[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 23 09:10:34 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eadd4a9c by security tracker role at 2022-06-23T08:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2022-34343
+	RESERVED
+CVE-2022-34342
+	RESERVED
+CVE-2022-34341
+	RESERVED
+CVE-2022-34340
+	RESERVED
+CVE-2022-34339
+	RESERVED
+CVE-2022-34338
+	RESERVED
+CVE-2022-34337
+	RESERVED
+CVE-2022-34336
+	RESERVED
+CVE-2022-34335
+	RESERVED
+CVE-2022-34334
+	RESERVED
+CVE-2022-34333
+	RESERVED
+CVE-2022-34332
+	RESERVED
+CVE-2022-34331
+	RESERVED
+CVE-2022-34330
+	RESERVED
+CVE-2022-34329
+	RESERVED
+CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_ ...)
+	TODO: check
+CVE-2022-32284
+	RESERVED
+CVE-2022-2185
+	RESERVED
+CVE-2022-2184
+	RESERVED
+CVE-2022-2183
+	RESERVED
+CVE-2022-2182
+	RESERVED
+CVE-2022-2181
+	RESERVED
+CVE-2021-46824
+	RESERVED
 CVE-2022-34327
 	RESERVED
 CVE-2022-34326
@@ -806,20 +852,20 @@ CVE-2022-33995 (A path traversal issue in entry attachments in Devolutions Remot
 	NOT-FOR-US: Devolutions
 CVE-2022-33994
 	RESERVED
-CVE-2017-20091
-	RESERVED
-CVE-2017-20090
-	RESERVED
-CVE-2017-20089
-	RESERVED
-CVE-2017-20088
-	RESERVED
-CVE-2017-20087
-	RESERVED
-CVE-2017-20086
-	RESERVED
-CVE-2017-20085
-	RESERVED
+CVE-2017-20091 (A vulnerability was found in File Manager Plugin 3.0.1. It has been cl ...)
+	TODO: check
+CVE-2017-20090 (A vulnerability was found in Global Content Blocks Plugin 2.1.5. It ha ...)
+	TODO: check
+CVE-2017-20089 (A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has bee ...)
+	TODO: check
+CVE-2017-20088 (A vulnerability classified as problematic has been found in Atahualpa  ...)
+	TODO: check
+CVE-2017-20087 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2017-20086 (A vulnerability, which was classified as critical, was found in VaultP ...)
+	TODO: check
+CVE-2017-20085 (A vulnerability has been found in Atahualpa Theme and classified as pr ...)
+	TODO: check
 CVE-2017-20084 (A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.8 ...)
 	NOT-FOR-US: JUNG Smart Visu Server
 CVE-2017-20083 (A vulnerability, which was classified as critical, was found in JUNG S ...)
@@ -2846,14 +2892,14 @@ CVE-2022-33129
 	RESERVED
 CVE-2022-33128
 	RESERVED
-CVE-2022-33127
-	RESERVED
+CVE-2022-33127 (The function that calls the diff tool in Diffy 3.4.1 does not properly ...)
+	TODO: check
 CVE-2022-33126
 	RESERVED
 CVE-2022-33125
 	RESERVED
-CVE-2022-33124
-	RESERVED
+CVE-2022-33124 (aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can ...)
+	TODO: check
 CVE-2022-33123
 	RESERVED
 CVE-2022-33122
@@ -2910,18 +2956,18 @@ CVE-2022-33099
 	RESERVED
 CVE-2022-33098
 	RESERVED
-CVE-2022-33097
-	RESERVED
-CVE-2022-33096
-	RESERVED
-CVE-2022-33095
-	RESERVED
-CVE-2022-33094
-	RESERVED
-CVE-2022-33093
-	RESERVED
-CVE-2022-33092
-	RESERVED
+CVE-2022-33097 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-33096 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-33095 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-33094 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-33093 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
+CVE-2022-33092 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
 CVE-2022-33091
 	RESERVED
 CVE-2022-33090
@@ -5429,22 +5475,22 @@ CVE-2022-32133
 	RESERVED
 CVE-2022-32132
 	RESERVED
-CVE-2022-32131
-	RESERVED
-CVE-2022-32130
-	RESERVED
-CVE-2022-32129
-	RESERVED
-CVE-2022-32128
-	RESERVED
-CVE-2022-32127
-	RESERVED
-CVE-2022-32126
-	RESERVED
-CVE-2022-32125
-	RESERVED
-CVE-2022-32124
-	RESERVED
+CVE-2022-32131 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
+CVE-2022-32130 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
+CVE-2022-32129 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
+CVE-2022-32128 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
+CVE-2022-32127 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
+CVE-2022-32126 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
+CVE-2022-32125 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
+CVE-2022-32124 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...)
+	TODO: check
 CVE-2022-32123
 	RESERVED
 CVE-2022-32122
@@ -8389,8 +8435,8 @@ CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid Tran
 	NOT-FOR-US: TiDB
 CVE-2022-31010
 	RESERVED
-CVE-2022-31009
-	RESERVED
+CVE-2022-31009 (wire-ios is an iOS client for the Wire secure messaging application. I ...)
+	TODO: check
 CVE-2022-31008
 	RESERVED
 CVE-2022-31007 (eLabFTW is an electronic lab notebook manager for research teams. Prio ...)
@@ -11470,7 +11516,7 @@ CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_r
 CVE-2022-1545 (It was possible to disclose details of confidential notes created via  ...)
 	- gitlab <unfixed>
 CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...)
-	{DSA-5160-1}
+	{DSA-5160-1 DLA-3055-1}
 	- ntfs-3g 1:2022.5.17-1 (bug #1011770)
 	NOTE: https://github.com/tuxera/ntfs-3g/issues/16
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
@@ -13504,11 +13550,11 @@ CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command i
 CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local file disc ...)
 	NOT-FOR-US: SolarView Compact
 CVE-2022-29301
-	RESERVED
+	REJECTED
 CVE-2022-29300
 	RESERVED
 CVE-2022-29299
-	RESERVED
+	REJECTED
 CVE-2022-29298 (SolarView Compact ver.6.00 allows attackers to access sensitive files  ...)
 	NOT-FOR-US: SolarView Compact
 CVE-2022-29297
@@ -53099,8 +53145,8 @@ CVE-2021-41434
 	RESERVED
 CVE-2021-41433
 	RESERVED
-CVE-2021-41432
-	RESERVED
+CVE-2021-41432 (A stored cross-site scripting (XSS) vulnerability exists in FlatPress  ...)
+	TODO: check
 CVE-2021-41431
 	RESERVED
 CVE-2021-41430
@@ -60222,6 +60268,7 @@ CVE-2021-3700 (A use-after-free vulnerability was found in usbredir in versions
 	[buster] - usbredir <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0)
 CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...)
+	{DLA-3057-1}
 	- request-tracker5 <unfixed> (bug #995167)
 	- request-tracker4 4.4.4+dfsg-3 (bug #995175)
 	[bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eadd4a9c64c1f49297e6fd3afb4d932056f4b8de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eadd4a9c64c1f49297e6fd3afb4d932056f4b8de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220623/ff534450/attachment.htm>

More information about the debian-security-tracker-commits mailing list