Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11016e05 by security tracker role at 2022-05-01T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-1544 (Formula Injection/CSV Injection due to Improper Neutralization
of Form ...)
+ TODO: check
CVE-2022-29967 (static_compressed_inmemory_website_callback.c in Glewlwyd
through 2.6. ...)
- glewlwyd <unfixed>
NOTE:
https://github.com/babelouest/glewlwyd/commit/e3f7245c33897bf9b3a75acfcdb8b7b93974bf11
@@ -4039,8 +4041,8 @@ CVE-2022-28483
RESERVED
CVE-2022-28482
RESERVED
-CVE-2022-28481
- RESERVED
+CVE-2022-28481 (CSV-Safe gem < 3.0.0 doesn't filter out special characters
which co ...)
+ TODO: check
CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via
MediaServer.ex ...)
NOT-FOR-US: ALLMediaServer
CVE-2022-28479
@@ -10909,8 +10911,8 @@ CVE-2022-0759 (A flaw was found in all versions of
kubeclient up to (but not inc
NOTE: https://github.com/ManageIQ/kubeclient/pull/556
CVE-2022-26085
RESERVED
-CVE-2022-26068
- RESERVED
+CVE-2022-26068 (This affects the package pistacheio/pistache before
0.0.3.20220425. It ...)
+ TODO: check
CVE-2022-26066
RESERVED
CVE-2022-26063
@@ -11195,8 +11197,8 @@ CVE-2022-25852
RESERVED
CVE-2022-25851
RESERVED
-CVE-2022-25850
- RESERVED
+CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are
vulnera ...)
+ TODO: check
CVE-2022-25849
RESERVED
CVE-2022-25848
@@ -11207,18 +11209,18 @@ CVE-2022-25846
RESERVED
CVE-2022-25845
RESERVED
-CVE-2022-25844
- RESERVED
+CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular
Expression D ...)
+ TODO: check
CVE-2022-25843
RESERVED
-CVE-2022-25842
- RESERVED
+CVE-2022-25842 (All versions of package
com.alibaba.oneagent:one-java-agent-plugin are ...)
+ TODO: check
CVE-2022-25840
RESERVED
CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper
Input Valid ...)
NOT-FOR-US: Node url-js
-CVE-2022-25767
- RESERVED
+CVE-2022-25767 (All versions of package com.bstek.ureport:ureport2-console are
vulnera ...)
+ TODO: check
CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code
Executio ...)
NOT-FOR-US: NodeJS ungit
CVE-2022-25765
@@ -11238,12 +11240,12 @@ CVE-2022-25648 (The package git before 1.11.0 are
vulnerable to Command Injectio
NOTE: https://github.com/ruby-git/ruby-git/pull/569
NOTE: Fixed by:
https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159
(v1.11.0)
NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270
-CVE-2022-25647
- RESERVED
+CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are
vulnerable to D ...)
+ TODO: check
CVE-2022-25646
RESERVED
-CVE-2022-25645
- RESERVED
+CVE-2022-25645 (All versions of package dset are vulnerable to Prototype
Pollution via ...)
+ TODO: check
CVE-2022-25644
RESERVED
CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype
Pollution ...)
@@ -11256,8 +11258,8 @@ CVE-2022-25351
RESERVED
CVE-2022-25350
RESERVED
-CVE-2022-25349
- RESERVED
+CVE-2022-25349 (All versions of package materialize-css are vulnerable to
Cross-site S ...)
+ TODO: check
CVE-2022-25346
RESERVED
CVE-2022-25345
@@ -11270,8 +11272,8 @@ CVE-2022-25303
RESERVED
CVE-2022-25302
RESERVED
-CVE-2022-25301
- RESERVED
+CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable
to Protot ...)
+ TODO: check
CVE-2022-25300
RESERVED
CVE-2022-25233
@@ -11296,8 +11298,8 @@ CVE-2022-24439
RESERVED
CVE-2022-24438
RESERVED
-CVE-2022-24437
- RESERVED
+CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to
Command I ...)
+ TODO: check
CVE-2022-24434
RESERVED
CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command
Injectio ...)
@@ -11330,8 +11332,8 @@ CVE-2022-24066 (The package simple-git before 3.5.0 are
vulnerable to Command In
NOT-FOR-US: simple-git
CVE-2022-24065
RESERVED
-CVE-2022-23923
- RESERVED
+CVE-2022-23923 (All versions of package jailed are vulnerable to Sandbox
Bypass via an ...)
+ TODO: check
CVE-2022-23920
RESERVED
CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to
Remote ...)
@@ -11342,8 +11344,8 @@ CVE-2022-23811
RESERVED
CVE-2022-22984
RESERVED
-CVE-2022-22143
- RESERVED
+CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype
Pollution ...)
+ TODO: check
CVE-2022-22138
RESERVED
CVE-2022-21811
@@ -11362,10 +11364,9 @@ CVE-2022-21232
RESERVED
CVE-2022-21231
RESERVED
-CVE-2022-21230
- RESERVED
-CVE-2022-21227 [Denial-of-Service due to fatal error when binding invalid
parameters]
- RESERVED
+CVE-2022-21230 (This affects all versions of package org.nanohttpd:nanohttpd.
Whenever ...)
+ TODO: check
+CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of
Service ( ...)
- node-sqlite3 5.0.6+ds1-1
[bullseye] - node-sqlite3 <no-dsa> (Minor issue)
[buster] - node-sqlite3 <no-dsa> (minor issue)
@@ -11393,24 +11394,24 @@ CVE-2022-21191
RESERVED
CVE-2022-21190
RESERVED
-CVE-2022-21189
- RESERVED
+CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before
4.0.0-al ...)
+ TODO: check
CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command
Injection v ...)
NOT-FOR-US: libvcs
CVE-2022-21186
RESERVED
CVE-2022-21169
RESERVED
-CVE-2022-21167
- RESERVED
+CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to
Arbitrary ...)
+ TODO: check
CVE-2022-21165
RESERVED
CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of
Service ...)
NOT-FOR-US: Node lmdb
-CVE-2022-21149
- RESERVED
-CVE-2022-21144
- RESERVED
+CVE-2022-21149 (The package s-cart/s-cart before 6.9; the package s-cart/core
before 6 ...)
+ TODO: check
+CVE-2022-21144 (This affects all versions of package libxmljs. When invoking
the libxm ...)
+ TODO: check
CVE-2022-21129
RESERVED
CVE-2022-21126
@@ -20673,10 +20674,10 @@ CVE-2022-23063
RESERVED
CVE-2022-23062
RESERVED
-CVE-2022-23061
- RESERVED
-CVE-2022-23060
- RESERVED
+CVE-2022-23061 (In Shopizer versions 2.0 to 2.17.0 a regular admin can
permanently del ...)
+ TODO: check
+CVE-2022-23060 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Shopizer v ...)
+ TODO: check
CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in
Shopizer v ...)
NOT-FOR-US: Shopizer
CVE-2022-23058
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11016e05a03fbce4dab85b2542c0164ed50e6c61
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11016e05a03fbce4dab85b2542c0164ed50e6c61
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
