	RESERVED
+CVE-2022-32881
+	RESERVED
+CVE-2022-32880
+	RESERVED
+CVE-2022-32879
+	RESERVED
+CVE-2022-32878
+	RESERVED
+CVE-2022-32877
+	RESERVED
+CVE-2022-32876
+	RESERVED
+CVE-2022-32875
+	RESERVED
+CVE-2022-32874
+	RESERVED
+CVE-2022-32873
+	RESERVED
+CVE-2022-32872
+	RESERVED
+CVE-2022-32871
+	RESERVED
+CVE-2022-32870
+	RESERVED
+CVE-2022-32869
+	RESERVED
+CVE-2022-32868
+	RESERVED
+CVE-2022-32867
+	RESERVED
+CVE-2022-32866
+	RESERVED
+CVE-2022-32865
+	RESERVED
+CVE-2022-32864
+	RESERVED
+CVE-2022-32863
+	RESERVED
+CVE-2022-32862
+	RESERVED
+CVE-2022-32861
+	RESERVED
+CVE-2022-32860
+	RESERVED
+CVE-2022-32859
+	RESERVED
+CVE-2022-32858
+	RESERVED
+CVE-2022-32857
+	RESERVED
+CVE-2022-32856
+	RESERVED
+CVE-2022-32855
+	RESERVED
+CVE-2022-32854
+	RESERVED
+CVE-2022-32853
+	RESERVED
+CVE-2022-32852
+	RESERVED
+CVE-2022-32851
+	RESERVED
+CVE-2022-32850
+	RESERVED
+CVE-2022-32849
+	RESERVED
+CVE-2022-32848
+	RESERVED
+CVE-2022-32847
+	RESERVED
+CVE-2022-32846
+	RESERVED
+CVE-2022-32845
+	RESERVED
+CVE-2022-32844
+	RESERVED
+CVE-2022-32843
+	RESERVED
+CVE-2022-32842
+	RESERVED
+CVE-2022-32841
+	RESERVED
+CVE-2022-32840
+	RESERVED
+CVE-2022-32839
+	RESERVED
+CVE-2022-32838
+	RESERVED
+CVE-2022-32837
+	RESERVED
+CVE-2022-32836
+	RESERVED
+CVE-2022-32835
+	RESERVED
+CVE-2022-32834
+	RESERVED
+CVE-2022-32833
+	RESERVED
+CVE-2022-32832
+	RESERVED
+CVE-2022-32831
+	RESERVED
+CVE-2022-32830
+	RESERVED
+CVE-2022-32829
+	RESERVED
+CVE-2022-32828
+	RESERVED
+CVE-2022-32827
+	RESERVED
+CVE-2022-32826
+	RESERVED
+CVE-2022-32825
+	RESERVED
+CVE-2022-32824
+	RESERVED
+CVE-2022-32823
+	RESERVED
+CVE-2022-32822
+	RESERVED
+CVE-2022-32821
+	RESERVED
+CVE-2022-32820
+	RESERVED
+CVE-2022-32819
+	RESERVED
+CVE-2022-32818
+	RESERVED
+CVE-2022-32817
+	RESERVED
+CVE-2022-32816
+	RESERVED
+CVE-2022-32815
+	RESERVED
+CVE-2022-32814
+	RESERVED
+CVE-2022-32813
+	RESERVED
+CVE-2022-32812
+	RESERVED
+CVE-2022-32811
+	RESERVED
+CVE-2022-32810
+	RESERVED
+CVE-2022-32809
+	RESERVED
+CVE-2022-32808
+	RESERVED
+CVE-2022-32807
+	RESERVED
+CVE-2022-32806
+	RESERVED
+CVE-2022-32805
+	RESERVED
+CVE-2022-32804
+	RESERVED
+CVE-2022-32803
+	RESERVED
+CVE-2022-32802
+	RESERVED
+CVE-2022-32801
+	RESERVED
+CVE-2022-32800
+	RESERVED
+CVE-2022-32799
+	RESERVED
+CVE-2022-32798
+	RESERVED
+CVE-2022-32797
+	RESERVED
+CVE-2022-32796
+	RESERVED
+CVE-2022-32795
+	RESERVED
+CVE-2022-32794
+	RESERVED
+CVE-2022-32793
+	RESERVED
+CVE-2022-32792
+	RESERVED
+CVE-2022-32791
+	RESERVED
+CVE-2022-32790
+	RESERVED
+CVE-2022-32789
+	RESERVED
+CVE-2022-32788
+	RESERVED
+CVE-2022-32787
+	RESERVED
+CVE-2022-32786
+	RESERVED
+CVE-2022-32785
+	RESERVED
+CVE-2022-32784
+	RESERVED
+CVE-2022-32783
+	RESERVED
+CVE-2022-32782
+	RESERVED
+CVE-2022-32781
+	RESERVED
+CVE-2022-32780
+	RESERVED
+CVE-2022-32779
+	RESERVED
+CVE-2022-32778
+	RESERVED
+CVE-2022-32777
+	RESERVED
+CVE-2022-32772
+	RESERVED
+CVE-2022-32771
+	RESERVED
+CVE-2022-32770
+	RESERVED
+CVE-2022-32763
+	RESERVED
+CVE-2022-30690
+	RESERVED
+CVE-2022-28712
+	RESERVED
