[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 15 20:10:26 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a696810 by security tracker role at 2022-03-15T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,50 +1,76 @@
-CVE-2022-27218
+CVE-2022-27221
+ RESERVED
+CVE-2022-27220
+ RESERVED
+CVE-2022-27219
+ RESERVED
+CVE-2022-27194
+ RESERVED
+CVE-2022-0989
+ RESERVED
+CVE-2022-0988
+ RESERVED
+CVE-2022-0987
+ RESERVED
+CVE-2022-0986
+ RESERVED
+CVE-2022-0985
+ RESERVED
+CVE-2022-0984
+ RESERVED
+CVE-2022-0983
+ RESERVED
+CVE-2022-0982
+ RESERVED
+CVE-2022-0981
+ RESERVED
+CVE-2022-27218 (Jenkins incapptic connect uploader Plugin 1.15 and earlier stores toke ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27217
+CVE-2022-27217 (Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passw ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27216
+CVE-2022-27216 (Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passw ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27215
+CVE-2022-27215 (A missing permission check in Jenkins Release Helper Plugin 1.3.3 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27214
+CVE-2022-27214 (A cross-site request forgery (CSRF) vulnerability in Jenkins Release H ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27213
+CVE-2022-27213 (Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27212
+CVE-2022-27212 (Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27211
+CVE-2022-27211 (A missing/An incorrect permission check in Jenkins Kubernetes Continuo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27210
+CVE-2022-27210 (A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernete ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27209
+CVE-2022-27209 (A missing permission check in Jenkins Kubernetes Continuous Deploy Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27208
+CVE-2022-27208 (Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows u ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27207
+CVE-2022-27207 (Jenkins global-build-stats Plugin 1.5 and earlier does not escape mult ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27206
+CVE-2022-27206 (Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27205
+CVE-2022-27205 (A missing permission check in Jenkins Extended Choice Parameter Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27204
+CVE-2022-27204 (A cross-site request forgery vulnerability in Jenkins Extended Choice ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27203
+CVE-2022-27203 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27202
+CVE-2022-27202 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27201
+CVE-2022-27201 (Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27200
+CVE-2022-27200 (Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier doe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27199
+CVE-2022-27199 (A missing permission check in Jenkins CloudBees AWS Credentials Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27198
+CVE-2022-27198 (A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27197
+CVE-2022-27197 (Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL va ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27196
+CVE-2022-27196 (Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-27195
+CVE-2022-27195 (Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environ ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (X ...)
TODO: check
@@ -180,48 +206,48 @@ CVE-2022-25969
RESERVED
CVE-2022-25949
RESERVED
-CVE-2022-0970
- RESERVED
+CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...)
+ TODO: check
CVE-2022-0969
RESERVED
-CVE-2022-0968
- RESERVED
-CVE-2022-0967
- RESERVED
-CVE-2022-0966
- RESERVED
-CVE-2022-0965
- RESERVED
-CVE-2022-0964
- RESERVED
-CVE-2022-0963
- RESERVED
+CVE-2022-0968 (The microweber application allows large characters to insert in the in ...)
+ TODO: check
+CVE-2022-0967 (Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in Gi ...)
+ TODO: check
+CVE-2022-0966 (Stored XSS via File Upload in star7th/showdoc in GitHub repository sta ...)
+ TODO: check
+CVE-2022-0965 (Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc ...)
+ TODO: check
+CVE-2022-0964 (Stored XSS viva .webmv file upload in GitHub repository star7th/showdo ...)
+ TODO: check
+CVE-2022-0963 (Unrestricted XML Files Leads to Stored XSS in GitHub repository microw ...)
+ TODO: check
CVE-2022-0962 (Stored XSS viva .webma file upload in GitHub repository star7th/showdo ...)
NOT-FOR-US: ShowDoc
-CVE-2022-0961
- RESERVED
+CVE-2022-0961 (The microweber application allows large characters to insert in the in ...)
+ TODO: check
CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star7th/s ...)
NOT-FOR-US: ShowDoc
CVE-2022-0959
RESERVED
CVE-2022-0958
RESERVED
-CVE-2022-0957
- RESERVED
-CVE-2022-0956
- RESERVED
+CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...)
+ TODO: check
+CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...)
+ TODO: check
CVE-2022-0955
RESERVED
-CVE-2022-0954
- RESERVED
+CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's O ...)
+ TODO: check
CVE-2022-0953
RESERVED
CVE-2022-0952
RESERVED
-CVE-2022-0951
- RESERVED
-CVE-2022-0950
- RESERVED
+CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerability in ...)
+ TODO: check
+CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...)
+ TODO: check
CVE-2022-0949
RESERVED
CVE-2022-0948
@@ -616,8 +642,8 @@ CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpco
NOTE: https://github.com/liblouis/liblouis/issues/1171
CVE-2022-26980
RESERVED
-CVE-2022-0942
- RESERVED
+CVE-2022-0942 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
+ TODO: check
CVE-2022-0941 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
NOT-FOR-US: ShowDoc
CVE-2022-0940 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
@@ -1115,8 +1141,8 @@ CVE-2022-26781
RESERVED
CVE-2022-26780
RESERVED
-CVE-2022-26779
- RESERVED
+CVE-2022-26779 (Apache CloudStack prior to 4.16.1.0 used insecure random number genera ...)
