[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 22 Jun 2022 13:10:51 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6eaca7e3 by security tracker role at 2022-06-22T20:10:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2022-34327
+       RESERVED
+CVE-2022-34326
+       RESERVED
+CVE-2022-34325
+       RESERVED
+CVE-2022-34324
+       RESERVED
+CVE-2022-34323
+       RESERVED
+CVE-2022-34322
+       RESERVED
+CVE-2022-34321
+       RESERVED
+CVE-2022-34320
+       RESERVED
+CVE-2022-34319
+       RESERVED
+CVE-2022-34318
+       RESERVED
+CVE-2022-34317
+       RESERVED
+CVE-2022-34316
+       RESERVED
+CVE-2022-34315
+       RESERVED
+CVE-2022-34314
+       RESERVED
+CVE-2022-34313
+       RESERVED
+CVE-2022-34312
+       RESERVED
+CVE-2022-34311
+       RESERVED
+CVE-2022-34310
+       RESERVED
+CVE-2022-34309
+       RESERVED
+CVE-2022-34308
+       RESERVED
+CVE-2022-34307
+       RESERVED
+CVE-2022-34306
+       RESERVED
+CVE-2022-34305
+       RESERVED
+CVE-2022-34304
+       RESERVED
+CVE-2022-34303
+       RESERVED
+CVE-2022-34302
+       RESERVED
+CVE-2022-34301
+       RESERVED
+CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in 
tinyexr::D ...)
+       TODO: check
+CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This 
issue i ...)
+       TODO: check
+CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace 
Samba use ...)
+       TODO: check
+CVE-2022-34297
+       RESERVED
+CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be 
bypasse ...)
+       TODO: check
+CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
+       TODO: check
+CVE-2022-34294
+       RESERVED
+CVE-2022-34293
+       RESERVED
+CVE-2022-34292
+       RESERVED
+CVE-2022-34291
+       RESERVED
+CVE-2022-34290
+       RESERVED
+CVE-2022-34289
+       RESERVED
+CVE-2022-34288
+       RESERVED
+CVE-2022-34287
+       RESERVED
+CVE-2022-34286
+       RESERVED
+CVE-2022-34285
+       RESERVED
+CVE-2022-34284
+       RESERVED
+CVE-2022-34283
+       RESERVED
+CVE-2022-34282
+       RESERVED
+CVE-2022-34281
+       RESERVED
+CVE-2022-34280
+       RESERVED
+CVE-2022-34279
+       RESERVED
+CVE-2022-34278
+       RESERVED
+CVE-2022-34277
+       RESERVED
+CVE-2022-34276
+       RESERVED
+CVE-2022-34275
+       RESERVED
+CVE-2022-34274
+       RESERVED
+CVE-2022-34273
+       RESERVED
+CVE-2022-34272
+       RESERVED
+CVE-2022-34271
+       RESERVED
+CVE-2022-2180
+       RESERVED
+CVE-2022-2179
+       RESERVED
+CVE-2022-2178
+       RESERVED
+CVE-2022-2177
+       RESERVED
+CVE-2022-2176
+       RESERVED
+CVE-2022-2175
+       RESERVED
+CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
microweber ...)
