[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 29 21:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef0bf2c5 by security tracker role at 2022-06-29T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2022-34821
+ RESERVED
+CVE-2022-34820
+ RESERVED
+CVE-2022-34819
+ RESERVED
+CVE-2022-34818
+ RESERVED
+CVE-2022-34817
+ RESERVED
+CVE-2022-34816
+ RESERVED
+CVE-2022-34815
+ RESERVED
+CVE-2022-34814
+ RESERVED
+CVE-2022-34813
+ RESERVED
+CVE-2022-34812
+ RESERVED
+CVE-2022-34811
+ RESERVED
+CVE-2022-34810
+ RESERVED
+CVE-2022-34809
+ RESERVED
+CVE-2022-34808
+ RESERVED
+CVE-2022-34807
+ RESERVED
+CVE-2022-34806
+ RESERVED
+CVE-2022-34805
+ RESERVED
+CVE-2022-34804
+ RESERVED
+CVE-2022-34803
+ RESERVED
+CVE-2022-34802
+ RESERVED
+CVE-2022-34801
+ RESERVED
+CVE-2022-34800
+ RESERVED
+CVE-2022-34799
+ RESERVED
+CVE-2022-34798
+ RESERVED
+CVE-2022-34797
+ RESERVED
+CVE-2022-34796
+ RESERVED
+CVE-2022-34795
+ RESERVED
+CVE-2022-34794
+ RESERVED
+CVE-2022-34793
+ RESERVED
+CVE-2022-34792
+ RESERVED
+CVE-2022-34791
+ RESERVED
+CVE-2022-34790
+ RESERVED
+CVE-2022-34789
+ RESERVED
+CVE-2022-34788
+ RESERVED
+CVE-2022-34787
+ RESERVED
+CVE-2022-34786
+ RESERVED
+CVE-2022-34785
+ RESERVED
+CVE-2022-34784
+ RESERVED
+CVE-2022-34783
+ RESERVED
+CVE-2022-34782
+ RESERVED
+CVE-2022-34781
+ RESERVED
+CVE-2022-34780
+ RESERVED
+CVE-2022-34779
+ RESERVED
+CVE-2022-34778
+ RESERVED
+CVE-2022-34777
+ RESERVED
+CVE-2022-34776
+ RESERVED
+CVE-2022-34775
+ RESERVED
+CVE-2022-34774
+ RESERVED
+CVE-2022-34773
+ RESERVED
+CVE-2022-34772
+ RESERVED
+CVE-2022-34771
+ RESERVED
+CVE-2022-34770
+ RESERVED
+CVE-2022-34769
+ RESERVED
+CVE-2022-34768
+ RESERVED
+CVE-2022-34767
+ RESERVED
+CVE-2022-34766
+ RESERVED
+CVE-2022-2254
+ RESERVED
+CVE-2022-2253
+ RESERVED
+CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to 1.2. ...)
+ TODO: check
+CVE-2022-2251
+ RESERVED
+CVE-2022-2250
+ RESERVED
+CVE-2021-46826
+ RESERVED
+CVE-2021-46825
+ RESERVED
CVE-2022-33967
RESERVED
CVE-2022-2249
@@ -332,30 +458,30 @@ CVE-2020-36550
RESERVED
CVE-2017-20121
RESERVED
-CVE-2017-20120
- RESERVED
-CVE-2017-20119
- RESERVED
-CVE-2017-20118
- RESERVED
-CVE-2017-20117
- RESERVED
-CVE-2017-20116
- RESERVED
-CVE-2017-20115
- RESERVED
-CVE-2017-20114
- RESERVED
-CVE-2017-20113
- RESERVED
-CVE-2017-20112
- RESERVED
-CVE-2017-20111
- RESERVED
-CVE-2017-20110
- RESERVED
-CVE-2017-20109
- RESERVED
+CVE-2017-20120 (A vulnerability classified as problematic was found in TrueConf Server ...)
+ TODO: check
+CVE-2017-20119 (A vulnerability classified as problematic has been found in TrueConf S ...)
+ TODO: check
+CVE-2017-20118 (A vulnerability was found in TrueConf Server 4.3.7. It has been rated ...)
+ TODO: check
+CVE-2017-20117 (A vulnerability was found in TrueConf Server 4.3.7. It has been declar ...)
+ TODO: check
+CVE-2017-20116 (A vulnerability was found in TrueConf Server 4.3.7. It has been classi ...)
+ TODO: check
+CVE-2017-20115 (A vulnerability was found in TrueConf Server 4.3.7 and classified as p ...)
+ TODO: check
+CVE-2017-20114 (A vulnerability has been found in TrueConf Server 4.3.7 and classified ...)
+ TODO: check
+CVE-2017-20113 (A vulnerability, which was classified as problematic, was found in Tru ...)
+ TODO: check
+CVE-2017-20112 (A vulnerability has been found in IVPN Client 2.6.6120.33863 and class ...)
+ TODO: check
+CVE-2017-20111 (A vulnerability, which was classified as critical, was found in Teleop ...)
