[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 13 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bfa184c7 by security tracker role at 2022-05-13T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,167 @@
+CVE-2022-30689
+ RESERVED
+CVE-2022-30688
+ RESERVED
+CVE-2022-30687
+ RESERVED
+CVE-2022-30686
+ RESERVED
+CVE-2022-30685
+ RESERVED
+CVE-2022-30684
+ RESERVED
+CVE-2022-30683
+ RESERVED
+CVE-2022-30682
+ RESERVED
+CVE-2022-30681
+ RESERVED
+CVE-2022-30680
+ RESERVED
+CVE-2022-30679
+ RESERVED
+CVE-2022-30678
+ RESERVED
+CVE-2022-30677
+ RESERVED
+CVE-2022-30676
+ RESERVED
+CVE-2022-30675
+ RESERVED
+CVE-2022-30674
+ RESERVED
+CVE-2022-30673
+ RESERVED
+CVE-2022-30672
+ RESERVED
+CVE-2022-30671
+ RESERVED
+CVE-2022-30670
+ RESERVED
+CVE-2022-30669
+ RESERVED
+CVE-2022-30668
+ RESERVED
+CVE-2022-30667
+ RESERVED
+CVE-2022-30666
+ RESERVED
+CVE-2022-30665
+ RESERVED
+CVE-2022-30664
+ RESERVED
+CVE-2022-30663
+ RESERVED
+CVE-2022-30662
+ RESERVED
+CVE-2022-30661
+ RESERVED
+CVE-2022-30660
+ RESERVED
+CVE-2022-30659
+ RESERVED
+CVE-2022-30658
+ RESERVED
+CVE-2022-30657
+ RESERVED
+CVE-2022-30656
+ RESERVED
+CVE-2022-30655
+ RESERVED
+CVE-2022-30654
+ RESERVED
+CVE-2022-30653
+ RESERVED
+CVE-2022-30652
+ RESERVED
+CVE-2022-30651
+ RESERVED
+CVE-2022-30650
+ RESERVED
+CVE-2022-30649
+ RESERVED
+CVE-2022-30648
+ RESERVED
+CVE-2022-30647
+ RESERVED
+CVE-2022-30646
+ RESERVED
+CVE-2022-30645
+ RESERVED
+CVE-2022-30644
+ RESERVED
+CVE-2022-30643
+ RESERVED
+CVE-2022-30642
+ RESERVED
+CVE-2022-30641
+ RESERVED
+CVE-2022-30640
+ RESERVED
+CVE-2022-30639
+ RESERVED
+CVE-2022-30638
+ RESERVED
+CVE-2022-30637
+ RESERVED
+CVE-2022-30636
+ RESERVED
+CVE-2022-30635
+ RESERVED
+CVE-2022-30634
+ RESERVED
+CVE-2022-30633
+ RESERVED
+CVE-2022-30632
+ RESERVED
+CVE-2022-30631
+ RESERVED
+CVE-2022-30630
+ RESERVED
+CVE-2022-30629
+ RESERVED
+CVE-2022-30628
+ RESERVED
+CVE-2022-30627
+ RESERVED
+CVE-2022-30626
+ RESERVED
+CVE-2022-30625
+ RESERVED
+CVE-2022-30624
+ RESERVED
+CVE-2022-30623
+ RESERVED
+CVE-2022-30622
+ RESERVED
+CVE-2022-30621
+ RESERVED
+CVE-2022-30620
+ RESERVED
+CVE-2022-30619
+ RESERVED
+CVE-2022-30618
+ RESERVED
+CVE-2022-30617
+ RESERVED
+CVE-2022-29525
+ RESERVED
+CVE-2022-28704
+ RESERVED
+CVE-2022-26834
+ RESERVED
+CVE-2022-1705
+ RESERVED
+CVE-2022-1704
+ RESERVED
+CVE-2022-1703
+ RESERVED
+CVE-2022-1702
+ RESERVED
+CVE-2022-1701
+ RESERVED
+CVE-2022-1700
+ RESERVED
CVE-2022-30616
RESERVED
CVE-2022-30615
@@ -4033,8 +4197,8 @@ CVE-2022-29220
RESERVED
CVE-2022-29219
RESERVED
-CVE-2022-29218
- RESERVED
+CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...)
+ TODO: check
CVE-2022-29217
RESERVED
CVE-2022-29216
@@ -10058,8 +10222,8 @@ CVE-2022-27136
CVE-2022-27135 (xpdf 4.03 has heap buffer overflow in the function readXRefTable locat ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232
-CVE-2022-27134
- RESERVED
+CVE-2022-27134 (EOSIO batdappboomx v327c04cf has an Access-control vulnerability in th ...)
