Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfa184c7 by security tracker role at 2022-05-13T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,167 @@
+CVE-2022-30689
+ RESERVED
+CVE-2022-30688
+ RESERVED
+CVE-2022-30687
+ RESERVED
+CVE-2022-30686
+ RESERVED
+CVE-2022-30685
+ RESERVED
+CVE-2022-30684
+ RESERVED
+CVE-2022-30683
+ RESERVED
+CVE-2022-30682
+ RESERVED
+CVE-2022-30681
+ RESERVED
+CVE-2022-30680
+ RESERVED
+CVE-2022-30679
+ RESERVED
+CVE-2022-30678
+ RESERVED
+CVE-2022-30677
+ RESERVED
+CVE-2022-30676
+ RESERVED
+CVE-2022-30675
+ RESERVED
+CVE-2022-30674
+ RESERVED
+CVE-2022-30673
+ RESERVED
+CVE-2022-30672
+ RESERVED
+CVE-2022-30671
+ RESERVED
+CVE-2022-30670
+ RESERVED
+CVE-2022-30669
+ RESERVED
+CVE-2022-30668
+ RESERVED
+CVE-2022-30667
+ RESERVED
+CVE-2022-30666
+ RESERVED
+CVE-2022-30665
+ RESERVED
+CVE-2022-30664
+ RESERVED
+CVE-2022-30663
+ RESERVED
+CVE-2022-30662
+ RESERVED
+CVE-2022-30661
+ RESERVED
+CVE-2022-30660
+ RESERVED
+CVE-2022-30659
+ RESERVED
+CVE-2022-30658
+ RESERVED
+CVE-2022-30657
+ RESERVED
+CVE-2022-30656
+ RESERVED
+CVE-2022-30655
+ RESERVED
+CVE-2022-30654
+ RESERVED
+CVE-2022-30653
+ RESERVED
+CVE-2022-30652
+ RESERVED
+CVE-2022-30651
+ RESERVED
+CVE-2022-30650
+ RESERVED
+CVE-2022-30649
+ RESERVED
+CVE-2022-30648
+ RESERVED
+CVE-2022-30647
+ RESERVED
+CVE-2022-30646
+ RESERVED
+CVE-2022-30645
+ RESERVED
+CVE-2022-30644
+ RESERVED
+CVE-2022-30643
+ RESERVED
+CVE-2022-30642
+ RESERVED
+CVE-2022-30641
+ RESERVED
+CVE-2022-30640
+ RESERVED
+CVE-2022-30639
+ RESERVED
+CVE-2022-30638
+ RESERVED
+CVE-2022-30637
+ RESERVED
+CVE-2022-30636
+ RESERVED
+CVE-2022-30635
+ RESERVED
+CVE-2022-30634
+ RESERVED
+CVE-2022-30633
+ RESERVED
+CVE-2022-30632
+ RESERVED
+CVE-2022-30631
+ RESERVED
+CVE-2022-30630
+ RESERVED
+CVE-2022-30629
+ RESERVED
+CVE-2022-30628
+ RESERVED
+CVE-2022-30627
+ RESERVED
+CVE-2022-30626
+ RESERVED
+CVE-2022-30625
+ RESERVED
+CVE-2022-30624
+ RESERVED
+CVE-2022-30623
+ RESERVED
+CVE-2022-30622
+ RESERVED
+CVE-2022-30621
+ RESERVED
+CVE-2022-30620
+ RESERVED
+CVE-2022-30619
+ RESERVED
+CVE-2022-30618
+ RESERVED
+CVE-2022-30617
+ RESERVED
+CVE-2022-29525
+ RESERVED
+CVE-2022-28704
+ RESERVED
+CVE-2022-26834
+ RESERVED
+CVE-2022-1705
+ RESERVED
+CVE-2022-1704
+ RESERVED
+CVE-2022-1703
+ RESERVED
+CVE-2022-1702
+ RESERVED
+CVE-2022-1701
+ RESERVED
+CVE-2022-1700
+ RESERVED
CVE-2022-30616
RESERVED
CVE-2022-30615
@@ -4033,8 +4197,8 @@ CVE-2022-29220
RESERVED
CVE-2022-29219
RESERVED
-CVE-2022-29218
- RESERVED
+CVE-2022-29218 (RubyGems is a package registry used to supply software for the
Ruby la ...)
