[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jun 13 09:10:19 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
babd4332 by security tracker role at 2022-06-13T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-2058
+	RESERVED
+CVE-2022-2057
+	RESERVED
+CVE-2022-2056
+	RESERVED
+CVE-2022-2055
+	RESERVED
 CVE-2022-2054 (Command Injection in GitHub repository nuitka/nuitka prior to 0.9. ...)
 	- nuitka <unfixed>
 	[bullseye] - nuitka <no-dsa> (Minor issue)
@@ -1088,8 +1096,8 @@ CVE-2022-32500
 	RESERVED
 CVE-2022-32499
 	RESERVED
-CVE-2022-2013
-	RESERVED
+CVE-2022-2013 (In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if  ...)
+	TODO: check
 CVE-2022-2012
 	RESERVED
 CVE-2022-2011
@@ -6258,12 +6266,12 @@ CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can
 	NOT-FOR-US: Strapi
 CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...)
 	NOT-FOR-US: Strapi
-CVE-2022-29525
-	RESERVED
-CVE-2022-28704
-	RESERVED
-CVE-2022-26834
-	RESERVED
+CVE-2022-29525 (Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded cred ...)
+	TODO: check
+CVE-2022-28704 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...)
+	TODO: check
+CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...)
+	TODO: check
 CVE-2022-1705
 	RESERVED
 CVE-2022-1704
@@ -6306,8 +6314,8 @@ CVE-2022-29522
 	RESERVED
 CVE-2022-29482
 	RESERVED
-CVE-2022-27231
-	RESERVED
+CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics versions pr ...)
+	TODO: check
 CVE-2022-26302
 	RESERVED
 CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/organiz ...)
@@ -7112,8 +7120,8 @@ CVE-2022-30336
 	RESERVED
 CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via  ...)
 	NOT-FOR-US: Bonanza Wealth Management System
-CVE-2022-26041
-	RESERVED
+CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier allows a r ...)
+	TODO: check
 CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...)
 	- tiff <unfixed>
 	[bullseye] - tiff <no-dsa> (Minor issue)
@@ -7302,8 +7310,8 @@ CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-ba
 	- webkit2gtk 2.36.1-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	- wpewebkit 2.36.1-1
-CVE-2022-29894
-	RESERVED
+CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site scripti ...)
+	TODO: check
 CVE-2022-1602
 	RESERVED
 CVE-2022-1601
@@ -8915,8 +8923,8 @@ CVE-2022-29790 (The graphics acceleration service has a vulnerability in multi-t
 	NOT-FOR-US: Huawei
 CVE-2022-29789 (The HiAIserver has a vulnerability in verifying the validity of the pr ...)
 	NOT-FOR-US: Huawei
-CVE-2022-27174
-	RESERVED
+CVE-2022-27174 (Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CU ...)
+	TODO: check
 CVE-2022-1465 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babd433266e4dd51908e242ea5335be391303766

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/babd433266e4dd51908e242ea5335be391303766
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220613/28ebd746/attachment.htm>
