[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 2 09:10:20 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9248dd76 by security tracker role at 2022-05-02T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,301 @@
+CVE-2022-30114
+ RESERVED
+CVE-2022-30113
+ RESERVED
+CVE-2022-30112
+ RESERVED
+CVE-2022-30111
+ RESERVED
+CVE-2022-30110
+ RESERVED
+CVE-2022-30109
+ RESERVED
+CVE-2022-30108
+ RESERVED
+CVE-2022-30107
+ RESERVED
+CVE-2022-30106
+ RESERVED
+CVE-2022-30105
+ RESERVED
+CVE-2022-30104
+ RESERVED
+CVE-2022-30103
+ RESERVED
+CVE-2022-30102
+ RESERVED
+CVE-2022-30101
+ RESERVED
+CVE-2022-30100
+ RESERVED
+CVE-2022-30099
+ RESERVED
+CVE-2022-30098
+ RESERVED
+CVE-2022-30097
+ RESERVED
+CVE-2022-30096
+ RESERVED
+CVE-2022-30095
+ RESERVED
+CVE-2022-30094
+ RESERVED
+CVE-2022-30093
+ RESERVED
+CVE-2022-30092
+ RESERVED
+CVE-2022-30091
+ RESERVED
+CVE-2022-30090
+ RESERVED
+CVE-2022-30089
+ RESERVED
+CVE-2022-30088
+ RESERVED
+CVE-2022-30087
+ RESERVED
+CVE-2022-30086
+ RESERVED
+CVE-2022-30085
+ RESERVED
+CVE-2022-30084
+ RESERVED
+CVE-2022-30083
+ RESERVED
+CVE-2022-30082
+ RESERVED
+CVE-2022-30081
+ RESERVED
+CVE-2022-30080
+ RESERVED
+CVE-2022-30079
+ RESERVED
+CVE-2022-30078
+ RESERVED
+CVE-2022-30077
+ RESERVED
+CVE-2022-30076
+ RESERVED
+CVE-2022-30075
+ RESERVED
+CVE-2022-30074
+ RESERVED
+CVE-2022-30073
+ RESERVED
+CVE-2022-30072
+ RESERVED
+CVE-2022-30071
+ RESERVED
+CVE-2022-30070
+ RESERVED
+CVE-2022-30069
+ RESERVED
+CVE-2022-30068
+ RESERVED
+CVE-2022-30067
+ RESERVED
+CVE-2022-30066
+ RESERVED
+CVE-2022-30065
+ RESERVED
+CVE-2022-30064
+ RESERVED
+CVE-2022-30063
+ RESERVED
+CVE-2022-30062
+ RESERVED
+CVE-2022-30061
+ RESERVED
+CVE-2022-30060
+ RESERVED
+CVE-2022-30059
+ RESERVED
+CVE-2022-30058
+ RESERVED
+CVE-2022-30057
+ RESERVED
+CVE-2022-30056
+ RESERVED
+CVE-2022-30055
+ RESERVED
+CVE-2022-30054
+ RESERVED
+CVE-2022-30053
+ RESERVED
+CVE-2022-30052
+ RESERVED
+CVE-2022-30051
+ RESERVED
+CVE-2022-30050
+ RESERVED
+CVE-2022-30049
+ RESERVED
+CVE-2022-30048
+ RESERVED
+CVE-2022-30047
+ RESERVED
+CVE-2022-30046
+ RESERVED
+CVE-2022-30045
+ RESERVED
+CVE-2022-30044
+ RESERVED
+CVE-2022-30043
+ RESERVED
+CVE-2022-30042
+ RESERVED
+CVE-2022-30041
+ RESERVED
+CVE-2022-30040
+ RESERVED
+CVE-2022-30039
+ RESERVED
+CVE-2022-30038
+ RESERVED
+CVE-2022-30037
+ RESERVED
+CVE-2022-30036
+ RESERVED
+CVE-2022-30035
+ RESERVED
+CVE-2022-30034
+ RESERVED
+CVE-2022-30033
+ RESERVED
+CVE-2022-30032
+ RESERVED
+CVE-2022-30031
+ RESERVED
+CVE-2022-30030
+ RESERVED
+CVE-2022-30029
+ RESERVED
+CVE-2022-30028
+ RESERVED
+CVE-2022-30027
+ RESERVED
+CVE-2022-30026
+ RESERVED
+CVE-2022-30025
+ RESERVED
+CVE-2022-30024
+ RESERVED
+CVE-2022-30023
+ RESERVED
+CVE-2022-30022
+ RESERVED
+CVE-2022-30021
+ RESERVED
+CVE-2022-30020
+ RESERVED
+CVE-2022-30019
+ RESERVED
+CVE-2022-30018
+ RESERVED
+CVE-2022-30017
+ RESERVED
+CVE-2022-30016
+ RESERVED
+CVE-2022-30015
+ RESERVED
+CVE-2022-30014
+ RESERVED
+CVE-2022-30013
+ RESERVED
+CVE-2022-30012
+ RESERVED
+CVE-2022-30011
+ RESERVED
+CVE-2022-30010
+ RESERVED
+CVE-2022-30009
+ RESERVED
+CVE-2022-30008
+ RESERVED
+CVE-2022-30007
+ RESERVED
+CVE-2022-30006
+ RESERVED
+CVE-2022-30005
+ RESERVED
+CVE-2022-30004
+ RESERVED
+CVE-2022-30003
+ RESERVED
+CVE-2022-30002
+ RESERVED
+CVE-2022-30001
+ RESERVED
+CVE-2022-30000
+ RESERVED
+CVE-2022-29999
+ RESERVED
+CVE-2022-29998
+ RESERVED
+CVE-2022-29997
+ RESERVED
+CVE-2022-29996
+ RESERVED
+CVE-2022-29995
+ RESERVED
+CVE-2022-29994
+ RESERVED
+CVE-2022-29993
+ RESERVED
+CVE-2022-29992
+ RESERVED
+CVE-2022-29991
+ RESERVED
+CVE-2022-29990
+ RESERVED
+CVE-2022-29989
+ RESERVED
+CVE-2022-29988
+ RESERVED
+CVE-2022-29987
+ RESERVED
+CVE-2022-29986
+ RESERVED
+CVE-2022-29985
+ RESERVED
+CVE-2022-29984
+ RESERVED
+CVE-2022-29983
+ RESERVED
+CVE-2022-29982
+ RESERVED
+CVE-2022-29981
+ RESERVED
+CVE-2022-29980
+ RESERVED
+CVE-2022-29979
+ RESERVED
+CVE-2022-29978
+ RESERVED
+CVE-2022-29977
+ RESERVED
+CVE-2022-29976
+ RESERVED
+CVE-2022-29975
+ RESERVED
+CVE-2022-29974
