[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 21 09:10:36 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e5f042a6 by security tracker role at 2022-05-21T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1. ...)
+ TODO: check
+CVE-2022-1808
+ RESERVED
CVE-2022-31257
RESERVED
CVE-2022-31256
@@ -42,8 +46,8 @@ CVE-2022-1805
RESERVED
CVE-2022-1804
RESERVED
-CVE-2022-1803
- RESERVED
+CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
+ TODO: check
CVE-2022-1802
RESERVED
- firefox 100.0.2-1
@@ -648,8 +652,8 @@ CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a
CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...)
- mujs <unfixed>
NOTE: https://github.com/ccxvii/mujs/issues/162
-CVE-2022-1775
- RESERVED
+CVE-2022-1775 (Weak Password Requirements in GitHub repository polonel/trudesk prior ...)
+ TODO: check
CVE-2022-1774 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1773
@@ -760,8 +764,8 @@ CVE-2022-1754 (Integer Overflow or Wraparound in GitHub repository polonel/trude
NOT-FOR-US: Trudesk
CVE-2022-1753 (A vulnerability, which was classified as critical, was found in WoWond ...)
NOT-FOR-US: WoWonder
-CVE-2022-1752
- RESERVED
+CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
+ TODO: check
CVE-2022-1751
RESERVED
CVE-2022-1750
@@ -5066,10 +5070,10 @@ CVE-2022-29450
RESERVED
CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29448
- RESERVED
-CVE-2022-29447
- RESERVED
+CVE-2022-29448 (Authenticated (admin or higher user role) Local File Inclusion (LFI) v ...)
+ TODO: check
+CVE-2022-29447 (Authenticated (administrator or higher user role) Local File Inclusion ...)
+ TODO: check
CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
@@ -5094,28 +5098,28 @@ CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander
NOT-FOR-US: WordPress plugin
CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29434
- RESERVED
+CVE-2022-29434 (Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugi ...)
+ TODO: check
CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29432
- RESERVED
-CVE-2022-29431
- RESERVED
-CVE-2022-29430
- RESERVED
+CVE-2022-29432 (Multiple Authenticated (administrator or higher user role) Persistent ...)
+ TODO: check
+CVE-2022-29431 (Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plug ...)
+ TODO: check
+CVE-2022-29430 (Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin ...)
+ TODO: check
CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Exte ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29428
- RESERVED
-CVE-2022-29427
- RESERVED
-CVE-2022-29426
- RESERVED
-CVE-2022-29425
- RESERVED
-CVE-2022-29424
- RESERVED
+CVE-2022-29428 (Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin ...)
+ TODO: check
+CVE-2022-29427 (Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disabl ...)
+ TODO: check
+CVE-2022-29426 (Authenticated (contributor or higher user role) Reflected Cross-Site S ...)
+ TODO: check
+CVE-2022-29425 (Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files U ...)
+ TODO: check
+CVE-2022-29424 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...)
+ TODO: check
CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown & Clock plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) ...)
@@ -5650,8 +5654,8 @@ CVE-2022-29224
RESERVED
CVE-2022-29223
RESERVED
-CVE-2022-29222
- RESERVED
+CVE-2022-29222 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...)
+ TODO: check
CVE-2022-29221
RESERVED
CVE-2022-29220
@@ -5662,87 +5666,86 @@ CVE-2022-29218 (RubyGems is a package registry used to supply software for the R
NOT-FOR-US: rubygems/rubygems.org
CVE-2022-29217
RESERVED
-CVE-2022-29216
- RESERVED
-CVE-2022-29215
- RESERVED
-CVE-2022-29214
- RESERVED
-CVE-2022-29213
- RESERVED
-CVE-2022-29212
- RESERVED
-CVE-2022-29211
- RESERVED
-CVE-2022-29210
- RESERVED
-CVE-2022-29209
- RESERVED
-CVE-2022-29208
- RESERVED
-CVE-2022-29207
- RESERVED
-CVE-2022-29206
- RESERVED
-CVE-2022-29205
- RESERVED
-CVE-2022-29204
- RESERVED
-CVE-2022-29203
- RESERVED
-CVE-2022-29202
- RESERVED
-CVE-2022-29201
- RESERVED
-CVE-2022-29200
- RESERVED
-CVE-2022-29199
- RESERVED
-CVE-2022-29198
- RESERVED
-CVE-2022-29197
- RESERVED
-CVE-2022-29196
- RESERVED
-CVE-2022-29195
- RESERVED
-CVE-2022-29194
- RESERVED
-CVE-2022-29193
- RESERVED
-CVE-2022-29192
- RESERVED
-CVE-2022-29191
- RESERVED
-CVE-2022-29190
- RESERVED
-CVE-2022-29189
- RESERVED
-CVE-2022-29188
- RESERVED
+CVE-2022-29216 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29215 (RegionProtect is a plugin that allows users to manage certain events i ...)
+ TODO: check
+CVE-2022-29214 (NextAuth.js (next-auth) is am open source authentication solution for ...)
+ TODO: check
+CVE-2022-29213 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29212 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29211 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29210 (TensorFlow is an open source platform for machine learning. In version ...)
+ TODO: check
+CVE-2022-29209 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29208 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29207 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29206 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29205 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29204 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29203 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29202 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29201 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29200 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29199 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29198 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29197 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29196 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29195 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29194 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29193 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29192 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29191 (TensorFlow is an open source platform for machine learning. Prior to v ...)
