[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 27 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9901a029 by security tracker role at 2022-05-27T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2022-31780
+ RESERVED
+CVE-2022-31779
+ RESERVED
+CVE-2022-31778
+ RESERVED
+CVE-2022-31777
+ RESERVED
+CVE-2022-31776
+ RESERVED
+CVE-2022-31775
+ RESERVED
+CVE-2022-31774
+ RESERVED
+CVE-2022-31773
+ RESERVED
+CVE-2022-31772
+ RESERVED
+CVE-2022-31771
+ RESERVED
+CVE-2022-31770
+ RESERVED
+CVE-2022-31769
+ RESERVED
+CVE-2022-31768
+ RESERVED
+CVE-2022-31767
+ RESERVED
+CVE-2022-31766
+ RESERVED
+CVE-2022-31765
+ RESERVED
+CVE-2022-31764
+ RESERVED
+CVE-2022-1925
+ RESERVED
+CVE-2022-1924
+ RESERVED
+CVE-2022-1923
+ RESERVED
+CVE-2022-1922
+ RESERVED
+CVE-2022-1921
+ RESERVED
+CVE-2022-1920
+ RESERVED
+CVE-2022-1919
+ RESERVED
+CVE-2022-1918
+ RESERVED
+CVE-2022-1917
+ RESERVED
+CVE-2022-1916
+ RESERVED
+CVE-2022-1915
+ RESERVED
+CVE-2022-1914
+ RESERVED
+CVE-2022-1913
+ RESERVED
+CVE-2022-1912
+ RESERVED
+CVE-2022-1911
+ RESERVED
+CVE-2022-1910
+ RESERVED
+CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...)
+ TODO: check
+CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
+ TODO: check
+CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
+ TODO: check
+CVE-2022-1906
+ RESERVED
+CVE-2022-1905
+ RESERVED
+CVE-2022-1904
+ RESERVED
+CVE-2022-1903
+ RESERVED
+CVE-2020-36528
+ RESERVED
CVE-2022-31763
RESERVED
CVE-2022-31762
@@ -84,10 +166,10 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
-CVE-2022-1898
- RESERVED
-CVE-2022-1897
- RESERVED
+CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
+CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1896
RESERVED
CVE-2022-1895
@@ -3454,30 +3536,30 @@ CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the
NOT-FOR-US: Hospital-Management-System
CVE-2022-30515
RESERVED
-CVE-2022-30514
- RESERVED
-CVE-2022-30513
- RESERVED
-CVE-2022-30512
- RESERVED
-CVE-2022-30511
- RESERVED
-CVE-2022-30510
- RESERVED
+CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
+ TODO: check
+CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...)
+ TODO: check
+CVE-2022-30512 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-30511 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-30510 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-30509
RESERVED
CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...)
NOT-FOR-US: DedeCMS
CVE-2022-30507
RESERVED
-CVE-2022-30506
- RESERVED
+CVE-2022-30506 (An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, a ...)
+ TODO: check
CVE-2022-30505
RESERVED
CVE-2022-30504
RESERVED
-CVE-2022-30503
- RESERVED
+CVE-2022-30503 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+ TODO: check
CVE-2022-30502
RESERVED
CVE-2022-30501
@@ -3632,12 +3714,12 @@ CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not fi
TODO: check
CVE-2022-30426
RESERVED
-CVE-2022-30425
- RESERVED
+CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...)
+ TODO: check
CVE-2022-30424
RESERVED
-CVE-2022-30423
- RESERVED
+CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...)
+ TODO: check
CVE-2022-30422
RESERVED
CVE-2022-30421
@@ -3778,14 +3860,14 @@ CVE-2022-30354
RESERVED
CVE-2022-30353
RESERVED
-CVE-2022-30352
- RESERVED
+CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...)
+ TODO: check
CVE-2022-30351
RESERVED
CVE-2022-30350
RESERVED
-CVE-2022-30349
- RESERVED
+CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). ...)
+ TODO: check
CVE-2022-30348
RESERVED
CVE-2022-30347
@@ -3881,8 +3963,8 @@ CVE-2022-30326
RESERVED
CVE-2022-30325
RESERVED
-CVE-2022-30324
- RESERVED
+CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...)
+ TODO: check
CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
- golang-github-hashicorp-go-getter <unfixed> (bug #1011741)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
@@ -5640,10 +5722,10 @@ CVE-2022-29782
RESERVED
CVE-2022-29781
RESERVED
-CVE-2022-29780
- RESERVED
-CVE-2022-29779
- RESERVED
+CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+ TODO: check
+CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...)