+       TODO: check
+CVE-2022-2173
+       RESERVED
+CVE-2022-2172
+       RESERVED
+CVE-2022-2171
+       RESERVED
+CVE-2022-2170
+       RESERVED
+CVE-2022-2169
+       RESERVED
+CVE-2022-2168
+       RESERVED
+CVE-2022-2167
+       RESERVED
 CVE-2022-34270
        RESERVED
 CVE-2022-34269
@@ -112,94 +254,94 @@ CVE-2022-34215
        RESERVED
 CVE-2022-34214
        RESERVED
-CVE-2022-34213
-       RESERVED
-CVE-2022-34212
-       RESERVED
-CVE-2022-34211
-       RESERVED
-CVE-2022-34210
-       RESERVED
-CVE-2022-34209
-       RESERVED
-CVE-2022-34208
-       RESERVED
-CVE-2022-34207
-       RESERVED
-CVE-2022-34206
-       RESERVED
-CVE-2022-34205
-       RESERVED
-CVE-2022-34204
-       RESERVED
-CVE-2022-34203
-       RESERVED
-CVE-2022-34202
-       RESERVED
-CVE-2022-34201
-       RESERVED
-CVE-2022-34200
-       RESERVED
-CVE-2022-34199
-       RESERVED
-CVE-2022-34198
-       RESERVED
-CVE-2022-34197
-       RESERVED
-CVE-2022-34196
-       RESERVED
-CVE-2022-34195
-       RESERVED
-CVE-2022-34194
-       RESERVED
-CVE-2022-34193
-       RESERVED
-CVE-2022-34192
-       RESERVED
-CVE-2022-34191
-       RESERVED
-CVE-2022-34190
-       RESERVED
-CVE-2022-34189
-       RESERVED
-CVE-2022-34188
-       RESERVED
-CVE-2022-34187
-       RESERVED
-CVE-2022-34186
-       RESERVED
-CVE-2022-34185
-       RESERVED
-CVE-2022-34184
-       RESERVED
-CVE-2022-34183
-       RESERVED
-CVE-2022-34182
-       RESERVED
-CVE-2022-34181
-       RESERVED
-CVE-2022-34180
-       RESERVED
-CVE-2022-34179
-       RESERVED
-CVE-2022-34178
-       RESERVED
-CVE-2022-34177
-       RESERVED
-CVE-2022-34176
-       RESERVED
-CVE-2022-34175
-       RESERVED
-CVE-2022-34174
-       RESERVED
-CVE-2022-34173
-       RESERVED
-CVE-2022-34172
-       RESERVED
-CVE-2022-34171
-       RESERVED
-CVE-2022-34170
-       RESERVED
+CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and 
earlier  ...)
+       TODO: check
+CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator 
Plugin 3.0 ...)
+       TODO: check
+CVE-2022-34211 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
vRealize  ...)
+       TODO: check
+CVE-2022-34210 (A missing permission check in Jenkins ThreadFix Plugin 1.5.4 
and earli ...)
+       TODO: check
+CVE-2022-34209 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
ThreadFix ...)
+       TODO: check
+CVE-2022-34208 (A missing permission check in Jenkins Beaker builder Plugin 
1.10 and e ...)
+       TODO: check
+CVE-2022-34207 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Beaker bu ...)
+       TODO: check
+CVE-2022-34206 (A missing permission check in Jenkins Jianliao Notification 
Plugin 1.1 ...)
+       TODO: check
+CVE-2022-34205 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Jianliao  ...)
+       TODO: check
+CVE-2022-34204 (A missing permission check in Jenkins EasyQA Plugin 1.0 and 
earlier al ...)
+       TODO: check
+CVE-2022-34203 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
EasyQA Pl ...)
+       TODO: check
+CVE-2022-34202 (Jenkins EasyQA Plugin 1.0 and earlier stores user passwords 
unencrypte ...)
+       TODO: check
+CVE-2022-34201 (A missing permission check in Jenkins Convertigo Mobile 
Platform Plugi ...)
+       TODO: check
+CVE-2022-34200 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Convertig ...)
+       TODO: check
+CVE-2022-34199 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier 
stores passw ...)
+       TODO: check
+CVE-2022-34198 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does 
not escap ...)
+       TODO: check
+CVE-2022-34197 (Jenkins Sauce OnDemand Plugin 1.204 and earlier does not 
escape the na ...)
+       TODO: check
+CVE-2022-34196 (Jenkins REST List Parameter Plugin 1.5.2 and earlier does not 
escape t ...)
+       TODO: check
+CVE-2022-34195 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not 
escape  ...)
+       TODO: check
+CVE-2022-34194 (Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not 
escape th ...)
+       TODO: check
+CVE-2022-34193 (Jenkins Package Version Plugin 1.0.1 and earlier does not 
escape the n ...)
+       TODO: check
+CVE-2022-34192 (Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not 
escape the n ...)
+       TODO: check
+CVE-2022-34191 (Jenkins NS-ND Integration Performance Publisher Plugin 
4.8.0.77 and ea ...)
+       TODO: check
+CVE-2022-34190 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 
and ear ...)
+       TODO: check
+CVE-2022-34189 (Jenkins Image Tag Parameter Plugin 1.10 and earlier does not 
escape th ...)
+       TODO: check
+CVE-2022-34188 (Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not 
escape the  ...)
