[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 22 21:10:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6eaca7e3 by security tracker role at 2022-06-22T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2022-34327
+ RESERVED
+CVE-2022-34326
+ RESERVED
+CVE-2022-34325
+ RESERVED
+CVE-2022-34324
+ RESERVED
+CVE-2022-34323
+ RESERVED
+CVE-2022-34322
+ RESERVED
+CVE-2022-34321
+ RESERVED
+CVE-2022-34320
+ RESERVED
+CVE-2022-34319
+ RESERVED
+CVE-2022-34318
+ RESERVED
+CVE-2022-34317
+ RESERVED
+CVE-2022-34316
+ RESERVED
+CVE-2022-34315
+ RESERVED
+CVE-2022-34314
+ RESERVED
+CVE-2022-34313
+ RESERVED
+CVE-2022-34312
+ RESERVED
+CVE-2022-34311
+ RESERVED
+CVE-2022-34310
+ RESERVED
+CVE-2022-34309
+ RESERVED
+CVE-2022-34308
+ RESERVED
+CVE-2022-34307
+ RESERVED
+CVE-2022-34306
+ RESERVED
+CVE-2022-34305
+ RESERVED
+CVE-2022-34304
+ RESERVED
+CVE-2022-34303
+ RESERVED
+CVE-2022-34302
+ RESERVED
+CVE-2022-34301
+ RESERVED
+CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...)
+ TODO: check
+CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...)
+ TODO: check
+CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace Samba use ...)
+ TODO: check
+CVE-2022-34297
+ RESERVED
+CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be bypasse ...)
+ TODO: check
+CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
+ TODO: check
+CVE-2022-34294
+ RESERVED
+CVE-2022-34293
+ RESERVED
+CVE-2022-34292
+ RESERVED
+CVE-2022-34291
+ RESERVED
+CVE-2022-34290
+ RESERVED
+CVE-2022-34289
+ RESERVED
+CVE-2022-34288
+ RESERVED
+CVE-2022-34287
+ RESERVED
+CVE-2022-34286
+ RESERVED
+CVE-2022-34285
+ RESERVED
+CVE-2022-34284
+ RESERVED
+CVE-2022-34283
+ RESERVED
+CVE-2022-34282
+ RESERVED
+CVE-2022-34281
+ RESERVED
+CVE-2022-34280
+ RESERVED
+CVE-2022-34279
+ RESERVED
+CVE-2022-34278
+ RESERVED
+CVE-2022-34277
+ RESERVED
+CVE-2022-34276
+ RESERVED
+CVE-2022-34275
+ RESERVED
+CVE-2022-34274
+ RESERVED
+CVE-2022-34273
+ RESERVED
+CVE-2022-34272
+ RESERVED
+CVE-2022-34271
+ RESERVED
+CVE-2022-2180
+ RESERVED
+CVE-2022-2179
+ RESERVED
+CVE-2022-2178
+ RESERVED
+CVE-2022-2177
+ RESERVED
+CVE-2022-2176
+ RESERVED
+CVE-2022-2175
+ RESERVED
+CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
+ TODO: check
+CVE-2022-2173
+ RESERVED
+CVE-2022-2172
+ RESERVED
+CVE-2022-2171
+ RESERVED
+CVE-2022-2170
+ RESERVED
+CVE-2022-2169
+ RESERVED
+CVE-2022-2168
+ RESERVED
+CVE-2022-2167
+ RESERVED
CVE-2022-34270
RESERVED
CVE-2022-34269
@@ -112,94 +254,94 @@ CVE-2022-34215
RESERVED
CVE-2022-34214
RESERVED
-CVE-2022-34213
- RESERVED
-CVE-2022-34212
- RESERVED
-CVE-2022-34211
- RESERVED
-CVE-2022-34210
- RESERVED
-CVE-2022-34209
- RESERVED
-CVE-2022-34208
- RESERVED
-CVE-2022-34207
- RESERVED
-CVE-2022-34206
- RESERVED
-CVE-2022-34205
- RESERVED
-CVE-2022-34204
- RESERVED
-CVE-2022-34203
- RESERVED
-CVE-2022-34202
- RESERVED
-CVE-2022-34201
- RESERVED
-CVE-2022-34200
- RESERVED
-CVE-2022-34199
- RESERVED
-CVE-2022-34198
- RESERVED
-CVE-2022-34197
- RESERVED
-CVE-2022-34196
- RESERVED
-CVE-2022-34195
- RESERVED
-CVE-2022-34194
- RESERVED
-CVE-2022-34193
- RESERVED
-CVE-2022-34192
- RESERVED
-CVE-2022-34191
- RESERVED
-CVE-2022-34190
- RESERVED
-CVE-2022-34189
- RESERVED
-CVE-2022-34188
- RESERVED
-CVE-2022-34187
- RESERVED
-CVE-2022-34186
- RESERVED
-CVE-2022-34185
- RESERVED
-CVE-2022-34184
- RESERVED
-CVE-2022-34183
- RESERVED
-CVE-2022-34182
- RESERVED
-CVE-2022-34181
- RESERVED
-CVE-2022-34180
- RESERVED
-CVE-2022-34179
