[Git][security-tracker-team/security-tracker][master] automatic update

Fri Mar 25 08:10:19 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6fd877c3 by security tracker role at 2022-03-25T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-27494
+	RESERVED
+CVE-2022-26423
+	RESERVED
+CVE-2022-1071
+	RESERVED
+CVE-2022-1070
+	RESERVED
+CVE-2022-1069
+	RESERVED
+CVE-2022-1068
+	RESERVED
+CVE-2022-1067
+	RESERVED
 CVE-2022-27863
 	RESERVED
 CVE-2022-27862
@@ -3968,8 +3982,8 @@ CVE-2022-26306
 	RESERVED
 CVE-2022-26305
 	RESERVED
-CVE-2022-26301
-	RESERVED
+CVE-2022-26301 (TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability ...)
+	TODO: check
 CVE-2022-26300 (EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the fu ...)
 	NOT-FOR-US: EOS
 CVE-2022-26299
@@ -4012,8 +4026,8 @@ CVE-2022-26281
 	RESERVED
 CVE-2022-26280
 	RESERVED
-CVE-2022-26279
-	RESERVED
+CVE-2022-26279 (EyouCMS v1.5.5 was discovered to have no access control in the compone ...)
+	TODO: check
 CVE-2022-26278
 	RESERVED
 CVE-2022-26277
@@ -4026,8 +4040,8 @@ CVE-2022-26274
 	RESERVED
 CVE-2022-26273
 	RESERVED
-CVE-2022-26272
-	RESERVED
+CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows  ...)
+	TODO: check
 CVE-2022-26271
 	RESERVED
 CVE-2022-26270
@@ -4072,8 +4086,8 @@ CVE-2022-26251
 	RESERVED
 CVE-2022-26250
 	RESERVED
-CVE-2022-26249
-	RESERVED
+CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when exporting excel  ...)
+	TODO: check
 CVE-2022-26248
 	RESERVED
 CVE-2022-26247 (TMS v2.28.0 contains an insecure permissions vulnerability via the com ...)
@@ -5876,18 +5890,18 @@ CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arb
 	NOT-FOR-US: taocms
 CVE-2022-25577
 	RESERVED
-CVE-2022-25576
-	RESERVED
-CVE-2022-25575
-	RESERVED
+CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...)
+	TODO: check
+CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking Managem ...)
+	TODO: check
 CVE-2022-25574
 	RESERVED
 CVE-2022-25573
 	RESERVED
 CVE-2022-25572
 	RESERVED
-CVE-2022-25571
-	RESERVED
+CVE-2022-25571 (Bluedon Information Security Technologies Co.,Ltd Internet Access Dete ...)
+	TODO: check
 CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...)
 	NOT-FOR-US: Passwordstate
 CVE-2022-25569
@@ -8061,10 +8075,10 @@ CVE-2022-24784
 	RESERVED
 CVE-2022-24783
 	RESERVED
-CVE-2022-24782
-	RESERVED
-CVE-2022-24781
-	RESERVED
+CVE-2022-24782 (Discourse is an open source discussion platform. Versions 2.8.2 and pr ...)
+	TODO: check
+CVE-2022-24781 (Geon is a board game based on solving questions about the Pythagorean  ...)
+	TODO: check
 CVE-2022-24780
 	RESERVED
 CVE-2022-24779
@@ -8073,8 +8087,8 @@ CVE-2022-24778
 	RESERVED
 CVE-2022-24777
 	RESERVED
-CVE-2022-24776
-	RESERVED
+CVE-2022-24776 (Flask-AppBuilder is an application development framework, built on top ...)
+	TODO: check
 CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...)
 	- php-guzzlehttp-psr7 <unfixed> (bug #1008236)
 	NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
@@ -8100,8 +8114,7 @@ CVE-2022-24771 (Forge (also called `node-forge`) is a native implementation of T
 	NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0)
 CVE-2022-24770 (`gradio` is an open source framework for building interactive machine  ...)
 	TODO: check
-CVE-2022-24769
-	RESERVED
+CVE-2022-24769 (Moby is an open-source project created by Docker to enable and acceler ...)
 	- containerd 1.6.2~ds1-1
 	[bullseye] - containerd <no-dsa> (Minor issue)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
@@ -15712,10 +15725,10 @@ CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoAp
 	NOT-FOR-US: Umbraco CMS
 CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...)
 	NOT-FOR-US: CA Harvest Software Change Manager
-CVE-2022-22688
-	RESERVED
-CVE-2022-22687
-	RESERVED
+CVE-2022-22688 (Improper neutralization of special elements used in a command ('Comman ...)
+	TODO: check
+CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
+	TODO: check
 CVE-2022-22686
 	RESERVED
 CVE-2022-22685



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fd877c3f64d157a75daef9a6a7b61dd654690ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fd877c3f64d157a75daef9a6a7b61dd654690ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220325/0190e0b5/attachment.htm>
