Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4faa346b by security tracker role at 2022-06-02T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2022-32230
+ RESERVED
+CVE-2022-32229
+ RESERVED
+CVE-2022-32228
+ RESERVED
+CVE-2022-32227
+ RESERVED
+CVE-2022-32226
+ RESERVED
+CVE-2022-32225
+ RESERVED
+CVE-2022-32224
+ RESERVED
+CVE-2022-32223
+ RESERVED
+CVE-2022-32222
+ RESERVED
+CVE-2022-32221
+ RESERVED
+CVE-2022-32220
+ RESERVED
+CVE-2022-32219
+ RESERVED
+CVE-2022-32218
+ RESERVED
+CVE-2022-32217
+ RESERVED
+CVE-2022-32216
+ RESERVED
+CVE-2022-32215
+ RESERVED
+CVE-2022-32214
+ RESERVED
+CVE-2022-32213
+ RESERVED
+CVE-2022-32212
+ RESERVED
+CVE-2022-32211
+ RESERVED
+CVE-2022-32210
+ RESERVED
+CVE-2022-32209
+ RESERVED
+CVE-2022-32208
+ RESERVED
+CVE-2022-32207
+ RESERVED
+CVE-2022-32206
+ RESERVED
+CVE-2022-32205
+ RESERVED
+CVE-2022-31734
+ RESERVED
+CVE-2022-1976
+ RESERVED
+CVE-2022-1975
+ RESERVED
+CVE-2022-1974
+ RESERVED
+CVE-2022-1973
+ RESERVED
+CVE-2022-1972
+ RESERVED
CVE-2022-32204
RESERVED
CVE-2022-32203
@@ -503,44 +567,44 @@ CVE-2022-31986
RESERVED
CVE-2022-31985
RESERVED
-CVE-2022-31984
- RESERVED
-CVE-2022-31983
- RESERVED
-CVE-2022-31982
- RESERVED
-CVE-2022-31981
- RESERVED
-CVE-2022-31980
- RESERVED
+CVE-2022-31984 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31983 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31982 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31981 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31980 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
CVE-2022-31979
RESERVED
-CVE-2022-31978
- RESERVED
-CVE-2022-31977
- RESERVED
-CVE-2022-31976
- RESERVED
-CVE-2022-31975
- RESERVED
-CVE-2022-31974
- RESERVED
-CVE-2022-31973
- RESERVED
+CVE-2022-31978 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31977 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31976 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31975 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31974 (Online Fire Reporting System v1.0 is vulnerable to SQL
Injection via / ...)
+ TODO: check
+CVE-2022-31973 (Online Fire Reporting System v1.0 is vulnerable to Delete any
file via ...)
+ TODO: check
CVE-2022-31972
RESERVED
-CVE-2022-31971
- RESERVED
-CVE-2022-31970
- RESERVED
-CVE-2022-31969
- RESERVED
+CVE-2022-31971 (ChatBot App with Suggestion v1.0 is vulnerable to SQL
Injection via /s ...)
+ TODO: check
+CVE-2022-31970 (ChatBot App with Suggestion v1.0 is vulnerable to SQL
Injection via /s ...)
+ TODO: check
+CVE-2022-31969 (ChatBot App with Suggestion v1.0 is vulnerable to SQL
Injection via /s ...)
+ TODO: check
CVE-2022-31968
RESERVED
CVE-2022-31967
RESERVED
-CVE-2022-31966
- RESERVED
+CVE-2022-31966 (ChatBot App with Suggestion v1.0 is vulnerable to Delete any
file via ...)
+ TODO: check
CVE-2022-31965 (Rescue Dispatch Management System v1.0 is vulnerable to SQL
Injection ...)
NOT-FOR-US: Rescue Dispatch Management System
CVE-2022-31964 (Rescue Dispatch Management System v1.0 is vulnerable to SQL
Injection ...)
@@ -966,8 +1030,8 @@ CVE-2022-1931 (Incorrect Synchronization in GitHub
repository polonel/trudesk pr
NOT-FOR-US: Trudesk
CVE-2022-1930
RESERVED
-CVE-2022-1929
- RESERVED
+CVE-2022-1929 (An exponential ReDoS (Regular Expression Denial of Service) can
be tri ...)
