[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 27 Jul 2022 13:10:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
23ab3fc7 by security tracker role at 2022-07-27T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,86 +1,144 @@
-CVE-2022-36922
+CVE-2022-36943
+       RESERVED
+CVE-2022-36942
+       RESERVED
+CVE-2022-36941
+       RESERVED
+CVE-2022-36940
+       RESERVED
+CVE-2022-36939
+       RESERVED
+CVE-2022-36938
+       RESERVED
+CVE-2022-36937
+       RESERVED
+CVE-2022-36936
+       RESERVED
+CVE-2022-36935
+       RESERVED
+CVE-2022-36934
+       RESERVED
+CVE-2022-36933
+       RESERVED
+CVE-2022-36932
+       RESERVED
+CVE-2022-36931
+       RESERVED
+CVE-2022-36930
+       RESERVED
+CVE-2022-36929
+       RESERVED
+CVE-2022-36928
+       RESERVED
+CVE-2022-36927
+       RESERVED
+CVE-2022-36926
+       RESERVED
+CVE-2022-36925
+       RESERVED
+CVE-2022-36924
+       RESERVED
+CVE-2022-36923
+       RESERVED
+CVE-2022-2556
+       RESERVED
+CVE-2022-2555
+       RESERVED
+CVE-2022-2554
+       RESERVED
+CVE-2022-2553
+       RESERVED
+CVE-2022-2552
+       RESERVED
+CVE-2022-2551
+       RESERVED
+CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp 
prior to 1 ...)
+       TODO: check
+CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior 
to v2.1. ...)
+       TODO: check
+CVE-2022-36922 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier 
does not es ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36921
+CVE-2022-36921 (A missing permission check in Jenkins Coverity Plugin 1.11.4 
and earli ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36920
+CVE-2022-36920 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Coverity  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36919
+CVE-2022-36919 (A missing permission check in Jenkins Coverity Plugin 1.11.4 
and earli ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36918
+CVE-2022-36918 (Jenkins Buckminster Plugin 1.1.1 and earlier does not perform 
a permis ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36917
+CVE-2022-36917 (A missing permission check in Jenkins Google Cloud Backup 
Plugin 0.6 a ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36916
+CVE-2022-36916 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Google Cl ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36915
+CVE-2022-36915 (Jenkins Android Signing Plugin 2.2.5 and earlier does not 
perform a pe ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36914
+CVE-2022-36914 (Jenkins Files Found Trigger Plugin 1.5 and earlier does not 
perform a  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36913
+CVE-2022-36913 (Jenkins Openstack Heat Plugin 1.5 and earlier does not perform 
permiss ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36912
+CVE-2022-36912 (A missing permission check in Jenkins Openstack Heat Plugin 
1.5 and ea ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36911
+CVE-2022-36911 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Openstack ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36910
+CVE-2022-36910 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier 
does not pe ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36909
+CVE-2022-36909 (A missing permission check in Jenkins OpenShift Deployer 
Plugin 1.2.0  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36908
+CVE-2022-36908 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
OpenShift ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36907
+CVE-2022-36907 (A missing permission check in Jenkins OpenShift Deployer 
Plugin 1.2.0  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36906
+CVE-2022-36906 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
OpenShift ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36905
+CVE-2022-36905 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 
and ear ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36904
+CVE-2022-36904 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not 
perform ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36903
+CVE-2022-36903 (A missing permission check in Jenkins Repository Connector 
Plugin 2.2. ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36902
+CVE-2022-36902 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and 
earlier doe ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36901
+CVE-2022-36901 (Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP 
Request passw ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36900
+CVE-2022-36900 (Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does 
not restr ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36899
+CVE-2022-36899 (Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier 
does not re ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36898
+CVE-2022-36898 (A missing permission check in Jenkins Compuware ISPW 
Operations Plugin ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36897
+CVE-2022-36897 (A missing permission check in Jenkins Compuware Xpediter Code 
Coverage ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36896
+CVE-2022-36896 (A missing permission check in Jenkins Compuware Source Code 
Download f ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36895
+CVE-2022-36895 (A missing permission check in Jenkins Compuware Topaz 
Utilities Plugin ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36894
+CVE-2022-36894 (An arbitrary file write vulnerability in Jenkins CLIF 
Performance Test ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36893
+CVE-2022-36893 (Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not 
perform a per ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36892
+CVE-2022-36892 (Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not 
perform a per ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36891
+CVE-2022-36891 (A missing permission check in Jenkins Deployer Framework 
Plugin 85.v1d ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36890
+CVE-2022-36890 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier 
does no ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36889
+CVE-2022-36889 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier 
does no ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36888
+CVE-2022-36888 (A missing permission check in Jenkins HashiCorp Vault Plugin 
354.vdb_8 ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36887
+CVE-2022-36887 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Job Confi ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36886
+CVE-2022-36886 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
External  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36885
+CVE-2022-36885 (Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant 
time comp ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36884
+CVE-2022-36884 (The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier 
provide  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36883
+CVE-2022-36883 (A missing permission check in Jenkins Git Plugin 4.11.3 and 
earlier al ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36882
+CVE-2022-36882 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Git Plugi ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-36881
+CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and earlier does not perform 
SSH host ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850 
allows  ...)
