[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 25 21:10:27 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fccec33d by security tracker role at 2022-05-25T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-31619
+ RESERVED
+CVE-2022-1887
+ RESERVED
+CVE-2022-1886
+ RESERVED
+CVE-2022-1885
+ RESERVED
+CVE-2022-1884
+ RESERVED
+CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...)
+ TODO: check
+CVE-2022-1882
+ RESERVED
CVE-2022-27176
RESERVED
CVE-2022-1881
@@ -52,128 +66,152 @@ CVE-2022-31599
RESERVED
CVE-2022-1876
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1875
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1874
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1873
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1872
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1871
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1870
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1869
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1868
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1867
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1866
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1865
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1864
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1863
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1862
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1861
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1860
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1859
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1858
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1857
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1856
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1855
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1854
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1853
RESERVED
+ {DSA-5148-1}
- chromium 102.0.5005.61-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1852
RESERVED
-CVE-2022-1851
- RESERVED
+CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior to 7.8.0 ...)
NOT-FOR-US: filegator
CVE-2022-1849 (Session Fixation in GitHub repository filegator/filegator prior to 7.8 ...)
@@ -915,8 +953,8 @@ CVE-2022-1817 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: Badminton Center Management System
CVE-2022-1816 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Zoo Management System
-CVE-2022-1815
- RESERVED
+CVE-2022-1815 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
CVE-2022-1814
RESERVED
CVE-2022-30549
@@ -2647,8 +2685,8 @@ CVE-2022-30597 (A flaw was found in moodle where the description user field was
- moodle <removed>
CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk alloca ...)
- moodle <removed>
-CVE-2022-30595
- RESERVED
+CVE-2022-30595 (libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow i ...)
+ TODO: check
CVE-2022-30593
RESERVED
CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...)
@@ -2729,8 +2767,8 @@ CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel’s Ather
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125
NOTE: https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
-CVE-2022-1678
- RESERVED
+CVE-2022-1678 (An issue was discovered in the Linux Kernel from 4.18 to 4.19, an impr ...)
+ TODO: check
CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTR ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
@@ -2828,6 +2866,7 @@ CVE-2022-1665
RESERVED
CVE-2022-1664 [directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar]
RESERVED
+ {DSA-5147-1 DLA-3022-1}
- dpkg 1.21.8
NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b (1.21.8)
NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 (1.20.10)
@@ -3173,10 +3212,10 @@ CVE-2022-30430
RESERVED
CVE-2022-30429
RESERVED
-CVE-2022-30428
- RESERVED
-CVE-2022-30427
- RESERVED
+CVE-2022-30428 (In ginadmin through 05-10-2022, the incoming path value is not filtere ...)
+ TODO: check
+CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not filtered ...)
+ TODO: check
CVE-2022-30426
RESERVED
CVE-2022-30425
@@ -3430,12 +3469,12 @@ CVE-2022-30325
RESERVED
CVE-2022-30324
RESERVED
-CVE-2022-30323
- RESERVED
-CVE-2022-30322
- RESERVED
-CVE-2022-30321
- RESERVED
+CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
+ TODO: check
+CVE-2022-30322 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
+ TODO: check
+CVE-2022-30321 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
+ TODO: check
CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim prior to ...)
{DLA-3011-1}
- vim <unfixed>
@@ -5428,10 +5467,10 @@ CVE-2022-29653
RESERVED
CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...)
NOT-FOR-US: Sourcecodester Online Sports Complex Booking System
-CVE-2022-29651
- RESERVED
-CVE-2022-29650
- RESERVED
+CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image function of ...)
+ TODO: check
+CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-29649
RESERVED
CVE-2022-29648
@@ -6139,8 +6178,8 @@ CVE-2022-29410 (Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Her
NOT-FOR-US: WordPress plugin
CVE-2022-29409
RESERVED
-CVE-2022-29408
- RESERVED
+CVE-2022-29408 (Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital' ...)
