[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 12 Aug 2022 13:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
56fd0842 by security tracker role at 2022-08-12T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication 
provider could ...)
+       TODO: check
+CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File 
Downloa ...)
+       TODO: check
+CVE-2022-38178
+       RESERVED
+CVE-2022-38177
+       RESERVED
+CVE-2022-2808
+       RESERVED
+CVE-2022-2807
+       RESERVED
+CVE-2022-2806
+       RESERVED
+CVE-2022-2805
+       RESERVED
+CVE-2022-2804
+       RESERVED
+CVE-2022-2803
+       RESERVED
+CVE-2022-2802
+       RESERVED
+CVE-2022-2801
+       RESERVED
+CVE-2022-2800
+       RESERVED
+CVE-2022-2799
+       RESERVED
+CVE-2022-2798
+       RESERVED
+CVE-2022-2797
+       RESERVED
+CVE-2022-2796
+       RESERVED
+CVE-2022-2795
+       RESERVED
 CVE-2022-38176
        RESERVED
 CVE-2022-38175
@@ -44,8 +80,8 @@ CVE-2022-2781
        RESERVED
 CVE-2022-2780
        RESERVED
-CVE-2022-2779
-       RESERVED
+CVE-2022-2779 (A vulnerability classified as critical was found in 
SourceCodester Gas ...)
+       TODO: check
 CVE-2022-2778
        RESERVED
 CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository 
microweber/mi ...)
@@ -1783,8 +1819,8 @@ CVE-2022-37425
        RESERVED
 CVE-2022-37424
        RESERVED
-CVE-2022-37423
-       RESERVED
+CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 
4.x befor ...)
+       TODO: check
 CVE-2022-37422
        RESERVED
 CVE-2022-37421
@@ -4505,8 +4541,8 @@ CVE-2022-2505
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505
 CVE-2022-2504
        RESERVED
-CVE-2022-2503
-       RESERVED
+CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root 
filesystems. Loa ...)
+       TODO: check
 CVE-2022-2502
        RESERVED
 CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in 
Django 3.2 b ...)
@@ -5563,8 +5599,8 @@ CVE-2022-35934
        RESERVED
 CVE-2022-35933
        RESERVED
-CVE-2022-35932
-       RESERVED
+CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for 
Nextcloud. Pr ...)
+       TODO: check
 CVE-2022-35931
        RESERVED
 CVE-2022-35930 (PolicyController is a utility used to enforce supply chain 
policy in K ...)
@@ -6263,8 +6299,8 @@ CVE-2022-2392
        RESERVED
 CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the 
portfolio slide ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-2390
-       RESERVED
+CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had 
the mutab ...)
+       TODO: check
 CVE-2022-2389
        RESERVED
 CVE-2022-2388
@@ -6430,18 +6466,18 @@ CVE-2022-35592
        RESERVED
 CVE-2022-35591
        RESERVED
-CVE-2022-35590
-       RESERVED
-CVE-2022-35589
-       RESERVED
+CVE-2022-35590 (A cross-site scripting (XSS) issue in the ForkCMS version 
5.9.3 allows ...)
+       TODO: check
+CVE-2022-35589 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 
allows re ...)
+       TODO: check
 CVE-2022-35588
        RESERVED
-CVE-2022-35587
-       RESERVED
+CVE-2022-35587 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 
allows re ...)
+       TODO: check
 CVE-2022-35586
        RESERVED
-CVE-2022-35585
-       RESERVED
+CVE-2022-35585 (A stored cross-site scripting (XSS) issue in the ForkCMS 
version 5.9.3 ...)
+       TODO: check
 CVE-2022-35584
        RESERVED
 CVE-2022-35583
@@ -7886,7 +7922,8 @@ CVE-2022-34945 (Pharmacy Management System v1.0 was 
discovered to contain a SQL
        NOT-FOR-US: Pharmacy Management System
 CVE-2022-34944
        RESERVED
-CVE-2022-34943 (Laravel v5.1 was discovered to contain a remote code execution 
(RCE) v ...)
+CVE-2022-34943
+       REJECTED
        - php-laravel-framework <unfixed> (bug #1016977)
        NOTE: https://github.com/beicheng-maker/vulns/issues/1
 CVE-2022-34942
@@ -16242,12 +16279,15 @@ CVE-2022-31782 (ftbench.c in FreeType Demo Programs 
through 2.12.1 has a heap-ba
 CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular 
Expressio ...)
        NOT-FOR-US: Apache Tapestry
 CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame 
handling of Ap ...)
