Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c0cb529 by security tracker role at 2022-07-02T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-34910
+ RESERVED
+CVE-2022-34909
+ RESERVED
+CVE-2022-34908
+ RESERVED
+CVE-2022-34907
+ RESERVED
+CVE-2022-34906
+ RESERVED
+CVE-2022-34905
+ RESERVED
+CVE-2022-34904
+ RESERVED
+CVE-2022-34863
+ RESERVED
+CVE-2022-34856
+ RESERVED
+CVE-2022-34854
+ RESERVED
+CVE-2022-34841
+ RESERVED
+CVE-2022-34488
+ RESERVED
+CVE-2022-34346
+ RESERVED
+CVE-2022-33972
+ RESERVED
+CVE-2022-33197
+ RESERVED
+CVE-2022-32581
+ RESERVED
+CVE-2022-30531
+ RESERVED
+CVE-2022-2287
+ RESERVED
+CVE-2022-2286
+ RESERVED
CVE-2022-34902
RESERVED
CVE-2022-34901
@@ -77,7 +115,7 @@ CVE-2022-34877
RESERVED
CVE-2022-34876
RESERVED
-CVE-2022-34903 [vulnerable to status injection]
+CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker
possesses ...)
- gnupg2 2.2.35-3 (bug #1014157)
NOTE: https://dev.gnupg.org/T6027
NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1
@@ -5794,8 +5832,8 @@ CVE-2022-28697
RESERVED
CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository
francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
-CVE-2022-32551
- RESERVED
+CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows
path traver ...)
+ TODO: check
CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the
method v ...)
NOT-FOR-US: AgileBits 1Password
CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API
<= 2.25.0 ...)
@@ -6238,8 +6276,8 @@ CVE-2022-32422
RESERVED
CVE-2022-32421
RESERVED
-CVE-2022-32420
- RESERVED
+CVE-2022-32420 (College Management System v1.0 was discovered to contain a
remote code ...)
+ TODO: check
CVE-2022-32419
RESERVED
CVE-2022-32418
@@ -6254,10 +6292,10 @@ CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to
contain a segmentation violat
NOT-FOR-US: njs
CVE-2022-32413
RESERVED
-CVE-2022-32412
- RESERVED
-CVE-2022-32411
- RESERVED
+CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0
allows attack ...)
+ TODO: check
+CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows
attackers ...)
+ TODO: check
CVE-2022-32410
RESERVED
CVE-2022-32409
@@ -6310,8 +6348,8 @@ CVE-2022-32386
RESERVED
CVE-2022-32385
RESERVED
-CVE-2022-32384
- RESERVED
+CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack
overflow via ...)
+ TODO: check
CVE-2022-32383
RESERVED
CVE-2022-32382
@@ -6428,10 +6466,10 @@ CVE-2022-32327
RESERVED
CVE-2022-32326
RESERVED
-CVE-2022-32325
- RESERVED
-CVE-2022-32324
- RESERVED
+CVE-2022-32325 (JPEGOPTIM v1.4.7 was discovered to contain a segmentation
violation wh ...)
+ TODO: check
+CVE-2022-32324 (PDFAlto v0.4 was discovered to contain a heap buffer overflow
via the ...)
+ TODO: check
CVE-2022-32323
RESERVED
CVE-2022-32322
@@ -7187,36 +7225,36 @@ CVE-2022-32097
RESERVED
CVE-2022-32096
RESERVED
-CVE-2022-32095
- RESERVED
-CVE-2022-32094
- RESERVED
-CVE-2022-32093
- RESERVED
+CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
+CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
+CVE-2022-32093 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command
injection vul ...)
NOT-FOR-US: D-Link
-CVE-2022-32091
- RESERVED
+CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in
in __in ...)
+ TODO: check
CVE-2022-32090
RESERVED
-CVE-2022-32089
- RESERVED
-CVE-2022-32088
- RESERVED
-CVE-2022-32087
- RESERVED
-CVE-2022-32086
- RESERVED
-CVE-2022-32085
- RESERVED
-CVE-2022-32084
- RESERVED
-CVE-2022-32083
- RESERVED
-CVE-2022-32082
- RESERVED
-CVE-2022-32081
- RESERVED
+CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a
segmentation fault ...)