- RESERVED
-CVE-2022-34178
- RESERVED
-CVE-2022-34177
- RESERVED
-CVE-2022-34176
- RESERVED
-CVE-2022-34175
- RESERVED
-CVE-2022-34174
- RESERVED
-CVE-2022-34173
- RESERVED
-CVE-2022-34172
- RESERVED
-CVE-2022-34171
- RESERVED
-CVE-2022-34170
- RESERVED
+CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...)
+ TODO: check
+CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 ...)
+ TODO: check
+CVE-2022-34211 (A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize ...)
+ TODO: check
+CVE-2022-34210 (A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earli ...)
+ TODO: check
+CVE-2022-34209 (A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix ...)
+ TODO: check
+CVE-2022-34208 (A missing permission check in Jenkins Beaker builder Plugin 1.10 and e ...)
+ TODO: check
+CVE-2022-34207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker bu ...)
+ TODO: check
+CVE-2022-34206 (A missing permission check in Jenkins Jianliao Notification Plugin 1.1 ...)
+ TODO: check
+CVE-2022-34205 (A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao ...)
+ TODO: check
+CVE-2022-34204 (A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier al ...)
+ TODO: check
+CVE-2022-34203 (A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Pl ...)
+ TODO: check
+CVE-2022-34202 (Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypte ...)
+ TODO: check
+CVE-2022-34201 (A missing permission check in Jenkins Convertigo Mobile Platform Plugi ...)
+ TODO: check
+CVE-2022-34200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convertig ...)
+ TODO: check
+CVE-2022-34199 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passw ...)
+ TODO: check
+CVE-2022-34198 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escap ...)
+ TODO: check
+CVE-2022-34197 (Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the na ...)
+ TODO: check
+CVE-2022-34196 (Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape t ...)
+ TODO: check
+CVE-2022-34195 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape ...)
+ TODO: check
+CVE-2022-34194 (Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape th ...)
+ TODO: check
+CVE-2022-34193 (Jenkins Package Version Plugin 1.0.1 and earlier does not escape the n ...)
+ TODO: check
+CVE-2022-34192 (Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the n ...)
+ TODO: check
+CVE-2022-34191 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and ea ...)
+ TODO: check
+CVE-2022-34190 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and ear ...)
+ TODO: check
+CVE-2022-34189 (Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape th ...)
+ TODO: check
+CVE-2022-34188 (Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the ...)
+ TODO: check
+CVE-2022-34187 (Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not es ...)
+ TODO: check
+CVE-2022-34186 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...)
+ TODO: check
+CVE-2022-34185 (Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the na ...)
+ TODO: check
+CVE-2022-34184 (Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not e ...)
+ TODO: check
+CVE-2022-34183 (Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape ...)
+ TODO: check
+CVE-2022-34182 (Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not ...)
+ TODO: check
+CVE-2022-34181 (Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controll ...)
+ TODO: check
+CVE-2022-34180 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not corr ...)