+ TODO: check
CVE-2022-29217
RESERVED
CVE-2022-29216
@@ -10058,8 +10222,8 @@ CVE-2022-27136
CVE-2022-27135 (xpdf 4.03 has heap buffer overflow in the function
readXRefTable locat ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232
-CVE-2022-27134
- RESERVED
+CVE-2022-27134 (EOSIO batdappboomx v327c04cf has an Access-control
vulnerability in th ...)
+ TODO: check
CVE-2022-27133 (zbzcms v1.0 was discovered to contain an arbitrary file
deletion vulne ...)
NOT-FOR-US: zbzcms
CVE-2022-27132
@@ -16555,6 +16719,7 @@ CVE-2022-24763 (PJSIP is a free and open source
multimedia communication library
CVE-2022-24762 (sysend.js is a library that allows a user to send messages
between pag ...)
NOT-FOR-US: sysend.js
CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2
and 3. ...)
+ {DLA-3000-1}
- waitress 2.1.1-1 (bug #1008013)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
NOTE:
https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0
(v2.1.1)
@@ -20459,8 +20624,8 @@ CVE-2022-23744
RESERVED
CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a
local act ...)
TODO: check
-CVE-2022-23742
- RESERVED
+CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions
earlier than ...)
+ TODO: check
CVE-2022-23741
RESERVED
CVE-2022-23740
@@ -22428,10 +22593,10 @@ CVE-2022-23168
RESERVED
CVE-2022-23167
RESERVED
-CVE-2022-23166
- RESERVED
-CVE-2022-23165
- RESERVED
+CVE-2022-23166 (Sysaid – Sysaid Local File Inclusion (LFI) – An
unauthenti ...)
+ TODO: check
+CVE-2022-23165 (Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting
(XSS) - Th ...)
+ TODO: check
CVE-2022-23164
RESERVED
CVE-2022-23163 (Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x
contain a ...)
@@ -22482,8 +22647,8 @@ CVE-2022-23141
RESERVED
CVE-2022-23140
RESERVED
-CVE-2022-23139
- RESERVED
+CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control
vulnerabil ...)
+ TODO: check
CVE-2022-23138
RESERVED
CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The
attacker c ...)
@@ -22965,10 +23130,10 @@ CVE-2022-22973
RESERVED
CVE-2022-22972
RESERVED
-CVE-2022-22971
- RESERVED
-CVE-2022-22970
- RESERVED
+CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and
old unsupp ...)
+ TODO: check
+CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and
old unsupp ...)
+ TODO: check
CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x
prior t ...)
NOT-FOR-US: spring-security-oauth
CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20,
and older ...)
@@ -23755,12 +23920,12 @@ CVE-2022-22800
RESERVED
CVE-2022-22799
RESERVED
-CVE-2022-22798
- RESERVED
-CVE-2022-22797
- RESERVED
-CVE-2022-22796
- RESERVED
+CVE-2022-22798 (Sysaid – Pro Plus Edition, SysAid Help Desk Broken
Access Contro ...)
+ TODO: check
+CVE-2022-22797 (Sysaid – sysaid Open Redirect - An Attacker can change
the redir ...)
+ TODO: check
+CVE-2022-22796 (Sysaid – Sysaid System Takeover - An attacker can bypass
the aut ...)
+ TODO: check
CVE-2022-22795 (Signiant - Manager+Agents XML External Entity (XXE) - Extract
internal ...)
NOT-FOR-US: Signiant Manager+Agents
CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection.
Attacker c ...)
@@ -46608,13 +46773,13 @@ CVE-2021-39913 (Accidental logging of system root
password in the migration log
- gitlab <unfixed>
CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE
starting ...)
