[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 28 09:10:22 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89a9b203 by security tracker role at 2022-06-28T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-34745
+ RESERVED
+CVE-2022-34744
+ RESERVED
+CVE-2022-2234
+ RESERVED
+CVE-2022-2233
+ RESERVED
+CVE-2022-2232
+ RESERVED
+CVE-2022-2231
+ RESERVED
+CVE-2022-2230
+ RESERVED
+CVE-2022-2229
+ RESERVED
+CVE-2022-2228
+ RESERVED
+CVE-2022-2227
+ RESERVED
+CVE-2022-2226
+ RESERVED
+CVE-2017-20125
+ RESERVED
+CVE-2017-20124
+ RESERVED
+CVE-2017-20123
+ RESERVED
+CVE-2017-20122
+ RESERVED
CVE-2022-34734
RESERVED
CVE-2022-34733
@@ -156,8 +186,8 @@ CVE-2022-2223
RESERVED
CVE-2022-2222
RESERVED
-CVE-2022-2221
- RESERVED
+CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of Devolutio ...)
+ TODO: check
CVE-2022-2220
RESERVED
CVE-2022-2219
@@ -567,7 +597,8 @@ CVE-2022-34493
RESERVED
CVE-2022-34492
RESERVED
-CVE-2022-34491 (In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllo ...)
+CVE-2022-34491
+ REJECTED
NOT-FOR-US: MediaWiki RSS extension
CVE-2022-34490
RESERVED
@@ -594,18 +625,18 @@ CVE-2017-20105
RESERVED
CVE-2017-20104
RESERVED
-CVE-2017-20103
- RESERVED
+CVE-2017-20103 (A vulnerability classified as critical has been found in Kama Click Co ...)
+ TODO: check
CVE-2017-20102 (A vulnerability was found in Album Lock 4.0 and classified as critical ...)
TODO: check
CVE-2017-20101 (A vulnerability, which was classified as problematic, was found in Pro ...)
TODO: check
CVE-2017-20100 (A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been ra ...)
TODO: check
-CVE-2017-20099
- RESERVED
-CVE-2017-20098
- RESERVED
+CVE-2017-20099 (A vulnerability was found in Analytics Stats Counter Statistics Plugin ...)
+ TODO: check
+CVE-2017-20098 (A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has ...)
+ TODO: check
CVE-2022-34150
RESERVED
CVE-2022-33944
@@ -674,7 +705,7 @@ CVE-2022-2195
RESERVED
CVE-2022-2194
RESERVED
-CVE-2019-25071 (** DISPUTED ** A vulnerability was found in Apple iPhone up to 12.4.1. ...)
+CVE-2019-25071 (A vulnerability was found in Apple iPhone up to 12.4.1. It has been de ...)
NOT-FOR-US: Apple iPhone
CVE-2022-34463
RESERVED
@@ -1523,12 +1554,12 @@ CVE-2022-34136
RESERVED
CVE-2022-34135
RESERVED
-CVE-2022-34134
- RESERVED
-CVE-2022-34133
- RESERVED
-CVE-2022-34132
- RESERVED
+CVE-2022-34134 (Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Requ ...)
+ TODO: check
+CVE-2022-34133 (Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scri ...)
+ TODO: check
+CVE-2022-34132 (Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection v ...)
+ TODO: check
CVE-2022-34131
RESERVED
CVE-2022-34130
@@ -2290,8 +2321,7 @@ CVE-2022-2101
RESERVED
CVE-2022-33880
RESERVED
-CVE-2022-33879
- RESERVED
+CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ...)
- tika <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5
CVE-2022-33878
@@ -3872,8 +3902,8 @@ CVE-2022-33118
RESERVED
CVE-2022-33117
RESERVED
-CVE-2022-33116
- RESERVED
+CVE-2022-33116 (An issue in the jmpath variable in /modules/mindmap/index.php of GUnet ...)
+ TODO: check
CVE-2022-33115
RESERVED
CVE-2022-33114 (Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerabil ...)
@@ -4098,16 +4128,16 @@ CVE-2022-33011
RESERVED
CVE-2022-33010
RESERVED
-CVE-2022-33009
- RESERVED
+CVE-2022-33009 (A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 ...)
+ TODO: check
CVE-2022-33008
RESERVED
-CVE-2022-33007
- RESERVED
+CVE-2022-33007 (TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discov ...)
+ TODO: check
CVE-2022-33006
RESERVED
-CVE-2022-33005
- RESERVED
+CVE-2022-33005 (A cross-site scripting (XSS) vulnerability in the System Settings/IOT ...)