+ TODO: check
CVE-2022-0906 (Unrestricted file upload leads to stored XSS in GitHub repository micr ...)
NOT-FOR-US: microweber
CVE-2022-0905 (Improper Authorization in GitHub repository go-gitea/gitea prior to 1. ...)
@@ -1141,10 +1167,10 @@ CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template En
NOT-FOR-US: microweber
CVE-2022-0895 (Static Code Injection in GitHub repository microweber/microweber prior ...)
NOT-FOR-US: microweber
-CVE-2022-0894
- RESERVED
-CVE-2022-0893
- RESERVED
+CVE-2022-0894 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2022-0893 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
CVE-2022-0892
RESERVED
CVE-2021-46707
@@ -1387,12 +1413,12 @@ CVE-2022-0882
CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...)
- peertube <itp> (bug #950821)
CVE-2022-26847 (SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access ...)
- {DSA-5093-1}
+ {DSA-5093-1 DLA-2949-1}
- spip 4.0.5-1
NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated ed ...)
- {DSA-5093-1}
+ {DSA-5093-1 DLA-2949-1}
- spip 4.0.5-1
NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html
@@ -2864,8 +2890,8 @@ CVE-2022-0780
RESERVED
CVE-2022-0779
RESERVED
-CVE-2022-0778 [Infinite loop in BN_mod_sqrt() reachable when parsing certificates]
- RESERVED
+CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...)
+ {DSA-5103-1}
- openssl <unfixed>
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20220315.txt
@@ -6457,10 +6483,10 @@ CVE-2022-24758
RESERVED
CVE-2022-24757
RESERVED
-CVE-2022-24756
- RESERVED
-CVE-2022-24755
- RESERVED
+CVE-2022-24756 (Bareos is open source software for backup, archiving, and recovery of ...)
+ TODO: check
+CVE-2022-24755 (Bareos is open source software for backup, archiving, and recovery of ...)
+ TODO: check
CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
@@ -6468,8 +6494,8 @@ CVE-2022-24754 (PJSIP is a free and open source multimedia communication library
TODO: check impact on src:asterisk and src:ring
CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platform. A ...)
TODO: check
-CVE-2022-24752
- RESERVED
+CVE-2022-24752 (SyliusGridBundle is a package of generic data grids for Symfony applic ...)
+ TODO: check
CVE-2022-24751
RESERVED
CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. A vulner ...)
@@ -6539,8 +6565,8 @@ CVE-2022-24723 (URI.js is a Javascript URL mutation library. Before version 1.19
NOTE: https://github.com/medialize/URI.js/releases/tag/v1.19.9
CVE-2022-24722 (VIewComponent is a framework for building view components in Ruby on R ...)
NOT-FOR-US: VIewComponent
-CVE-2022-24721
- RESERVED
+CVE-2022-24721 (CometD is a scalable comet implementation for web messaging. In any ve ...)
+ TODO: check
CVE-2022-24720 (image_processing is an image processing wrapper for libvips and ImageM ...)
- ruby-image-processing <unfixed> (bug #1007225)
NOTE: https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446
@@ -8083,8 +8109,8 @@ CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior
NOT-FOR-US: Mastodon
CVE-2022-0431
RESERVED
-CVE-2022-0430
- RESERVED
+CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0428
@@ -13522,8 +13548,8 @@ CVE-2022-22773
RESERVED
CVE-2022-22772
RESERVED
-CVE-2022-22771
- RESERVED
+CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO JasperReports Libr ...)
+ TODO: check
CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...)
NOT-FOR-US: TIBCO
CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...)
@@ -16987,6 +17013,7 @@ CVE-2021-45466
CVE-2021-45465
RESERVED
CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...)
+ {DSA-5103-1}
- openssl 1.1.1m-1
[stretch] - openssl <ignored> (This is MIPS-specific and we don't support MIPS for stretch-security)
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m)
@@ -19163,8 +19190,8 @@ CVE-2021-45012
RESERVED
CVE-2021-45011
RESERVED
-CVE-2021-45010
- RESERVED
+CVE-2021-45010 (Path traversal vulnerability in the file upload functionality in tinyf ...)
+ TODO: check
CVE-2021-45009
RESERVED
CVE-2021-45008 (** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permission ...)
@@ -155291,8 +155318,8 @@ CVE-2020-4991
RESERVED
CVE-2020-4990 (IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote at ...)
NOT-FOR-US: IBM
-CVE-2020-4989
- RESERVED
+CVE-2020-4989 (IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rati ...)
+ TODO: check
CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
NOT-FOR-US: IBM
CVE-2020-4987 (The IBM FlashSystem 900 user management GUI is vulnerable to stored cr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a696810df30bf68a93cb08d42a719d092c78941
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a696810df30bf68a93cb08d42a719d092c78941
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220315/3c8e7114/attachment.htm>
More information about the debian-security-tracker-commits
mailing list