[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 25 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4ed4806 by security tracker role at 2022-06-25T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-34150
+ RESERVED
+CVE-2022-33944
+ RESERVED
+CVE-2022-2203
+ RESERVED
+CVE-2022-2202
+ RESERVED
+CVE-2022-2201
+ RESERVED
+CVE-2022-2200
+ RESERVED
+CVE-2022-2199
+ RESERVED
CVE-2022-34485
RESERVED
CVE-2022-34484
@@ -52,8 +66,8 @@ CVE-2022-2195
RESERVED
CVE-2022-2194
RESERVED
-CVE-2019-25071
- RESERVED
+CVE-2019-25071 (** DISPUTED ** A vulnerability was found in Apple iPhone up to 12.4.1. ...)
+ TODO: check
CVE-2022-34463
RESERVED
CVE-2022-34462
@@ -1037,34 +1051,34 @@ CVE-2022-34068
RESERVED
CVE-2022-34067
RESERVED
-CVE-2022-34066
- RESERVED
-CVE-2022-34065
- RESERVED
-CVE-2022-34064
- RESERVED
+CVE-2022-34066 (The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to cont ...)
+ TODO: check
+CVE-2022-34065 (The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contai ...)
+ TODO: check
+CVE-2022-34064 (The Zibal package in PyPI v1.0.0 was discovered to contain a code exec ...)
+ TODO: check
CVE-2022-34063
RESERVED
CVE-2022-34062
RESERVED
-CVE-2022-34061
- RESERVED
-CVE-2022-34060
- RESERVED
-CVE-2022-34059
- RESERVED
+CVE-2022-34061 (The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to ...)
+ TODO: check
+CVE-2022-34060 (The Togglee package in PyPI version v0.0.8 was discovered to contain a ...)
+ TODO: check
+CVE-2022-34059 (The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a c ...)
+ TODO: check
CVE-2022-34058
RESERVED
-CVE-2022-34057
- RESERVED
-CVE-2022-34056
- RESERVED
-CVE-2022-34055
- RESERVED
-CVE-2022-34054
- RESERVED
-CVE-2022-34053
- RESERVED
+CVE-2022-34057 (The Scoptrial package in PyPI version v0.0.5 was discovered to contain ...)
+ TODO: check
+CVE-2022-34056 (The Watertools package in PyPI v0.0.0 was discovered to contain a code ...)
+ TODO: check
+CVE-2022-34055 (The drxhello package in PyPI v0.0.1 was discovered to contain a code e ...)
+ TODO: check
+CVE-2022-34054 (The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain ...)
+ TODO: check
+CVE-2022-34053 (The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a ...)
+ TODO: check
CVE-2022-34052
RESERVED
CVE-2022-34051
@@ -3224,8 +3238,8 @@ CVE-2022-33130
RESERVED
CVE-2022-33129
RESERVED
-CVE-2022-33128
- RESERVED
+CVE-2022-33128 (RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a ...)
+ TODO: check
CVE-2022-33127 (The function that calls the diff tool in Diffy 3.4.1 does not properly ...)
TODO: check
CVE-2022-33126
@@ -3236,10 +3250,10 @@ CVE-2022-33124 (aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL whi
TODO: check
CVE-2022-33123
RESERVED
-CVE-2022-33122
- RESERVED
-CVE-2022-33121
- RESERVED
+CVE-2022-33122 (A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 al ...)
+ TODO: check
+CVE-2022-33121 (A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers ...)
+ TODO: check
CVE-2022-33120
RESERVED
CVE-2022-33119 (NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contai ...)
@@ -3484,24 +3498,24 @@ CVE-2022-33006
RESERVED
CVE-2022-33005
RESERVED
-CVE-2022-33004
- RESERVED
-CVE-2022-33003
- RESERVED
-CVE-2022-33002
- RESERVED
-CVE-2022-33001
- RESERVED
-CVE-2022-33000
- RESERVED
-CVE-2022-32999
- RESERVED
-CVE-2022-32998
- RESERVED
-CVE-2022-32997
- RESERVED
-CVE-2022-32996
- RESERVED
+CVE-2022-33004 (The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contai ...)
+ TODO: check
+CVE-2022-33003 (The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain ...)
+ TODO: check
+CVE-2022-33002 (The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to conta ...)
+ TODO: check
+CVE-2022-33001 (The AAmiles package in PyPI v0.1.0 was discovered to contain a code ex ...)
+ TODO: check
+CVE-2022-33000 (The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to cont ...)
+ TODO: check
+CVE-2022-32999 (The cloudlabeling package in PyPI v0.0.1 was discovered to contain a c ...)
+ TODO: check
+CVE-2022-32998 (The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was d ...)
+ TODO: check
+CVE-2022-32997 (The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered ...)
+ TODO: check
+CVE-2022-32996 (The django-navbar-client package of v0.9.50 to v1.0.1 was discovered t ...)
+ TODO: check
CVE-2022-32995
RESERVED
CVE-2022-32994
@@ -9378,8 +9392,8 @@ CVE-2022-30887 (Pharmacy Management System v1.0 was discovered to contain a remo
NOT-FOR-US: Pharmacy Management System
CVE-2022-30886 (School Dormitory Management System v1.0 was discovered to contain a SQ ...)
NOT-FOR-US: School Dormitory Management System
-CVE-2022-30885
- RESERVED
+CVE-2022-30885 (** Reserved ** The pyesasky for python, as distributed on PyPI, includ ...)
+ TODO: check
CVE-2022-30884
RESERVED
CVE-2022-30883
@@ -14310,8 +14324,8 @@ CVE-2022-29170 (Grafana is an open-source platform for monitoring and observabil
- grafana <not-affected> (Specific to Grafana Enterprise)
CVE-2022-29169 (BigBlueButton is an open source web conferencing system. Versions star ...)
NOT-FOR-US: BigBlueButton
-CVE-2022-29168
- RESERVED
+CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to arbitrar ...)
+ TODO: check
CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...)
NOT-FOR-US: Hawk (mozilla/hawk, different from itp'ed hawk, #634344)
CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerab ...)
@@ -23813,8 +23827,8 @@ CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnera
NOT-FOR-US: github.com/masterminds/vcs
CVE-2022-21232
RESERVED
-CVE-2022-21231
- RESERVED
+CVE-2022-21231 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...)
+ TODO: check
CVE-2022-21230 (This affects all versions of package org.nanohttpd:nanohttpd. Whenever ...)
NOT-FOR-US: NanoHTTPD Java
CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Service ( ...)
@@ -26608,8 +26622,8 @@ CVE-2022-24895
RESERVED
CVE-2022-24894
RESERVED
-CVE-2022-24893
- RESERVED
+CVE-2022-24893 (ESP-IDF is the official development framework for Espressif SoCs. In E ...)
+ TODO: check
CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...)
NOT-FOR-US: Shopware
CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
@@ -54854,8 +54868,8 @@ CVE-2021-40896
RESERVED
CVE-2021-40895
RESERVED
-CVE-2021-40894
- RESERVED
+CVE-2021-40894 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
CVE-2021-40893 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
TODO: check
CVE-2021-40892 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ed480656ad90e02d327eb1071fe7224cf5a538
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ed480656ad90e02d327eb1071fe7224cf5a538
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220625/f8faae10/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list