[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 24 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b766b3b by security tracker role at 2022-05-24T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,255 @@
+CVE-2022-31598
+ RESERVED
+CVE-2022-31597
+ RESERVED
+CVE-2022-31596
+ RESERVED
+CVE-2022-31595
+ RESERVED
+CVE-2022-31594
+ RESERVED
+CVE-2022-31593
+ RESERVED
+CVE-2022-31592
+ RESERVED
+CVE-2022-31591
+ RESERVED
+CVE-2022-31590
+ RESERVED
+CVE-2022-31589
+ RESERVED
+CVE-2022-31588
+ RESERVED
+CVE-2022-31587
+ RESERVED
+CVE-2022-31586
+ RESERVED
+CVE-2022-31585
+ RESERVED
+CVE-2022-31584
+ RESERVED
+CVE-2022-31583
+ RESERVED
+CVE-2022-31582
+ RESERVED
+CVE-2022-31581
+ RESERVED
+CVE-2022-31580
+ RESERVED
+CVE-2022-31579
+ RESERVED
+CVE-2022-31578
+ RESERVED
+CVE-2022-31577
+ RESERVED
+CVE-2022-31576
+ RESERVED
+CVE-2022-31575
+ RESERVED
+CVE-2022-31574
+ RESERVED
+CVE-2022-31573
+ RESERVED
+CVE-2022-31572
+ RESERVED
+CVE-2022-31571
+ RESERVED
+CVE-2022-31570
+ RESERVED
+CVE-2022-31569
+ RESERVED
+CVE-2022-31568
+ RESERVED
+CVE-2022-31567
+ RESERVED
+CVE-2022-31566
+ RESERVED
+CVE-2022-31565
+ RESERVED
+CVE-2022-31564
+ RESERVED
+CVE-2022-31563
+ RESERVED
+CVE-2022-31562
+ RESERVED
+CVE-2022-31561
+ RESERVED
+CVE-2022-31560
+ RESERVED
+CVE-2022-31559
+ RESERVED
+CVE-2022-31558
+ RESERVED
+CVE-2022-31557
+ RESERVED
+CVE-2022-31556
+ RESERVED
+CVE-2022-31555
+ RESERVED
+CVE-2022-31554
+ RESERVED
+CVE-2022-31553
+ RESERVED
+CVE-2022-31552
+ RESERVED
+CVE-2022-31551
+ RESERVED
+CVE-2022-31550
+ RESERVED
+CVE-2022-31549
+ RESERVED
+CVE-2022-31548
+ RESERVED
+CVE-2022-31547
+ RESERVED
+CVE-2022-31546
+ RESERVED
+CVE-2022-31545
+ RESERVED
+CVE-2022-31544
+ RESERVED
+CVE-2022-31543
+ RESERVED
+CVE-2022-31542
+ RESERVED
+CVE-2022-31541
+ RESERVED
+CVE-2022-31540
+ RESERVED
+CVE-2022-31539
+ RESERVED
+CVE-2022-31538
+ RESERVED
+CVE-2022-31537
+ RESERVED
+CVE-2022-31536
+ RESERVED
+CVE-2022-31535
+ RESERVED
+CVE-2022-31534
+ RESERVED
+CVE-2022-31533
+ RESERVED
+CVE-2022-31532
+ RESERVED
+CVE-2022-31531
+ RESERVED
+CVE-2022-31530
+ RESERVED
+CVE-2022-31529
+ RESERVED
+CVE-2022-31528
+ RESERVED
+CVE-2022-31527
+ RESERVED
+CVE-2022-31526
+ RESERVED
+CVE-2022-31525
+ RESERVED
+CVE-2022-31524
+ RESERVED
+CVE-2022-31523
+ RESERVED
+CVE-2022-31522
+ RESERVED
+CVE-2022-31521
+ RESERVED
+CVE-2022-31520
+ RESERVED
+CVE-2022-31519
+ RESERVED
+CVE-2022-31518
+ RESERVED
+CVE-2022-31517
+ RESERVED
+CVE-2022-31516
+ RESERVED
+CVE-2022-31515
+ RESERVED
+CVE-2022-31514
+ RESERVED
+CVE-2022-31513
+ RESERVED
+CVE-2022-31512
+ RESERVED
+CVE-2022-31511
+ RESERVED
+CVE-2022-31510
+ RESERVED
+CVE-2022-31509
+ RESERVED
+CVE-2022-31508
+ RESERVED
+CVE-2022-31507
+ RESERVED
+CVE-2022-31506
+ RESERVED
+CVE-2022-31505
+ RESERVED
+CVE-2022-31504
+ RESERVED
+CVE-2022-31503
+ RESERVED
+CVE-2022-31502
+ RESERVED
+CVE-2022-31501
+ RESERVED
+CVE-2022-31500
+ RESERVED
+CVE-2022-31499
+ RESERVED
+CVE-2022-31498
+ RESERVED
+CVE-2022-31497
+ RESERVED
+CVE-2022-31496
+ RESERVED
+CVE-2022-31495
+ RESERVED
+CVE-2022-31494
+ RESERVED
+CVE-2022-31493
+ RESERVED
+CVE-2022-31492
+ RESERVED
+CVE-2022-31491
+ RESERVED
+CVE-2022-31490
+ RESERVED
+CVE-2022-31489 (Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inouti ...)