+ TODO: check
CVE-2022-27133 (zbzcms v1.0 was discovered to contain an arbitrary file deletion vulne ...)
NOT-FOR-US: zbzcms
CVE-2022-27132
@@ -16555,6 +16719,7 @@ CVE-2022-24763 (PJSIP is a free and open source multimedia communication library
CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...)
NOT-FOR-US: sysend.js
CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...)
+ {DLA-3000-1}
- waitress 2.1.1-1 (bug #1008013)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
NOTE: https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 (v2.1.1)
@@ -20459,8 +20624,8 @@ CVE-2022-23744
RESERVED
CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...)
TODO: check
-CVE-2022-23742
- RESERVED
+CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...)
+ TODO: check
CVE-2022-23741
RESERVED
CVE-2022-23740
@@ -22428,10 +22593,10 @@ CVE-2022-23168
RESERVED
CVE-2022-23167
RESERVED
-CVE-2022-23166
- RESERVED
-CVE-2022-23165
- RESERVED
+CVE-2022-23166 (Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenti ...)
+ TODO: check
+CVE-2022-23165 (Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - Th ...)
+ TODO: check
CVE-2022-23164
RESERVED
CVE-2022-23163 (Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a ...)
@@ -22482,8 +22647,8 @@ CVE-2022-23141
RESERVED
CVE-2022-23140
RESERVED
-CVE-2022-23139
- RESERVED
+CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control vulnerabil ...)
+ TODO: check
CVE-2022-23138
RESERVED
CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker c ...)
@@ -22965,10 +23130,10 @@ CVE-2022-22973
RESERVED
CVE-2022-22972
RESERVED
-CVE-2022-22971
- RESERVED
-CVE-2022-22970
- RESERVED
+CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...)
+ TODO: check
+CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...)
+ TODO: check
CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x prior t ...)
NOT-FOR-US: spring-security-oauth
CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...)
@@ -23755,12 +23920,12 @@ CVE-2022-22800
RESERVED
CVE-2022-22799
RESERVED
-CVE-2022-22798
- RESERVED
-CVE-2022-22797
- RESERVED
-CVE-2022-22796
- RESERVED
+CVE-2022-22798 (Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Contro ...)
+ TODO: check
+CVE-2022-22797 (Sysaid – sysaid Open Redirect - An Attacker can change the redir ...)
+ TODO: check
+CVE-2022-22796 (Sysaid – Sysaid System Takeover - An attacker can bypass the aut ...)
+ TODO: check
CVE-2022-22795 (Signiant - Manager+Agents XML External Entity (XXE) - Extract internal ...)
NOT-FOR-US: Signiant Manager+Agents
CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker c ...)
@@ -46608,13 +46773,13 @@ CVE-2021-39913 (Accidental logging of system root password in the migration log
- gitlab <unfixed>
CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...)
- gitlab <unfixed>
-CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 13.9 exp ...)
+CVE-2021-39911 (An improper access control flaw in all versions of GitLab CE/EE starti ...)
- gitlab <unfixed>
CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2021-39908 (In all versions of GitLab CE/EE, certain Unicode characters can be abu ...)
+CVE-2021-39908 (In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all ...)
- gitlab <unfixed>
CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...)
- gitlab <unfixed>
@@ -46662,11 +46827,11 @@ CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavor
- gitlab <unfixed>
CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...)
- gitlab <unfixed>
-CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5 ...)
+CVE-2021-39885 (A Stored XSS in merge request creation page in all versions of Gitlab ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
-CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows subgroup ...)
+CVE-2021-39883 (Improper authorization checks in all versions of GitLab EE starting fr ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...)
- gitlab <unfixed>
@@ -77410,26 +77575,26 @@ CVE-2021-27779
RESERVED
CVE-2021-27778
RESERVED
-CVE-2021-27777
- RESERVED
+CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when poorly ...)
+ TODO: check
CVE-2021-27776
RESERVED
CVE-2021-27775
RESERVED
CVE-2021-27774
RESERVED
-CVE-2021-27773
- RESERVED
-CVE-2021-27772
- RESERVED
-CVE-2021-27771
- RESERVED
-CVE-2021-27770
- RESERVED
-CVE-2021-27769
- RESERVED
-CVE-2021-27768
- RESERVED
+CVE-2021-27773 (This vulnerability allows users to execute a clickjacking attack in th ...)