+ TODO: check
+CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a
segmentation faul ...)
+ TODO: check
+CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion
failure ...)
+ TODO: check
+CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an
use-after-poison i ...)
+ TODO: check
CVE-2022-32080
RESERVED
CVE-2022-32079
@@ -7491,8 +7529,8 @@ CVE-2022-31945 (Rescue Dispatch Management System v1.0 is
vulnerable to Delete a
NOT-FOR-US: Rescue Dispatch Management System
CVE-2022-31944
RESERVED
-CVE-2022-31943
- RESERVED
+CVE-2022-31943 (MCMS v5.2.8 was discovered to contain an arbitrary file upload
vulnera ...)
+ TODO: check
CVE-2022-31942
RESERVED
CVE-2022-31941 (Rescue Dispatch Management System v1.0 is vulnerable to SQL
Injection ...)
@@ -16234,7 +16272,7 @@ CVE-2022-28989
RESERVED
CVE-2022-28988
RESERVED
-CVE-2022-28987 (ManageEngine ADSelfService Plus v6.1 allows attackers to
perform usern ...)
+CVE-2022-28987 (Zoho ManageEngine ADSelfService Plus before 6202 allows
attackers to p ...)
NOT-FOR-US: ZOHO ManageEngine
CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
Affected: ...)
NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
@@ -18434,7 +18472,7 @@ CVE-2022-1165 (The Blackhole for Bad Bots WordPress
plugin before 3.3.2 uses hea
NOT-FOR-US: WordPress plugin
CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in
the bu ...)
NOT-FOR-US: Wordpress theme
-CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an
unauthe ...)
+CVE-2022-28219 (Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is
vulnerable to ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1
through ...)
NOT-FOR-US: CipherMail Webmail Messenger
@@ -18497,8 +18535,8 @@ CVE-2022-28201 [mediawiki: Title::newMainPage() goes
into an infinite recursion
[stretch] - mediawiki <postponed> (Fix along in next security release)
NOTE: https://phabricator.wikimedia.org/T297571
NOTE:
https://lists.wikimedia.org/hyperkitty/list/[email protected]/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
-CVE-2022-28200
- RESERVED
+CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the
BiosCfgTool, ...)
+ TODO: check
CVE-2022-28199
RESERVED
CVE-2022-28198 (NVIDIA Omniverse Nucleus and Cache contain a vulnerability in
its conf ...)
@@ -24886,14 +24924,14 @@ CVE-2022-25902
RESERVED
CVE-2022-25901
RESERVED
-CVE-2022-25900
- RESERVED
-CVE-2022-25898
- RESERVED
+CVE-2022-25900 (All versions of package git-clone are vulnerable to Command
Injection ...)
+ TODO: check
+CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to
Improper Verifi ...)
+ TODO: check
CVE-2022-25897
RESERVED
-CVE-2022-25896
- RESERVED
+CVE-2022-25896 (This affects the package passport before 0.6.0. When a user
logs in or ...)
+ TODO: check
CVE-2022-25895
RESERVED
CVE-2022-25894
@@ -24928,8 +24966,8 @@ CVE-2022-25878 (The package protobufjs before 6.11.3
are vulnerable to Prototype
NOT-FOR-US: protobufjs/protobuf.js
CVE-2022-25877
RESERVED
-CVE-2022-25876
- RESERVED
+CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to
Server-sid ...)
+ TODO: check
CVE-2022-25875
RESERVED
CVE-2022-25874
@@ -25012,8 +25050,8 @@ CVE-2022-25760 (All versions of package accesslog are
vulnerable to Arbitrary Co
NOT-FOR-US: accesslog Nodejs module
CVE-2022-25759
RESERVED
-CVE-2022-25758
- RESERVED
+CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to
Regular Expre ...)
+ TODO: check
CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command
Injection via ...)
- ruby-git <unfixed> (bug #1009926)
NOTE: https://github.com/ruby-git/ruby-git/pull/569
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0cb5296b7d0f189969702f8925968e064cf2a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c0cb5296b7d0f189969702f8925968e064cf2a3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
