[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 28 21:10:41 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ea966a6b by security tracker role at 2022-06-28T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2022-34765
+ RESERVED
+CVE-2022-34764
+ RESERVED
+CVE-2022-34763
+ RESERVED
+CVE-2022-34762
+ RESERVED
+CVE-2022-34761
+ RESERVED
+CVE-2022-34760
+ RESERVED
+CVE-2022-34759
+ RESERVED
+CVE-2022-34758
+ RESERVED
+CVE-2022-34757
+ RESERVED
+CVE-2022-34756
+ RESERVED
+CVE-2022-34755
+ RESERVED
+CVE-2022-34754
+ RESERVED
+CVE-2022-34753
+ RESERVED
+CVE-2022-34752
+ RESERVED
+CVE-2022-34751
+ RESERVED
+CVE-2022-34750 (An issue was discovered in MediaWiki through 1.38.1. The lemma length ...)
+ TODO: check
+CVE-2022-34749
+ RESERVED
+CVE-2022-34748
+ RESERVED
+CVE-2022-34747
+ RESERVED
+CVE-2022-34746
+ RESERVED
+CVE-2022-34743
+ RESERVED
+CVE-2022-34742
+ RESERVED
+CVE-2022-34741
+ RESERVED
+CVE-2022-34740
+ RESERVED
+CVE-2022-34739
+ RESERVED
+CVE-2022-34738
+ RESERVED
+CVE-2022-34737
+ RESERVED
+CVE-2022-34736
+ RESERVED
+CVE-2022-34735
+ RESERVED
+CVE-2022-2245
+ RESERVED
+CVE-2022-2244
+ RESERVED
+CVE-2022-2243
+ RESERVED
+CVE-2022-2242
+ RESERVED
+CVE-2022-2241
+ RESERVED
+CVE-2022-2240
+ RESERVED
+CVE-2022-2239
+ RESERVED
+CVE-2022-2238
+ RESERVED
+CVE-2022-2237
+ RESERVED
+CVE-2022-2236
+ RESERVED
+CVE-2022-2235
+ RESERVED
+CVE-2017-20138
+ RESERVED
+CVE-2017-20137
+ RESERVED
+CVE-2017-20136
+ RESERVED
+CVE-2017-20135
+ RESERVED
+CVE-2017-20134
+ RESERVED
+CVE-2017-20133
+ RESERVED
+CVE-2017-20132
+ RESERVED
+CVE-2017-20131
+ RESERVED
+CVE-2017-20130
+ RESERVED
+CVE-2017-20129
+ RESERVED
+CVE-2017-20128
+ RESERVED
+CVE-2017-20127
+ RESERVED
+CVE-2017-20126
+ RESERVED
CVE-2022-34745
RESERVED
CVE-2022-34744
@@ -623,14 +729,14 @@ CVE-2022-2204
RESERVED
CVE-2017-20108
RESERVED
-CVE-2017-20107
- RESERVED
-CVE-2017-20106
- RESERVED
-CVE-2017-20105
- RESERVED
-CVE-2017-20104
- RESERVED
+CVE-2017-20107 (A vulnerability, which was classified as problematic, was found in Sha ...)
+ TODO: check
+CVE-2017-20106 (A vulnerability, which was classified as critical, has been found in L ...)
+ TODO: check
+CVE-2017-20105 (A vulnerability was found in Simplessus 3.7.7. It has been rated as cr ...)
+ TODO: check
+CVE-2017-20104 (A vulnerability was found in Simplessus 3.7.7. It has been declared as ...)
+ TODO: check
CVE-2017-20103 (A vulnerability classified as critical has been found in Kama Click Co ...)
TODO: check
CVE-2017-20102 (A vulnerability was found in Album Lock 4.0 and classified as critical ...)
@@ -1533,8 +1639,8 @@ CVE-2022-2147 (Cloudflare Warp for Windows from version 2022.2.95.0 contained an
NOT-FOR-US: Cloudflare Warp for Windows
CVE-2022-2146
RESERVED
-CVE-2022-2145
- RESERVED
+CVE-2022-2145 (Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed cre ...)
+ TODO: check
CVE-2022-2144
RESERVED
CVE-2022-34167
@@ -3978,8 +4084,8 @@ CVE-2022-33110
RESERVED
CVE-2022-33109
RESERVED
-CVE-2022-33108
- RESERVED
+CVE-2022-33108 (XPDF v4.04 was discovered to contain a stack overflow vulnerability vi ...)
+ TODO: check
CVE-2022-33107
RESERVED
CVE-2022-33106
@@ -5575,8 +5681,8 @@ CVE-2022-32457
RESERVED
CVE-2022-32456
RESERVED
-CVE-2022-30707
- RESERVED
+CVE-2022-30707 (Violation of secure design principles exists in the communication of C ...)
