[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6fd877c3 by security tracker role at 2022-03-25T08:10:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2022-27494
+       RESERVED
+CVE-2022-26423
+       RESERVED
+CVE-2022-1071
+       RESERVED
+CVE-2022-1070
+       RESERVED
+CVE-2022-1069
+       RESERVED
+CVE-2022-1068
+       RESERVED
+CVE-2022-1067
+       RESERVED
 CVE-2022-27863
        RESERVED
 CVE-2022-27862
@@ -3968,8 +3982,8 @@ CVE-2022-26306
        RESERVED
 CVE-2022-26305
        RESERVED
-CVE-2022-26301
-       RESERVED
+CVE-2022-26301 (TuziCMS v2.0.6 was discovered to contain a SQL injection 
vulnerability ...)
+       TODO: check
 CVE-2022-26300 (EOS v2.1.0 was discovered to contain a heap-buffer-overflow 
via the fu ...)
        NOT-FOR-US: EOS
 CVE-2022-26299
@@ -4012,8 +4026,8 @@ CVE-2022-26281
        RESERVED
 CVE-2022-26280
        RESERVED
-CVE-2022-26279
-       RESERVED
+CVE-2022-26279 (EyouCMS v1.5.5 was discovered to have no access control in the 
compone ...)
+       TODO: check
 CVE-2022-26278
        RESERVED
 CVE-2022-26277
@@ -4026,8 +4040,8 @@ CVE-2022-26274
        RESERVED
 CVE-2022-26273
        RESERVED
-CVE-2022-26272
-       RESERVED
+CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 
allows  ...)
+       TODO: check
 CVE-2022-26271
        RESERVED
 CVE-2022-26270
@@ -4072,8 +4086,8 @@ CVE-2022-26251
        RESERVED
 CVE-2022-26250
        RESERVED
-CVE-2022-26249
-       RESERVED
+CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when 
exporting excel  ...)
+       TODO: check
 CVE-2022-26248
        RESERVED
 CVE-2022-26247 (TMS v2.28.0 contains an insecure permissions vulnerability via 
the com ...)
@@ -5876,18 +5890,18 @@ CVE-2022-25578 (taocms v3.0.2 allows attackers to 
execute code injection via arb
        NOT-FOR-US: taocms
 CVE-2022-25577
        RESERVED
-CVE-2022-25576
-       RESERVED
-CVE-2022-25575
-       RESERVED
+CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site 
Request Forg ...)
+       TODO: check
+CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking 
Managem ...)
+       TODO: check
 CVE-2022-25574
        RESERVED
 CVE-2022-25573
        RESERVED
 CVE-2022-25572
        RESERVED
-CVE-2022-25571
-       RESERVED
+CVE-2022-25571 (Bluedon Information Security Technologies Co.,Ltd Internet 
Access Dete ...)
+       TODO: check
 CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with 
access to ...)
        NOT-FOR-US: Passwordstate
 CVE-2022-25569
@@ -8061,10 +8075,10 @@ CVE-2022-24784
        RESERVED
 CVE-2022-24783
        RESERVED
-CVE-2022-24782
-       RESERVED
-CVE-2022-24781
-       RESERVED
+CVE-2022-24782 (Discourse is an open source discussion platform. Versions 
2.8.2 and pr ...)
+       TODO: check
+CVE-2022-24781 (Geon is a board game based on solving questions about the 
Pythagorean  ...)
+       TODO: check
 CVE-2022-24780
        RESERVED
 CVE-2022-24779
@@ -8073,8 +8087,8 @@ CVE-2022-24778
        RESERVED
 CVE-2022-24777
        RESERVED
-CVE-2022-24776
-       RESERVED
+CVE-2022-24776 (Flask-AppBuilder is an application development framework, 
built on top ...)
+       TODO: check
 CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions 
prior to 1.8 ...)
        - php-guzzlehttp-psr7 <unfixed> (bug #1008236)
        NOTE: 
https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96
@@ -8100,8 +8114,7 @@ CVE-2022-24771 (Forge (also called `node-forge`) is a 
native implementation of T
        NOTE: 
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
 (v1.3.0)
 CVE-2022-24770 (`gradio` is an open source framework for building interactive 
machine  ...)
        TODO: check
-CVE-2022-24769
-       RESERVED
+CVE-2022-24769 (Moby is an open-source project created by Docker to enable and 
acceler ...)
        - containerd 1.6.2~ds1-1
        [bullseye] - containerd <no-dsa> (Minor issue)
        NOTE: 
https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
@@ -15712,10 +15725,10 @@ CVE-2022-22690 (Within the Umbraco CMS, a 
configuration element named "UmbracoAp
        NOT-FOR-US: Umbraco CMS
 CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 
14.0.0, an ...)
        NOT-FOR-US: CA Harvest Software Change Manager
-CVE-2022-22688
-       RESERVED
-CVE-2022-22687
-       RESERVED
+CVE-2022-22688 (Improper neutralization of special elements used in a command 
('Comman ...)
+       TODO: check
+CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer 
Overflow') ...)
+       TODO: check
 CVE-2022-22686
        RESERVED
 CVE-2022-22685



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fd877c3f64d157a75daef9a6a7b61dd654690ee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fd877c3f64d157a75daef9a6a7b61dd654690ee
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits