[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 14 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
986831fa by security tracker role at 2022-06-14T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-33207
+ RESERVED
+CVE-2022-33206
+ RESERVED
+CVE-2022-33205
+ RESERVED
+CVE-2022-33204
+ RESERVED
+CVE-2022-33195
+ RESERVED
+CVE-2022-33194
+ RESERVED
+CVE-2022-33193
+ RESERVED
+CVE-2022-33192
+ RESERVED
+CVE-2022-33189
+ RESERVED
+CVE-2022-32775
+ RESERVED
+CVE-2022-32773
+ RESERVED
+CVE-2022-32586
+ RESERVED
+CVE-2022-32574
+ RESERVED
+CVE-2022-32454
+ RESERVED
+CVE-2022-30603
+ RESERVED
+CVE-2022-30541
+ RESERVED
+CVE-2022-29889
+ RESERVED
+CVE-2022-29520
+ RESERVED
+CVE-2022-29472
+ RESERVED
+CVE-2022-27804
+ RESERVED
+CVE-2022-2077
+ RESERVED
+CVE-2022-2076
+ RESERVED
+CVE-2022-2075
+ RESERVED
+CVE-2022-2074
+ RESERVED
+CVE-2022-2073
+ RESERVED
+CVE-2021-46821
+ RESERVED
CVE-2022-33187
RESERVED
CVE-2022-33186
@@ -1314,22 +1366,22 @@ CVE-2022-32567
RESERVED
CVE-2022-32566
RESERVED
-CVE-2022-32565
- RESERVED
-CVE-2022-32564
- RESERVED
+CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The Backup S ...)
+ TODO: check
+CVE-2022-32564 (An issue was discovered in Couchbase Server before 7.0.4. In couchbase ...)
+ TODO: check
CVE-2022-32563 (An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Ad ...)
NOT-FOR-US: Couchbase Sync Gateway
-CVE-2022-32562
- RESERVED
+CVE-2022-32562 (An issue was discovered in Couchbase Server before 7.0.4. Operations m ...)
+ TODO: check
CVE-2022-32561
RESERVED
-CVE-2022-32560
- RESERVED
+CVE-2022-32560 (An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks r ...)
+ TODO: check
CVE-2022-32559
RESERVED
-CVE-2022-32558
- RESERVED
+CVE-2022-32558 (An issue was discovered in Couchbase Server before 7.0.4. Sample bucke ...)
+ TODO: check
CVE-2022-32557
RESERVED
CVE-2022-32556
@@ -2176,8 +2228,8 @@ CVE-2022-32285
RESERVED
CVE-2022-32279
RESERVED
-CVE-2022-32278
- RESERVED
+CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg-open ...)
+ TODO: check
CVE-2022-32277
RESERVED
CVE-2022-32276
@@ -2460,10 +2512,10 @@ CVE-2022-32195 (Open edX platform before 2022-06-06 allows XSS via the "next" pa
NOT-FOR-US: Open edX
CVE-2022-32194
RESERVED
-CVE-2022-32193
- RESERVED
-CVE-2022-32192
- RESERVED
+CVE-2022-32193 (Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Info ...)
+ TODO: check
+CVE-2022-32192 (Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Inform ...)
+ TODO: check
CVE-2022-32191
RESERVED
CVE-2022-32190
@@ -4016,8 +4068,8 @@ CVE-2022-1882 (A use-after-free flaw was found in the Linux kernel’s pipes
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2089701
NOTE: https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel@gmail.com/T/
-CVE-2022-27176
- RESERVED
+CVE-2022-27176 (Incomplete filtering of special elements vulnerability exists in RevoW ...)
+ TODO: check
CVE-2022-1881
RESERVED
CVE-2022-1880
@@ -4557,10 +4609,10 @@ CVE-2022-31449
RESERVED
CVE-2022-31448
RESERVED
-CVE-2022-31447
- RESERVED
-CVE-2022-31446
- RESERVED
+CVE-2022-31447 (An XML external entity (XXE) injection vulnerability in Magicpin v3.4 ...)
+ TODO: check
+CVE-2022-31446 (Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to cont ...)
+ TODO: check
CVE-2022-31445
RESERVED
CVE-2022-31444
@@ -4621,8 +4673,8 @@ CVE-2022-31417
RESERVED
CVE-2022-31416
RESERVED
-CVE-2022-31415
- RESERVED
+CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a SQL inje ...)
+ TODO: check
CVE-2022-31414
RESERVED
CVE-2022-31413
@@ -4978,10 +5030,10 @@ CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2022-30549
RESERVED
-CVE-2022-29524
- RESERVED
-CVE-2022-29506
- RESERVED
+CVE-2022-29524 (Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and ear ...)
+ TODO: check
+CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module contain ...)
+ TODO: check
CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to ...)
NOT-FOR-US: yogeshojha/rengine
CVE-2022-1812
@@ -5460,10 +5512,10 @@ CVE-2022-31056
RESERVED
CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...)
TODO: check
-CVE-2022-31054
- RESERVED
-CVE-2022-31053
- RESERVED
+CVE-2022-31054 (Argo Events is an event-driven workflow automation framework for Kuber ...)