+ TODO: check
CVE-2022-1928 (Cross-site Scripting (XSS) - Stored in GitHub repository
go-gitea/gite ...)
- gitea <removed>
CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
@@ -2072,9 +2136,9 @@ CVE-2022-31469
RESERVED
CVE-2022-31468
RESERVED
-CVE-2022-31467 (Quick Heal Total Security before 12.1.1.27 allows DLL
hijacking during ...)
+CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal
Total Se ...)
NOT-FOR-US: Quick Heal Total Security
-CVE-2022-31466 (Quick Heal Total Security before 12.1.1.27 has a TOCTOU race
condition ...)
+CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick
Heal Total ...)
NOT-FOR-US: Quick Heal Total Security
CVE-2022-31465
RESERVED
@@ -3071,8 +3135,8 @@ CVE-2022-31024
RESERVED
CVE-2022-31023
RESERVED
-CVE-2022-31022
- RESERVED
+CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP
utilities ...)
+ TODO: check
CVE-2022-31021
RESERVED
CVE-2022-31020
@@ -3126,8 +3190,8 @@ CVE-2022-31001 (Sofia-SIP is an open-source Session
Initiation Protocol (SIP) Us
- sofia-sip <unfixed>
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
NOTE:
https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36
(v1.13.8)
-CVE-2022-31000
- RESERVED
+CVE-2022-31000 (solidus_backend is the admin interface for the Solidus
e-commerce fram ...)
+ TODO: check
CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file
uploads ...)
TODO: check
CVE-2022-30996
@@ -5266,8 +5330,8 @@ CVE-2022-30279 (An issue was discovered in Stormshield
Network Security (SNS) 4.
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2022-30278 (A vulnerability in Black Duck Hub’s embedded MadCap
Flare docume ...)
NOT-FOR-US: Black Duck Hub
-CVE-2022-30277
- RESERVED
+CVE-2022-30277 (BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain
an insu ...)
+ TODO: check
CVE-2022-30276
RESERVED
CVE-2022-30275
@@ -5525,8 +5589,8 @@ CVE-2022-30192
RESERVED
CVE-2022-30191
RESERVED
-CVE-2022-30190
- RESERVED
+CVE-2022-30190 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code
Execution ...)
+ TODO: check
CVE-2022-30189
RESERVED
CVE-2022-30188
@@ -5649,10 +5713,10 @@ CVE-2022-30130 (.NET Framework Denial of Service
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-30128
- RESERVED
-CVE-2022-30127
- RESERVED
+CVE-2022-30128 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
+CVE-2022-30127 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
+ TODO: check
CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called
wp-js.php with ...)
NOT-FOR-US: WP-JS plugin for WordPress
CVE-2022-1566 (The Quotes llama WordPress plugin through 0.7 does not sanitise
and es ...)
@@ -5718,8 +5782,7 @@ CVE-2022-30117
RESERVED
CVE-2022-30116
RESERVED
-CVE-2022-30115 [curl: HSTS bypass via trailing dot]
- RESERVED
+CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS
directly i ...)
- curl 7.83.1-1
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
[buster] - curl <not-affected> (Vulnerable code introduced later)
@@ -7085,8 +7148,8 @@ CVE-2022-29661 (CSCMS Music Portal System v4.2 was
discovered to contain a blind
NOT-FOR-US: CSCMS Music Portal System
CVE-2022-29660 (CSCMS Music Portal System v4.2 was discovered to contain a SQL
injecti ...)
NOT-FOR-US: CSCMS Music Portal System
-CVE-2022-29659
- RESERVED
+CVE-2022-29659 (Responsive Online Blog v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
CVE-2022-29658
RESERVED
CVE-2022-29657
@@ -8307,16 +8370,16 @@ CVE-2022-29238
RESERVED
CVE-2022-29237 (Opencast is a free and open source solution for automated
video captur ...)
NOT-FOR-US: Opencast
-CVE-2022-29236
- RESERVED
-CVE-2022-29235
- RESERVED
-CVE-2022-29234
- RESERVED
-CVE-2022-29233
- RESERVED
-CVE-2022-29232
- RESERVED
+CVE-2022-29236 (BigBlueButton is an open source web conferencing system.
