[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 27 21:10:30 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9901a029 by security tracker role at 2022-05-27T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2022-31780
+	RESERVED
+CVE-2022-31779
+	RESERVED
+CVE-2022-31778
+	RESERVED
+CVE-2022-31777
+	RESERVED
+CVE-2022-31776
+	RESERVED
+CVE-2022-31775
+	RESERVED
+CVE-2022-31774
+	RESERVED
+CVE-2022-31773
+	RESERVED
+CVE-2022-31772
+	RESERVED
+CVE-2022-31771
+	RESERVED
+CVE-2022-31770
+	RESERVED
+CVE-2022-31769
+	RESERVED
+CVE-2022-31768
+	RESERVED
+CVE-2022-31767
+	RESERVED
+CVE-2022-31766
+	RESERVED
+CVE-2022-31765
+	RESERVED
+CVE-2022-31764
+	RESERVED
+CVE-2022-1925
+	RESERVED
+CVE-2022-1924
+	RESERVED
+CVE-2022-1923
+	RESERVED
+CVE-2022-1922
+	RESERVED
+CVE-2022-1921
+	RESERVED
+CVE-2022-1920
+	RESERVED
+CVE-2022-1919
+	RESERVED
+CVE-2022-1918
+	RESERVED
+CVE-2022-1917
+	RESERVED
+CVE-2022-1916
+	RESERVED
+CVE-2022-1915
+	RESERVED
+CVE-2022-1914
+	RESERVED
+CVE-2022-1913
+	RESERVED
+CVE-2022-1912
+	RESERVED
+CVE-2022-1911
+	RESERVED
+CVE-2022-1910
+	RESERVED
+CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...)
+	TODO: check
+CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
+	TODO: check
+CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
+	TODO: check
+CVE-2022-1906
+	RESERVED
+CVE-2022-1905
+	RESERVED
+CVE-2022-1904
+	RESERVED
+CVE-2022-1903
+	RESERVED
+CVE-2020-36528
+	RESERVED
 CVE-2022-31763
 	RESERVED
 CVE-2022-31762
@@ -84,10 +166,10 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t
 	- radare2 <unfixed>
 	NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
 	NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
-CVE-2022-1898
-	RESERVED
-CVE-2022-1897
-	RESERVED
+CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+	TODO: check
+CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-1896
 	RESERVED
 CVE-2022-1895
@@ -3454,30 +3536,30 @@ CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the
 	NOT-FOR-US: Hospital-Management-System
 CVE-2022-30515
 	RESERVED
-CVE-2022-30514
-	RESERVED
-CVE-2022-30513
-	RESERVED
-CVE-2022-30512
-	RESERVED
-CVE-2022-30511
-	RESERVED
-CVE-2022-30510
-	RESERVED
+CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
+	TODO: check
+CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
+	TODO: check
+CVE-2022-30512 (School Dormitory Management System 1.0 is vulnerable to SQL Injection  ...)
+	TODO: check
+CVE-2022-30511 (School Dormitory Management System 1.0 is vulnerable to SQL Injection  ...)
+	TODO: check
+CVE-2022-30510 (School Dormitory Management System 1.0 is vulnerable to SQL Injection  ...)
+	TODO: check
 CVE-2022-30509
 	RESERVED
 CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...)
 	NOT-FOR-US: DedeCMS
 CVE-2022-30507
 	RESERVED
-CVE-2022-30506
-	RESERVED
+CVE-2022-30506 (An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, a ...)
+	TODO: check
 CVE-2022-30505
 	RESERVED
 CVE-2022-30504
 	RESERVED
-CVE-2022-30503
-	RESERVED
+CVE-2022-30503 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+	TODO: check
 CVE-2022-30502
 	RESERVED
 CVE-2022-30501
@@ -3632,12 +3714,12 @@ CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not fi
 	TODO: check
 CVE-2022-30426
 	RESERVED
-CVE-2022-30425
-	RESERVED
+CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a  ...)
+	TODO: check
 CVE-2022-30424
 	RESERVED
-CVE-2022-30423
-	RESERVED
+CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...)
+	TODO: check
 CVE-2022-30422
 	RESERVED
 CVE-2022-30421
@@ -3778,14 +3860,14 @@ CVE-2022-30354
 	RESERVED
 CVE-2022-30353
 	RESERVED
-CVE-2022-30352
-	RESERVED
+CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...)
+	TODO: check
 CVE-2022-30351
 	RESERVED
 CVE-2022-30350
 	RESERVED
-CVE-2022-30349
-	RESERVED
+CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). ...)
+	TODO: check
 CVE-2022-30348
 	RESERVED
 CVE-2022-30347
@@ -3881,8 +3963,8 @@ CVE-2022-30326
 	RESERVED
 CVE-2022-30325
 	RESERVED
-CVE-2022-30324
-	RESERVED
+CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...)