        NOT-FOR-US: Webmin module
@@ -1174,12 +1232,12 @@ CVE-2022-34344
        RESERVED
 CVE-2022-34154
        RESERVED
-CVE-2022-33970
-       RESERVED
+CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in 
Biplob018 Shor ...)
+       TODO: check
 CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob 
Adhikar ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-33943
-       RESERVED
+CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site 
Scripting ( ...)
+       TODO: check
 CVE-2022-33201
        RESERVED
 CVE-2022-33142
@@ -1326,12 +1384,14 @@ CVE-2022-36320
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320
 CVE-2022-36319
        RESERVED
+       {DSA-5193-1}
        - firefox 103.0-1
        - firefox-esr 91.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36319
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36319
 CVE-2022-36318
        RESERVED
+       {DSA-5193-1}
        - firefox 103.0-1
        - firefox-esr 91.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320
@@ -2916,14 +2976,14 @@ CVE-2022-35674
        RESERVED
 CVE-2022-35673
        RESERVED
-CVE-2022-35672
-       RESERVED
+CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier), 
20.005.30314  ...)
+       TODO: check
 CVE-2022-35671
        RESERVED
 CVE-2022-35670
        RESERVED
-CVE-2022-35669
-       RESERVED
+CVE-2022-35669 (Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 (and  ...)
+       TODO: check
 CVE-2022-35668
        RESERVED
 CVE-2022-35667
@@ -3541,7 +3601,7 @@ CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) 
before 0.13.0 allows .
        NOTE: 
https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385
        NOTE: https://0xacab.org/jvoisin/mat2/-/issues/174
        NOTE: https://dustri.org/b/mat2-0130.html
-CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x 
before 3.2.0 ...)
+CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x 
before 3.2.0 ...)
        - mbedtls 2.28.1-1
        NOTE: 
https://github.com/Mbed-TLS/mbedtls-docs/blob/5e9790353d2d9e41e85262eebe52fd90bb49f1e0/security-advisories/advisories/mbedtls-security-advisory-2022-07.md
        NOTE: 
https://github.com/Mbed-TLS/mbedtls/commit/f333dfab4a6c2d8a604a61558a8f783145161de4
 (v2.28.1)
@@ -3830,8 +3890,8 @@ CVE-2022-35293
        RESERVED
 CVE-2022-35292
        RESERVED
-CVE-2022-35291
-       RESERVED
+CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors 
attachm ...)
+       TODO: check
 CVE-2022-35290
        RESERVED
 CVE-2022-35289
@@ -4027,14 +4087,14 @@ CVE-2022-2315
        RESERVED
 CVE-2022-2314
        RESERVED
-CVE-2022-2313
-       RESERVED
+CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for 
Windows pr ...)
+       TODO: check
 CVE-2022-2312
        RESERVED
 CVE-2022-2311
        RESERVED
-CVE-2022-2310
-       RESERVED
+CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main 
releases ...)
