[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 19 21:10:40 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5c3fc6d8 by security tracker role at 2022-05-19T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-31239
+ RESERVED
+CVE-2022-31238
+ RESERVED
+CVE-2022-31237
+ RESERVED
+CVE-2022-31236
+ RESERVED
+CVE-2022-31235
+ RESERVED
+CVE-2022-31234
+ RESERVED
+CVE-2022-31233
+ RESERVED
+CVE-2022-31232
+ RESERVED
+CVE-2022-31231
+ RESERVED
+CVE-2022-31230
+ RESERVED
+CVE-2022-31229
+ RESERVED
+CVE-2022-31228
+ RESERVED
+CVE-2022-31227
+ RESERVED
+CVE-2022-31226
+ RESERVED
+CVE-2022-31225
+ RESERVED
+CVE-2022-31224
+ RESERVED
+CVE-2022-31223
+ RESERVED
+CVE-2022-31222
+ RESERVED
+CVE-2022-31221
+ RESERVED
+CVE-2022-31220
+ RESERVED
+CVE-2022-31219
+ RESERVED
+CVE-2022-31218
+ RESERVED
+CVE-2022-31217
+ RESERVED
+CVE-2022-31216
+ RESERVED
+CVE-2022-1801
+ RESERVED
+CVE-2022-1800
+ RESERVED
+CVE-2022-1799
+ RESERVED
+CVE-2022-1798
+ RESERVED
CVE-2022-31215
RESERVED
CVE-2022-31214
@@ -476,8 +532,8 @@ CVE-2022-30977
RESERVED
CVE-2022-29496
RESERVED
-CVE-2022-1796
- RESERVED
+CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...)
- gpac <unfixed>
NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc
@@ -500,8 +556,8 @@ CVE-2022-1787
RESERVED
CVE-2022-1786
RESERVED
-CVE-2022-1785
- RESERVED
+CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1784
RESERVED
CVE-2022-1783
@@ -822,8 +878,8 @@ CVE-2022-1732
RESERVED
CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...)
NOT-FOR-US: Metasonic Doc WebClient
-CVE-2022-1730
- RESERVED
+CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
+ TODO: check
CVE-2022-1729
RESERVED
CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...)
@@ -1432,10 +1488,10 @@ CVE-2022-30620
RESERVED
CVE-2022-30619
RESERVED
-CVE-2022-30618
- RESERVED
-CVE-2022-30617
- RESERVED
+CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...)
+ TODO: check
+CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...)
+ TODO: check
CVE-2022-29525
RESERVED
CVE-2022-28704
@@ -3163,8 +3219,8 @@ CVE-2022-30020
RESERVED
CVE-2022-30019
RESERVED
-CVE-2022-30018
- RESERVED
+CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Prote ...)
+ TODO: check
CVE-2022-30017
RESERVED
CVE-2022-30016
@@ -4594,8 +4650,8 @@ CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a co
NOT-FOR-US: WordPress plugin
CVE-2022-1424
RESERVED
-CVE-2022-1423
- RESERVED
+CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...)
+ TODO: check
CVE-2022-1422
RESERVED
CVE-2022-1421
@@ -4706,14 +4762,14 @@ CVE-2022-29526
NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1)
CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...)
TODO: check
-CVE-2022-1416
- RESERVED
+CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...)
+ TODO: check
CVE-2022-1415
RESERVED
CVE-2022-1414
RESERVED
-CVE-2022-1413
- RESERVED
+CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...)
+ TODO: check
CVE-2022-1412
RESERVED
CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
@@ -4935,14 +4991,14 @@ CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Uplo
NOT-FOR-US: WordPress plugin
CVE-2022-29450
RESERVED
-CVE-2022-29449
- RESERVED
+CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
+ TODO: check
CVE-2022-29448
RESERVED
CVE-2022-29447
RESERVED
-CVE-2022-29446
- RESERVED
+CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
+ TODO: check
CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...)
@@ -5712,6 +5768,7 @@ CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel befor
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixedy by: https://git.kernel.org/linus/8700af2cc18c919b2a83e74e0479038fd113c15d (5.17-rc6)
CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection ...)
+ {DSA-5140-1}
- openldap 2.5.12+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9815
NOTE: https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 (master)
@@ -6287,8 +6344,8 @@ CVE-2022-28948
RESERVED
CVE-2022-28947
RESERVED
-CVE-2022-28946
- RESERVED
+CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...)
+ TODO: check
CVE-2022-28945
RESERVED
CVE-2022-28944
@@ -6325,8 +6382,8 @@ CVE-2022-28929 (Hospital Management System v1.0 was discovered to contain a SQL
NOT-FOR-US: kabirkhyrul/HMS
CVE-2022-28928
RESERVED
-CVE-2022-28927
- RESERVED
+CVE-2022-28927 (A remote code execution (RCE) vulnerability in Subconverter v0.7.2 all ...)
+ TODO: check
CVE-2022-28926
RESERVED
CVE-2022-28925
@@ -8281,8 +8338,7 @@ CVE-2022-1184
RESERVED
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
-CVE-2022-1183
- RESERVED
+CVE-2022-1183 (On vulnerable configurations, the named daemon may, in some circumstan ...)