+CVE-2022-26842
+	RESERVED
+CVE-2022-2049
+	RESERVED
+CVE-2022-2048
+	RESERVED
+CVE-2022-2047
+	RESERVED
+CVE-2022-2046
+	RESERVED
+CVE-2022-2045
+	RESERVED
+CVE-2022-2044
+	RESERVED
+CVE-2022-2043
+	RESERVED
+CVE-2022-2042
+	RESERVED
+CVE-2022-2041
+	RESERVED
+CVE-2022-2040
+	RESERVED
+CVE-2021-46819
+	RESERVED
+CVE-2021-46818
+	RESERVED
+CVE-2021-46817
+	RESERVED
+CVE-2021-46816
+	RESERVED
 CVE-2022-32769
 	RESERVED
 CVE-2022-32768
@@ -1114,28 +1518,28 @@ CVE-2017-20030
 	RESERVED
 CVE-2017-20029
 	RESERVED
-CVE-2017-20028
-	RESERVED
-CVE-2017-20027
-	RESERVED
-CVE-2017-20026
-	RESERVED
-CVE-2017-20025
-	RESERVED
-CVE-2017-20024
-	RESERVED
-CVE-2017-20023
-	RESERVED
-CVE-2017-20022
-	RESERVED
-CVE-2017-20021
-	RESERVED
-CVE-2017-20020
-	RESERVED
-CVE-2017-20019
-	RESERVED
-CVE-2017-20018
-	RESERVED
+CVE-2017-20028 (A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been c ...)
+	TODO: check
+CVE-2017-20027 (A vulnerability was found in HumHub up to 1.0.1 and classified as prob ...)
+	TODO: check
+CVE-2017-20026 (A vulnerability has been found in HumHub up to 1.0.1 and classified as ...)
+	TODO: check
+CVE-2017-20025 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...)
+	TODO: check
+CVE-2017-20024 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...)
+	TODO: check
+CVE-2017-20023 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and cl ...)
+	TODO: check
+CVE-2017-20022 (A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 a ...)
+	TODO: check
+CVE-2017-20021 (A vulnerability, which was classified as critical, was found in Solare ...)
+	TODO: check
+CVE-2017-20020 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2017-20019 (A vulnerability classified as problematic was found in Solare Solar-Lo ...)
+	TODO: check
+CVE-2017-20018 (A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classifie ...)
+	TODO: check
 CVE-2016-15002 (A vulnerability, which was classified as critical, was found in MONyog ...)
 	NOT-FOR-US: MONyog Ultimate
 CVE-2019-25070 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS u ...)
@@ -2428,7 +2832,7 @@ CVE-2022-1933
 CVE-2022-1932
 	RESERVED
 CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding. ...)
-	{DLA-3048-1}
+	{DSA-5159-1 DLA-3048-1}
 	- python-bottle 0.12.20-1
 	NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 (0.12.20)
 CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk prior t ...)
@@ -4489,8 +4893,8 @@ CVE-2022-31053
 	RESERVED
 CVE-2022-31052
 	RESERVED
-CVE-2022-31051
-	RESERVED
+CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...)
+	TODO: check
 CVE-2022-31050
 	RESERVED
 CVE-2022-31049
@@ -4501,17 +4905,15 @@ CVE-2022-31047
 	RESERVED
 CVE-2022-31046
 	RESERVED
-CVE-2022-31045
-	RESERVED
+CVE-2022-31045 (Istio is an open platform to connect, manage, and secure microservices ...)
+	TODO: check
 CVE-2022-31044
 	RESERVED
-CVE-2022-31043 [Fix failure to strip Authorization header on HTTP downgrade]
-	RESERVED
+CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...)