+ TODO: check
+CVE-2022-31488 (Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_mark ...)
+ TODO: check
+CVE-2022-31487 (Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger ...)
+ TODO: check
+CVE-2022-31486
+ RESERVED
+CVE-2022-31485
+ RESERVED
+CVE-2022-31484
+ RESERVED
+CVE-2022-31483
+ RESERVED
+CVE-2022-31482
+ RESERVED
+CVE-2022-31481
+ RESERVED
+CVE-2022-31480
+ RESERVED
+CVE-2022-31479
+ RESERVED
+CVE-2022-31478
+ RESERVED
+CVE-2022-1841
+ RESERVED
+CVE-2022-1840 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-1839 (A vulnerability classified as critical was found in Home Clean Service ...)
+ TODO: check
+CVE-2022-1838 (A vulnerability classified as critical has been found in Home Clean Se ...)
+ TODO: check
+CVE-2022-1837 (A vulnerability was found in Home Clean Services Management System 1.0 ...)
+ TODO: check
CVE-2022-31470
RESERVED
CVE-2022-31469
@@ -446,8 +698,8 @@ CVE-2022-1821
RESERVED
CVE-2022-1820
RESERVED
-CVE-2022-1819
- RESERVED
+CVE-2022-1819 (A vulnerability, which was classified as problematic, was found in Stu ...)
+ TODO: check
CVE-2022-1818
RESERVED
CVE-2022-1817 (A vulnerability, which was classified as problematic, was found in Bad ...)
@@ -484,8 +736,8 @@ CVE-2022-31265
RESERVED
CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via ...)
NOT-FOR-US: Solana rBPF
-CVE-2022-31263
- RESERVED
+CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail ...)
+ TODO: check
CVE-2022-31262
RESERVED
CVE-2022-31261
@@ -550,7 +802,7 @@ CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub re
NOT-FOR-US: Trudesk
CVE-2022-1802
RESERVED
- {DSA-5143-1}
+ {DSA-5143-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
- thunderbird <unfixed>
@@ -3805,8 +4057,8 @@ CVE-2022-30017 (Rescue Dispatch Management System 1.0 suffers from Stored XSS, l
NOT-FOR-US: Rescue Dispatch Management System
CVE-2022-30016 (Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Acces ...)
NOT-FOR-US: Rescue Dispatch Management System
-CVE-2022-30015
- RESERVED
+CVE-2022-30015 (In Simple Food Website 1.0, a moderation can put the Cross Site Script ...)
+ TODO: check
CVE-2022-30014 (Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site ...)
NOT-FOR-US: Lumidek Associates Simple Food Website
CVE-2022-30013 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...)
@@ -4124,7 +4376,7 @@ CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/li
NOT-FOR-US: livehelperchat
CVE-2022-1529
RESERVED
- {DSA-5143-1}
+ {DSA-5143-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
- thunderbird <unfixed>
@@ -4611,8 +4863,8 @@ CVE-2022-29802
RESERVED
CVE-2022-1468 (On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2022-1467
- RESERVED
+CVE-2022-1467 (Windows OS can be configured to overlay a “language bar” o ...)
+ TODO: check
CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...)