+ TODO: check
+CVE-2017-20110 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2017-20109 (A vulnerability classified as problematic was found in Teleopti WFM up ...)
+ TODO: check
CVE-2022-34659
RESERVED
CVE-2022-34647
@@ -749,8 +875,8 @@ CVE-2022-2205
RESERVED
CVE-2022-2204
RESERVED
-CVE-2017-20108
- RESERVED
+CVE-2017-20108 (A vulnerability classified as problematic has been found in Easy Table ...)
+ TODO: check
CVE-2017-20107 (A vulnerability, which was classified as problematic, was found in Sha ...)
NOT-FOR-US: ShadeYouVPN.com Client
CVE-2017-20106 (A vulnerability, which was classified as critical, has been found in L ...)
@@ -783,6 +909,7 @@ CVE-2022-2201
RESERVED
CVE-2022-2200
RESERVED
+ {DSA-5172-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -797,6 +924,7 @@ CVE-2022-34485
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34485
CVE-2022-34484
RESERVED
+ {DSA-5172-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -813,6 +941,7 @@ CVE-2022-34482
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34482
CVE-2022-34481
RESERVED
+ {DSA-5172-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -825,6 +954,7 @@ CVE-2022-34480
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34480
CVE-2022-34479
RESERVED
+ {DSA-5172-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -861,6 +991,7 @@ CVE-2022-34473
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34473
CVE-2022-34472
RESERVED
+ {DSA-5172-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -873,6 +1004,7 @@ CVE-2022-34471
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34471
CVE-2022-34470
RESERVED
+ {DSA-5172-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -885,6 +1017,7 @@ CVE-2022-34469
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34469
CVE-2022-34468
RESERVED
+ {DSA-5172-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -1940,8 +2073,8 @@ CVE-2022-34045
RESERVED
CVE-2022-34044
RESERVED
-CVE-2022-34043
- RESERVED
+CVE-2022-34043 (Incorrect permissions for the folder C:\ProgramData\NoMachine\var\unin ...)
+ TODO: check
CVE-2022-34042
RESERVED
CVE-2022-34041
@@ -3048,10 +3181,10 @@ CVE-2022-33641
RESERVED
CVE-2022-33640
RESERVED
-CVE-2022-33639
- RESERVED
-CVE-2022-33638
- RESERVED
+CVE-2022-33639 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-33637
RESERVED
CVE-2022-33636
@@ -4128,8 +4261,8 @@ CVE-2022-33109
RESERVED
CVE-2022-33108 (XPDF v4.04 was discovered to contain a stack overflow vulnerability vi ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2022-33107
- RESERVED
+CVE-2022-33107 (ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerabi ...)
+ TODO: check
CVE-2022-33106
RESERVED
CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...)
@@ -4232,16 +4365,16 @@ CVE-2022-33063
RESERVED
CVE-2022-33062
RESERVED
-CVE-2022-33061
- RESERVED
-CVE-2022-33060
- RESERVED
-CVE-2022-33059
- RESERVED
-CVE-2022-33058
- RESERVED
-CVE-2022-33057
- RESERVED
+CVE-2022-33061 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-33060 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-33059 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-33058 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2022-33057 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-33056 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
NOT-FOR-US: Online Railway Reservation System
CVE-2022-33055 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
@@ -4270,8 +4403,8 @@ CVE-2022-33044
RESERVED
CVE-2022-33043
RESERVED
-CVE-2022-33042
- RESERVED
+CVE-2022-33042 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...)
+ TODO: check
CVE-2022-33041
RESERVED
CVE-2022-33040
@@ -4280,12 +4413,12 @@ CVE-2022-33039
RESERVED
CVE-2022-33038
RESERVED
-CVE-2022-33037
- RESERVED
-CVE-2022-33036
- RESERVED
-CVE-2022-33035
- RESERVED
+CVE-2022-33037 (A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute ar ...)
+ TODO: check
+CVE-2022-33036 (A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execut ...)
+ TODO: check
+CVE-2022-33035 (XLPD v7.0.0094 and below contains an unquoted service path vulnerabili ...)
+ TODO: check
CVE-2022-33034 (LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via t ...)
- libredwg <itp> (bug #595191)
CVE-2022-33033 (LibreDWG v0.12.4.4608 was discovered to contain a double-free via the ...)
@@ -4308,12 +4441,12 @@ CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after
- libredwg <itp> (bug #595191)
CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_ ...)
- libredwg <itp> (bug #595191)
-CVE-2022-33023
- RESERVED
+CVE-2022-33023 (CVA6 commit 909d85a gives incorrect permission to use special multipli ...)
+ TODO: check
CVE-2022-33022
RESERVED
-CVE-2022-33021
- RESERVED
+CVE-2022-33021 (CVA6 commit 909d85a accesses invalid memory when reading the value of ...)