- gitlab <unfixed>
-CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version
13.9 exp ...)
+CVE-2021-39911 (An improper access control flaw in all versions of GitLab
CE/EE starti ...)
- gitlab <unfixed>
CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS
feature ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2021-39908 (In all versions of GitLab CE/EE, certain Unicode characters
can be abu ...)
+CVE-2021-39908 (In all versions of GitLab CE/EE starting from 0.8.0 before
14.2.6, all ...)
- gitlab <unfixed>
CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE
starting ...)
- gitlab <unfixed>
@@ -46662,11 +46827,11 @@ CVE-2021-39887 (A stored Cross-Site Scripting
vulnerability in the GitLab Flavor
- gitlab <unfixed>
CVE-2021-39886 (Permissions rules were not applied while issues were moved
between pro ...)
- gitlab <unfixed>
-CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE
version 13.5 ...)
+CVE-2021-39885 (A Stored XSS in merge request creation page in all versions of
Gitlab ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint
discloses ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
-CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows
subgroup ...)
+CVE-2021-39883 (Improper authorization checks in all versions of GitLab EE
starting fr ...)
- gitlab <not-affected> (Specific to Enterprise Edition)
CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous
users c ...)
- gitlab <unfixed>
@@ -77410,26 +77575,26 @@ CVE-2021-27779
RESERVED
CVE-2021-27778
RESERVED
-CVE-2021-27777
- RESERVED
+CVE-2021-27777 (XML External Entity (XXE) injection vulnerabilities occur when
poorly ...)
+ TODO: check
CVE-2021-27776
RESERVED
CVE-2021-27775
RESERVED
CVE-2021-27774
RESERVED
-CVE-2021-27773
- RESERVED
-CVE-2021-27772
- RESERVED
-CVE-2021-27771
- RESERVED
-CVE-2021-27770
- RESERVED
-CVE-2021-27769
- RESERVED
-CVE-2021-27768
- RESERVED
+CVE-2021-27773 (This vulnerability allows users to execute a clickjacking
attack in th ...)
+ TODO: check
+CVE-2021-27772 (Users are able to read group conversations without actively
taking par ...)
+ TODO: check
+CVE-2021-27771 (User SID can be modified resulting in an Arbitrary File Upload
or dele ...)
+ TODO: check
+CVE-2021-27770 (The vulnerability was discovered within the
“FaviconService̶ ...)
+ TODO: check
+CVE-2021-27769 (Information leakage occurs when a website reveals information
that cou ...)
+ TODO: check
+CVE-2021-27768 (Using the ability to perform a Man-in-the-Middle (MITM)
attack, which ...)
+ TODO: check
CVE-2021-27767 (The BigFix Console installer is created with InstallShield,
which was ...)
NOT-FOR-US: HCL
CVE-2021-27766 (The BigFix Client installer is created with InstallShield,
which was a ...)
@@ -78022,12 +78187,12 @@ CVE-2021-27502
RESERVED
CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow
certain c ...)
NOT-FOR-US: Philips Vue PACS
-CVE-2021-27500
- RESERVED
+CVE-2021-27500 (A specifically crafted packet sent by an attacker to
EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed
mylife Cloud: ...)
NOT-FOR-US: Ypsomed
-CVE-2021-27498
- RESERVED
+CVE-2021-27498 (A specifically crafted packet sent by an attacker to
EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27497 (Philips Vue PACS versions 12.2.x.x and prior does not use or
incorrect ...)
NOT-FOR-US: Philips Vue PACS
CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead,
Step3dRead, ...)
@@ -78058,16 +78223,16 @@ CVE-2021-27484
RESERVED
CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected
products con ...)
NOT-FOR-US: ZOLL Defibrillator Dashboard
-CVE-2021-27482
- RESERVED
+CVE-2021-27482 (A specifically crafted packet sent by an attacker to
EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected
products ut ...)
NOT-FOR-US: ZOLL Defibrillator Dashboard
CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are
vulnera ...)