+       TODO: check
+CVE-2022-34187 (Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier 
does not es ...)
+       TODO: check
+CVE-2022-34186 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and 
earlier doe ...)
+       TODO: check
+CVE-2022-34185 (Jenkins Date Parameter Plugin 0.0.4 and earlier does not 
escape the na ...)
+       TODO: check
+CVE-2022-34184 (Jenkins CRX Content Package Deployer Plugin 1.9 and earlier 
does not e ...)
+       TODO: check
+CVE-2022-34183 (Jenkins Agent Server Parameter Plugin 1.1 and earlier does not 
escape  ...)
+       TODO: check
+CVE-2022-34182 (Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) 
does not ...)
+       TODO: check
+CVE-2022-34181 (Jenkins xUnit Plugin 3.0.8 and earlier implements an 
agent-to-controll ...)
+       TODO: check
+CVE-2022-34180 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does 
not corr ...)
+       TODO: check
+CVE-2022-34179 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier 
allows specif ...)
+       TODO: check
+CVE-2022-34178 (Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying 
a 'link ...)
+       TODO: check
+CVE-2022-34177 (Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and 
earlier a ...)
+       TODO: check
+CVE-2022-34176 (Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does 
not escape ...)
+       TODO: check
+CVE-2022-34175 (Jenkins 2.335 through 2.355 (both inclusive) allows attackers 
in some  ...)
+       TODO: check
+CVE-2022-34174 (In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an 
observable t ...)
+       TODO: check
+CVE-2022-34173 (In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of 
the bui ...)
+       TODO: check
+CVE-2022-34172 (In Jenkins 2.340 through 2.355 (both inclusive) symbol-based 
icons une ...)
+       TODO: check
+CVE-2022-34171 (In Jenkins 2.321 through 2.355 (both inclusive) and LTS 
2.332.1 throug ...)
+       TODO: check
+CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 
2.332.1 throug ...)
+       TODO: check
 CVE-2022-2166
        RESERVED
 CVE-2022-34169
@@ -214,31 +356,37 @@ CVE-2022-33208
        RESERVED
 CVE-2022-2165
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2164
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2163
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2162
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2161
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2160
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
@@ -246,16 +394,19 @@ CVE-2022-2159
        RESERVED
 CVE-2022-2158
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2157
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-2156
        RESERVED
+       {DSA-5168-1}
        - chromium 103.0.5060.53-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        [stretch] - chromium <end-of-life> (see DSA 4562)
@@ -683,7 +834,7 @@ CVE-2022-33989
        RESERVED
 CVE-2022-33988
        RESERVED
-CVE-2022-33987 (The got package before 12.1.0 for Node.js allows a redirect to 
a UNIX  ...)
+CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for 
Node.js allow ...)
        - node-got <unfixed> (bug #1013264)
        [bullseye] - node-got <no-dsa> (Minor issue)
        [buster] - node-got <no-dsa> (Minor issue)
@@ -2735,8 +2886,8 @@ CVE-2022-33107
        RESERVED
 CVE-2022-33106
        RESERVED
-CVE-2022-33105
-       RESERVED
+CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the 
component s ...)
+       TODO: check
 CVE-2022-33104
        RESERVED
 CVE-2022-33103
@@ -2805,14 +2956,14 @@ CVE-2022-33072
        RESERVED
 CVE-2022-33071
        RESERVED
-CVE-2022-33070
-       RESERVED
-CVE-2022-33069
-       RESERVED
-CVE-2022-33068
-       RESERVED
-CVE-2022-33067
-       RESERVED
+CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid 
arithmetic shif ...)
+       TODO: check
+CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via 
SMTEncoder ...)
+       TODO: check
+CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc 
of Harfbu ...)
+       TODO: check
+CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid 
arithmetic shi ...)
+       TODO: check
 CVE-2022-33066
        RESERVED
 CVE-2022-33065
@@ -2877,28 +3028,28 @@ CVE-2022-33036
        RESERVED
 CVE-2022-33035
        RESERVED
-CVE-2022-33034
-       RESERVED
-CVE-2022-33033
-       RESERVED
-CVE-2022-33032
-       RESERVED
+CVE-2022-33034 (LibreDWG v0.12.4.4608 was discovered to contain a stack 
overflow via t ...)