+ TODO: check
CVE-2022-33020
RESERVED
CVE-2022-33019
@@ -4516,8 +4649,8 @@ CVE-2022-32973 (An authenticated attacker could create an audit file that bypass
NOT-FOR-US: Nessus
CVE-2022-32972
RESERVED
-CVE-2022-32969
- RESERVED
+CVE-2022-32969 (MetaMask before 10.11.3 might allow an attacker to access a user's sec ...)
+ TODO: check
CVE-2022-32968
RESERVED
CVE-2022-32967
@@ -7688,6 +7821,7 @@ CVE-2022-31745
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745
CVE-2022-31744
RESERVED
+ {DSA-5172-1}
- firefox 101.0-1
- firefox-esr 91.11.0esr-1
- thunderbird <unfixed>
@@ -9226,7 +9360,7 @@ CVE-2022-1798
CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...)
NOT-FOR-US: Goverlan
CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c in Fireja ...)
- {DSA-5167-1}
+ {DSA-5167-1 DLA-3061-1}
- firejail 0.9.68-4 (bug #1012510)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10
NOTE: https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 (0.9.70)
@@ -9446,8 +9580,8 @@ CVE-2022-31112
RESERVED
CVE-2022-31111
RESERVED
-CVE-2022-31110
- RESERVED
+CVE-2022-31110 (RSSHub is an open source, extensible RSS feed generator. In commits pr ...)
+ TODO: check
CVE-2022-31109
RESERVED
CVE-2022-31108 (Mermaid is a JavaScript based diagramming and charting tool that uses ...)
@@ -9567,8 +9701,8 @@ CVE-2022-31065 (BigBlueButton is an open source web conferencing system. In affe
NOT-FOR-US: BigBlueButton
CVE-2022-31064 (BigBlueButton is an open source web conferencing system. Users in meet ...)
NOT-FOR-US: BigBlueButton
-CVE-2022-31063
- RESERVED
+CVE-2022-31063 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
+ TODO: check
CVE-2022-31062 (### Impact A plugin public script can be used to read content of syste ...)
NOT-FOR-US: GLPI plugin
CVE-2022-31061 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
@@ -9578,8 +9712,8 @@ CVE-2022-31060 (Discourse is an open-source discussion platform. Prior to versio
NOT-FOR-US: Discourse
CVE-2022-31059 (Discourse Calendar is a calendar plugin for Discourse, an open-source ...)
NOT-FOR-US: Discourse Calendar is a calendar plugin for Discourse
-CVE-2022-31058
- RESERVED
+CVE-2022-31058 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
+ TODO: check
CVE-2022-31057 (Shopware is an open source e-commerce software made in Germany. Versio ...)
NOT-FOR-US: Shopware
CVE-2022-31056 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
@@ -9641,8 +9775,8 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
NOTE: Prerequisite to clear credential headers when redirecting to cross site
NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0)
NOTE: Fixed by: https://github.com/sparklemotion/mechanize/commit/907c778001625cb9daa686d5019c939cb416e45b (v2.8.5)
-CVE-2022-31032
- RESERVED
+CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
+ TODO: check
CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
@@ -12234,8 +12368,8 @@ CVE-2022-30194
RESERVED
CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
-CVE-2022-30192
- RESERVED
+CVE-2022-30192 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-30191
RESERVED
CVE-2022-30190 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)
@@ -56439,8 +56573,8 @@ CVE-2021-40644 (An SQL Injection vulnerability exists in oasys oa_system as of 9
NOT-FOR-US: oasys Office Automation system
CVE-2021-40643
RESERVED
-CVE-2021-40642
- RESERVED
+CVE-2021-40642 (Textpattern CMS v4.8.7 and older vulnerability exists through Sensitiv ...)
+ TODO: check
CVE-2021-40641
RESERVED
CVE-2021-40640
@@ -60453,8 +60587,8 @@ CVE-2021-39076 (IBM Security Guardium 10.5 and 11.3 uses weaker than expected cr
NOT-FOR-US: IBM
CVE-2021-39075
RESERVED
-CVE-2021-39074
- RESERVED
+CVE-2021-39074 (IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This ...)
+ TODO: check
CVE-2021-39073
RESERVED
CVE-2021-39072 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...)
@@ -78672,6 +78806,7 @@ CVE-2019-25031 (** DISPUTED ** Unbound before 1.9.5 allows configuration injecti
NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
NOTE: Not deemed an exploitable vulnerability by upstream
CVE-2021-3513
+ RESERVED
NOT-FOR-US: Keycloak
CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...)
NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
@@ -123142,8 +123277,8 @@ CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hard
NOT-FOR-US: Ruckus
CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...)
NOT-FOR-US: Ruckus
-CVE-2020-26877
- RESERVED
+CVE-2020-26877 (ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in a ...)
+ TODO: check
CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
NOT-FOR-US: WordPress plugin
CVE-2020-26875
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0bf2c5d41291a11313b241f059b5314a53a684
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0bf2c5d41291a11313b241f059b5314a53a684
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220629/f31d2f55/attachment.htm>
More information about the debian-security-tracker-commits
mailing list