[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 26 09:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7eb889b by security tracker role at 2022-05-26T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,247 @@
+CVE-2022-31733
+ RESERVED
+CVE-2022-31732
+ RESERVED
+CVE-2022-31731
+ RESERVED
+CVE-2022-31730
+ RESERVED
+CVE-2022-31729
+ RESERVED
+CVE-2022-31728
+ RESERVED
+CVE-2022-31727
+ RESERVED
+CVE-2022-31726
+ RESERVED
+CVE-2022-31725
+ RESERVED
+CVE-2022-31724
+ RESERVED
+CVE-2022-31723
+ RESERVED
+CVE-2022-31722
+ RESERVED
+CVE-2022-31721
+ RESERVED
+CVE-2022-31720
+ RESERVED
+CVE-2022-31719
+ RESERVED
+CVE-2022-31718
+ RESERVED
+CVE-2022-31717
+ RESERVED
+CVE-2022-31716
+ RESERVED
+CVE-2022-31715
+ RESERVED
+CVE-2022-31714
+ RESERVED
+CVE-2022-31713
+ RESERVED
+CVE-2022-31712
+ RESERVED
+CVE-2022-31711
+ RESERVED
+CVE-2022-31710
+ RESERVED
+CVE-2022-31709
+ RESERVED
+CVE-2022-31708
+ RESERVED
+CVE-2022-31707
+ RESERVED
+CVE-2022-31706
+ RESERVED
+CVE-2022-31705
+ RESERVED
+CVE-2022-31704
+ RESERVED
+CVE-2022-31703
+ RESERVED
+CVE-2022-31702
+ RESERVED
+CVE-2022-31701
+ RESERVED
+CVE-2022-31700
+ RESERVED
+CVE-2022-31699
+ RESERVED
+CVE-2022-31698
+ RESERVED
+CVE-2022-31697
+ RESERVED
+CVE-2022-31696
+ RESERVED
+CVE-2022-31695
+ RESERVED
+CVE-2022-31694
+ RESERVED
+CVE-2022-31693
+ RESERVED
+CVE-2022-31692
+ RESERVED
+CVE-2022-31691
+ RESERVED
+CVE-2022-31690
+ RESERVED
+CVE-2022-31689
+ RESERVED
+CVE-2022-31688
+ RESERVED
+CVE-2022-31687
+ RESERVED
+CVE-2022-31686
+ RESERVED
+CVE-2022-31685
+ RESERVED
+CVE-2022-31684
+ RESERVED
+CVE-2022-31683
+ RESERVED
+CVE-2022-31682
+ RESERVED
+CVE-2022-31681
+ RESERVED
+CVE-2022-31680
+ RESERVED
+CVE-2022-31679
+ RESERVED
+CVE-2022-31678
+ RESERVED
+CVE-2022-31677
+ RESERVED
+CVE-2022-31676
+ RESERVED
+CVE-2022-31675
+ RESERVED
+CVE-2022-31674
+ RESERVED
+CVE-2022-31673
+ RESERVED
+CVE-2022-31672
+ RESERVED
+CVE-2022-31671
+ RESERVED
+CVE-2022-31670
+ RESERVED
+CVE-2022-31669
+ RESERVED
+CVE-2022-31668
+ RESERVED
+CVE-2022-31667
+ RESERVED
+CVE-2022-31666
+ RESERVED
+CVE-2022-31665
+ RESERVED
+CVE-2022-31664
+ RESERVED
+CVE-2022-31663
+ RESERVED
+CVE-2022-31662
+ RESERVED
+CVE-2022-31661
+ RESERVED
+CVE-2022-31660
+ RESERVED
+CVE-2022-31659
+ RESERVED
+CVE-2022-31658
+ RESERVED
+CVE-2022-31657
+ RESERVED
+CVE-2022-31656
+ RESERVED
+CVE-2022-31655
+ RESERVED
+CVE-2022-31654
+ RESERVED
+CVE-2022-31653
+ RESERVED
+CVE-2022-31652
+ RESERVED
+CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...)
+ TODO: check
+CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...)
+ TODO: check
+CVE-2022-31649
+ RESERVED
+CVE-2022-31648
+ RESERVED
+CVE-2022-31647
+ RESERVED
+CVE-2022-31646
+ RESERVED
+CVE-2022-31645
+ RESERVED
+CVE-2022-31644
+ RESERVED
+CVE-2022-31643
+ RESERVED
+CVE-2022-31642
+ RESERVED
+CVE-2022-31641
+ RESERVED
+CVE-2022-31640
+ RESERVED
+CVE-2022-31639
+ RESERVED
+CVE-2022-31638
+ RESERVED
+CVE-2022-31637
+ RESERVED
+CVE-2022-31636
+ RESERVED
+CVE-2022-31635
+ RESERVED
+CVE-2022-31634
+ RESERVED
+CVE-2022-31633
+ RESERVED
+CVE-2022-31632
+ RESERVED
+CVE-2022-31631
+ RESERVED
+CVE-2022-31630
+ RESERVED
+CVE-2022-31629
+ RESERVED
+CVE-2022-31628
+ RESERVED
+CVE-2022-31627
+ RESERVED
+CVE-2022-31626
+ RESERVED
+CVE-2022-31625
+ RESERVED
+CVE-2022-31624 (MariaDB Server before 10.7 is vulnerable to Denial of Service. While e ...)
+ TODO: check
+CVE-2022-31623 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...)
+ TODO: check
+CVE-2022-31622 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...)
+ TODO: check
+CVE-2022-31621 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...)
+ TODO: check
+CVE-2022-31620 (In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp h ...)
