[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 20 09:10:19 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c663e63c by security tracker role at 2022-05-20T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-31246
+ RESERVED
+CVE-2022-31245
+ RESERVED
+CVE-2022-31244
+ RESERVED
+CVE-2022-31243
+ RESERVED
+CVE-2022-31242
+ RESERVED
+CVE-2022-31241
+ RESERVED
+CVE-2022-31240
+ RESERVED
+CVE-2022-1805
+ RESERVED
+CVE-2022-1804
+ RESERVED
+CVE-2022-1803
+ RESERVED
+CVE-2022-1802
+ RESERVED
+CVE-2020-36522
+ RESERVED
CVE-2022-31239
RESERVED
CVE-2022-31238
@@ -698,8 +722,8 @@ CVE-2022-30946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Scr
NOT-FOR-US: Jenkins plugin
CVE-2022-30945 (Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allow ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-1754
- RESERVED
+CVE-2022-1754 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...)
+ TODO: check
CVE-2022-1753 (A vulnerability, which was classified as critical, was found in WoWond ...)
NOT-FOR-US: WoWonder
CVE-2022-1752
@@ -3443,7 +3467,7 @@ CVE-2022-29918
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29918
CVE-2022-29917
RESERVED
- {DSA-5129-1 DLA-2994-1}
+ {DSA-5141-1 DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
- thunderbird 1:91.9.0-1
@@ -3452,7 +3476,7 @@ CVE-2022-29917
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29917
CVE-2022-29916
RESERVED
- {DSA-5129-1 DLA-2994-1}
+ {DSA-5141-1 DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
- thunderbird 1:91.9.0-1
@@ -3465,7 +3489,7 @@ CVE-2022-29915
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29915
CVE-2022-29914
RESERVED
- {DSA-5129-1 DLA-2994-1}
+ {DSA-5141-1 DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
- thunderbird 1:91.9.0-1
@@ -3474,11 +3498,12 @@ CVE-2022-29914
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29914
CVE-2022-29913
RESERVED
+ {DSA-5141-1}
- thunderbird 1:91.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29913
CVE-2022-29912
RESERVED
- {DSA-5129-1 DLA-2994-1}
+ {DSA-5141-1 DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
- thunderbird 1:91.9.0-1
@@ -3487,7 +3512,7 @@ CVE-2022-29912
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29912
CVE-2022-29911
RESERVED
- {DSA-5129-1 DLA-2994-1}
+ {DSA-5141-1 DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
- thunderbird 1:91.9.0-1
@@ -3500,7 +3525,7 @@ CVE-2022-29910
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29910
CVE-2022-29909
RESERVED
- {DSA-5129-1 DLA-2994-1}
+ {DSA-5141-1 DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
- thunderbird 1:91.9.0-1
@@ -3657,6 +3682,7 @@ CVE-2022-1521
RESERVED
CVE-2022-1520
RESERVED
+ {DSA-5141-1}
- thunderbird 1:91.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
CVE-2022-1519
@@ -4370,8 +4396,8 @@ CVE-2022-29654
RESERVED
CVE-2022-29653
RESERVED
-CVE-2022-29652
- RESERVED
+CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
CVE-2022-29651
RESERVED
CVE-2022-29650
@@ -5320,8 +5346,8 @@ CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vul
NOT-FOR-US: Ionize CMS
CVE-2022-29305
RESERVED
-CVE-2022-29304
- RESERVED
+CVE-2022-29304 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command injecti ...)
NOT-FOR-US: SolarView Compact
CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local file disc ...)
@@ -6266,12 +6292,12 @@ CVE-2022-28989
RESERVED
CVE-2022-28988
RESERVED
-CVE-2022-28987
- RESERVED
+CVE-2022-28987 (ManageEngine ADSelfService Plus v6.1 allows attackers to perform usern ...)
+ TODO: check
CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: ...)
NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
-CVE-2022-28985
- RESERVED
+CVE-2022-28985 (A stored cross-site scripting (XSS) vulnerability in the addNewPost co ...)
+ TODO: check
CVE-2022-28984
RESERVED
CVE-2022-28983
@@ -6310,28 +6336,28 @@ CVE-2022-28967
RESERVED
CVE-2022-28966 (Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code ...)
NOT-FOR-US: wasm3
-CVE-2022-28965
- RESERVED
-CVE-2022-28964
- RESERVED
+CVE-2022-28965 (Multiple DLL hijacking vulnerabilities via the components instup.exe a ...)
+ TODO: check
+CVE-2022-28964 (An arbitrary file write vulnerability in Avast Premium Security before ...)
+ TODO: check
CVE-2022-28963
RESERVED
-CVE-2022-28962
- RESERVED
-CVE-2022-28961
- RESERVED
+CVE-2022-28962 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-28961 (Spip Web Framework v3.1.13 and below was discovered to contain multipl ...)
+ {DSA-4798-1}
- spip 3.2.8-1
NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr
NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
-CVE-2022-28960
- RESERVED
+CVE-2022-28960 (A PHP injection vulnerability in Spip before v3.2.8 allows attackers t ...)
+ {DSA-4798-1}
- spip 3.2.8-1
NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr
NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
-CVE-2022-28959
- RESERVED
+CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...)
+ TODO: check
CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote code execut ...)
NOT-FOR-US: D-Link
CVE-2022-28957
@@ -6352,8 +6378,8 @@ CVE-2022-28950
RESERVED
CVE-2022-28949
RESERVED
-CVE-2022-28948
- RESERVED
+CVE-2022-28948 (An issue in the Unmarshal function in Go-Yaml v3 causes the program to ...)
+ TODO: check
CVE-2022-28947
RESERVED
CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...)
@@ -35576,8 +35602,8 @@ CVE-2022-21502
RESERVED
CVE-2022-21501
RESERVED
-CVE-2022-21500
- RESERVED
+CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage Proxies). ...)
+ TODO: check
CVE-2022-21499
RESERVED
CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
@@ -35690,6 +35716,7 @@ CVE-2022-21451 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub produc ...)
NOT-FOR-US: Oracle
CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5128-1}
- openjdk-17 17.0.3+7-1
- openjdk-18 18.0.1+10-1
CVE-2022-21448 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
@@ -62471,8 +62498,8 @@ CVE-2021-34113
RESERVED
CVE-2021-34112
RESERVED
-CVE-2021-34111
- RESERVED
+CVE-2021-34111 (Thecus 4800Eco was discovered to contain a command injection vulnerabi ...)
+ TODO: check
CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...)
NOT-FOR-US: WinWaste.NET
CVE-2021-34109
@@ -169737,8 +169764,8 @@ CVE-2020-4109
RESERVED
CVE-2020-4108
RESERVED
-CVE-2020-4107
- RESERVED
+CVE-2020-4107 (HCL Domino is affected by an Insufficient Access Control vulnerability ...)
+ TODO: check
CVE-2020-4106
RESERVED
CVE-2020-4105
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c663e63c91c07814e1ac3a0ac8283f214a51c46e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c663e63c91c07814e1ac3a0ac8283f214a51c46e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220520/9b30820c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list