[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 29 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
060dc891 by security tracker role at 2022-06-29T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,14 @@
+CVE-2022-33967
+ RESERVED
+CVE-2022-2249
+ RESERVED
+CVE-2022-2248
+ RESERVED
+CVE-2022-2247
+ RESERVED
+CVE-2022-2246
+ REJECTED
+ TODO: check
CVE-2022-34765
RESERVED
CVE-2022-34764
@@ -114,8 +125,8 @@ CVE-2022-2233
RESERVED
CVE-2022-2232
RESERVED
-CVE-2022-2231
- RESERVED
+CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-2230
RESERVED
CVE-2022-2229
@@ -5484,8 +5495,7 @@ CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.
NOT-FOR-US: Bosch
CVE-2022-32533
RESERVED
-CVE-2022-32532
- RESERVED
+CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...)
- shiro <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2
CVE-2022-32531
@@ -7153,8 +7163,8 @@ CVE-2022-31899
RESERVED
CVE-2022-31898
RESERVED
-CVE-2022-31897
- RESERVED
+CVE-2022-31897 (SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site S ...)
+ TODO: check
CVE-2022-31896
RESERVED
CVE-2022-31895
@@ -7173,16 +7183,16 @@ CVE-2022-31889
RESERVED
CVE-2022-31888
RESERVED
-CVE-2022-31887
- RESERVED
-CVE-2022-31886
- RESERVED
-CVE-2022-31885
- RESERVED
-CVE-2022-31884
- RESERVED
-CVE-2022-31883
- RESERVED
+CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability ...)
+ TODO: check
+CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery ...)
+ TODO: check
+CVE-2022-31885 (Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to ...)
+ TODO: check
+CVE-2022-31884 (Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability ...)
+ TODO: check
+CVE-2022-31883 (Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference ( ...)
+ TODO: check
CVE-2022-31882
RESERVED
CVE-2022-31881
@@ -9067,8 +9077,8 @@ CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to read
NOT-FOR-US: Gitblit
CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User Service: ...)
NOT-FOR-US: Gitblit
-CVE-2022-31266
- RESERVED
+CVE-2022-31266 (In ILIAS through 7.10, lack of verification when changing an email add ...)
+ TODO: check
CVE-2022-31265 (The replay feature in the client in Wargaming World of Warships 0.11.4 ...)
NOT-FOR-US: client in Wargaming World of Warships
CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via ...)
@@ -9164,10 +9174,10 @@ CVE-2022-31232
RESERVED
CVE-2022-31231
RESERVED
-CVE-2022-31230
- RESERVED
-CVE-2022-31229
- RESERVED
+CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky c ...)
+ TODO: check
+CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...)
+ TODO: check
CVE-2022-31228
RESERVED
CVE-2022-31227
@@ -9429,8 +9439,8 @@ CVE-2022-31110
RESERVED
CVE-2022-31109
RESERVED
-CVE-2022-31108
- RESERVED
+CVE-2022-31108 (Mermaid is a JavaScript based diagramming and charting tool that uses ...)
+ TODO: check
CVE-2022-31107
RESERVED
CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that operate on n ...)
@@ -13133,8 +13143,8 @@ CVE-2022-29860
RESERVED
CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for ...)
NOT-FOR-US: SDK for Ameba1
-CVE-2022-29858
- RESERVED
+CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 allows XSS. ...)
+ TODO: check
CVE-2022-29857
RESERVED
CVE-2022-29856 (A hardcoded cryptographic key in Automation360 22 allows an attacker t ...)
@@ -14850,14 +14860,14 @@ CVE-2022-29274
RESERVED
CVE-2022-29273
RESERVED
-CVE-2022-29272
- RESERVED
-CVE-2022-29271
- RESERVED
-CVE-2022-29270
- RESERVED
-CVE-2022-29269
- RESERVED
+CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability exists in t ...)
+ TODO: check
+CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorre ...)
+ TODO: check
+CVE-2022-29270 (In Nagios XI through 5.8.5, it is possible for a user without password ...)
+ TODO: check
+CVE-2022-29269 (In Nagios XI through 5.8.5, in the schedule report function, an authen ...)
+ TODO: check
CVE-2022-29268
REJECTED
CVE-2022-29267
@@ -16211,8 +16221,8 @@ CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK
NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00070.html
CVE-2022-28804
RESERVED
-CVE-2022-28803
- RESERVED
+CVE-2022-28803 (In SilverStripe Framework through 2022-04-07, Stored XSS can occur in ...)
+ TODO: check
CVE-2022-28802
RESERVED
CVE-2022-28801
@@ -26508,8 +26518,8 @@ CVE-2022-25240
RESERVED
CVE-2022-25239
RESERVED
-CVE-2022-25238
- RESERVED
+CVE-2022-25238 (Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside ...)
+ TODO: check
CVE-2022-25237 (Bonita Web 2021.2 is affected by a authentication/authorization bypass ...)
NOT-FOR-US: Bonita Web
CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
@@ -28883,8 +28893,8 @@ CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus 6.
NOT-FOR-US: Zoho ManageEngine
CVE-2022-24445
REJECTED
-CVE-2022-24444
- RESERVED
+CVE-2022-24444 (Silverstripe silverstripe/framework through 4.10 allows Session Fixati ...)
+ TODO: check
CVE-2022-24443
RESERVED
CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server- ...)
@@ -54105,8 +54115,8 @@ CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Comple
NOT-FOR-US: jsoneditor
CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...)
NOT-FOR-US: OpenCATS
-CVE-2021-41559
- RESERVED
+CVE-2021-41559 (Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Co ...)
+ TODO: check
CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
NOT-FOR-US: set_user extension for Postgres
CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
@@ -88189,18 +88199,18 @@ CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file
- glib2.0 2.66.7-2 (bug #984969)
[buster] - glib2.0 2.58.3-2+deb10u3
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
-CVE-2021-3435
- RESERVED
-CVE-2021-3434
- RESERVED
-CVE-2021-3433
- RESERVED
-CVE-2021-3432
- RESERVED
-CVE-2021-3431
- RESERVED
-CVE-2021-3430
- RESERVED
+CVE-2021-3435 (Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4 ...)
+ TODO: check
+CVE-2021-3434 (Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions &g ...)
+ TODO: check
+CVE-2021-3433 (Invalid channel map in CONNECT_IND results to Deadlock. Zephyr version ...)
+ TODO: check
+CVE-2021-3432 (Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr vers ...)
+ TODO: check
+CVE-2021-3431 (Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions > ...)
+ TODO: check
+CVE-2021-3430 (Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr vers ...)
+ TODO: check
CVE-2021-3429
RESERVED
{DLA-2601-1}
@@ -138833,10 +138843,10 @@ CVE-2020-19899
RESERVED
CVE-2020-19898
RESERVED
-CVE-2020-19897
- RESERVED
-CVE-2020-19896
- RESERVED
+CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...)
+ TODO: check
+CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...)
+ TODO: check
CVE-2020-19895
RESERVED
CVE-2020-19894
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/060dc891d92932dff0276752b61109f731c0ac33
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/060dc891d92932dff0276752b61109f731c0ac33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220629/a39620d2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list