+       TODO: check
+CVE-2022-33033 (LibreDWG v0.12.4.4608 was discovered to contain a double-free 
via the  ...)
+       TODO: check
+CVE-2022-33032 (LibreDWG v0.12.4.4608 was discovered to contain a 
heap-buffer-overflow ...)
+       TODO: check
 CVE-2022-33031
        RESERVED
 CVE-2022-33030
        RESERVED
 CVE-2022-33029
        RESERVED
-CVE-2022-33028
-       RESERVED
-CVE-2022-33027
-       RESERVED
-CVE-2022-33026
-       RESERVED
-CVE-2022-33025
-       RESERVED
-CVE-2022-33024
-       RESERVED
+CVE-2022-33028 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer 
overflow ...)
+       TODO: check
+CVE-2022-33027 (LibreDWG v0.12.4.4608 was discovered to contain a 
heap-use-after-free  ...)
+       TODO: check
+CVE-2022-33026 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer 
overflow ...)
+       TODO: check
+CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a 
heap-use-after-free  ...)
+       TODO: check
+CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, 
BITCODE_ ...)
+       TODO: check
 CVE-2022-33023
        RESERVED
 CVE-2022-33022
@@ -3945,12 +4096,12 @@ CVE-2022-32556
        RESERVED
 CVE-2022-32555
        RESERVED
-CVE-2022-32554
-       RESERVED
-CVE-2022-32553
-       RESERVED
-CVE-2022-32552
-       RESERVED
+CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 
6.2.3, 6.1 ...)
+       TODO: check
+CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 
6.2.3, 6.1 ...)
+       TODO: check
+CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 
6.2.3, 6.1 ...)
+       TODO: check
 CVE-2022-30944
        RESERVED
 CVE-2022-30601
@@ -3975,8 +4126,7 @@ CVE-2022-32551
        RESERVED
 CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the 
method v ...)
        NOT-FOR-US: AgileBits 1Password
-CVE-2022-32549
-       RESERVED
+CVE-2022-32549 (Apache Sling Commons Log &lt;= 5.4.0 and Apache Sling API 
&lt;= 2.25.0 ...)
        NOT-FOR-US: Apache Sling
 CVE-2022-32289
        RESERVED
@@ -4082,12 +4232,12 @@ CVE-2017-20047 (A vulnerability classified as 
problematic was found in AXIS P120
        NOT-FOR-US: AXIS
 CVE-2017-20046 (A vulnerability classified as problematic has been found in 
AXIS P1204 ...)
        NOT-FOR-US: AXIS
-CVE-2022-32536
-       RESERVED
-CVE-2022-32535
-       RESERVED
-CVE-2022-32534
-       RESERVED
+CVE-2022-32536 (The user access rights validation in the web server of the 
Bosch Ether ...)
+       TODO: check
+CVE-2022-32535 (The Bosch Ethernet switch PRA-ES8P2S with software version 
1.01.05 run ...)
+       TODO: check
+CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 
1.01.05 and ...)
+       TODO: check
 CVE-2022-32533
        RESERVED
 CVE-2022-32532
@@ -4812,7 +4962,7 @@ CVE-2022-32285 (A vulnerability has been identified in 
Mendix SAML Module (Mendi
 CVE-2022-32279
        RESERVED
 CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because 
xdg-open  ...)
-       {DSA-5164-1}
+       {DSA-5164-1 DLA-3056-1}
        - exo 4.16.4-1 (bug #1013129)
        NOTE: 
https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f
 (exo-4.16.4)
 CVE-2022-32277
@@ -5172,8 +5322,8 @@ CVE-2022-32161
        RESERVED
 CVE-2022-32160
        RESERVED
-CVE-2022-32159
-       RESERVED
+CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through 
deploy-2021-12-22 are ...)
+       TODO: check
 CVE-2022-1963
        RESERVED
 CVE-2021-4233
@@ -6062,8 +6212,8 @@ CVE-2022-31789
        RESERVED
 CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the 
IdeaLMS/ChatRoom/ClassAccess ...)
        NOT-FOR-US: IdeaLMS
-CVE-2022-31787
-       RESERVED
+CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO 
...)
+       TODO: check
 CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via 
the IdeaL ...)