+ TODO: check
+CVE-2022-30533
+ RESERVED
+CVE-2022-1893
+ RESERVED
+CVE-2022-1892
+ RESERVED
+CVE-2022-1891
+ RESERVED
+CVE-2022-1890
+ RESERVED
+CVE-2022-1889
+ RESERVED
+CVE-2022-1888
+ RESERVED
+CVE-2021-4231
+ RESERVED
CVE-2022-31619
RESERVED
CVE-2022-1887
@@ -1540,8 +1784,8 @@ CVE-2022-31006
RESERVED
CVE-2022-31005
RESERVED
-CVE-2022-31004
- RESERVED
+CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...)
+ TODO: check
CVE-2022-31003
RESERVED
CVE-2022-31002
@@ -1550,8 +1794,8 @@ CVE-2022-31001
RESERVED
CVE-2022-31000
RESERVED
-CVE-2022-30999
- RESERVED
+CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...)
+ TODO: check
CVE-2022-30996
RESERVED
CVE-2022-30995
@@ -6645,24 +6889,23 @@ CVE-2022-29258
RESERVED
CVE-2022-29257
RESERVED
-CVE-2022-29256
- RESERVED
+CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...)
+ TODO: check
CVE-2022-29255
RESERVED
CVE-2022-29254
RESERVED
-CVE-2022-29253
- RESERVED
-CVE-2022-29252
- RESERVED
-CVE-2022-29251
- RESERVED
+CVE-2022-29253 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2022-29252 (XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. S ...)
+ TODO: check
+CVE-2022-29251 (XWiki Platform Flamingo Theme UI is a tool that allows customization a ...)
+ TODO: check
CVE-2022-29250
RESERVED
CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier. A wea ...)
TODO: check
-CVE-2022-29248
- RESERVED
+CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 ...)
- guzzle <unfixed> (bug #1011636)
NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3
CVE-2022-29247
@@ -8113,8 +8356,8 @@ CVE-2022-26841
RESERVED
CVE-2022-26837
RESERVED
-CVE-2022-26833
- RESERVED
+CVE-2022-26833 (An improper authentication vulnerability exists in the REST API functi ...)
+ TODO: check
CVE-2022-26515
RESERVED
CVE-2022-26513
@@ -12734,8 +12977,8 @@ CVE-2021-46711
RESERVED
CVE-2021-46710
RESERVED
-CVE-2022-27169
- RESERVED
+CVE-2022-27169 (An information disclosure vulnerability exists in the OAS Engine Secur ...)
+ TODO: check
CVE-2022-27167 (Privilege escalation vulnerability in Windows products of ESET, spol. ...)
NOT-FOR-US: ESET
CVE-2022-27166
@@ -12744,20 +12987,20 @@ CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when o
NOT-FOR-US: WPS Presentation
CVE-2022-26510 (A firmware update vulnerability exists in the iburn firmware checks fu ...)
NOT-FOR-US: InHand Networks InRouter302
-CVE-2022-26303
- RESERVED
-CVE-2022-26082
- RESERVED
+CVE-2022-26303 (An external config control vulnerability exists in the OAS Engine Secu ...)
+ TODO: check
+CVE-2022-26082 (A file write vulnerability exists in the OAS Engine SecureTransferFile ...)
+ TODO: check
CVE-2022-26081 (The installer of WPS Office Version 10.8.0.5745 insecurely load shcore ...)
NOT-FOR-US: WPS Office
-CVE-2022-26077
- RESERVED
-CVE-2022-26067
- RESERVED
-CVE-2022-26043
- RESERVED
-CVE-2022-26026
- RESERVED
+CVE-2022-26077 (A cleartext transmission of sensitive information vulnerability exists ...)
+ TODO: check
+CVE-2022-26067 (An information disclosure vulnerability exists in the OAS Engine Secur ...)
+ TODO: check
+CVE-2022-26043 (An external config control vulnerability exists in the OAS Engine Secu ...)
+ TODO: check
+CVE-2022-26026 (A denial of service vulnerability exists in the OAS Engine SecureConfi ...)
+ TODO: check
CVE-2022-25969 (The installer of WPS Office Version 10.8.0.6186 insecurely load VERSIO ...)
NOT-FOR-US: WPS Office
CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Ve ...)
@@ -20058,7 +20301,7 @@ CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the compone
CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
- pluxml <unfixed> (bug #1008264)
NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
-CVE-2022-24584 (Incorrect access control in Yubico OTP functionality of the YubiKey ha ...)
+CVE-2022-24584 (** DISPUTED ** Incorrect access control in Yubico OTP functionality of ...)
NOT-FOR-US: yubico.com
CVE-2022-24583
RESERVED
@@ -23554,7 +23797,7 @@ CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. P
CVE-2022-23635 (Istio is an open platform to connect, manage, and secure microservices ...)
NOT-FOR-US: Istio
CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...)
- {DSA-5146-1}
+ {DSA-5146-1 DLA-3023-1}
- puma <unfixed> (bug #1005391)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
@@ -168183,6 +168426,7 @@ CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9
NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c
CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
+ {DLA-3023-1}
- puma 3.12.4-1 (bug #952766)
[buster] - puma 3.12.0-2+deb10u2
NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
@@ -189198,6 +189442,7 @@ CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerab
CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
NOT-FOR-US: Armeria
CVE-2019-16770 (In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client coul ...)
+ {DLA-3023-1}
- puma 3.12.0-4 (bug #946312)
[buster] - puma 3.12.0-2+deb10u1
NOTE: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7eb889bf56e2198c1eda064a103ccb2dd1207fd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7eb889bf56e2198c1eda064a103ccb2dd1207fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/27eea104/attachment.htm>
More information about the debian-security-tracker-commits
mailing list