NOT-FOR-US: Delta Industrial Automation COMMGR
CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected
product̵ ...)
NOT-FOR-US: ZOLL Defibrillator Dashboard
-CVE-2021-27478
- RESERVED
+CVE-2021-27478 (A specifically crafted packet sent by an attacker to
EIPStackGroup OpE ...)
+ TODO: check
CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU,
2PORT-EFR, Plus ...)
NOT-FOR-US: JTEKT
CVE-2021-27476 (A vulnerability exists in the SaveConfigFile function of the
RACompare ...)
@@ -90661,7 +90826,7 @@ CVE-2021-22264 (An issue has been discovered in GitLab
affecting all versions st
- gitlab <unfixed>
CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
-CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with
Jira Clo ...)
+CVE-2021-22262 (Missing access control in all GitLab versions starting from
13.12 befo ...)
- gitlab <unfixed>
CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira
integration in ...)
- gitlab <unfixed>
@@ -90738,7 +90903,7 @@ CVE-2021-22230 (Improper code rendering while rendering
merge requests could be
- gitlab <unfixed>
CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions.
Imprope ...)
+CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- gitlab <unfixed>
CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before
versions ...)
- gitlab <unfixed>
@@ -90763,9 +90928,9 @@ CVE-2021-22221 (An issue has been discovered in GitLab
affecting all versions st
- gitlab <unfixed>
CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab <unfixed>
-CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to
obtain ...)
+CVE-2021-22219 (All versions of GitLab CE/EE starting from 9.5 before 13.10.5,
all ver ...)
- gitlab <unfixed>
-CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected
by an is ...)
+CVE-2021-22218 (All versions of GitLab CE/EE starting from 12.8 before
13.10.5, all ve ...)
- gitlab <unfixed>
CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab
CE/EE befo ...)
- gitlab <unfixed>
@@ -120500,14 +120665,14 @@ CVE-2020-22989
RESERVED
CVE-2020-22988
RESERVED
-CVE-2020-22987
- RESERVED
-CVE-2020-22986
- RESERVED
-CVE-2020-22985
- RESERVED
-CVE-2020-22984
- RESERVED
+CVE-2020-22987 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web
SDK 10.1 ...)
+ TODO: check
+CVE-2020-22986 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web
SDK 10.1 ...)
+ TODO: check
+CVE-2020-22985 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web
SDK 10.1 ...)
+ TODO: check
+CVE-2020-22984 (Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web
SDK 10.1 ...)
+ TODO: check
CVE-2020-22983
RESERVED
CVE-2020-22982
@@ -186094,6 +186259,7 @@ CVE-2019-16794
CVE-2019-16793
RESERVED
CVE-2019-16792 (Waitress through version 1.3.1 allows request smuggling by
sending the ...)
+ {DLA-3000-1}
- waitress 1.4.1-1
[buster] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
@@ -186105,7 +186271,7 @@ CVE-2019-16791 (In postfix-mta-sts-resolver before
0.5.1, All users can receive
CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code
execution vi ...)
NOT-FOR-US: Tiny File Manager
CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used
in front ...)
- {DLA-2056-1}
+ {DLA-3000-1 DLA-2056-1}
- waitress 1.4.1-1 (bug #947433)
[buster] - waitress <no-dsa> (Minor issue)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
@@ -186113,12 +186279,14 @@ CVE-2019-16789 (In Waitress through version 1.4.0,
if a proxy server is used in
CVE-2019-16788
REJECTED
CVE-2019-16786 (Waitress through version 1.3.1 would parse the
Transfer-Encoding heade ...)
+ {DLA-3000-1}
- waitress 1.4.1-1 (bug #947306)
[buster] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
NOTE:
https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3
CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the
RFC7230 ...)
+ {DLA-3000-1}
- waitress 1.4.1-1 (bug #947306)
[buster] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa184c7a5a5c6cee1b7b3882dd992887516f17f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfa184c7a5a5c6cee1b7b3882dd992887516f17f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