+ TODO: check
CVE-2022-29778
RESERVED
CVE-2022-29777
@@ -5730,20 +5812,20 @@ CVE-2022-29737
RESERVED
CVE-2022-29736
RESERVED
-CVE-2022-29735
- RESERVED
-CVE-2022-29734
- RESERVED
-CVE-2022-29733
- RESERVED
-CVE-2022-29732
- RESERVED
-CVE-2022-29731
- RESERVED
-CVE-2022-29730
- RESERVED
-CVE-2022-29729
- RESERVED
+CVE-2022-29735 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows ...)
+ TODO: check
+CVE-2022-29734 (A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 ...)
+ TODO: check
+CVE-2022-29733 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...)
+ TODO: check
+CVE-2022-29732 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...)
+ TODO: check
+CVE-2022-29731 (An access control issue in ICT Protege GX/WX 2.08 allows attackers to ...)
+ TODO: check
+CVE-2022-29730 (USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered t ...)
+ TODO: check
+CVE-2022-29729 (Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak ...)
+ TODO: check
CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-s ...)
NOT-FOR-US: Survey Sparrow Enterprise Survey Software
CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site ...)
@@ -6047,8 +6129,8 @@ CVE-2022-1443
RESERVED
CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive information di ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29598
- RESERVED
+CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...)
+ TODO: check
CVE-2022-29597
RESERVED
CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypass by ...)
@@ -18450,8 +18532,8 @@ CVE-2022-25239
RESERVED
CVE-2022-25238
RESERVED
-CVE-2022-25237
- RESERVED
+CVE-2022-25237 (Bonita Web 2021.2 is affected by a authentication/authorization bypass ...)
+ TODO: check
CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
{DSA-5085-1 DLA-2935-1}
- expat 2.4.5-1 (bug #1005895)
@@ -39974,10 +40056,10 @@ CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management int
NOT-FOR-US: Cisco
CVE-2022-20808
RESERVED
-CVE-2022-20807
- RESERVED
-CVE-2022-20806
- RESERVED
+CVE-2022-20807 (Multiple vulnerabilities in the API and web-based management interface ...)
+ TODO: check
+CVE-2022-20806 (Multiple vulnerabilities in the API and web-based management interface ...)
+ TODO: check
CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella ...)
NOT-FOR-US: Cisco
CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...)
@@ -39986,8 +40068,8 @@ CVE-2022-20803
RESERVED
- clamav <not-affected> (Only affects 0.104.x)
NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
-CVE-2022-20802
- RESERVED
+CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat and Emai ...)
+ TODO: check
CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2022-20800
@@ -39996,8 +40078,8 @@ CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2022-20798
RESERVED
-CVE-2022-20797
- RESERVED
+CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...)
+ TODO: check
CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...)
- clamav 0.103.6+dfsg-1
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
@@ -40076,8 +40158,8 @@ CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco F
NOT-FOR-US: Cisco Firepower
CVE-2022-20766
RESERVED
-CVE-2022-20765
- RESERVED
+CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director could al ...)
+ TODO: check
CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...)
NOT-FOR-US: Cisco
CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...)
@@ -40263,24 +40345,24 @@ CVE-2022-20676 (A vulnerability in the Tool Command Language (Tcl) interpreter o
NOT-FOR-US: Cisco
CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security Appliance ...)
NOT-FOR-US: Cisco
-CVE-2022-20674
- RESERVED
-CVE-2022-20673
- RESERVED
-CVE-2022-20672
- RESERVED
-CVE-2022-20671
- RESERVED
-CVE-2022-20670
- RESERVED
-CVE-2022-20669
- RESERVED
-CVE-2022-20668
- RESERVED
-CVE-2022-20667
- RESERVED
-CVE-2022-20666
- RESERVED
+CVE-2022-20674 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20673 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20672 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20671 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20670 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20669 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20668 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20667 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...)
NOT-FOR-US: Cisco
CVE-2022-20664
@@ -80835,10 +80917,10 @@ CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted se
NOT-FOR-US: HCL
CVE-2021-27782
RESERVED
-CVE-2021-27781
- RESERVED
-CVE-2021-27780
- RESERVED
+CVE-2021-27781 (The Master operator may be able to embed script tag in HTML with alert ...)
+ TODO: check
+CVE-2021-27780 (The software may be vulnerable to both Un-Auth XML interaction and una ...)
+ TODO: check
CVE-2021-27779 (VersionVault Express exposes sensitive information that an attacker ca ...)
NOT-FOR-US: HCL
CVE-2021-27778
@@ -201240,6 +201322,7 @@ CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplic
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...)
+ {DLA-3030-1}
- zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556)
[buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1
[jessie] - zipios++ <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9901a0299747c0d6d5b5179857bd364890288f80
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9901a0299747c0d6d5b5179857bd364890288f80
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220527/866e6d2b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list