+ TODO: check
CVE-2022-29407
RESERVED
CVE-2022-29406
@@ -6153,8 +6192,8 @@ CVE-2022-1387
RESERVED
CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29405
- RESERVED
+CVE-2022-29405 (In Apache Archiva, any registered user can reset password for any user ...)
+ TODO: check
CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate pending emai ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check the plugi ...)
@@ -6178,8 +6217,8 @@ CVE-2022-1381 (global heap buffer overflow in skip_range in GitHub repository vi
NOTE: https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 (v8.2.4763)
CVE-2022-29403
RESERVED
-CVE-2022-29402
- RESERVED
+CVE-2022-29402 (TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protecti ...)
+ TODO: check
CVE-2022-29401
RESERVED
CVE-2022-29400
@@ -6222,10 +6261,10 @@ CVE-2022-29382
RESERVED
CVE-2022-29381
RESERVED
-CVE-2022-29380
- RESERVED
-CVE-2022-29379
- RESERVED
+CVE-2022-29380 (Academy-LMS v4.3 was discovered to contain a stored cross-site scripti ...)
+ TODO: check
+CVE-2022-29379 (Nginx NJS v0.7.3 was discovered to contain a stack overflow in the fun ...)
+ TODO: check
CVE-2022-29378
RESERVED
CVE-2022-29377 (Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a st ...)
@@ -6557,8 +6596,7 @@ CVE-2022-1350 (A vulnerability classified as problematic was found in GhostPCL 9
NOTE: Upstream report is as per 2022-04-15 not yet public
CVE-2022-1349 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1348 [potential DoS from unprivileged users via the state file]
- RESERVED
+CVE-2022-1348 (A vulnerability was found in logrotate in how the state file is create ...)
- logrotate <unfixed> (bug #1011644)
[buster] - logrotate <not-affected> (Vulnerable code introduced later)
[stretch] - logrotate <not-affected> (Vulnerable code introduced later)
@@ -7630,8 +7668,8 @@ CVE-2022-28877
RESERVED
CVE-2022-28876
RESERVED
-CVE-2022-28875
- RESERVED
+CVE-2022-28875 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ TODO: check
CVE-2022-28874 (Multiple Denial-of-Service vulnerabilities was discovered in the F-Sec ...)
NOT-FOR-US: F-Secure
CVE-2022-28873 (A vulnerability affecting F-Secure SAFE browser was discovered. An att ...)
@@ -7656,8 +7694,8 @@ CVE-2022-28864
RESERVED
CVE-2022-28863
RESERVED
-CVE-2022-28862
- RESERVED
+CVE-2022-28862 (In Archibus Web Central before 26.2, multiple SQL Injection vulnerabil ...)
+ TODO: check
CVE-2022-28861
RESERVED
CVE-2022-28860
@@ -12099,8 +12137,8 @@ CVE-2022-27307
RESERVED
CVE-2022-27306
REJECTED
-CVE-2022-27305
- RESERVED
+CVE-2022-27305 (Gibbon v23 does not generate a new session ID cookie after a user auth ...)
+ TODO: check
CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL injection ...)
NOT-FOR-US: Student Grading System
CVE-2022-27303
@@ -13260,8 +13298,8 @@ CVE-2022-0936 (Cross-site Scripting (XSS) - Stored in GitHub repository autolab/
NOT-FOR-US: Autolab
CVE-2022-26946
RESERVED
-CVE-2022-26945
- RESERVED
+CVE-2022-26945 (HashiCorp go-getter before 2.0.2 allows Command Injection. ...)
+ TODO: check
CVE-2022-26944
RESERVED
CVE-2022-26943
@@ -23161,8 +23199,8 @@ CVE-2022-23777
RESERVED
CVE-2022-23776
RESERVED
-CVE-2022-23775
- RESERVED
+CVE-2022-23775 (TrueStack Direct Connect 1.4.7 has Incorrect Access Control. ...)