Starting in v ...)
+ TODO: check
+CVE-2022-29235 (BigBlueButton is an open source web conferencing system.
Starting in v ...)
+ TODO: check
+CVE-2022-29234 (BigBlueButton is an open source web conferencing system.
Starting in v ...)
+ TODO: check
+CVE-2022-29233 (BigBlueButton is an open source web conferencing system. In
BigBlueBut ...)
+ TODO: check
+CVE-2022-29232 (BigBlueButton is an open source web conferencing system.
Starting with ...)
+ TODO: check
CVE-2022-29231
RESERVED
CVE-2022-29230 (Hydrogen is a React-based framework for building dynamic,
Shopify-powe ...)
@@ -8467,8 +8530,8 @@ CVE-2022-29171 (Sourcegraph is a fast and featureful code
search and navigation
NOT-FOR-US: Sourcegraph
CVE-2022-29170 (Grafana is an open-source platform for monitoring and
observability. I ...)
- grafana <not-affected> (Specific to Grafana Enterprise)
-CVE-2022-29169
- RESERVED
+CVE-2022-29169 (BigBlueButton is an open source web conferencing system.
Versions star ...)
+ TODO: check
CVE-2022-29168
RESERVED
CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for
making ...)
@@ -12585,22 +12648,19 @@ CVE-2022-26346
RESERVED
CVE-2022-1060
RESERVED
-CVE-2022-27782 [curl: TLS and SSH connection too eager reuse]
- RESERVED
+CVE-2022-27782 (libcurl would reuse a previously created connection even when
a TLS or ...)
- curl 7.83.1-1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/5
NOTE: https://curl.se/docs/CVE-2022-27782.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/f18af4f874cecab82a9797e8c7541e0990c7a64c
(curl-7_83_1)
NOTE: Fixed by:
https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5
(curl-7_83_1)
-CVE-2022-27781 [curl: CERTINFO never-ending busy-loop]
- RESERVED
+CVE-2022-27781 (libcurl provides the `CURLOPT_CERTINFO` option to allow
applications t ...)
- curl 7.83.1-1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/4
NOTE: https://curl.se/docs/CVE-2022-27781.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/f6c335d63f2da025a0a3efde1fe59e3bb7189b70
(curl-7_34_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/curl-7_83_1)
-CVE-2022-27780 [curl: percent-encoded path separator in URL host]
- RESERVED
+CVE-2022-27780 (The curl URL parser wrongly accepts percent-encoded URL
separators lik ...)
- curl 7.83.1-1
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
[buster] - curl <not-affected> (Vulnerable code introduced later)
@@ -12609,8 +12669,7 @@ CVE-2022-27780 [curl: percent-encoded path separator in
URL host]
NOTE: https://curl.se/docs/CVE-2022-27780.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/9a8564a920188e49d5bd8c1c8573ddef97f6e03a
(curl-7_80_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/914aaab9153764ef8fa4178215b8ad89d3ac263a
(curl-7_83_1)
-CVE-2022-27779 [curl: cookie for trailing dot TLD]
- RESERVED
+CVE-2022-27779 (libcurl wrongly allows cookies to be set for Top Level Domains
(TLDs) ...)
- curl 7.83.1-1
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
[buster] - curl <not-affected> (Vulnerable code introduced later)
@@ -12619,8 +12678,7 @@ CVE-2022-27779 [curl: cookie for trailing dot TLD]
NOTE: https://curl.se/docs/CVE-2022-27779.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67
(curl-7_82_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/7e92d12b4e6911f424678a133b19de670e183a59
(curl-7_83_1)
-CVE-2022-27778 [curl: removes wrong file on error]
- RESERVED
+CVE-2022-27778 (A use of incorrectly resolved name vulnerability fixed in
7.83.1 might ...)