+ TODO: check
+CVE-2022-29190 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...)
+ TODO: check
+CVE-2022-29189 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...)
+ TODO: check
+CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescreen is ...)
+ TODO: check
CVE-2022-29187
RESERVED
-CVE-2022-29186
- RESERVED
-CVE-2022-29185
- RESERVED
-CVE-2022-29184
- RESERVED
-CVE-2022-29183
- RESERVED
-CVE-2022-29182
- RESERVED
-CVE-2022-29181
- RESERVED
+CVE-2022-29186 (Rundeck is an open source automation service with a web console, comma ...)
+ TODO: check
+CVE-2022-29185 (totp-rs is a Rust library that permits the creation of 2FA authentific ...)
+ TODO: check
+CVE-2022-29184 (GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0 ...)
+ TODO: check
+CVE-2022-29183 (GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4. ...)
+ TODO: check
+CVE-2022-29182 (GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21 ...)
+ TODO: check
+CVE-2022-29181 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ...)
- ruby-nokogiri <unfixed> (unimportant)
NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
NOTE: https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7 (v1.13.6)
CVE-2022-29180 (A vulnerability in which attackers could forge HTTP requests to manipu ...)
NOT-FOR-US: charmbracelet/charm
-CVE-2022-29179
- RESERVED
-CVE-2022-29178
- RESERVED
+CVE-2022-29179 (Cilium is open source software for providing and securing network conn ...)
+ TODO: check
+CVE-2022-29178 (Cilium is open source software for providing and securing network conn ...)
+ TODO: check
CVE-2022-29177 (Go Ethereum is the official Golang implementation of the Ethereum prot ...)
- golang-github-go-ethereum <itp> (bug #890541)
CVE-2022-29176 (Rubygems is a package registry used to supply software for the Ruby la ...)
@@ -6329,8 +6332,8 @@ CVE-2022-28997
RESERVED
CVE-2022-28996
RESERVED
-CVE-2022-28995
- RESERVED
+CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code execution (RCE) ...)
+ TODO: check
CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...)
NOT-FOR-US: Small HTTP Server
CVE-2022-28993 (Multi Store Inventory Management System v1.0 allows attackers to perfo ...)
@@ -7308,8 +7311,8 @@ CVE-2022-28620
RESERVED
CVE-2022-28619
RESERVED
-CVE-2022-28618
- RESERVED
+CVE-2022-28618 (A command injection security vulnerability has been identified in HPE ...)
+ TODO: check
CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...)
NOT-FOR-US: HPE OneView
CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
@@ -7527,8 +7530,8 @@ CVE-2022-28533 (Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to S
NOT-FOR-US: Sourcecodester Medical Hub Directory Site
CVE-2022-28532
RESERVED
-CVE-2022-28531
- RESERVED
+CVE-2022-28531 (Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerab ...)
+ TODO: check
CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnera ...)
NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System
CVE-2022-28529
@@ -15068,8 +15071,8 @@ CVE-2022-24438
RESERVED
CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to Command I ...)
NOT-FOR-US: Node git-pull-or-clone
-CVE-2022-24434
- RESERVED
+CVE-2022-24434 (This affects all versions of package dicer. A malicious attacker can s ...)
+ TODO: check
CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...)
NOT-FOR-US: simple-git
CVE-2022-24431
@@ -15154,8 +15157,8 @@ CVE-2022-21211
RESERVED
CVE-2022-21208
RESERVED
-CVE-2022-21195
- RESERVED
+CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
+ TODO: check
CVE-2022-21192
RESERVED
CVE-2022-21191
@@ -16950,7 +16953,7 @@ CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain
NOTE: https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6
NOTE: https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f
NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379
-CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' fie ...)
+CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' fiel ...)
NOT-FOR-US: Popcorn Time
CVE-2022-25228
RESERVED
@@ -19269,7 +19272,7 @@ CVE-2022-24428 (Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x
NOT-FOR-US: Dell
CVE-2022-24427
RESERVED
-CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...)
+CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 ...)
NOT-FOR-US: Dell
CVE-2022-24425
RESERVED
@@ -24727,10 +24730,10 @@ CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either L
NOT-FOR-US: vmware-tanzu/pinniped
CVE-2022-22974
RESERVED
-CVE-2022-22973
- RESERVED
-CVE-2022-22972
- RESERVED
+CVE-2022-22973 (VMware Workspace ONE Access and Identity Manager contain a privilege e ...)
+ TODO: check
+CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...)
- libspring-java <unfixed>
NOTE: https://tanzu.vmware.com/security/cve-2022-22971
@@ -34722,6 +34725,7 @@ CVE-2022-21726 (Tensorflow is an Open Source Machine Learning Framework. The imp
CVE-2022-21725 (Tensorflow is an Open Source Machine Learning Framework. The estimator ...)
- tensorflow <itp> (bug #804612)
CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...)
+ {DLA-3018-1}
- libpgjava 42.3.2-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2)
@@ -56159,8 +56163,8 @@ CVE-2021-36835
RESERVED
CVE-2021-36834
RESERVED
-CVE-2021-36833
- RESERVED
+CVE-2021-36833 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin ̵ ...)
NOT-FOR-US: WordPress plugins
CVE-2021-36831
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f042a6d61d09dd750d6042515fc3e902267027
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5f042a6d61d09dd750d6042515fc3e902267027
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220521/846b1a58/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list