+ TODO: check
CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...)
NOT-FOR-US: Docker Desktop
CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...)
@@ -30464,8 +30502,8 @@ CVE-2022-22129
RESERVED
CVE-2022-22128
RESERVED
-CVE-2022-22127
- RESERVED
+CVE-2022-22127 (Tableau is aware of a broken access control vulnerability present in T ...)
+ TODO: check
CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
NOT-FOR-US: Openmct
CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
@@ -31752,8 +31790,8 @@ CVE-2022-21953
RESERVED
CVE-2022-21952
RESERVED
-CVE-2022-21951
- RESERVED
+CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...)
+ TODO: check
CVE-2022-21950
RESERVED
CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability ...)
@@ -32425,8 +32463,7 @@ CVE-2021-44976
CVE-2021-44975 (radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/cor ...)
- radare2 <unfixed>
NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
-CVE-2021-44974
- RESERVED
+CVE-2021-44974 (radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Derefere ...)
- radare2 <unfixed>
NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/C
CVE-2021-44973
@@ -33262,8 +33299,8 @@ CVE-2021-44721
RESERVED
CVE-2021-44720
RESERVED
-CVE-2021-44719
- RESERVED
+CVE-2021-44719 (Docker Desktop 4.3.0 has Incorrect Access Control. ...)
+ TODO: check
CVE-2021-44718
RESERVED
- wolfssl 5.1.1-1
@@ -60541,8 +60578,8 @@ CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host=
NOT-FOR-US: Thruk
CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&titl ...)
NOT-FOR-US: Thruk
-CVE-2021-35487
- RESERVED
+CVE-2021-35487 (Nokia Broadcast Message Center through 11.1.0 allows an authenticated ...)
+ TODO: check
CVE-2021-35486
RESERVED
CVE-2021-35485
@@ -66500,8 +66537,8 @@ CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server
NOT-FOR-US: Suitelink
CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...)
NOT-FOR-US: FANUC
-CVE-2021-32997
- RESERVED
+CVE-2021-32997 (The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, ...)
+ TODO: check
CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...)
NOT-FOR-US: FANUC
CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
@@ -66516,8 +66553,8 @@ CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerab
NOT-FOR-US: Delta Electronics
CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
NOT-FOR-US: FATEK Automation WinProladder
-CVE-2021-32989
- RESERVED
+CVE-2021-32989 (When a non-existent resource is requested, the LCDS LAquis SCADA appli ...)
+ TODO: check
CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
NOT-FOR-US: FATEK Automation WinProladder
CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...)
@@ -66562,8 +66599,8 @@ CVE-2021-32968 (Two buffer overflows in the built-in web server in Moxa NPort IA
NOT-FOR-US: Moxa
CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
NOT-FOR-US: Delta Electronics
-CVE-2021-32966
- RESERVED
+CVE-2021-32966 (Philips Interoperability Solution XDS versions 2.5 through 3.11 and 20 ...)
+ TODO: check
CVE-2021-32965 (Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to ...)
NOT-FOR-US: Delta Electronics
CVE-2021-32964 (The AGG Software Web Server version 4.0.40.1014 and prior is vulnerabl ...)
@@ -80299,16 +80336,16 @@ CVE-2021-27785
RESERVED
CVE-2021-27784
RESERVED
-CVE-2021-27783
- RESERVED
+CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted sensitiv ...)
+ TODO: check
CVE-2021-27782
RESERVED
CVE-2021-27781
RESERVED
CVE-2021-27780
RESERVED
-CVE-2021-27779
- RESERVED
+CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...)
+ TODO: check
CVE-2021-27778
RESERVED
CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when poorly ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fccec33d3686038c1123d8c5696d5098c04f2f6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fccec33d3686038c1123d8c5696d5098c04f2f6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220525/198dda00/attachment.htm>
More information about the debian-security-tracker-commits
mailing list