[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 29 09:10:26 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
060dc891 by security tracker role at 2022-06-29T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,14 @@
+CVE-2022-33967
+	RESERVED
+CVE-2022-2249
+	RESERVED
+CVE-2022-2248
+	RESERVED
+CVE-2022-2247
+	RESERVED
+CVE-2022-2246
+	REJECTED
+	TODO: check
 CVE-2022-34765
 	RESERVED
 CVE-2022-34764
@@ -114,8 +125,8 @@ CVE-2022-2233
 	RESERVED
 CVE-2022-2232
 	RESERVED
-CVE-2022-2231
-	RESERVED
+CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-2230
 	RESERVED
 CVE-2022-2229
@@ -5484,8 +5495,7 @@ CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.
 	NOT-FOR-US: Bosch
 CVE-2022-32533
 	RESERVED
-CVE-2022-32532
-	RESERVED
+CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured  ...)
 	- shiro <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2
 CVE-2022-32531
@@ -7153,8 +7163,8 @@ CVE-2022-31899
 	RESERVED
 CVE-2022-31898
 	RESERVED
-CVE-2022-31897
-	RESERVED
+CVE-2022-31897 (SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site S ...)
+	TODO: check
 CVE-2022-31896
 	RESERVED
 CVE-2022-31895
@@ -7173,16 +7183,16 @@ CVE-2022-31889
 	RESERVED
 CVE-2022-31888
 	RESERVED
-CVE-2022-31887
-	RESERVED
-CVE-2022-31886
-	RESERVED
-CVE-2022-31885
-	RESERVED
-CVE-2022-31884
-	RESERVED
-CVE-2022-31883
-	RESERVED
+CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability ...)
+	TODO: check
+CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery  ...)
+	TODO: check
+CVE-2022-31885 (Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to ...)
+	TODO: check
+CVE-2022-31884 (Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability ...)
+	TODO: check
+CVE-2022-31883 (Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference ( ...)
+	TODO: check
 CVE-2022-31882
 	RESERVED
 CVE-2022-31881
@@ -9067,8 +9077,8 @@ CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to read
 	NOT-FOR-US: Gitblit
 CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User Service: ...)
 	NOT-FOR-US: Gitblit
-CVE-2022-31266
-	RESERVED
+CVE-2022-31266 (In ILIAS through 7.10, lack of verification when changing an email add ...)
+	TODO: check
 CVE-2022-31265 (The replay feature in the client in Wargaming World of Warships 0.11.4 ...)
 	NOT-FOR-US: client in Wargaming World of Warships
 CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via  ...)
@@ -9164,10 +9174,10 @@ CVE-2022-31232
 	RESERVED
 CVE-2022-31231
 	RESERVED
-CVE-2022-31230
-	RESERVED
-CVE-2022-31229
-	RESERVED
+CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky c ...)
+	TODO: check
+CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...)
+	TODO: check
 CVE-2022-31228
 	RESERVED
 CVE-2022-31227
@@ -9429,8 +9439,8 @@ CVE-2022-31110
 	RESERVED
 CVE-2022-31109
 	RESERVED
-CVE-2022-31108
-	RESERVED
+CVE-2022-31108 (Mermaid is a JavaScript based diagramming and charting tool that uses  ...)
+	TODO: check
 CVE-2022-31107
 	RESERVED
 CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that operate on n ...)
@@ -13133,8 +13143,8 @@ CVE-2022-29860
 	RESERVED
 CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for  ...)
 	NOT-FOR-US: SDK for Ameba1
-CVE-2022-29858
-	RESERVED
+CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 allows XSS. ...)
+	TODO: check
 CVE-2022-29857
 	RESERVED
 CVE-2022-29856 (A hardcoded cryptographic key in Automation360 22 allows an attacker t ...)
@@ -14850,14 +14860,14 @@ CVE-2022-29274
 	RESERVED
 CVE-2022-29273
 	RESERVED
-CVE-2022-29272
-	RESERVED
-CVE-2022-29271
-	RESERVED
-CVE-2022-29270
-	RESERVED
-CVE-2022-29269
-	RESERVED
+CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability exists in t ...)
+	TODO: check
+CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorre ...)
+	TODO: check
+CVE-2022-29270 (In Nagios XI through 5.8.5, it is possible for a user without password ...)
+	TODO: check
+CVE-2022-29269 (In Nagios XI through 5.8.5, in the schedule report function, an authen ...)
+	TODO: check
 CVE-2022-29268
 	REJECTED
 CVE-2022-29267
@@ -16211,8 +16221,8 @@ CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK
 	NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00070.html
 CVE-2022-28804
 	RESERVED
-CVE-2022-28803
-	RESERVED
+CVE-2022-28803 (In SilverStripe Framework through 2022-04-07, Stored XSS can occur in  ...)
+	TODO: check
 CVE-2022-28802
 	RESERVED
 CVE-2022-28801
@@ -26508,8 +26518,8 @@ CVE-2022-25240
 	RESERVED
 CVE-2022-25239
 	RESERVED
-CVE-2022-25238
-	RESERVED
+CVE-2022-25238 (Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside  ...)
+	TODO: check
 CVE-2022-25237 (Bonita Web 2021.2 is affected by a authentication/authorization bypass ...)
 	NOT-FOR-US: Bonita Web
 CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
@@ -28883,8 +28893,8 @@ CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus 6.
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2022-24445
 	REJECTED
-CVE-2022-24444
-	RESERVED
+CVE-2022-24444 (Silverstripe silverstripe/framework through 4.10 allows Session Fixati ...)
+	TODO: check
 CVE-2022-24443
 	RESERVED
 CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server- ...)
@@ -54105,8 +54115,8 @@ CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Comple
 	NOT-FOR-US: jsoneditor
 CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...)
 	NOT-FOR-US: OpenCATS
-CVE-2021-41559
-	RESERVED
+CVE-2021-41559 (Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Co ...)
+	TODO: check
 CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
 	NOT-FOR-US: set_user extension for Postgres
 CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
@@ -88189,18 +88199,18 @@ CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file
 	- glib2.0 2.66.7-2 (bug #984969)
 	[buster] - glib2.0 2.58.3-2+deb10u3
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
-CVE-2021-3435
-	RESERVED
-CVE-2021-3434
-	RESERVED
-CVE-2021-3433
-	RESERVED
-CVE-2021-3432
-	RESERVED
-CVE-2021-3431
-	RESERVED
-CVE-2021-3430
-	RESERVED
+CVE-2021-3435 (Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4 ...)
+	TODO: check
+CVE-2021-3434 (Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions &g ...)
+	TODO: check
+CVE-2021-3433 (Invalid channel map in CONNECT_IND results to Deadlock. Zephyr version ...)
+	TODO: check
+CVE-2021-3432 (Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr vers ...)
+	TODO: check
+CVE-2021-3431 (Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions > ...)
+	TODO: check
+CVE-2021-3430 (Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr vers ...)
+	TODO: check
 CVE-2021-3429
 	RESERVED
 	{DLA-2601-1}
@@ -138833,10 +138843,10 @@ CVE-2020-19899
 	RESERVED
 CVE-2020-19898
 	RESERVED
-CVE-2020-19897
-	RESERVED
-CVE-2020-19896
-	RESERVED
+CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...)
+	TODO: check
+CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...)
+	TODO: check
 CVE-2020-19895
 	RESERVED
 CVE-2020-19894



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/060dc891d92932dff0276752b61109f731c0ac33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/060dc891d92932dff0276752b61109f731c0ac33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220629/a39620d2/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list