+ TODO: check
+CVE-2022-34179 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specif ...)
+ TODO: check
+CVE-2022-34178 (Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link ...)
+ TODO: check
+CVE-2022-34177 (Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier a ...)
+ TODO: check
+CVE-2022-34176 (Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape ...)
+ TODO: check
+CVE-2022-34175 (Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some ...)
+ TODO: check
+CVE-2022-34174 (In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable t ...)
+ TODO: check
+CVE-2022-34173 (In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the bui ...)
+ TODO: check
+CVE-2022-34172 (In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons une ...)
+ TODO: check
+CVE-2022-34171 (In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 throug ...)
+ TODO: check
+CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 throug ...)
+ TODO: check
CVE-2022-2166
RESERVED
CVE-2022-34169
@@ -214,31 +356,37 @@ CVE-2022-33208
RESERVED
CVE-2022-2165
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2164
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2163
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2162
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2161
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2160
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -246,16 +394,19 @@ CVE-2022-2159
RESERVED
CVE-2022-2158
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2157
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2156
RESERVED
+ {DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -683,7 +834,7 @@ CVE-2022-33989
RESERVED
CVE-2022-33988
RESERVED
-CVE-2022-33987 (The got package before 12.1.0 for Node.js allows a redirect to a UNIX ...)
+CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ...)
- node-got <unfixed> (bug #1013264)
[bullseye] - node-got <no-dsa> (Minor issue)
[buster] - node-got <no-dsa> (Minor issue)
@@ -2735,8 +2886,8 @@ CVE-2022-33107
RESERVED
CVE-2022-33106
RESERVED
-CVE-2022-33105
- RESERVED
+CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...)
+ TODO: check
CVE-2022-33104
RESERVED
CVE-2022-33103
@@ -2805,14 +2956,14 @@ CVE-2022-33072
RESERVED
CVE-2022-33071
RESERVED
-CVE-2022-33070
- RESERVED
-CVE-2022-33069
- RESERVED
-CVE-2022-33068
- RESERVED
-CVE-2022-33067
- RESERVED
+CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shif ...)
+ TODO: check
+CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...)
+ TODO: check
+CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...)
+ TODO: check
+CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid arithmetic shi ...)
+ TODO: check
CVE-2022-33066
RESERVED
CVE-2022-33065
@@ -2877,28 +3028,28 @@ CVE-2022-33036
RESERVED
CVE-2022-33035
RESERVED
-CVE-2022-33034
- RESERVED
-CVE-2022-33033
- RESERVED
-CVE-2022-33032
- RESERVED
+CVE-2022-33034 (LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via t ...)
+ TODO: check
+CVE-2022-33033 (LibreDWG v0.12.4.4608 was discovered to contain a double-free via the ...)
+ TODO: check
+CVE-2022-33032 (LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow ...)
+ TODO: check
CVE-2022-33031
RESERVED
CVE-2022-33030
RESERVED
CVE-2022-33029
RESERVED
-CVE-2022-33028
- RESERVED
-CVE-2022-33027
- RESERVED
-CVE-2022-33026
- RESERVED
-CVE-2022-33025
- RESERVED
-CVE-2022-33024
- RESERVED
+CVE-2022-33028 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-33027 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...)
+ TODO: check
+CVE-2022-33026 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...)
+ TODO: check
+CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_ ...)
+ TODO: check
CVE-2022-33023
RESERVED
CVE-2022-33022
@@ -3945,12 +4096,12 @@ CVE-2022-32556
RESERVED
CVE-2022-32555
RESERVED
-CVE-2022-32554
- RESERVED
-CVE-2022-32553
- RESERVED
-CVE-2022-32552
- RESERVED
+CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
+ TODO: check
+CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
+ TODO: check
+CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...)
+ TODO: check
CVE-2022-30944
RESERVED
CVE-2022-30601
@@ -3975,8 +4126,7 @@ CVE-2022-32551
RESERVED
CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...)
NOT-FOR-US: AgileBits 1Password
-CVE-2022-32549
- RESERVED
+CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 ...)