        NOT-FOR-US: IdeaLMS
 CVE-2022-31785
@@ -7306,8 +7456,8 @@ CVE-2022-31397
        RESERVED
 CVE-2022-31396
        RESERVED
-CVE-2022-31395
-       RESERVED
+CVE-2022-31395 (Algo Communication Products Ltd. 8373 IP Zone Paging Adapter 
Firmware  ...)
+       TODO: check
 CVE-2022-31394
        RESERVED
 CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side 
Request Forger ...)
@@ -7372,10 +7522,10 @@ CVE-2022-31364
        RESERVED
 CVE-2022-31363
        RESERVED
-CVE-2022-31362
-       RESERVED
-CVE-2022-31361
-       RESERVED
+CVE-2022-31362 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition 
v4.0.5 and be ...)
+       TODO: check
+CVE-2022-31361 (** UNSUPPORTED WHEN ASSIGNED ** Docebo Community Edition 
v4.0.5 and be ...)
+       TODO: check
 CVE-2022-31360
        RESERVED
 CVE-2022-31359
@@ -7522,7 +7672,7 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of 
dlt-daemon v2.18.8 allow
        NOTE: 
https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
 CVE-2022-31290
        RESERVED
-CVE-2022-31289 (https://ossindex.sonatype.org/ Sonatype Nexus Repository 
Manager OSS 3 ...)
+CVE-2022-31289 (** DISPUTED ** https://ossindex.sonatype.org/ Sonatype Nexus 
Repositor ...)
        NOT-FOR-US: Sonatype Nexus Repository Manager OSS
 CVE-2022-31288
        RESERVED
@@ -7683,8 +7833,7 @@ CVE-2022-31250
        RESERVED
 CVE-2022-31249
        RESERVED
-CVE-2022-31248
-       RESERVED
+CVE-2022-31248 (A Observable Response Discrepancy vulnerability in 
spacewalk-java of S ...)
        NOT-FOR-US: Uyuni
 CVE-2022-31247
        RESERVED
@@ -7780,6 +7929,7 @@ CVE-2022-1798
 CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is 
temporarily turn ...)
        NOT-FOR-US: Goverlan
 CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c 
in Fireja ...)
+       {DSA-5167-1}
        - firejail 0.9.68-4 (bug #1012510)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10
        NOTE: 
https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50
 (0.9.70)
@@ -12746,8 +12896,7 @@ CVE-2022-1418 (The Social Stickers WordPress plugin 
through 2.2.9 does not have
        NOT-FOR-US: WordPress plugin
 CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a 
world-writable ...)
        NOT-FOR-US: Amazon AWS amazon-ssm-agent
-CVE-2022-29526
-       RESERVED
+CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect 
Privilege Ass ...)
        - golang-1.18 1.18.2-1
        - golang-1.17 1.17.10-1
        - golang-1.15 <removed>
@@ -27423,7 +27572,7 @@ CVE-2022-24425
        RESERVED
 CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path 
traversal vul ...)
        NOT-FOR-US: EMC
-CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial 
of servi ...)
+CVE-2022-24423 (Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of 
service v ...)
        NOT-FOR-US: EMC
 CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 
5.10.10.00, con ...)
        NOT-FOR-US: Dell
@@ -32649,16 +32798,16 @@ CVE-2022-23083 (NetMaster 12.2 Network Management for 
TCP/IP and NetMaster File
        NOT-FOR-US: NetMaster
 CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to 
path trave ...)
        NOT-FOR-US: WhiteSource CureKit
-CVE-2022-23081
-       RESERVED
-CVE-2022-23080
-       RESERVED
-CVE-2022-23079
-       RESERVED
-CVE-2022-23078
-       RESERVED
-CVE-2022-23077
-       RESERVED
+CVE-2022-23081 (In openlibrary versions deploy-2016-07-0 through 
deploy-2021-12-22 are ...)
+       TODO: check
+CVE-2022-23080 (In directus versions v9.0.0-beta.2 through 9.6.0 are 
vulnerable to ser ...)
+       TODO: check
+CVE-2022-23079 (In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to 
host he ...)
+       TODO: check
+CVE-2022-23078 (In habitica versions v4.119.0 through v4.232.2 are vulnerable 
to open  ...)