NOT-FOR-US: Red Hat Single Sign-On / Keycloak
CVE-2022-29801 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
@@ -5755,10 +6007,10 @@ CVE-2022-29379
RESERVED
CVE-2022-29378
RESERVED
-CVE-2022-29377
- RESERVED
-CVE-2022-29376
- RESERVED
+CVE-2022-29377 (Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a st ...)
+ TODO: check
+CVE-2022-29376 (Xampp for Windows v8.1.4 and below was discovered to contain insecure ...)
+ TODO: check
CVE-2022-29375
RESERVED
CVE-2022-29374
@@ -5901,16 +6153,16 @@ CVE-2022-29311
RESERVED
CVE-2022-29310
RESERVED
-CVE-2022-29309
- RESERVED
+CVE-2022-29309 (mysiteforme v2.2.1 was discovered to contain a Server-Side Request For ...)
+ TODO: check
CVE-2022-29308
RESERVED
CVE-2022-29307 (IonizeCMS v1.0.8.1 was discovered to contain a command injection vulne ...)
NOT-FOR-US: Ionize CMS
CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerabi ...)
NOT-FOR-US: Ionize CMS
-CVE-2022-29305
- RESERVED
+CVE-2022-29305 (imgurl v2.31 was discovered to contain a Blind SQL injection vulnerabi ...)
+ TODO: check
CVE-2022-29304 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command injecti ...)
@@ -6843,14 +7095,14 @@ CVE-2022-29004 (Diary Management System v1.0 was discovered to contain a cross-s
NOT-FOR-US: Diary Management System
CVE-2022-29003
RESERVED
-CVE-2022-29002
- RESERVED
+CVE-2022-29002 (A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers ...)
+ TODO: check
CVE-2022-29001 (In SpringBootMovie <=1.2, the uploaded file suffix parameter is not ...)
NOT-FOR-US: SpringBootMovie
CVE-2022-29000
RESERVED
-CVE-2022-28999
- RESERVED
+CVE-2022-28999 (Insecure permissions in the install directories and binaries of Dev-CP ...)
+ TODO: check
CVE-2022-28998 (Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer ove ...)
NOT-FOR-US: Xlight FTP
CVE-2022-28997 (CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forger ...)
@@ -13170,8 +13422,8 @@ CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC
NOT-FOR-US: ELECOM LAN routers
CVE-2022-25905
RESERVED
-CVE-2022-0910
- RESERVED
+CVE-2022-0910 (A downgrade from two-factor authentication to one-factor authenticatio ...)
+ TODO: check
CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to ...)
{DSA-5108-1}
- tiff 4.3.0-6
@@ -13801,10 +14053,10 @@ CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not sanit
NOT-FOR-US: WordPress plugin
CVE-2022-0873 (The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-26532
- RESERVED
-CVE-2022-26531
- RESERVED
+CVE-2022-26532 (A argument injection vulnerability in the 'packet-trace' CLI command o ...)
+ TODO: check
+CVE-2022-26531 (Multiple improper input validation flaws were identified in some CLI c ...)
+ TODO: check
CVE-2022-26530 (swaylock before 1.6 allows attackers to trigger a crash and achieve un ...)
- swaylock 1.6-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066596
@@ -15937,8 +16189,8 @@ CVE-2022-25763
RESERVED
CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...)
NOT-FOR-US: InHand Networks InRouter302
-CVE-2022-0734
- RESERVED
+CVE-2022-0734 (A cross-site scripting vulnerability was identified in the CGI program ...)
+ TODO: check
CVE-2022-0733
RESERVED
CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monitoring ...)
@@ -66091,8 +66343,8 @@ CVE-2021-32960 (Rockwell Automation FactoryTalk Services Platform v6.11 and earl
NOT-FOR-US: Rockwell Automation FactoryTalk
CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...)
NOT-FOR-US: Suitelink
-CVE-2021-32958
- RESERVED
+CVE-2021-32958 (Successful exploitation of this vulnerability on Claroty Secure Remote ...)
+ TODO: check
CVE-2021-32957 (A function in MDT AutoSave versions prior to v6.02.06 is used to retri ...)
NOT-FOR-US: Auvesy-MDT
CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b766b3b5fcd7d077f845edca97098067ef1d691
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b766b3b5fcd7d077f845edca97098067ef1d691
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220524/192c3b3f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list