[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 29 21:10:34 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0aba04b2 by security tracker role at 2022-03-29T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,58 +1,100 @@
-CVE-2022-28160
+CVE-2022-28170
+ RESERVED
+CVE-2022-28169
+ RESERVED
+CVE-2022-28168
+ RESERVED
+CVE-2022-28167
+ RESERVED
+CVE-2022-28166
+ RESERVED
+CVE-2022-28165
+ RESERVED
+CVE-2022-28164
+ RESERVED
+CVE-2022-28163
+ RESERVED
+CVE-2022-28162
+ RESERVED
+CVE-2022-28161
+ RESERVED
+CVE-2022-1159
+ RESERVED
+CVE-2022-1158
+ RESERVED
+CVE-2022-1157
+ RESERVED
+CVE-2022-1156
+ RESERVED
+CVE-2022-1155
+ RESERVED
+CVE-2022-1154
+ RESERVED
+CVE-2022-1153
+ RESERVED
+CVE-2022-1152
+ RESERVED
+CVE-2022-1151
+ RESERVED
+CVE-2022-1150
+ RESERVED
+CVE-2022-1149
+ RESERVED
+CVE-2022-28160 (Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28159
+CVE-2022-28159 (Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Pr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28158
+CVE-2022-28158 (A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28157
+CVE-2022-28157 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attac ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28156
+CVE-2022-28156 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attac ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28155
+CVE-2022-28155 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not con ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28154
+CVE-2022-28154 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28153
+CVE-2022-28153 (Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sit ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28152
+CVE-2022-28152 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job and N ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28151
+CVE-2022-28151 (A missing permission check in Jenkins Job and Node ownership Plugin 0. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28150
+CVE-2022-28150 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job and N ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28149
+CVE-2022-28149 (Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not esca ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28148
+CVE-2022-28148 (The file browser in Jenkins Continuous Integration with Toad Edge Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28147
+CVE-2022-28147 (A missing permission check in Jenkins Continuous Integration with Toad ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28146
+CVE-2022-28146 (Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28145
+CVE-2022-28145 (Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier d ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28144
+CVE-2022-28144 (Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28143
+CVE-2022-28143 (A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28142
+CVE-2022-28142 (Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28141
+CVE-2022-28141 (Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28140
+CVE-2022-28140 (Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28139
+CVE-2022-28139 (A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28138
+CVE-2022-28138 (A cross-site request forgery (CSRF) vulnerability in Jenkins RocketCha ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28137
+CVE-2022-28137 (A missing permission check in Jenkins JiraTestResultReporter Plugin 16 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28136
+CVE-2022-28136 (A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestR ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28135
+CVE-2022-28135 (Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28134
+CVE-2022-28134 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28133
+CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-28132
RESERVED
@@ -124,8 +166,7 @@ CVE-2022-27496
RESERVED
CVE-2022-25348
RESERVED
-CVE-2022-1122
- RESERVED
+CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1368
NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
@@ -853,7 +894,7 @@ CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareo
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
-CVE-2018-25032 (zlib 1.2.11 allows memory corruption when deflating (i.e., when compre ...)
+CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e., when ...)
- zlib 1:1.2.11.dfsg-4 (bug #1008265)
- libz-mingw-w64 1.2.11+dfsg-5
[bullseye] - libz-mingw-w64 <no-dsa> (Minor issue)
@@ -1297,8 +1338,8 @@ CVE-2022-27641
RESERVED
CVE-2022-27640
RESERVED
-CVE-2022-1055
- RESERVED
+CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter that cou ...)
+ TODO: check
CVE-2022-1054
RESERVED
CVE-2022-1053
@@ -1309,8 +1350,8 @@ CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub reposito
NOTE: https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4
CVE-2022-1051
RESERVED
-CVE-2022-1050
- RESERVED
+CVE-2022-1050 (Guest driver might execute HW commands when shared buffers are not yet ...)
+ TODO: check
CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...)
- pcs <unfixed>
[bullseye] - pcs <no-dsa> (Minor issue)
@@ -2122,8 +2163,8 @@ CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v
NOT-FOR-US: ShowDoc
CVE-2022-1033 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
NOT-FOR-US: Crater
-CVE-2022-1032
- RESERVED
+CVE-2022-1032 (Insecure deserialization of not validated module file in GitHub reposi ...)
+ TODO: check
CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/37da2cd6-0b46-4878-a32e-acbfd8f6f457
@@ -2200,18 +2241,18 @@ CVE-2022-27237
RESERVED
CVE-2022-27236
RESERVED
-CVE-2022-26887
- RESERVED
-CVE-2022-26667
- RESERVED
-CVE-2022-26666
- RESERVED
-CVE-2022-26514
- RESERVED
-CVE-2022-26349
- RESERVED
-CVE-2022-25880
- RESERVED
+CVE-2022-26887 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26667 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26666 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26514 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26349 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-25880 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
CVE-2022-1019
RESERVED
CVE-2022-1018
@@ -2414,26 +2455,26 @@ CVE-2022-27191 (golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b
NOTE: https://github.com/golang/crypto/commit/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d
CVE-2022-27190
RESERVED
-CVE-2022-27175
- RESERVED
-CVE-2022-26839
- RESERVED
-CVE-2022-26836
- RESERVED
-CVE-2022-26338
- RESERVED
-CVE-2022-26069
- RESERVED
-CVE-2022-26065
- RESERVED
-CVE-2022-26059
- RESERVED
-CVE-2022-26013
- RESERVED
-CVE-2022-25980
- RESERVED
-CVE-2022-25347
- RESERVED
+CVE-2022-27175 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26839 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vul ...)
