Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a88ea321 by security tracker role at 2022-07-13T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-35741
+ RESERVED
+CVE-2022-2398
+ RESERVED
+CVE-2022-2397
+ RESERVED
+CVE-2022-2396
+ RESERVED
CVE-2022-35740
RESERVED
CVE-2022-35739
@@ -2482,12 +2490,12 @@ CVE-2017-20130
RESERVED
CVE-2017-20129
RESERVED
-CVE-2017-20128
- RESERVED
-CVE-2017-20127
- RESERVED
-CVE-2017-20126
- RESERVED
+CVE-2017-20128 (A vulnerability has been found in KB Messages PHP Script 1.0
and class ...)
+ TODO: check
+CVE-2017-20127 (A vulnerability was found in KB Login Authentication Script
1.1 and cl ...)
+ TODO: check
+CVE-2017-20126 (A vulnerability was found in KB Affiliate Referral Script 1.0.
It has ...)
+ TODO: check
CVE-2022-34745
RESERVED
CVE-2022-34744
@@ -3510,8 +3518,8 @@ CVE-2022-34360
RESERVED
CVE-2022-34359
RESERVED
-CVE-2022-34358
- RESERVED
+CVE-2022-34358 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site
scripting. Th ...)
+ TODO: check
CVE-2022-34357
RESERVED
CVE-2022-34356
@@ -8715,8 +8723,8 @@ CVE-2022-1989
RESERVED
CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository
neorazorx/fa ...)
NOT-FOR-US: neorazorx/facturascripts
-CVE-2022-32274
- RESERVED
+CVE-2022-32274 (The Transition Scheduler add-on 6.5.0 for Atlassian Jira is
prone to s ...)
+ TODO: check
CVE-2022-32273 (As a result of an observable discrepancy in returned messages,
OPSWAT ...)
NOT-FOR-US: OPSWAT MetaDefender Core
CVE-2022-32272 (OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP
before 4.12.1 ...)
@@ -9259,8 +9267,8 @@ CVE-2022-32098
RESERVED
CVE-2022-32097
RESERVED
-CVE-2022-32096
- RESERVED
+CVE-2022-32096 (Rhonabwy before v1.1.5 was discovered to contain a buffer
overflow via ...)
+ TODO: check
CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
NOT-FOR-US: Hospital Management System
CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
@@ -9337,10 +9345,10 @@ CVE-2022-32076
RESERVED
CVE-2022-32075
RESERVED
-CVE-2022-32074
- RESERVED
-CVE-2022-32073
- RESERVED
+CVE-2022-32074 (A stored cross-site scripting (XSS) vulnerability in the
component aud ...)
+ TODO: check
+CVE-2022-32073 (WolfSSH v1.4.7 was discovered to contain an integer overflow
via the f ...)
+ TODO: check
CVE-2022-32072
RESERVED
CVE-2022-32071
@@ -9355,8 +9363,8 @@ CVE-2022-32067
RESERVED
CVE-2022-32066
RESERVED
-CVE-2022-32065
- RESERVED
+CVE-2022-32065 (An arbitrary file upload vulnerability in the background
management mo ...)
+ TODO: check
CVE-2022-32064
RESERVED
CVE-2022-32063
@@ -10037,8 +10045,7 @@ CVE-2022-31782 (ftbench.c in FreeType Demo Programs
through 2.12.1 has a heap-ba
- freetype 2.12.1+dfsg-3 (unimportant)
NOTE: https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8
NOTE: Only impact the ftbench in freetype2-demos
-CVE-2022-31781
- RESERVED
+CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular
Expressio ...)
NOT-FOR-US: Apache Tapestry
CVE-2022-31780
RESERVED
@@ -18675,8 +18682,8 @@ CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in
mruby/mruby in GitHub repo
[stretch] - mruby <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9
NOTE: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/
-CVE-2022-28888
- RESERVED
+CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution. ...)
+ TODO: check
CVE-2022-28887
RESERVED
CVE-2022-28886
@@ -18839,7 +18846,7 @@ CVE-2022-28807
RESERVED
CVE-2022-28806 (An issue was discovered on certain Fujitsu LIEFBOOK devices
(A3510, U9 ...)
NOT-FOR-US: Fujitsu
-CVE-2022-28805 (singlevar in lparser.c in Lua through 5.4.4 lacks a certain
luaK_exp2a ...)
+CVE-2022-28805 (singlevar in lparser.c in Lua from (including) 5.4.0 up to
(excluding) ...)
- lua5.4 5.4.4-2 (bug #1010265)
[bullseye] - lua5.4 <no-dsa> (Minor issue)
- lua5.3 <not-affected> (Specific to 5.4, see #1010265)
@@ -18859,7 +18866,7 @@ CVE-2022-28801
RESERVED
CVE-2022-28800
RESERVED
-CVE-2022-28799 (The TikTok application before 23.8.4 for Android allows
account takeov ...)
+CVE-2022-28799 (The TikTok application before 27.7.3 for Android allows
account takeov ...)
NOT-FOR-US: TikTok Android app
CVE-2022-28798
RESERVED
@@ -27570,6 +27577,7 @@ CVE-2022-25803
- request-tracker5 <unfixed>
CVE-2022-25802
RESERVED
+ {DSA-5181-1}
- request-tracker5 <unfixed>
- request-tracker4 <unfixed>
CVE-2022-25801
@@ -29341,7 +29349,7 @@ CVE-2022-25195 (A missing permission check in Jenkins
autonomiq Plugin 1.15 and
NOT-FOR-US: Jenkins plugin
CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins
autonomiq ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0
and ear ...)
+CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin
1.10 and ea ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Snow Comm ...)
NOT-FOR-US: Jenkins plugin
@@ -93047,7 +93055,7 @@ CVE-2021-27296
CVE-2021-27295
RESERVED
CVE-2021-27294
- RESERVED
+ REJECTED
CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression
which is ...)
NOT-FOR-US: RestSharp
CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular
expression ...)
@@ -113313,11 +113321,11 @@ CVE-2020-35261
CVE-2020-35260
RESERVED
CVE-2020-35259
- RESERVED
+ REJECTED
CVE-2020-35258
RESERVED
CVE-2020-35257
- RESERVED
+ REJECTED
CVE-2020-35256
RESERVED
CVE-2020-35255
@@ -219837,8 +219845,8 @@ CVE-2019-10802 (giting version prior to 0.0.8 allows
execution of arbritary comm
NOT-FOR-US: Node giting
CVE-2019-10801 (enpeem through 2.2.0 allows execution of arbitrary commands.
The "opti ...)
NOT-FOR-US: Node enpeem
-CVE-2019-10800
- RESERVED
+CVE-2019-10800 (This affects the package codecov before 2.0.16. The
vulnerability occu ...)
+ TODO: check
CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary
commands. Th ...)
NOT-FOR-US: Node module compile-sass
CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript
objects r ...)
@@ -219937,8 +219945,8 @@ CVE-2019-10763 (pimcore/pimcore before 6.3.0 is
vulnerable to SQL Injection. An
NOT-FOR-US: Pimcore
CVE-2019-10762 (columnQuote in medoo before 1.7.5 allows remote attackers to
perform a ...)
NOT-FOR-US: medoo
-CVE-2019-10761
- RESERVED
+CVE-2019-10761 (This affects the package vm2 before 3.6.11. It is possible to
trigger ...)
+ TODO: check
CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code
Execution. A ...)
NOT-FOR-US: safer-eval Node module
CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code
Execution. A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a88ea3216ac28ee520b6a32e55417d73ed07c240
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a88ea3216ac28ee520b6a32e55417d73ed07c240
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