 	- guzzle <unfixed>
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
 	NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
-CVE-2022-31042 [Failure to strip the Cookie header on change in host or HTTP downgrade]
-	RESERVED
+CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions the `Co ...)
 	- guzzle <unfixed>
 	NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
 	NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4)
@@ -4531,8 +4933,8 @@ CVE-2022-31035
 	RESERVED
 CVE-2022-31034
 	RESERVED
-CVE-2022-31033
-	RESERVED
+CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
+	TODO: check
 CVE-2022-31032
 	RESERVED
 CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
@@ -5149,8 +5551,8 @@ CVE-2022-30900
 	RESERVED
 CVE-2022-30899 (A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the  ...)
 	TODO: check
-CVE-2022-30898
-	RESERVED
+CVE-2022-30898 (A Cross-site request forgery (CSRF) vulnerability in Cscms music porta ...)
+	TODO: check
 CVE-2022-30897
 	RESERVED
 CVE-2022-30896
@@ -5484,10 +5886,10 @@ CVE-2022-1717
 	RESERVED
 CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...)
 	NOT-FOR-US: Keep My Notes
-CVE-2022-30703
-	RESERVED
-CVE-2022-30702
-	RESERVED
+CVE-2022-30703 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an expo ...)
+	TODO: check
+CVE-2022-30702 (Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out- ...)
+	TODO: check
 CVE-2022-30701 (An uncontrolled search path element vulnerability in Trend Micro Apex  ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
@@ -9859,8 +10261,8 @@ CVE-2022-29252 (XWiki Platform Wiki UI Main Wiki is a package for managing subwi
 	NOT-FOR-US: XWiki
 CVE-2022-29251 (XWiki Platform Flamingo Theme UI is a tool that allows customization a ...)
 	NOT-FOR-US: XWiki
-CVE-2022-29250
-	RESERVED
+CVE-2022-29250 (GLPI is a Free Asset and IT Management Software package, that provides ...)
+	TODO: check
 CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier. A wea ...)
 	NOT-FOR-US: JavaEZLib/JavaEZ
 CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3  ...)
@@ -9910,20 +10312,15 @@ CVE-2022-29230 (Hydrogen is a React-based framework for building dynamic, Shopif
 	NOT-FOR-US: Shopify/hydrogen
 CVE-2022-29229 (CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject ...)
 	NOT-FOR-US: cassproject/CASS
-CVE-2022-29228
-	RESERVED
+CVE-2022-29228 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...)
 	- envoyproxy <itp> (bug #987544)
-CVE-2022-29227
-	RESERVED
+CVE-2022-29227 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
 	- envoyproxy <itp> (bug #987544)
-CVE-2022-29226
-	RESERVED
+CVE-2022-29226 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...)
 	- envoyproxy <itp> (bug #987544)
-CVE-2022-29225
-	RESERVED
+CVE-2022-29225 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...)
 	- envoyproxy <itp> (bug #987544)
-CVE-2022-29224
-	RESERVED
+CVE-2022-29224 (Envoy is a cloud-native high-performance proxy. Versions of envoy prio ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
 	NOT-FOR-US: Microsoft
@@ -22368,8 +22765,7 @@ CVE-2022-24878 (Flux is an open and extensible continuous delivery solution for
 	NOT-FOR-US: Flux project fluxcd
 CVE-2022-24877 (Flux is an open and extensible continuous delivery solution for Kubern ...)
 	NOT-FOR-US: Flux project fluxcd
-CVE-2022-24876
-	RESERVED
+CVE-2022-24876 (GLPI is a Free Asset and IT Management Software package, that provides ...)
 	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr
 	NOTE: https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6
@@ -40211,8 +40607,7 @@ CVE-2022-21501
 	RESERVED
 CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage Proxies).  ...)
 	NOT-FOR-US: Oracle
-CVE-2022-21499 [lockdown: also lock down previous kgdb use]
-	RESERVED
+CVE-2022-21499 (KGDB and KDB allow read and write access to kernel memory, and thus sh ...)
 	- linux 5.17.11-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -174827,7 +175222,7 @@ CVE-2020-4010
 	RESERVED
 CVE-2020-4009
 	RESERVED
-CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud prior  ...)
+CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud (prior ...)
 	NOT-FOR-US: VMware
 CVE-2020-4007
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f148fbd56555949a2abbfff83b966c4163b4c799

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f148fbd56555949a2abbfff83b966c4163b4c799
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220610/ee26ffcc/attachment.htm>


More information about the debian-security-tracker-commits mailing list