+       TODO: check
 CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of 
service ...)
        - lxml 4.9.1-1 (bug #1014766)
        [bullseye] - lxml <no-dsa> (Minor issue)
@@ -5751,12 +5811,12 @@ CVE-2022-34553
        RESERVED
 CVE-2022-34552
        RESERVED
-CVE-2022-34551
-       RESERVED
-CVE-2022-34550
-       RESERVED
-CVE-2022-34549
-       RESERVED
+CVE-2022-34551 (Sims v1.0 was discovered to allow path traversal when 
downloading atta ...)
+       TODO: check
+CVE-2022-34550 (Sims v1.0 was discovered to contain a cross-site scripting 
(XSS) vulne ...)
+       TODO: check
+CVE-2022-34549 (Sims v1.0 was discovered to contain an arbitrary file upload 
vulnerabi ...)
+       TODO: check
 CVE-2022-34548
        RESERVED
 CVE-2022-34547
@@ -5795,8 +5855,8 @@ CVE-2022-34531
        RESERVED
 CVE-2022-34530
        RESERVED
-CVE-2022-34529
-       RESERVED
+CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault 
via the co ...)
+       TODO: check
 CVE-2022-34528
        RESERVED
 CVE-2022-34527
@@ -6986,10 +7046,10 @@ CVE-2022-34123
        RESERVED
 CVE-2022-34122
        RESERVED
-CVE-2022-34121
-       RESERVED
-CVE-2022-34120
-       RESERVED
+CVE-2022-34121 (Cuppa CMS v1.0 was discovered to contain a local file 
inclusion (LFI)  ...)
+       TODO: check
+CVE-2022-34120 (Barangay Management System v1.0 was discovered to contain a 
remote cod ...)
+       TODO: check
 CVE-2022-34119
        RESERVED
 CVE-2022-34118
@@ -25334,8 +25394,8 @@ CVE-2022-27612
        RESERVED
 CVE-2022-27611
        RESERVED
-CVE-2022-27610
-       RESERVED
+CVE-2022-27610 (Improper limitation of a pathname to a restricted directory 
('Path Tra ...)
+       TODO: check
 CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on 
Microsoft  ...)
        NOT-FOR-US: Forcepoint One Endpoint
 CVE-2022-27608 (Forcepoint One Endpoint prior to version 22.01 installed on 
Microsoft  ...)
@@ -34604,10 +34664,10 @@ CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 
before 2.1.28, plugins/sql.c
        NOTE: Fixed by: 
https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc
 (cyrus-sasl-2.1.28)
        NOTE: Fixed by: 
https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480
 (master)
        NOTE: 
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
-CVE-2022-24406
-       RESERVED
-CVE-2022-24405
-       RESERVED
+CVE-2022-24406 (OX App Suite through 7.10.6 allows SSRF because 
multipart/form-data bo ...)
+       TODO: check
+CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a 
serializ ...)
+       TODO: check
 CVE-2022-24404
        RESERVED
 CVE-2022-24403
@@ -39659,12 +39719,12 @@ CVE-2022-0183 (Missing encryption of sensitive data 
vulnerability in 'MIRUPASS'
        NOT-FOR-US: MIRUPASS
 CVE-2020-36515
        RESERVED
-CVE-2022-23101
-       RESERVED
-CVE-2022-23100
-       RESERVED
-CVE-2022-23099
-       RESERVED
+CVE-2022-23101 (OX App Suite through 7.10.6 allows XSS via appHandler in a 
deep link i ...)
+       TODO: check
+CVE-2022-23100 (OX App Suite through 7.10.6 allows OS Command Injection via 
Documentco ...)
+       TODO: check
+CVE-2022-23099 (OX App Suite through 7.10.6 allows XSS by forcing block-wise 
read. ...)
+       TODO: check
 CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 
1.40. The  ...)
        {DLA-2915-1}
        - connman 1.36-2.4 (bug #1004935)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ab3fc76b94b2fb5b908097dbf510c031836a38

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ab3fc76b94b2fb5b908097dbf510c031836a38
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to