+ TODO: check
CVE-2022-30532
RESERVED
CVE-2022-29890
@@ -6516,10 +6622,10 @@ CVE-2022-32137 (In multiple CODESYS products, a low privileged remote attacker m
NOT-FOR-US: CODESYS
CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker may cra ...)
NOT-FOR-US: CODESYS
-CVE-2022-30997
- RESERVED
-CVE-2022-29519
- RESERVED
+CVE-2022-30997 (Use of hard-coded credentials vulnerability exists in STARDOM FCN Cont ...)
+ TODO: check
+CVE-2022-29519 (Cleartext transmission of sensitive information vulnerability exists i ...)
+ TODO: check
CVE-2022-1962
RESERVED
CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to ...)
@@ -9304,8 +9410,8 @@ CVE-2022-31108
RESERVED
CVE-2022-31107
RESERVED
-CVE-2022-31106
- RESERVED
+CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that operate on n ...)
+ TODO: check
CVE-2022-31105
RESERVED
CVE-2022-31104 (Wasmtime is a standalone runtime for WebAssembly. In affected versions ...)
@@ -9381,8 +9487,8 @@ CVE-2022-31070 (NestJS Proxy is a NestJS module to decorate and proxy calls. Pri
NOT-FOR-US: NestJS Proxy
CVE-2022-31069 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to ...)
NOT-FOR-US: NestJS Proxy
-CVE-2022-31068
- RESERVED
+CVE-2022-31068 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
CVE-2022-31067
RESERVED
CVE-2022-31066 (EdgeX Foundry is an open source project for building a common open fra ...)
@@ -9395,8 +9501,8 @@ CVE-2022-31063
RESERVED
CVE-2022-31062 (### Impact A plugin public script can be used to read content of syste ...)
NOT-FOR-US: GLPI plugin
-CVE-2022-31061
- RESERVED
+CVE-2022-31061 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
CVE-2022-31060 (Discourse is an open-source discussion platform. Prior to version 2.8. ...)
NOT-FOR-US: Discourse
CVE-2022-31059 (Discourse Calendar is a calendar plugin for Discourse, an open-source ...)
@@ -9405,18 +9511,18 @@ CVE-2022-31058
RESERVED
CVE-2022-31057 (Shopware is an open source e-commerce software made in Germany. Versio ...)
TODO: check
-CVE-2022-31056
- RESERVED
+CVE-2022-31056 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...)
NOT-FOR-US: KCTF
CVE-2022-31054 (Argo Events is an event-driven workflow automation framework for Kuber ...)
NOT-FOR-US: Argo
CVE-2022-31053 (Biscuit is an authentication and authorization token for microservices ...)
NOT-FOR-US: Biscuit
-CVE-2022-31052 [URL previews of unusual or maliciously-crafted pages can crash Synapse ...]
+CVE-2022-31052 (Synapse is an open source home server implementation for the Matrix ch ...)
- matrix-synapse 1.61.1-1
- NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
- NOTE: https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32
+ NOTE: https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333
CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...)
NOT-FOR-US: Node semantic-release
CVE-2022-31050 (TYPO3 is an open source web content management system. Prior to versio ...)
@@ -10864,14 +10970,14 @@ CVE-2022-30565
RESERVED
CVE-2022-30564
RESERVED
-CVE-2022-30563
- RESERVED
-CVE-2022-30562
- RESERVED
-CVE-2022-30561
- RESERVED
-CVE-2022-30560
- RESERVED
+CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the request ...)
+ TODO: check
+CVE-2022-30562 (If the user enables the https function on the device, an attacker can ...)
+ TODO: check
+CVE-2022-30561 (When an attacker uses a man-in-the-middle attack to sniff the request ...)
+ TODO: check
+CVE-2022-30560 (When an attacker obtaining the administrative account and password, or ...)
+ TODO: check
CVE-2022-30559
RESERVED
CVE-2022-30558
@@ -16626,8 +16732,8 @@ CVE-2022-28623
RESERVED
CVE-2022-28622 (A potential security vulnerability has been identified in HPE StoreOnc ...)
TODO: check
-CVE-2022-28621
- RESERVED
+CVE-2022-28621 (A remote disclosure of sensitive information vulnerability was discove ...)
+ TODO: check
CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in HPE Cra ...)
NOT-FOR-US: HPE
CVE-2022-28619 (A potential security vulnerability has been identified in the installe ...)
@@ -20784,8 +20890,7 @@ CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCom
NOT-FOR-US: WordPress plugin
CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via timing]
- RESERVED
+CVE-2022-0987 (A flaw was found in PackageKit in the way some of the methods exposed ...)