+ TODO: check
+CVE-2022-31053 (Biscuit is an authentication and authorization token for microservices ...)
+ TODO: check
CVE-2022-31052
RESERVED
CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...)
@@ -6501,8 +6553,8 @@ CVE-2022-30694
RESERVED
CVE-2022-30543
RESERVED
-CVE-2022-29485
- RESERVED
+CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and ...)
+ TODO: check
CVE-2022-29481
RESERVED
CVE-2022-28689
@@ -6760,16 +6812,16 @@ CVE-2022-30546
RESERVED
CVE-2022-30538
RESERVED
-CVE-2022-29925
- RESERVED
-CVE-2022-29522
- RESERVED
-CVE-2022-29482
- RESERVED
+CVE-2022-29925 (Access of uninitialized pointer vulnerability exists in the simulator ...)
+ TODO: check
+CVE-2022-29522 (Use after free vulnerability exists in the simulator module contained ...)
+ TODO: check
+CVE-2022-29482 ('Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 ...)
+ TODO: check
CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics versions pr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-26302
- RESERVED
+CVE-2022-26302 (Heap-based buffer overflow exists in the simulator module contained in ...)
+ TODO: check
CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/organiz ...)
NOT-FOR-US: organizr
CVE-2022-1698 (Allowing long password leads to denial of service in GitHub repository ...)
@@ -7715,8 +7767,8 @@ CVE-2022-30299
RESERVED
CVE-2022-30298
RESERVED
-CVE-2022-29509
- RESERVED
+CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edi ...)
+ TODO: check
CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
NOT-FOR-US: ABB e-Design
CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
@@ -9352,10 +9404,10 @@ CVE-2022-29799
NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe
NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133
NOTE: No security impact in Debian, see #1010303
-CVE-2022-29798
- RESERVED
-CVE-2022-29797
- RESERVED
+CVE-2022-29798 (There is a denial of service vulnerability in CV81-WDM FW versions 01. ...)
+ TODO: check
+CVE-2022-29797 (There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46 ...)
+ TODO: check
CVE-2022-29796 (The HiAIserver has a vulnerability in verifying the validity of the we ...)
NOT-FOR-US: Huawei
CVE-2022-29795 (The frame scheduling module has a null pointer dereference vulnerabili ...)
@@ -9396,7 +9448,7 @@ CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page & Edi
NOT-FOR-US: facturascripts
CVE-2022-1456 (The Poll Maker WordPress plugin before 4.0.2 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-46789 (Configuration defects in the secure OS module.Successful exploitation ...)
+CVE-2021-46789 (Configuration defects in the secure OS module. Successful exploitation ...)
NOT-FOR-US: Huawei
CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the iConnect modul ...)
NOT-FOR-US: Huawei
@@ -10842,8 +10894,8 @@ CVE-2022-29259
RESERVED
CVE-2022-29258 (XWiki Platform Filter UI provides a generic user interface to convert ...)
NOT-FOR-US: XWiki
-CVE-2022-29257
- RESERVED
+CVE-2022-29257 (Electron is a framework for writing cross-platform desktop application ...)
+ TODO: check
CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...)
NOT-FOR-US: lovell/sharp
CVE-2022-29255 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...)
@@ -10865,8 +10917,8 @@ CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier.
CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 ...)
- guzzle <unfixed> (bug #1011636)
NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
-CVE-2022-29247
- RESERVED
+CVE-2022-29247 (Electron is a framework for writing cross-platform desktop application ...)
+ TODO: check
CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
NOT-FOR-US: Microsoft
CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 ...)
@@ -34626,8 +34678,8 @@ CVE-2022-22261 (The HiAIserver has a vulnerability in verifying the validity of
NOT-FOR-US: HarmonyOS
CVE-2022-22260 (The kernel module has a UAF vulnerability.Successful exploitation of t ...)
NOT-FOR-US: HarmonyOS
-CVE-2022-22259
- RESERVED
+CVE-2022-22259 (There is an improper authentication vulnerability in FLMG-10 10.0.1.0( ...)
+ TODO: check
CVE-2022-22258 (The Wi-Fi module has an event notification vulnerability.Successful ex ...)
NOT-FOR-US: Harmony OS
CVE-2022-22257 (The customization framework has a vulnerability of improper permission ...)
@@ -49598,10 +49650,10 @@ CVE-2021-41664
RESERVED
CVE-2021-41663 (A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. T ...)
TODO: check
-CVE-2021-41662
- RESERVED
-CVE-2021-41661
- RESERVED
+CVE-2021-41662 (The South Gate Inn Online Reservation System v1.0 contains an SQL inje ...)
+ TODO: check
+CVE-2021-41661 (Church Management System version 1.0 is affected by a SQL anjection vu ...)
+ TODO: check
CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...)
NOT-FOR-US: Sourcecodester
CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986831fa1681b076b95a2c1df5a4030c5d195ff2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986831fa1681b076b95a2c1df5a4030c5d195ff2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220614/02cb864b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list