+ RESERVED
+CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive information ( ...)
+ TODO: check
+CVE-2022-29972
+ RESERVED
+CVE-2022-29971
+ RESERVED
+CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches ...)
+ TODO: check
+CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...)
+ TODO: check
+CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_rw_init ...)
+ TODO: check
+CVE-2022-1545
+ RESERVED
+CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...)
+ TODO: check
CVE-2022-1544 (Formula Injection/CSV Injection due to Improper Neutralization of Form ...)
TODO: check
CVE-2022-29967 (static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6. ...)
@@ -313,8 +611,8 @@ CVE-2022-29851
RESERVED
CVE-2022-29850
RESERVED
-CVE-2022-29849
- RESERVED
+CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SU ...)
+ TODO: check
CVE-2022-29848
RESERVED
CVE-2022-29847
@@ -1075,6 +1373,7 @@ CVE-2022-1451 (Out-of-bounds Read in r_bin_java_constant_value_attr_new function
NOTE: https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7
NOTE: https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529
CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this ...)
+ {DLA-2989-1}
- ghostscript 9.27~dfsg-1
NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0
NOTE: Issue exists because of an incomplete fix for CVE-2019-3839
@@ -4101,8 +4400,8 @@ CVE-2022-28453
RESERVED
CVE-2022-28452 (Red Planet Laundry Management System 1.0 is vulnerable to SQL Injectio ...)
NOT-FOR-US: Red Planet Laundry Management System
-CVE-2022-28451
- RESERVED
+CVE-2022-28451 (nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup ...)
+ TODO: check
CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...)
NOT-FOR-US: nopCommerce
CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At App ...)
@@ -22249,8 +22548,8 @@ CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 1
- gitlab <unfixed>
CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- gitlab <unfixed>
-CVE-2021-4200
- RESERVED
+CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher allows w ...)
+ TODO: check
CVE-2022-22677
RESERVED
CVE-2022-22676
@@ -42163,8 +42462,8 @@ CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js
[buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/
NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1)
-CVE-2021-40822
- RESERVED
+CVE-2021-40822 (GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the ...)
+ TODO: check
CVE-2021-40821
RESERVED
CVE-2021-40820
@@ -52262,8 +52561,8 @@ CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3
NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...)
NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
-CVE-2021-36784
- RESERVED
+CVE-2021-36784 (A Improper Privilege Management vulnerability in SUSE Rancher allows u ...)
+ TODO: check
CVE-2021-36783
RESERVED
CVE-2021-36782
@@ -52274,8 +52573,8 @@ CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Long
NOT-FOR-US: Longhorn
CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
NOT-FOR-US: Longhorn
-CVE-2021-36778
- RESERVED
+CVE-2021-36778 (A Exposure of Sensitive Information to an Unauthorized Actor vulnerabi ...)
+ TODO: check
CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
NOT-FOR-US: OpenSuSE infrastructure
CVE-2021-36776 (A Improper Access Control vulnerability in SUSE Rancher allows remote ...)
@@ -65005,10 +65304,10 @@ CVE-2021-31676
RESERVED
CVE-2021-31675
RESERVED
-CVE-2021-31674
- RESERVED
-CVE-2021-31673
- RESERVED
+CVE-2021-31674 (Cyclos 4 PRO 4.14.7 and before does not validate user input at error i ...)
+ TODO: check
+CVE-2021-31673 (A Dom-based Cross-site scripting (XSS) vulnerability at registration a ...)
+ TODO: check
CVE-2021-31672
RESERVED
CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9248dd7642bf34996b9b594785eb8ac659d4081e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9248dd7642bf34996b9b594785eb8ac659d4081e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220502/4bcbdf0d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list