[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 6 09:10:25 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6f37609 by security tracker role at 2022-05-06T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ...)
+	TODO: check
+CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-fre ...)
+	TODO: check
+CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...)
+	TODO: check
+CVE-2022-29894
+	RESERVED
+CVE-2022-1602
+	RESERVED
+CVE-2022-1601
+	RESERVED
 CVE-2022-1600
 	RESERVED
 CVE-2022-1599
@@ -2181,8 +2193,8 @@ CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML docu
 	NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106
 	NOTE: Introduced by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/232c613472b38ff0d0d97338f366024ddb9cd228 (3.29.2)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525
-CVE-2022-29535
-	RESERVED
+CVE-2022-29535 (Zoho ManageEngine OPManager through 125588 allows SQL Injection via a  ...)
+	TODO: check
 CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In UsersController.php ...)
 	NOT-FOR-US: MISP
 CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS in app/Co ...)
@@ -3107,38 +3119,38 @@ CVE-2022-29178
 	RESERVED
 CVE-2022-29177
 	RESERVED
-CVE-2022-29176
-	RESERVED
-CVE-2022-29175
-	RESERVED
+CVE-2022-29176 (Rubygems is a package registry used to supply software for the Ruby la ...)
+	TODO: check
+CVE-2022-29175 (Vyper is a pythonic smart contract language for the ethereum virtual m ...)
+	TODO: check
 CVE-2022-29174
 	RESERVED
-CVE-2022-29173
-	RESERVED
-CVE-2022-29172
-	RESERVED
-CVE-2022-29171
-	RESERVED
+CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf do ...)
+	TODO: check
+CVE-2022-29172 (Auth0 is an authentication broker that supports both social and enterp ...)
+	TODO: check
+CVE-2022-29171 (Sourcegraph is a fast and featureful code search and navigation engine ...)
+	TODO: check
 CVE-2022-29170
 	RESERVED
 CVE-2022-29169
 	RESERVED
 CVE-2022-29168
 	RESERVED
-CVE-2022-29167
-	RESERVED
-CVE-2022-29166
-	RESERVED
+CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making  ...)
+	TODO: check
+CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerab ...)
+	TODO: check
 CVE-2022-29165
 	RESERVED
-CVE-2022-29164
-	RESERVED
+CVE-2022-29164 (Argo Workflows is an open source container-native workflow engine for  ...)
+	TODO: check
 CVE-2022-29163
 	RESERVED
 CVE-2022-29162
 	RESERVED
-CVE-2022-29161
-	RESERVED
+CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
 CVE-2022-29160
 	RESERVED
 CVE-2022-29159
@@ -15058,20 +15070,19 @@ CVE-2022-24905
 	RESERVED
 CVE-2022-24904
 	RESERVED
-CVE-2022-24903
-	RESERVED
+CVE-2022-24903 (Rsyslog is a rocket-fast system for log processing. Modules for TCP sy ...)
 	- rsyslog <unfixed> (bug #1010619)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/05/3
 	NOTE: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
 	NOTE: https://github.com/rsyslog/rsyslog/commit/89955b0bcb1ff105e1374aad7e0e993faa6a038f (v8.2204.1)
-CVE-2022-24902
-	RESERVED
+CVE-2022-24902 (TkVideoplayer is a simple library to play video files in tkinter. Unco ...)
+	TODO: check
 CVE-2022-24901 (Improper validation of the Apple certificate URL in the Apple Game Cen ...)
 	TODO: check
 CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to light up as ...)
 	NOT-FOR-US: Piano LED Visualizer
-CVE-2022-24899
-	RESERVED
+CVE-2022-24899 (Contao is a powerful open source CMS that allows you to create profess ...)
+	TODO: check
 CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...)
 	NOT-FOR-US: Xwiki
 CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...)
@@ -15103,8 +15114,8 @@ CVE-2022-24886 (Nextcloud Android app is the Android client for Nextcloud, a sel
 	NOT-FOR-US: Nextcloud Android app
 CVE-2022-24885 (Nextcloud Android app is the Android client for Nextcloud, a self-host ...)
 	NOT-FOR-US: Nextcloud Android app
-CVE-2022-24884
-	RESERVED
+CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keygen, si ...)
+	TODO: check
 CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
 	- freerdp2 2.7.0+dfsg1-1
 	- freerdp <removed>
@@ -15123,10 +15134,10 @@ CVE-2022-24880 (flask-session-captcha is a package which allows users to extend
 	NOT-FOR-US: flask-session-captcha
 CVE-2022-24879 (Shopware is an open source e-commerce software platform. Versions prio ...)
 	NOT-FOR-US: Shopware
-CVE-2022-24878
-	RESERVED
-CVE-2022-24877
-	RESERVED
+CVE-2022-24878 (Flux is an open and extensible continuous delivery solution for Kubern ...)
+	TODO: check
+CVE-2022-24877 (Flux is an open and extensible continuous delivery solution for Kubern ...)
+	TODO: check
 CVE-2022-24876
 	RESERVED
 CVE-2022-24875 (The CVEProject/cve-services is an open source project used to operate  ...)
@@ -15268,8 +15279,8 @@ CVE-2022-24819 (XWiki Platform is a generic wiki platform offering runtime servi
 	NOT-FOR-US: XWiki
 CVE-2022-24818 (GeoTools is an open source Java library that provides tools for geospa ...)
 	NOT-FOR-US: GeoTools
-CVE-2022-24817
-	RESERVED
+CVE-2022-24817 (Flux2 is an open and extensible continuous delivery solution for Kuber ...)
+	TODO: check
 CVE-2022-24816 (JAI-EXT is an open-source project which aims to extend the Java Advanc ...)
 	NOT-FOR-US: JAI-EXT
 CVE-2022-24815 (JHipster is a development platform to quickly generate, develop, & ...)
@@ -81357,11 +81368,9 @@ CVE-2021-25748
 	RESERVED
 CVE-2021-25747
 	RESERVED
-CVE-2021-25746
-	RESERVED
+CVE-2021-25746 (A security issue was discovered in ingress-nginx where a user that can ...)
 	NOT-FOR-US: Kubernetes ingress-nginx component
-CVE-2021-25745
-	RESERVED
+CVE-2021-25745 (A security issue was discovered in ingress-nginx where a user that can ...)
 	NOT-FOR-US: Kubernetes ingress-nginx component
 CVE-2021-25744
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f3760966467b37ecb265c17f5293e1c9e3b84b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6f3760966467b37ecb265c17f5293e1c9e3b84b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/bd7d9a59/attachment.htm>

More information about the debian-security-tracker-commits mailing list