+ TODO: check
+CVE-2022-26836 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26338 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26069 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26065 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26059 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-26013 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-25980 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
+CVE-2022-25347 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vul ...)
+ TODO: check
CVE-2022-0980
RESERVED
{DSA-5104-1}
@@ -3338,8 +3379,8 @@ CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct
- swagger-ui <itp> (bug #895422)
CVE-2022-26850
RESERVED
-CVE-2022-0923
- RESERVED
+CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
+ TODO: check
CVE-2022-0922
RESERVED
CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...)
@@ -11972,12 +12013,12 @@ CVE-2022-23905
RESERVED
CVE-2022-23904
RESERVED
-CVE-2022-23903
- RESERVED
+CVE-2022-23903 (A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-ad ...)
+ TODO: check
CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
NOT-FOR-US: Tongda2000
-CVE-2022-23901
- RESERVED
+CVE-2022-23901 (A stack overflow re2c 2.2 exists due to infinite recursion issues in s ...)
+ TODO: check
CVE-2022-23900
RESERVED
CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...)
@@ -12073,8 +12114,8 @@ CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...)
TODO: check
-CVE-2022-0343
- RESERVED
+CVE-2022-0343 (A local attacker, as a different local user, may be able to send a HTT ...)
+ TODO: check
CVE-2022-0342 (An authentication bypass vulnerability in the CGI program of Zyxel USG ...)
NOT-FOR-US: Zyxel
CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...)
@@ -15086,8 +15127,8 @@ CVE-2022-23061
RESERVED
CVE-2022-23060
RESERVED
-CVE-2022-23059
- RESERVED
+CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...)
+ TODO: check
CVE-2022-23058
RESERVED
CVE-2022-23057
@@ -15356,8 +15397,8 @@ CVE-2022-22950
RESERVED
CVE-2022-22949
RESERVED
-CVE-2022-22948
- RESERVED
+CVE-2022-22948 (The vCenter Server contains an information disclosure vulnerability du ...)
+ TODO: check
CVE-2022-22947 (In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applicat ...)
NOT-FOR-US: Spring Cloud Gateway
CVE-2022-22946 (In spring cloud gateway versions prior to 3.1.1+ , applications that a ...)
@@ -15376,8 +15417,8 @@ CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4
NOTE: https://www.openwall.com/lists/oss-security/2022/02/03/1
NOTE: Fixed by: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c
-CVE-2022-22941
- RESERVED
+CVE-2022-22941 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
+ TODO: check
CVE-2022-22940
RESERVED
CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...)
@@ -15386,12 +15427,12 @@ CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for
NOT-FOR-US: VMware
CVE-2022-22937
RESERVED
-CVE-2022-22936
- RESERVED
-CVE-2022-22935
- RESERVED
-CVE-2022-22934
- RESERVED
+CVE-2022-22936 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
+ TODO: check
+CVE-2022-22935 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
+ TODO: check
+CVE-2022-22934 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
+ TODO: check
CVE-2022-22933
RESERVED
CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...)
@@ -24637,8 +24678,8 @@ CVE-2021-44083
RESERVED
CVE-2021-44082
RESERVED
-CVE-2021-44081
- RESERVED
+CVE-2021-44081 (A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. Wh ...)
+ TODO: check
CVE-2021-44080
RESERVED
CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...)
@@ -26856,8 +26897,8 @@ CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less t
NOT-FOR-US: zzcms
CVE-2021-43702
RESERVED
-CVE-2021-43701
- RESERVED
+CVE-2021-43701 (CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnera ...)
+ TODO: check
CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...)
NOT-FOR-US: ApiManager
CVE-2021-43699
@@ -29449,10 +29490,10 @@ CVE-2021-43112
RESERVED
CVE-2021-43111
RESERVED
-CVE-2021-43110
- RESERVED
-CVE-2021-43109
- RESERVED
+CVE-2021-43110 (An Access Conrol vulnerability exists in PuneethReddyHC online-shoppin ...)
+ TODO: check
+CVE-2021-43109 (An SQL Injection vulnerability exits in PuneethReddyHC online-shopping ...)
+ TODO: check
CVE-2021-43108
RESERVED
CVE-2021-43107
@@ -29840,8 +29881,8 @@ CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0
NOT-FOR-US: NoMachine
CVE-2021-42971
RESERVED
-CVE-2021-42970
- RESERVED
+CVE-2021-42970 (Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the ...)
+ TODO: check
CVE-2021-42969
RESERVED
CVE-2021-42968
@@ -81832,8 +81873,8 @@ CVE-2021-22574
RESERVED
CVE-2021-22573
RESERVED
-CVE-2021-22572
- RESERVED
+CVE-2021-22572 (On unix-like systems, the system temporary directory is shared between ...)
+ TODO: check
CVE-2021-22571 (A local attacker could read files from some other users' SA360 reports ...)
NOT-FOR-US: SA360 reports
CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aba04b2b4daeb7c26196a8e88c3d55d4e2b9d2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0aba04b2b4daeb7c26196a8e88c3d55d4e2b9d2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220329/3f31f30d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list