[Git][security-tracker-team/security-tracker][master] automatic update

Sat May 28 09:10:28 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0850d5ab by security tracker role at 2022-05-28T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-31793
+	RESERVED
+CVE-2022-31792
+	RESERVED
+CVE-2022-31791
+	RESERVED
+CVE-2022-31790
+	RESERVED
+CVE-2022-31789
+	RESERVED
+CVE-2022-31788
+	RESERVED
+CVE-2022-31787
+	RESERVED
+CVE-2022-31786
+	RESERVED
+CVE-2022-31785
+	RESERVED
+CVE-2022-31784
+	RESERVED
+CVE-2022-31783 (Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTr ...)
+	TODO: check
+CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...)
+	TODO: check
+CVE-2022-31781
+	RESERVED
 CVE-2022-31780
 	RESERVED
 CVE-2022-31779
@@ -3537,8 +3563,8 @@ CVE-2022-1625
 	RESERVED
 CVE-2022-1624
 	RESERVED
-CVE-2022-30521
-	RESERVED
+CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer Overfl ...)
+	TODO: check
 CVE-2022-30520
 	RESERVED
 CVE-2022-30519
@@ -3587,8 +3613,8 @@ CVE-2022-30498
 	RESERVED
 CVE-2022-30497
 	RESERVED
-CVE-2022-30496
-	RESERVED
+CVE-2022-30496 (SQL injection in Logon Page of IDCE MV's application, version 1.0, all ...)
+	TODO: check
 CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name id param ...)
 	NOT-FOR-US: oretnom23 Automotive Shop Management System
 CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first and las ...)
@@ -4143,7 +4169,7 @@ CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-
 	TODO: check
 CVE-2022-30285
 	RESERVED
-CVE-2022-30284 (In the python-libnmap package through 0.7.2 for Python, remote command ...)
+CVE-2022-30284 (** DISPUTED ** In the python-libnmap package through 0.7.2 for Python, ...)
 	- python-libnmap <unfixed>
 	[bullseye] - python-libnmap <no-dsa> (Minor issue)
 	[buster] - python-libnmap <no-dsa> (Minor issue)
@@ -5907,14 +5933,14 @@ CVE-2022-29697
 	RESERVED
 CVE-2022-29696
 	RESERVED
-CVE-2022-29695
-	RESERVED
-CVE-2022-29694
-	RESERVED
-CVE-2022-29693
-	RESERVED
-CVE-2022-29692
-	RESERVED
+CVE-2022-29695 (Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplet ...)
+	TODO: check
+CVE-2022-29694 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL p ...)
+	TODO: check
+CVE-2022-29693 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory ...)
+	TODO: check
+CVE-2022-29692 (Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulne ...)
+	TODO: check
 CVE-2022-29691
 	RESERVED
 CVE-2022-29690
@@ -6041,10 +6067,10 @@ CVE-2022-29630
 	RESERVED
 CVE-2022-29629
 	RESERVED
-CVE-2022-29628
-	RESERVED
-CVE-2022-29627
-	RESERVED
+CVE-2022-29628 (A cross-site scripting (XSS) vulnerability in /omps/seller of Online M ...)
+	TODO: check
+CVE-2022-29627 (An insecure direct object reference (IDOR) in Online Market Place Site ...)
+	TODO: check
 CVE-2022-29626
 	RESERVED
 CVE-2022-29625
@@ -16522,8 +16548,8 @@ CVE-2022-25881
 	RESERVED
 CVE-2022-25879
 	RESERVED
-CVE-2022-25878
-	RESERVED
+CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to Prototype Pollu ...)
+	TODO: check
 CVE-2022-25877
 	RESERVED
 CVE-2022-25876
@@ -20599,8 +20625,8 @@ CVE-2022-24583
 	RESERVED
 CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijac ...)
 	NOT-FOR-US: Accounting Journal Management
-CVE-2022-24581
-	RESERVED
+CVE-2022-24581 (ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture v ...)
+	TODO: check
 CVE-2022-24580
 	RESERVED
 CVE-2022-24579
@@ -21738,14 +21764,14 @@ CVE-2022-24243
 	RESERVED
 CVE-2022-24242
 	RESERVED
-CVE-2022-24241
-	RESERVED
-CVE-2022-24240
-	RESERVED
-CVE-2022-24239
-	RESERVED
-CVE-2022-24238
-	RESERVED
+CVE-2022-24241 (ACEweb Online Portal 3.5.065 was discovered to contain an External Con ...)
+	TODO: check
+CVE-2022-24240 (ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection ...)
+	TODO: check
+CVE-2022-24239 (ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted ...)
+	TODO: check
+CVE-2022-24238 (ACEweb Online Portal 3.5.065 was discovered to contain a cross-site sc ...)
+	TODO: check
 CVE-2022-24237 (The snaptPowered2 component of Snapt Aria v12.8 was discovered to cont ...)
 	NOT-FOR-US: Snapt Aria
 CVE-2022-24236 (An insecure permissions vulnerability in Snapt Aria v12.8 allows unaut ...)
@@ -41835,7 +41861,7 @@ CVE-2021-3894 [sctp: local DoS: unprivileged user can cause BUG()]
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014970
 CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
-	{DSA-5023-1}
+	{DSA-5023-1 DLA-3031-1}
 	- modsecurity 3.0.6-1
 	[bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
 	[buster] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0850d5ab57ef7eb5e383a290190ff21979d88bb5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0850d5ab57ef7eb5e383a290190ff21979d88bb5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220528/3f1b8aa0/attachment.htm>