NOT-FOR-US: Apache Sling
CVE-2022-32289
RESERVED
@@ -4082,12 +4232,12 @@ CVE-2017-20047 (A vulnerability classified as problematic was found in AXIS P120
NOT-FOR-US: AXIS
CVE-2017-20046 (A vulnerability classified as problematic has been found in AXIS P1204 ...)
NOT-FOR-US: AXIS
-CVE-2022-32536
- RESERVED
-CVE-2022-32535
- RESERVED
-CVE-2022-32534
- RESERVED
+CVE-2022-32536 (The user access rights validation in the web server of the Bosch Ether ...)
+ TODO: check
+CVE-2022-32535 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 run ...)
+ TODO: check
+CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and ...)
+ TODO: check
CVE-2022-32533
RESERVED
CVE-2022-32532
@@ -4812,7 +4962,7 @@ CVE-2022-32285 (A vulnerability has been identified in Mendix SAML Module (Mendi
CVE-2022-32279
RESERVED
CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg-open ...)
- {DSA-5164-1}
+ {DSA-5164-1 DLA-3056-1}
- exo 4.16.4-1 (bug #1013129)
NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4)
CVE-2022-32277
@@ -5172,8 +5322,8 @@ CVE-2022-32161
RESERVED
CVE-2022-32160
RESERVED
-CVE-2022-32159
- RESERVED
+CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...)
+ TODO: check
CVE-2022-1963
RESERVED
CVE-2021-4233
@@ -6062,8 +6212,8 @@ CVE-2022-31789
RESERVED
CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...)
NOT-FOR-US: IdeaLMS
-CVE-2022-31787
- RESERVED
+CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO ...)
+ TODO: check
CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...)
NOT-FOR-US: IdeaLMS
CVE-2022-31785
@@ -7306,8 +7456,8 @@ CVE-2022-31397
RESERVED
CVE-2022-31396
RESERVED
-CVE-2022-31395
- RESERVED
+CVE-2022-31395 (Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware ...)
+ TODO: check
CVE-2022-31394
RESERVED
CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...)
@@ -7372,10 +7522,10 @@ CVE-2022-31364
RESERVED
CVE-2022-31363
RESERVED
-CVE-2022-31362
- RESERVED
-CVE-2022-31361
- RESERVED
+CVE-2022-31362 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
+ TODO: check
+CVE-2022-31361 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition v4.0.5 and be ...)
+ TODO: check
CVE-2022-31360
RESERVED
CVE-2022-31359
@@ -7522,7 +7672,7 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allow
NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
CVE-2022-31290
RESERVED
-CVE-2022-31289 (https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3 ...)
+CVE-2022-31289 (** DISPUTED ** https://ossindex.sonatype.org/ Sonatype Nexus Repositor ...)
NOT-FOR-US: Sonatype Nexus Repository Manager OSS
CVE-2022-31288
RESERVED
@@ -7683,8 +7833,7 @@ CVE-2022-31250
RESERVED
CVE-2022-31249
RESERVED
-CVE-2022-31248
- RESERVED
+CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...)
NOT-FOR-US: Uyuni
CVE-2022-31247
RESERVED
@@ -7780,6 +7929,7 @@ CVE-2022-1798
CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...)
NOT-FOR-US: Goverlan
CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c in Fireja ...)
+ {DSA-5167-1}
- firejail 0.9.68-4 (bug #1012510)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10
NOTE: https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 (0.9.70)
@@ -12746,8 +12896,7 @@ CVE-2022-1418 (The Social Stickers WordPress plugin through 2.2.9 does not have
NOT-FOR-US: WordPress plugin
CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable ...)
NOT-FOR-US: Amazon AWS amazon-ssm-agent
-CVE-2022-29526
- RESERVED
+CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Ass ...)
- golang-1.18 1.18.2-1
- golang-1.17 1.17.10-1
- golang-1.15 <removed>
@@ -27423,7 +27572,7 @@ CVE-2022-24425
RESERVED
CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vul ...)
NOT-FOR-US: EMC
-CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of servi ...)