+	TODO: check
 CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
 	- golang-github-hashicorp-go-getter <unfixed> (bug #1011741)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
@@ -5640,10 +5722,10 @@ CVE-2022-29782
 	RESERVED
 CVE-2022-29781
 	RESERVED
-CVE-2022-29780
-	RESERVED
-CVE-2022-29779
-	RESERVED
+CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+	TODO: check
+CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+	TODO: check
 CVE-2022-29778
 	RESERVED
 CVE-2022-29777
@@ -5730,20 +5812,20 @@ CVE-2022-29737
 	RESERVED
 CVE-2022-29736
 	RESERVED
-CVE-2022-29735
-	RESERVED
-CVE-2022-29734
-	RESERVED
-CVE-2022-29733
-	RESERVED
-CVE-2022-29732
-	RESERVED
-CVE-2022-29731
-	RESERVED
-CVE-2022-29730
-	RESERVED
-CVE-2022-29729
-	RESERVED
+CVE-2022-29735 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows  ...)
+	TODO: check
+CVE-2022-29734 (A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08  ...)
+	TODO: check
+CVE-2022-29733 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...)
+	TODO: check
+CVE-2022-29732 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...)
+	TODO: check
+CVE-2022-29731 (An access control issue in ICT Protege GX/WX 2.08 allows attackers to  ...)
+	TODO: check
+CVE-2022-29730 (USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered t ...)
+	TODO: check
+CVE-2022-29729 (Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak ...)
+	TODO: check
 CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-s ...)
 	NOT-FOR-US: Survey Sparrow Enterprise Survey Software
 CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site ...)
@@ -6047,8 +6129,8 @@ CVE-2022-1443
 	RESERVED
 CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive information di ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-29598
-	RESERVED
+CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...)
+	TODO: check
 CVE-2022-29597
 	RESERVED
 CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypass by  ...)
@@ -18450,8 +18532,8 @@ CVE-2022-25239
 	RESERVED
 CVE-2022-25238
 	RESERVED
-CVE-2022-25237
-	RESERVED
+CVE-2022-25237 (Bonita Web 2021.2 is affected by a authentication/authorization bypass ...)
+	TODO: check
 CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
 	{DSA-5085-1 DLA-2935-1}
 	- expat 2.4.5-1 (bug #1005895)
@@ -39974,10 +40056,10 @@ CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management int
 	NOT-FOR-US: Cisco
 CVE-2022-20808
 	RESERVED
-CVE-2022-20807
-	RESERVED
-CVE-2022-20806
-	RESERVED
+CVE-2022-20807 (Multiple vulnerabilities in the API and web-based management interface ...)
+	TODO: check
+CVE-2022-20806 (Multiple vulnerabilities in the API and web-based management interface ...)
+	TODO: check
 CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella  ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...)
@@ -39986,8 +40068,8 @@ CVE-2022-20803
 	RESERVED
 	- clamav <not-affected> (Only affects 0.104.x)
 	NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
-CVE-2022-20802
-	RESERVED
+CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat and Emai ...)
+	TODO: check
 CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20800
@@ -39996,8 +40078,8 @@ CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface o
 	NOT-FOR-US: Cisco
 CVE-2022-20798
 	RESERVED
-CVE-2022-20797
-	RESERVED
+CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure  ...)
+	TODO: check
 CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...)
 	- clamav 0.103.6+dfsg-1
 	[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
@@ -40076,8 +40158,8 @@ CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco F
 	NOT-FOR-US: Cisco Firepower
 CVE-2022-20766
 	RESERVED
-CVE-2022-20765
-	RESERVED
+CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director could al ...)
+	TODO: check
 CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...)
@@ -40263,24 +40345,24 @@ CVE-2022-20676 (A vulnerability in the Tool Command Language (Tcl) interpreter o
 	NOT-FOR-US: Cisco
 CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security Appliance  ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20674
-	RESERVED
-CVE-2022-20673
-	RESERVED
-CVE-2022-20672
-	RESERVED
-CVE-2022-20671
-	RESERVED
-CVE-2022-20670
-	RESERVED
-CVE-2022-20669
-	RESERVED
-CVE-2022-20668
-	RESERVED
-CVE-2022-20667
-	RESERVED
-CVE-2022-20666
-	RESERVED
+CVE-2022-20674 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20673 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20672 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20671 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20670 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20669 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20668 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20667 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20664
@@ -80835,10 +80917,10 @@ CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted se
 	NOT-FOR-US: HCL
 CVE-2021-27782
 	RESERVED
-CVE-2021-27781
-	RESERVED
-CVE-2021-27780
-	RESERVED
+CVE-2021-27781 (The Master operator may be able to embed script tag in HTML with alert ...)
+	TODO: check
+CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction and una ...)
+	TODO: check
 CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...)
 	NOT-FOR-US: HCL
 CVE-2021-27778
@@ -201240,6 +201322,7 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplic
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
 CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...)
+	{DLA-3030-1}
 	- zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556)
 	[buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1
 	[jessie] - zipios++ <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9901a0299747c0d6d5b5179857bd364890288f80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9901a0299747c0d6d5b5179857bd364890288f80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220527/866e6d2b/attachment.htm>


More information about the debian-security-tracker-commits mailing list