+       {DSA-5206-1}
        - trafficserver 9.1.3+ds-1
        NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header 
parsing of Ap ...)
+       {DSA-5206-1}
        - trafficserver 9.1.3+ds-1
        NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-31778 (Improper Input Validation vulnerability in handling the 
Transfer-Encod ...)
+       {DSA-5206-1}
        - trafficserver 9.1.3+ds-1
        NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-31777
@@ -17776,7 +17816,8 @@ CVE-2022-31281
        RESERVED
 CVE-2022-31280
        RESERVED
-CVE-2022-31279 (Laravel 9.1.8, when processing attacker-controlled data for 
deserializ ...)
+CVE-2022-31279
+       REJECTED
        NOT-FOR-US: Laravel
 CVE-2022-31278
        RESERVED
@@ -19402,9 +19443,11 @@ CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows 
a remote attacker to cause
        NOTE: 
https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service
        NOTE: https://redmine.lighttpd.net/issues/3059
        NOTE: Fixed by: 
https://github.com/lighttpd/lighttpd1.4/commit/b03b86f47b0d5a553137f081fadc482b4af1372d
 (lighttpd-1.4.59)
-CVE-2022-30779 (Laravel 9.1.8, when processing attacker-controlled data for 
deserializ ...)
+CVE-2022-30779
+       REJECTED
        NOT-FOR-US: Disputed Laravel issue
-CVE-2022-30778 (Laravel 9.1.8, when processing attacker-controlled data for 
deserializ ...)
+CVE-2022-30778
+       REJECTED
        NOT-FOR-US: Disputed Laravel issue
 CVE-2022-30777 (Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php 
from param ...)
        NOT-FOR-US: Parallels H-Sphere
@@ -27256,6 +27299,7 @@ CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip 
in encoding/xml before Go
 CVE-2022-28130
        RESERVED
 CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header 
parsing of  ...)
+       {DSA-5206-1}
        - trafficserver 9.1.3+ds-1
        NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab 
CE/EE affe ...)
@@ -33942,6 +33986,7 @@ CVE-2022-25769
 CVE-2022-25768
        RESERVED
 CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request 
validation o ...)
+       {DSA-5206-1}
        - trafficserver 9.1.3+ds-1
        NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2022-21182 (A privilege escalation vulnerability exists in the router 
configuratio ...)
@@ -56017,7 +56062,8 @@ CVE-2021-43505 (Multiple Cross Site Scripting (XSS) 
vulnerabilities exist in Sso
        NOT-FOR-US: Sourcecodester Simple Client Management System
 CVE-2021-43504
        RESERVED
-CVE-2021-43503 (A Remote Code Execution (RCE) vulnerability exists in h 
laravel 5.8.38 ...)
+CVE-2021-43503
+       REJECTED
        NOTE: Disputed Laravel issue
 CVE-2021-43502
        RESERVED
@@ -58928,10 +58974,10 @@ CVE-2021-42753 (An improper limitation of a pathname 
to a restricted directory (
        NOT-FOR-US: FortiGuard
 CVE-2021-42752 (A improper neutralization of input during web page generation 
('cross- ...)
        NOT-FOR-US: FortiGuard
-CVE-2021-42751
-       RESERVED
-CVE-2021-42750
-       RESERVED
+CVE-2021-42751 (A cross-site scripting (XSS) vulnerability in Rule Engine in 
ThingsBoa ...)
+       TODO: check
+CVE-2021-42750 (A cross-site scripting (XSS) vulnerability in Rule Engine in 
ThingsBoa ...)
+       TODO: check
 CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic 
controls (for ...)
        NOT-FOR-US: Beaver
 CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the 
visibility ...)
@@ -74154,7 +74200,8 @@ CVE-2021-37300
        RESERVED
 CVE-2021-37299
        RESERVED
-CVE-2021-37298 (Laravel v5.1 was discovered to contain a deserialization 
vulnerability ...)
+CVE-2021-37298
+       REJECTED
        - php-laravel-framework <unfixed> (bug #1014830)
        NOTE: https://github.com/Stakcery/happywd/issues/1
 CVE-2021-37297
@@ -74509,6 +74556,7 @@ CVE-2021-37159 (hso_free_net_device in 
drivers/net/usb/hso.c in the Linux kernel
        [buster] - linux 4.19.208-1
        NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
 CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of 
Apache Tr ...)
+       {DSA-5206-1}
        - trafficserver 9.1.3+ds-1
        NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
 CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of 
Apache Tr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fd08429f85b0a4eec95cc24c2eeed2b875cf4e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56fd08429f85b0a4eec95cc24c2eeed2b875cf4e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to