+       TODO: check
+CVE-2022-23077 (In habitica versions v4.119.0 through v4.232.2 are vulnerable 
to DOM X ...)
+       TODO: check
 CVE-2022-23076
        RESERVED
 CVE-2022-23075
@@ -32695,14 +32844,14 @@ CVE-2022-23060 (A Stored Cross Site Scripting (XSS) 
vulnerability exists in Shop
        NOT-FOR-US: Shopizer
 CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in 
Shopizer v ...)
        NOT-FOR-US: Shopizer
-CVE-2022-23058
-       RESERVED
-CVE-2022-23057
-       RESERVED
-CVE-2022-23056
-       RESERVED
-CVE-2022-23055
-       RESERVED
+CVE-2022-23058 (ERPNext in versions v12.0.9-v13.0.3 are affected by a stored 
XSS vulne ...)
+       TODO: check
+CVE-2022-23057 (In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2022-23056 (In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are 
vulnerable t ...)
+       TODO: check
+CVE-2022-23055 (In ERPNext, versions v11.0.0-beta through v13.0.2 are 
vulnerable to Mi ...)
+       TODO: check
 CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored 
XSS via  ...)
        NOT-FOR-US: Openmct
 CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored 
XSS via  ...)
@@ -32899,8 +33048,8 @@ CVE-2022-22982
        RESERVED
 CVE-2022-22981
        RESERVED
-CVE-2022-22980
-       RESERVED
+CVE-2022-22980 (A Spring Data MongoDB application is vulnerable to SpEL 
Injection when ...)
+       TODO: check
 CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is 
possible for a ...)
        TODO: check
 CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older 
unsupported vers ...)
@@ -32933,8 +33082,8 @@ CVE-2022-22968 (In Spring Framework versions 5.3.0 - 
5.3.18, 5.2.0 - 5.2.20, and
        [buster] - libspring-java <no-dsa> (Minor issue)
        [stretch] - libspring-java <end-of-life> (EOL'd for stretch)
        NOTE: https://tanzu.vmware.com/security/cve-2022-22968
-CVE-2022-22967
-       RESERVED
+CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 
3002.9, 3 ...)
+       TODO: check
 CVE-2022-22966 (An authenticated, high privileged malicious actor with network 
access  ...)
        NOT-FOR-US: VMware
 CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ 
may be vu ...)
@@ -38930,8 +39079,7 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is 
affected by an incorrect acces
        NOTE: 
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe
 (v2.6.1)
 CVE-2022-21953
        RESERVED
-CVE-2022-21952
-       RESERVED
+CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in 
spacewalk-java o ...)
        NOT-FOR-US: Uyuni
 CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE 
Rancher,  ...)
        NOT-FOR-US: Rancher
@@ -46991,8 +47139,8 @@ CVE-2022-20653 (A vulnerability in the DNS-based 
Authentication of Named Entitie
        NOT-FOR-US: Cisco
 CVE-2022-20652
        RESERVED
-CVE-2022-20651
-       RESERVED
+CVE-2022-20651 (A vulnerability in the logging component of Cisco Adaptive 
Security De ...)
+       TODO: check
 CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software 
could al ...)
        NOT-FOR-US: Cisco
 CVE-2022-20649
@@ -90343,12 +90491,12 @@ CVE-2021-26640
        RESERVED
 CVE-2021-26639
        RESERVED
-CVE-2021-26638
-       RESERVED
-CVE-2021-26637
-       RESERVED
-CVE-2021-26636
-       RESERVED
+CVE-2021-26638 (Improper Authentication vulnerability in S&amp;D 
smarthome(smartcare)  ...)
+       TODO: check
+CVE-2021-26637 (There is no account authentication and permission check logic 
in the f ...)
+       TODO: check
+CVE-2021-26636 (Stored XSS and SQL injection vulnerability in MaxBoard could 
lead to o ...)
+       TODO: check
 CVE-2021-26635 (In the code that verifies the file size in the ark library, it 
is poss ...)
        TODO: check
 CVE-2021-26634 (SQL injection and file upload attacks are possible due to 
insufficient ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eaca7e3f41afd72afe37f6fb66dd126d5219280

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eaca7e3f41afd72afe37f6fb66dd126d5219280
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to