+ TODO: check
+CVE-2021-27772 (Users are able to read group conversations without actively taking par ...)
+ TODO: check
+CVE-2021-27771 (User SID can be modified resulting in an Arbitrary File Upload or dele ...)
+ TODO: check
+CVE-2021-27770 (The vulnerability was discovered within the “FaviconService̶ ...)
+ TODO: check
+CVE-2021-27769 (Information leakage occurs when a website reveals information that cou ...)
+ TODO: check
+CVE-2021-27768 (Using the ability to perform a Man-in-the-Middle (MITM) attack, which ...)
+ TODO: check
CVE-2021-27767 (The BigFix Console installer is created with InstallShield, which was ...)
NOT-FOR-US: HCL
CVE-2021-27766 (The BigFix Client installer is created with InstallShield, which was a ...)
@@ -78022,12 +78187,12 @@ CVE-2021-27502
RESERVED
CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow certain c ...)
NOT-FOR-US: Philips Vue PACS
-CVE-2021-27500
- RESERVED
+CVE-2021-27500 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
NOT-FOR-US: Ypsomed
-CVE-2021-27498
- RESERVED
+CVE-2021-27498 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27497 (Philips Vue PACS versions 12.2.x.x and prior does not use or incorrect ...)
NOT-FOR-US: Philips Vue PACS
CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
@@ -78058,16 +78223,16 @@ CVE-2021-27484
RESERVED
CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...)
NOT-FOR-US: ZOLL Defibrillator Dashboard
-CVE-2021-27482
- RESERVED
+CVE-2021-27482 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...)
NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...)
NOT-FOR-US: Delta Industrial Automation COMMGR
CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product̵ ...)
NOT-FOR-US: ZOLL Defibrillator Dashboard
-CVE-2021-27478
- RESERVED
+CVE-2021-27478 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...)
NOT-FOR-US: JTEKT
CVE-2021-27476 (A vulnerability exists in the SaveConfigFile function of the RACompare ...)
@@ -90661,7 +90826,7 @@ CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions st
- gitlab <unfixed>
CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...)
+CVE-2021-22262 (Missing access control in all GitLab versions starting from 13.12 befo ...)
- gitlab <unfixed>
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
- gitlab <unfixed>
@@ -90738,7 +90903,7 @@ CVE-2021-22230 (Improper code rendering while rendering merge requests could be
- gitlab <unfixed>
CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions. Imprope ...)
+CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- gitlab <unfixed>
CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...)
- gitlab <unfixed>
@@ -90763,9 +90928,9 @@ CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions st
- gitlab <unfixed>
CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain ...)
+CVE-2021-22219 (All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all ver ...)
- gitlab <unfixed>
-CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...)
+CVE-2021-22218 (All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all ve ...)
- gitlab <unfixed>
CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
- gitlab <unfixed>
@@ -120500,14 +120665,14 @@ CVE-2020-22989
RESERVED
CVE-2020-22988
RESERVED
-CVE-2020-22987
- RESERVED
-CVE-2020-22986
- RESERVED
-CVE-2020-22985
- RESERVED
-CVE-2020-22984
- RESERVED
+CVE-2020-22987 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.1 ...)
+ TODO: check
+CVE-2020-22986 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.1 ...)
+ TODO: check
+CVE-2020-22985 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.1 ...)
+ TODO: check
+CVE-2020-22984 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.1 ...)
+ TODO: check
CVE-2020-22983
RESERVED
CVE-2020-22982
@@ -186094,6 +186259,7 @@ CVE-2019-16794
CVE-2019-16793
RESERVED
CVE-2019-16792 (Waitress through version 1.3.1 allows request smuggling by sending the ...)
+ {DLA-3000-1}
- waitress 1.4.1-1
[buster] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
@@ -186105,7 +186271,7 @@ CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can receive
CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...)
NOT-FOR-US: Tiny File Manager
CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...)
- {DLA-2056-1}
+ {DLA-3000-1 DLA-2056-1}
- waitress 1.4.1-1 (bug #947433)
[buster] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
@@ -186113,12 +186279,14 @@ CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in
CVE-2019-16788
REJECTED
CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
+ {DLA-3000-1}
- waitress 1.4.1-1 (bug #947306)
[buster] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
NOTE: https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3
CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 ...)
+ {DLA-3000-1}
- waitress 1.4.1-1 (bug #947306)
[buster] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa184c7a5a5c6cee1b7b3882dd992887516f17f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa184c7a5a5c6cee1b7b3882dd992887516f17f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220513/d589b3bf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list