+ TODO: check
CVE-2022-33004 (The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contai ...)
NOT-FOR-US: Beginner package in PyPI
CVE-2022-33003 (The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain ...)
@@ -4126,10 +4156,10 @@ CVE-2022-32997 (The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was disc
NOT-FOR-US: RootInteractive package in PyPI
CVE-2022-32996 (The django-navbar-client package of v0.9.50 to v1.0.1 was discovered t ...)
NOT-FOR-US: django-navbar-client
-CVE-2022-32995
- RESERVED
-CVE-2022-32994
- RESERVED
+CVE-2022-32995 (Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forger ...)
+ TODO: check
+CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vul ...)
+ TODO: check
CVE-2022-32993
RESERVED
CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...)
@@ -6546,8 +6576,8 @@ CVE-2022-32094
RESERVED
CVE-2022-32093
RESERVED
-CVE-2022-32092
- RESERVED
+CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...)
+ TODO: check
CVE-2022-32091
RESERVED
CVE-2022-32090
@@ -9214,64 +9244,64 @@ CVE-2022-31106
RESERVED
CVE-2022-31105
RESERVED
-CVE-2022-31104
- RESERVED
-CVE-2022-31103
- RESERVED
+CVE-2022-31104 (Wasmtime is a standalone runtime for WebAssembly. In affected versions ...)
+ TODO: check
+CVE-2022-31103 (lettersanitizer is a DOM-based HTML email sanitizer for in-browser ema ...)
+ TODO: check
CVE-2022-31102
RESERVED
-CVE-2022-31101
- RESERVED
-CVE-2022-31100
- RESERVED
-CVE-2022-31099
- RESERVED
-CVE-2022-31098
- RESERVED
+CVE-2022-31101 (prestashop/blockwishlist is a prestashop extension which adds a block ...)
+ TODO: check
+CVE-2022-31100 (rulex is a new, portable, regular expression language. When parsing un ...)
+ TODO: check
+CVE-2022-31099 (rulex is a new, portable, regular expression language. When parsing un ...)
+ TODO: check
+CVE-2022-31098 (Weave GitOps is a simple open source developer platform for people who ...)
+ TODO: check
CVE-2022-31097
RESERVED
-CVE-2022-31096
- RESERVED
+CVE-2022-31096 (Discourse is an open source discussion platform. Under certain conditi ...)
+ TODO: check
CVE-2022-31095 (discourse-chat is a chat plugin for the Discourse application. Version ...)
NOT-FOR-US: discourse-chat
-CVE-2022-31094
- RESERVED
-CVE-2022-31093
- RESERVED
-CVE-2022-31092
- RESERVED
-CVE-2022-31091
- RESERVED
-CVE-2022-31090
- RESERVED
-CVE-2022-31089
- RESERVED
-CVE-2022-31088
- RESERVED
-CVE-2022-31087
- RESERVED
-CVE-2022-31086
- RESERVED
-CVE-2022-31085
- RESERVED
-CVE-2022-31084
- RESERVED
+CVE-2022-31094 (ScratchTools is a web extension designed to make interacting with the ...)
+ TODO: check
+CVE-2022-31093 (NextAuth.js is a complete open source authentication solution for Next ...)
+ TODO: check
+CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management Platform. P ...)
+ TODO: check
+CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...)
+ TODO: check
+CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...)
+ TODO: check
+CVE-2022-31089 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2022-31088 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ TODO: check
+CVE-2022-31087 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ TODO: check
+CVE-2022-31086 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ TODO: check
+CVE-2022-31085 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ TODO: check
+CVE-2022-31084 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ TODO: check
CVE-2022-31083 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Node parse-server
-CVE-2022-31082
- RESERVED
-CVE-2022-31081
- RESERVED
+CVE-2022-31082 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl. Versions p ...)
+ TODO: check
CVE-2022-31080
RESERVED
CVE-2022-31079
RESERVED
CVE-2022-31078
RESERVED
-CVE-2022-31077
- RESERVED
-CVE-2022-31076
- RESERVED
+CVE-2022-31077 (KubeEdge is built upon Kubernetes and extends native containerized app ...)
+ TODO: check
+CVE-2022-31076 (KubeEdge is built upon Kubernetes and extends native containerized app ...)
+ TODO: check
CVE-2022-31075
RESERVED
CVE-2022-31074
@@ -9293,10 +9323,10 @@ CVE-2022-31067
RESERVED
CVE-2022-31066 (EdgeX Foundry is an open source project for building a common open fra ...)