- curl 7.83.1-1
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
[buster] - curl <not-affected> (Vulnerable code introduced later)
@@ -12637,21 +12695,18 @@ CVE-2022-27777 (A XSS Vulnerability in Action View
tag helpers >= 5.2.0 and &
NOTE: Regression fix:
https://github.com/rails/rails/commit/1b5df893d82a27da907e9b8b75deff13179d1df3
(v6.0.5)
NOTE: Fixed by:
https://github.com/rails/rails/commit/1278c0f0b4a18ea199f92b666b8b94954a74c20b
(v5.2.7.1)
NOTE: Regression fix:
https://github.com/rails/rails/commit/a1b8a9b5e5a905d0aeabf532e3f6b74116d5cce6
(v5.2.8)
-CVE-2022-27776 [Auth/cookie leak on redirect]
- RESERVED
+CVE-2022-27776 (A insufficiently protected credentials vulnerability in fixed
in curl ...)
- curl 7.83.0-1 (bug #1010252)
NOTE: https://curl.se/docs/CVE-2022-27776.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258
(curl-7_83_0)
-CVE-2022-27775 [Bad local IPv6 connection reuse]
- RESERVED
+CVE-2022-27775 (An information disclosure vulnerability exists in curl 7.65.0
to 7.82. ...)
- curl 7.83.0-1 (bug #1010253)
[buster] - curl <not-affected> (Vulnerable code introduced later)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2022-27775.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/2d0e9b40d3237b1450cbbfbcb996da244d964898
(curl-7_65_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705
(curl-7_83_0)
-CVE-2022-27774 [Credential leak on redirect]
- RESERVED
+CVE-2022-27774 (An insufficiently protected credentials vulnerability exists
in curl 4 ...)
- curl 7.83.0-1 (bug #1010254)
NOTE: https://curl.se/docs/CVE-2022-27774.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79
(curl-7_83_0)
@@ -15054,8 +15109,8 @@ CVE-2022-26907 (Azure SDK for .NET Information
Disclosure Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26906
RESERVED
-CVE-2022-26905
- RESERVED
+CVE-2022-26905 (Microsoft Edge (Chromium-based) Spoofing Vulnerability. ...)
+ TODO: check
CVE-2022-26904 (Windows User Profile Service Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26903 (Windows Graphics Component Remote Code Execution
Vulnerability. ...)
@@ -20807,8 +20862,8 @@ CVE-2022-24850 (Discourse is an open source platform
for community discussion. A
NOT-FOR-US: Discourse
CVE-2022-24849 (DisCatSharp is a Discord API wrapper for .NET. Users of
versions 9.8.5 ...)
NOT-FOR-US: DisCatSharp
-CVE-2022-24848
- RESERVED
+CVE-2022-24848 (DHIS2 is an information system for data capture, management,
validatio ...)
+ TODO: check
CVE-2022-24847 (GeoServer is an open source software server written in Java
that allow ...)
NOT-FOR-US: geoserver
CVE-2022-24846 (GeoWebCache is a tile caching server implemented in Java. The
GeoWebCa ...)
@@ -28393,8 +28448,8 @@ CVE-2022-22769 (The Web server component of TIBCO
Software Inc.'s TIBCO EBX, TIB
NOT-FOR-US: TIBCO
CVE-2022-22768
RESERVED
-CVE-2022-22767
- RESERVED
+CVE-2022-22767 (Specific BD Pyxis™ products were installed with default
credenti ...)
+ TODO: check
CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products.
If explo ...)
NOT-FOR-US: BD Pyxis
CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded
credent ...)
@@ -40445,12 +40500,12 @@ CVE-2021-43310
RESERVED
CVE-2021-43309
RESERVED
-CVE-2021-43308
- RESERVED
-CVE-2021-43307
- RESERVED
-CVE-2021-43306
- RESERVED
+CVE-2021-43308 (An exponential ReDoS (Regular Expression Denial of Service)
can be tri ...)
+ TODO: check
+CVE-2021-43307 (An exponential ReDoS (Regular Expression Denial of Service)
can be tri ...)
+ TODO: check
+CVE-2021-43306 (An exponential ReDoS (Regular Expression Denial of Service)
can be tri ...)
+ TODO: check
CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec
when parsin ...)
- clickhouse <unfixed> (bug #1008216)
NOTE:
https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9
(v21.9.1.7685)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4faa346b705537aa1bffa2dcd1f1d477567ef914
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4faa346b705537aa1bffa2dcd1f1d477567ef914
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