+CVE-2022-24423 (Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service v ...)
NOT-FOR-US: EMC
CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, con ...)
NOT-FOR-US: Dell
@@ -32649,16 +32798,16 @@ CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File
NOT-FOR-US: NetMaster
CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path trave ...)
NOT-FOR-US: WhiteSource CureKit
-CVE-2022-23081
- RESERVED
-CVE-2022-23080
- RESERVED
-CVE-2022-23079
- RESERVED
-CVE-2022-23078
- RESERVED
-CVE-2022-23077
- RESERVED
+CVE-2022-23081 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...)
+ TODO: check
+CVE-2022-23080 (In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to ser ...)
+ TODO: check
+CVE-2022-23079 (In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host he ...)
+ TODO: check
+CVE-2022-23078 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to open ...)
+ TODO: check
+CVE-2022-23077 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM X ...)
+ TODO: check
CVE-2022-23076
RESERVED
CVE-2022-23075
@@ -32695,14 +32844,14 @@ CVE-2022-23060 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shop
NOT-FOR-US: Shopizer
CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...)
NOT-FOR-US: Shopizer
-CVE-2022-23058
- RESERVED
-CVE-2022-23057
- RESERVED
-CVE-2022-23056
- RESERVED
-CVE-2022-23055
- RESERVED
+CVE-2022-23058 (ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulne ...)
+ TODO: check
+CVE-2022-23057 (In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2022-23056 (In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable t ...)
+ TODO: check
+CVE-2022-23055 (In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Mi ...)
+ TODO: check
CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
NOT-FOR-US: Openmct
CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
@@ -32899,8 +33048,8 @@ CVE-2022-22982
RESERVED
CVE-2022-22981
RESERVED
-CVE-2022-22980
- RESERVED
+CVE-2022-22980 (A Spring Data MongoDB application is vulnerable to SpEL Injection when ...)
+ TODO: check
CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...)
TODO: check
CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older unsupported vers ...)
@@ -32933,8 +33082,8 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and
[buster] - libspring-java <no-dsa> (Minor issue)
[stretch] - libspring-java <end-of-life> (EOL'd for stretch)
NOTE: https://tanzu.vmware.com/security/cve-2022-22968
-CVE-2022-22967
- RESERVED
+CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...)
+ TODO: check
CVE-2022-22966 (An authenticated, high privileged malicious actor with network access ...)
NOT-FOR-US: VMware
CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...)
@@ -38930,8 +39079,7 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect acces
NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
CVE-2022-21953
RESERVED
-CVE-2022-21952
- RESERVED
+CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-java o ...)
NOT-FOR-US: Uyuni
CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...)
NOT-FOR-US: Rancher
@@ -46991,8 +47139,8 @@ CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entitie
NOT-FOR-US: Cisco
CVE-2022-20652
RESERVED
-CVE-2022-20651
- RESERVED
+CVE-2022-20651 (A vulnerability in the logging component of Cisco Adaptive Security De ...)
+ TODO: check
CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
NOT-FOR-US: Cisco
CVE-2022-20649
@@ -90343,12 +90491,12 @@ CVE-2021-26640
RESERVED
CVE-2021-26639
RESERVED
-CVE-2021-26638
- RESERVED
-CVE-2021-26637
- RESERVED
-CVE-2021-26636
- RESERVED
+CVE-2021-26638 (Improper Authentication vulnerability in S&D smarthome(smartcare) ...)
+ TODO: check
+CVE-2021-26637 (There is no account authentication and permission check logic in the f ...)
+ TODO: check
+CVE-2021-26636 (Stored XSS and SQL injection vulnerability in MaxBoard could lead to o ...)
+ TODO: check
CVE-2021-26635 (In the code that verifies the file size in the ark library, it is poss ...)
TODO: check
CVE-2021-26634 (SQL injection and file upload attacks are possible due to insufficient ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eaca7e3f41afd72afe37f6fb66dd126d5219280
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eaca7e3f41afd72afe37f6fb66dd126d5219280
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220622/341c1584/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list