- packagekit <unfixed>
[bullseye] - packagekit <no-dsa> (Minor issue)
[buster] - packagekit <no-dsa> (Minor issue)
@@ -26334,8 +26439,8 @@ CVE-2022-0626 (The Advanced Admin Search WordPress plugin before 1.1.6 does not
NOT-FOR-US: WordPress plugin
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0624
- RESERVED
+CVE-2022-0624 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
+ TODO: check
CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...)
{DLA-2925-1}
- drupal7 <removed>
@@ -30848,8 +30953,8 @@ CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerabil
NOT-FOR-US: MCMS
CVE-2022-23897
RESERVED
-CVE-2022-23896
- RESERVED
+CVE-2022-23896 (Admidio 4.1.2 version is affected by stored cross-site scripting (XSS) ...)
+ TODO: check
CVE-2022-23895
RESERVED
CVE-2022-23894
@@ -31656,8 +31761,8 @@ CVE-2022-23765
RESERVED
CVE-2022-23764
RESERVED
-CVE-2022-23763
- RESERVED
+CVE-2022-23763 (Origin validation error vulnerability in NeoRS’s ActiveX moudle ...)
+ TODO: check
CVE-2022-23762
RESERVED
CVE-2022-23761
@@ -36602,8 +36707,8 @@ CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an
NOT-FOR-US: zfaka
CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
NOT-FOR-US: Node uppy
-CVE-2022-0085
- RESERVED
+CVE-2022-0085 (Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf ...)
+ TODO: check
CVE-2022-0084
RESERVED
- jboss-xnio <unfixed> (bug #1013280)
@@ -53651,14 +53756,14 @@ CVE-2021-41692
RESERVED
CVE-2021-41691
RESERVED
-CVE-2021-41690
- RESERVED
-CVE-2021-41689
- RESERVED
-CVE-2021-41688
- RESERVED
-CVE-2021-41687
- RESERVED
+CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The malloced ...)
+ TODO: check
+CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...)
+ TODO: check
+CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The object i ...)
+ TODO: check
+CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The program ...)
+ TODO: check
CVE-2021-41686
RESERVED
CVE-2021-41685
@@ -54188,8 +54293,8 @@ CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/co
NOT-FOR-US: concrete5-legacy
CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
NOT-FOR-US: concrete5-legacy
-CVE-2021-41460
- RESERVED
+CVE-2021-41460 (ECShop 4.1.0 has SQL injection vulnerability, which can be exploited b ...)
+ TODO: check
CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
- gpac 2.0.0+dfsg1-2
[buster] - gpac <not-affected> (Vulnerable code not present)
@@ -55503,10 +55608,10 @@ CVE-2021-40946
RESERVED
CVE-2021-40945
RESERVED
-CVE-2021-40944
- RESERVED
-CVE-2021-40943
- RESERVED
+CVE-2021-40944 (In GPAC MP4Box 1.1.0, there is a Null pointer reference in the functio ...)
+ TODO: check
+CVE-2021-40943 (In Bento4 1.6.0-638, there is a null pointer reference in the function ...)
+ TODO: check
CVE-2021-40942 (In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function ...)
- gpac 2.0.0+dfsg1-2
NOTE: https://github.com/gpac/gpac/issues/1908
@@ -56153,8 +56258,8 @@ CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.
NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client
CVE-2021-40682
RESERVED
-CVE-2021-3779
- RESERVED
+CVE-2021-3779 (A malicious MySQL server can request local file content from a client ...)
+ TODO: check
CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
{DLA-2876-1}
- vim 2:8.2.3455-1 (bug #994498)
@@ -56319,14 +56424,14 @@ CVE-2021-40611
RESERVED
CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background m ...)
NOT-FOR-US: emlog
-CVE-2021-40609
- RESERVED
-CVE-2021-40608
- RESERVED
-CVE-2021-40607
- RESERVED
-CVE-2021-40606
- RESERVED
+CVE-2021-40609 (The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a d ...)
+ TODO: check
+CVE-2021-40608 (The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers t ...)
+ TODO: check
+CVE-2021-40607 (The schm_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ TODO: check
+CVE-2021-40606 (The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause ...)
+ TODO: check
CVE-2021-40605
RESERVED
CVE-2021-40604 (A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Su ...)
@@ -56484,8 +56589,8 @@ CVE-2021-40555
RESERVED
CVE-2021-40554
RESERVED
-CVE-2021-40553
- RESERVED
+CVE-2021-40553 (piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerabili ...)
+ TODO: check
CVE-2021-40552
RESERVED
CVE-2021-40551
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea966a6be8cffba3cd9892032b725adf4e89ac92
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea966a6be8cffba3cd9892032b725adf4e89ac92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220628/91171e49/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list