NOT-FOR-US: EdgeX Foundry
-CVE-2022-31065
- RESERVED
-CVE-2022-31064
- RESERVED
+CVE-2022-31065 (BigBlueButton is an open source web conferencing system. In affected v ...)
+ TODO: check
+CVE-2022-31064 (BigBlueButton is an open source web conferencing system. Users in meet ...)
+ TODO: check
CVE-2022-31063
RESERVED
CVE-2022-31062 (### Impact A plugin public script can be used to read content of syste ...)
@@ -9309,8 +9339,8 @@ CVE-2022-31059 (Discourse Calendar is a calendar plugin for Discourse, an open-s
NOT-FOR-US: Discourse Calendar is a calendar plugin for Discourse
CVE-2022-31058
RESERVED
-CVE-2022-31057
- RESERVED
+CVE-2022-31057 (Shopware is an open source e-commerce software made in Germany. Versio ...)
+ TODO: check
CVE-2022-31056
RESERVED
CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...)
@@ -9349,20 +9379,17 @@ CVE-2022-31041 (Open Forms is an application for creating and publishing smart f
NOT-FOR-US: Open Forms
CVE-2022-31040 (Open Forms is an application for creating and publishing smart forms. ...)
NOT-FOR-US: Open Forms
-CVE-2022-31039
- RESERVED
+CVE-2022-31039 (Greenlight is a simple front-end interface for your BigBlueButton serv ...)
+ TODO: check
CVE-2022-31038 (Gogs is an open source self-hosted Git service. In versions of gogs pr ...)
NOT-FOR-US: Go Git Service
CVE-2022-31037
RESERVED
-CVE-2022-31036
- RESERVED
+CVE-2022-31036 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
-CVE-2022-31035
- RESERVED
+CVE-2022-31035 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
-CVE-2022-31034
- RESERVED
+CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...)
- ruby-mechanize <unfixed>
@@ -16531,8 +16558,8 @@ CVE-2022-28624
RESERVED
CVE-2022-28623
RESERVED
-CVE-2022-28622
- RESERVED
+CVE-2022-28622 (A potential security vulnerability has been identified in HPE StoreOnc ...)
+ TODO: check
CVE-2022-28621
RESERVED
CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in HPE Cra ...)
@@ -28029,12 +28056,14 @@ CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication by
NOTE: https://github.com/OpenVPN/openvpn/commit/58ec3bb4aac77131118dbbc39a65181e7847adee (v2.4.12)
NOTE: https://github.com/OpenVPN/openvpn/commit/af3e382649d96ae77cc5e42be8270f355e5cfec5 (v2.5.6)
CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...)
+ {DLA-3060-1}
- blender 3.1.2+dfsg-1
NOTE: Issue: https://developer.blender.org/T94572
NOTE: Patch: https://developer.blender.org/D11952
NOTE: https://developer.blender.org/rB77616082f44da5258faf9ec0d53618c721b88c62 (v3.1.0)
NOTE: https://developer.blender.org/rB1ee4e6bf31ff32f87f9cd1eafa548d6811794380 (v2.93.9)
CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads to a w ...)
+ {DLA-3060-1}
- blender 3.1.2+dfsg-1
NOTE: Issue: https://developer.blender.org/T94629
NOTE: Patch: https://developer.blender.org/D13744
@@ -28042,6 +28071,7 @@ CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads t
NOTE: https://developer.blender.org/rBe07f16776bca5e9494e6b143170f31d5eeb160ce (v2.93.8)
NOTE: https://developer.blender.org/rB63fdcbb5889e31b5f07d8d5c8e923cc57900fe1b (v2.83.19)
CVE-2022-0544 (An integer underflow in the DDS loader of Blender leads to an out-of-b ...)
+ {DLA-3060-1}
- blender 3.1.2+dfsg-1
NOTE: Issue: https://developer.blender.org/T94661
NOTE: https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816 (v3.1.0)
@@ -55408,8 +55438,8 @@ CVE-2021-40944
RESERVED
CVE-2021-40943
RESERVED
-CVE-2021-40942
- RESERVED
+CVE-2021-40942 (In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function ...)
+ TODO: check
CVE-2021-40941 (In Bento4 1.6.0-638, there is an allocator is out of memory in the fun ...)
NOT-FOR-US: Bento4
CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89a9b2038bf4f7e7eefa45801f463d3779954d19
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89a9b2038bf4f7e7eefa45801f463d3779954d19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220628/42b9ccb2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list