- bind9 1:9.18.3-1
[bullseye] - bind9 <not-affected> (Vulnerable code not present)
[buster] - bind9 <not-affected> (Vulnerable code not present)
@@ -17088,8 +17144,8 @@ CVE-2021-46687
RESERVED
CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...)
NOT-FOR-US: JFrog Artifactory
-CVE-2021-45730
- RESERVED
+CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Con ...)
+ TODO: check
CVE-2021-45721
RESERVED
CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...)
@@ -24541,12 +24597,12 @@ CVE-2022-22980
RESERVED
CVE-2022-22979
RESERVED
-CVE-2022-22978
- RESERVED
+CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.5.7 and older unsupported vers ...)
+ TODO: check
CVE-2022-22977
RESERVED
-CVE-2022-22976
- RESERVED
+CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, a ...)
+ TODO: check
CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...)
NOT-FOR-US: vmware-tanzu/pinniped
CVE-2022-22974
@@ -43100,8 +43156,8 @@ CVE-2021-41940
RESERVED
CVE-2021-41939
RESERVED
-CVE-2021-41938
- RESERVED
+CVE-2021-41938 (An issue was discovered in ShopXO CMS 2.2.0. After entering the manage ...)
+ TODO: check
CVE-2021-41937
RESERVED
CVE-2021-41936
@@ -54576,8 +54632,8 @@ CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to
NOT-FOR-US: Zoho ManageEngine
CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2021-37413
- RESERVED
+CVE-2021-37413 (GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in t ...)
+ TODO: check
CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...)
NOT-FOR-US: TechRadar app for Confluence Server
CVE-2021-37411
@@ -65322,8 +65378,8 @@ CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering p
NOT-FOR-US: Open Design Alliance
CVE-2021-32935
RESERVED
-CVE-2021-32934
- RESERVED
+CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions before 3.1.5 ...)
+ TODO: check
CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that ...)
NOT-FOR-US: Auvesy-MDT
CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
@@ -81692,10 +81748,10 @@ CVE-2021-26633
RESERVED
CVE-2021-26632
RESERVED
-CVE-2021-26631
- RESERVED
-CVE-2021-26630
- RESERVED
+CVE-2021-26631 (Improper input validation vulnerability in Mangboard commerce package ...)
+ TODO: check
+CVE-2021-26630 (Improper input validation vulnerability in HANDY Groupware’s Act ...)
+ TODO: check
CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive function ...)
NOT-FOR-US: Tobesoft Xplatform
CVE-2021-26628 (Insufficient script validation of the admin page enables XSS, which ca ...)
@@ -97575,7 +97631,7 @@ CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5
NOT-FOR-US: Cybozu
CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...)
NOT-FOR-US: Cybozu
-CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of ...)
+CVE-2021-20771 (Cross-site scripting vulnerability in some functions of E-Mail of Cybo ...)
NOT-FOR-US: Cybozu
CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...)
NOT-FOR-US: Cybozu
@@ -136428,16 +136484,16 @@ CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives
NOT-FOR-US: Philips SureSigns
CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a ...)
NOT-FOR-US: FPWIN Pro
-CVE-2020-16235
- RESERVED
+CVE-2020-16235 (Inadequate encryption may allow the credentials used by Emerson OpenEn ...)
+ TODO: check
CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
NOT-FOR-US: PLC WinProladder
CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
NOT-FOR-US: CodeMeter
CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...)
NOT-FOR-US: Yokogawa WideField3
-CVE-2020-16231
- RESERVED
+CVE-2020-16231 (The affected Bachmann Electronic M-Base Controllers of version MSYS v1 ...)
+ TODO: check
CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
NOT-FOR-US: HMS Networks
CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
@@ -136480,8 +136536,8 @@ CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A
NOT-FOR-US: Advantech WebAccess
CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting, ...)
NOT-FOR-US: N-Tron
-CVE-2020-16209
- RESERVED
+CVE-2020-16209 (A malicious attacker could exploit the interface of the Fieldcomm Grou ...)
+ TODO: check
CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...)
NOT-FOR-US: N-Tron
CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...)
@@ -140964,8 +141020,8 @@ CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5.
NOT-FOR-US: HMS Industrial Networks AB eCatche
CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...)
NOT-FOR-US: Advantech
-CVE-2020-14496
- RESERVED
+CVE-2020-14496 (Successful exploitation of this vulnerability for multiple Mitsubishi ...)
+ TODO: check
CVE-2020-14495
REJECTED
CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...)
@@ -167940,8 +167996,8 @@ CVE-2020-4972
RESERVED
CVE-2020-4971
RESERVED
-CVE-2020-4970
- RESERVED
+CVE-2020-4970 (IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5. ...)
+ TODO: check
CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...)
NOT-FOR-US: IBM
CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3fc6d859c188b1d9a86d04296bcccaaf52bf44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3fc6d859c188b1d9a86d04296bcccaaf52bf44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220519/986e74ed/attachment.htm>
More information about the debian-security-tracker-commits
mailing list