[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 1 21:10:30 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11016e05 by security tracker role at 2022-05-01T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-1544 (Formula Injection/CSV Injection due to Improper Neutralization of Form ...)
+	TODO: check
 CVE-2022-29967 (static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6. ...)
 	- glewlwyd <unfixed>
 	NOTE: https://github.com/babelouest/glewlwyd/commit/e3f7245c33897bf9b3a75acfcdb8b7b93974bf11
@@ -4039,8 +4041,8 @@ CVE-2022-28483
 	RESERVED
 CVE-2022-28482
 	RESERVED
-CVE-2022-28481
-	RESERVED
+CVE-2022-28481 (CSV-Safe gem < 3.0.0 doesn't filter out special characters which co ...)
+	TODO: check
 CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.ex ...)
 	NOT-FOR-US: ALLMediaServer
 CVE-2022-28479
@@ -10909,8 +10911,8 @@ CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not inc
 	NOTE: https://github.com/ManageIQ/kubeclient/pull/556
 CVE-2022-26085
 	RESERVED
-CVE-2022-26068
-	RESERVED
+CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...)
+	TODO: check
 CVE-2022-26066
 	RESERVED
 CVE-2022-26063
@@ -11195,8 +11197,8 @@ CVE-2022-25852
 	RESERVED
 CVE-2022-25851
 	RESERVED
-CVE-2022-25850
-	RESERVED
+CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnera ...)
+	TODO: check
 CVE-2022-25849
 	RESERVED
 CVE-2022-25848
@@ -11207,18 +11209,18 @@ CVE-2022-25846
 	RESERVED
 CVE-2022-25845
 	RESERVED
-CVE-2022-25844
-	RESERVED
+CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
+	TODO: check
 CVE-2022-25843
 	RESERVED
-CVE-2022-25842
-	RESERVED
+CVE-2022-25842 (All versions of package com.alibaba.oneagent:one-java-agent-plugin are ...)
+	TODO: check
 CVE-2022-25840
 	RESERVED
 CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper Input Valid ...)
 	NOT-FOR-US: Node url-js
-CVE-2022-25767
-	RESERVED
+CVE-2022-25767 (All versions of package com.bstek.ureport:ureport2-console are vulnera ...)
+	TODO: check
 CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...)
 	NOT-FOR-US: NodeJS ungit
 CVE-2022-25765
@@ -11238,12 +11240,12 @@ CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injectio
 	NOTE: https://github.com/ruby-git/ruby-git/pull/569
 	NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0)
 	NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
-CVE-2022-25647
-	RESERVED
+CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are vulnerable to D ...)
+	TODO: check
 CVE-2022-25646
 	RESERVED
-CVE-2022-25645
-	RESERVED
+CVE-2022-25645 (All versions of package dset are vulnerable to Prototype Pollution via ...)
+	TODO: check
 CVE-2022-25644
 	RESERVED
 CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution  ...)
@@ -11256,8 +11258,8 @@ CVE-2022-25351
 	RESERVED
 CVE-2022-25350
 	RESERVED
-CVE-2022-25349
-	RESERVED
+CVE-2022-25349 (All versions of package materialize-css are vulnerable to Cross-site S ...)
+	TODO: check
 CVE-2022-25346
 	RESERVED
 CVE-2022-25345
@@ -11270,8 +11272,8 @@ CVE-2022-25303
 	RESERVED
 CVE-2022-25302
 	RESERVED
-CVE-2022-25301
-	RESERVED
+CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...)
+	TODO: check
 CVE-2022-25300
 	RESERVED
 CVE-2022-25233
@@ -11296,8 +11298,8 @@ CVE-2022-24439
 	RESERVED
 CVE-2022-24438
 	RESERVED
-CVE-2022-24437
-	RESERVED
+CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to Command I ...)
+	TODO: check
 CVE-2022-24434
 	RESERVED
 CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...)
@@ -11330,8 +11332,8 @@ CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command In
 	NOT-FOR-US: simple-git
 CVE-2022-24065
 	RESERVED
-CVE-2022-23923
-	RESERVED
+CVE-2022-23923 (All versions of package jailed are vulnerable to Sandbox Bypass via an ...)
+	TODO: check
 CVE-2022-23920
 	RESERVED
 CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to Remote  ...)
@@ -11342,8 +11344,8 @@ CVE-2022-23811
 	RESERVED
 CVE-2022-22984
 	RESERVED
-CVE-2022-22143
-	RESERVED
+CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype Pollution ...)
+	TODO: check
 CVE-2022-22138
 	RESERVED
 CVE-2022-21811
@@ -11362,10 +11364,9 @@ CVE-2022-21232
 	RESERVED
 CVE-2022-21231
 	RESERVED
-CVE-2022-21230
-	RESERVED
-CVE-2022-21227 [Denial-of-Service due to fatal error when binding invalid parameters]
-	RESERVED
+CVE-2022-21230 (This affects all versions of package org.nanohttpd:nanohttpd. Whenever ...)
+	TODO: check
+CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Service ( ...)
 	- node-sqlite3 5.0.6+ds1-1
 	[bullseye] - node-sqlite3 <no-dsa> (Minor issue)
 	[buster] - node-sqlite3 <no-dsa> (minor issue)
@@ -11393,24 +11394,24 @@ CVE-2022-21191
 	RESERVED
 CVE-2022-21190
 	RESERVED
-CVE-2022-21189
-	RESERVED
+CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...)
+	TODO: check
 CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...)
 	NOT-FOR-US: libvcs
 CVE-2022-21186
 	RESERVED
 CVE-2022-21169
 	RESERVED
-CVE-2022-21167
-	RESERVED
+CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary  ...)
+	TODO: check
 CVE-2022-21165
 	RESERVED
 CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of Service ...)
 	NOT-FOR-US: Node lmdb
-CVE-2022-21149
-	RESERVED
-CVE-2022-21144
-	RESERVED
+CVE-2022-21149 (The package s-cart/s-cart before 6.9; the package s-cart/core before 6 ...)
+	TODO: check
+CVE-2022-21144 (This affects all versions of package libxmljs. When invoking the libxm ...)
+	TODO: check
 CVE-2022-21129
 	RESERVED
 CVE-2022-21126
@@ -20673,10 +20674,10 @@ CVE-2022-23063
 	RESERVED
 CVE-2022-23062
 	RESERVED
-CVE-2022-23061
-	RESERVED
-CVE-2022-23060
-	RESERVED
+CVE-2022-23061 (In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently del ...)
+	TODO: check
+CVE-2022-23060 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...)
+	TODO: check
 CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...)
 	NOT-FOR-US: Shopizer
 CVE-2022-23058



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11016e05a03fbce4dab85b2542c0164ed50e6c61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11016e05a03fbce4dab85b2542c0164ed50e6c61
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220501/87ed1ae8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list