Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7f71c4a0 by security tracker role at 2022-04-14T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-29265
+ RESERVED
+CVE-2022-1364
+ RESERVED
+CVE-2022-1363
+ RESERVED
+CVE-2022-1362
+ RESERVED
+CVE-2022-1361
+ RESERVED
+CVE-2022-1360
+ RESERVED
+CVE-2022-1359
+ RESERVED
+CVE-2022-1358
+ RESERVED
+CVE-2022-1357
+ RESERVED
+CVE-2022-1356
+ RESERVED
+CVE-2022-1355
+ RESERVED
+CVE-2022-1354
+ RESERVED
+CVE-2022-1353
+ RESERVED
+CVE-2022-1352
+ RESERVED
+CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore
prior to 10 ...)
+ TODO: check
CVE-2022-29264
RESERVED
CVE-2022-28719
@@ -1414,8 +1444,8 @@ CVE-2022-1281
CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in
drivers/ ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
-CVE-2022-1279
- RESERVED
+CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS
messages in ...)
+ TODO: check
CVE-2022-1278
RESERVED
CVE-2022-1277
@@ -1454,12 +1484,12 @@ CVE-2022-1260
RESERVED
CVE-2022-1259
RESERVED
-CVE-2022-1258
- RESERVED
-CVE-2022-1257
- RESERVED
-CVE-2022-1256
- RESERVED
+CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator
(ePO) ...)
+ TODO: check
+CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA
for Linu ...)
+ TODO: check
+CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows
prior to ...)
+ TODO: check
CVE-2022-1255
RESERVED
CVE-2022-1254
@@ -2264,6 +2294,7 @@ CVE-2022-28347 (A SQL injection issue was discovered in
QuerySet.explain() in Dj
NOTE:
https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d
(3.2.13)
NOTE:
https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5
(2.2.28)
CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2
before 3.2.13 ...)
+ {DLA-2982-1}
- python-django 2:3.2.13-1 (bug #1009677)
NOTE:
https://www.djangoproject.com/weblog/2022/apr/11/security-releases/
NOTE:
https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200
(main)
@@ -3975,14 +4006,14 @@ CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via
the -c option. An informat
NOT-FOR-US: SWHKD
CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There
can be a ...)
NOT-FOR-US: SWHKD
-CVE-2022-27817
- RESERVED
+CVE-2022-27817 (SWHKD 1.1.5 consumes the keyboard events of unintended users.
This cou ...)
+ TODO: check
CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There
can be da ...)
NOT-FOR-US: SWHKD
CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There
can be an ...)
NOT-FOR-US: SWHKD
-CVE-2022-27814
- RESERVED
+CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c
option. ...)
+ TODO: check
CVE-2022-27813
RESERVED
CVE-2022-27812
@@ -4778,36 +4809,36 @@ CVE-2022-27460
RESERVED
CVE-2022-27459
RESERVED
-CVE-2022-27458
- RESERVED
-CVE-2022-27457
- RESERVED
-CVE-2022-27456
- RESERVED
-CVE-2022-27455
- RESERVED
+CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an
use-afte ...)
+ TODO: check
+CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an
use-afte ...)
+ TODO: check
+CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an
use-afte ...)
+ TODO: check
+CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an
use-afte ...)
+ TODO: check
CVE-2022-27454
RESERVED
CVE-2022-27453
RESERVED
-CVE-2022-27452
- RESERVED
-CVE-2022-27451
- RESERVED
+CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a
segmentatio ...)
+ TODO: check
+CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a
segmentatio ...)
+ TODO: check
CVE-2022-27450
RESERVED
-CVE-2022-27449
- RESERVED
-CVE-2022-27448
- RESERVED
-CVE-2022-27447
- RESERVED
-CVE-2022-27446
- RESERVED
-CVE-2022-27445
- RESERVED
-CVE-2022-27444
- RESERVED
+CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a
segmentatio ...)
+ TODO: check
+CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and
below via 'n ...)
+ TODO: check
+CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a
use-after-f ...)
+ TODO: check
+CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a
segmentatio ...)
+ TODO: check
+CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a
segmentatio ...)
+ TODO: check
+CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a
segmentatio ...)
+ TODO: check
CVE-2022-27443
RESERVED
CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log
directory and o ...)
@@ -6037,10 +6068,10 @@ CVE-2022-27010
RESERVED
CVE-2022-27009
RESERVED
-CVE-2022-27008
- RESERVED
-CVE-2022-27007
- RESERVED
+CVE-2022-27008 (nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type
confused in Arr ...)
+ TODO: check
+CVE-2022-27007 (nginx njs 0.7.2 is affected suffers from Use-after-free in
njs_functio ...)
+ TODO: check
CVE-2022-27006
RESERVED
CVE-2022-27005 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R
V9.1.0u.61 ...)
@@ -7266,8 +7297,8 @@ CVE-2022-0870 (Server-Side Request Forgery (SSRF) in
GitHub repository gogs/gogs
NOT-FOR-US: Go Git Service
CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior
to 0.1 ...)
NOT-FOR-US: Spirit forum software
-CVE-2022-26507
- RESERVED
+CVE-2022-26507 (** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow
exists in ...)
+ TODO: check
CVE-2022-26506
RESERVED
CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before
1.3.1 a ...)
@@ -11028,10 +11059,10 @@ CVE-2022-25174 (Jenkins Pipeline: Shared Groovy
Libraries Plugin 552.vd9cc05b8a2
NOT-FOR-US: Jenkins plugin
CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier
uses th ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-25166
- RESERVED
-CVE-2022-25165
- RESERVED
+CVE-2022-25166 (An issue was discovered in Amazon AWS VPN Client 2.0.0. It is
possible ...)
+ TODO: check
+CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A
TOCTOU race ...)
+ TODO: check
CVE-2022-25164
RESERVED
CVE-2022-25163
@@ -20641,8 +20672,8 @@ CVE-2022-22393
RESERVED
CVE-2022-22392
RESERVED
-CVE-2022-22391
- RESERVED
+CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow
an authen ...)
+ TODO: check
CVE-2022-22390
RESERVED
CVE-2022-22389
@@ -23033,42 +23064,42 @@ CVE-2022-22200
RESERVED
CVE-2022-22199
RESERVED
-CVE-2022-22198
- RESERVED
-CVE-2022-22197
- RESERVED
-CVE-2022-22196
- RESERVED
-CVE-2022-22195
- RESERVED
-CVE-2022-22194
- RESERVED
-CVE-2022-22193
- RESERVED
+CVE-2022-22198 (An Access of Uninitialized Pointer vulnerability in the SIP
ALG of Jun ...)
+ TODO: check
+CVE-2022-22197 (An Operation on a Resource after Expiration or Release
vulnerability i ...)
+ TODO: check
+CVE-2022-22196 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2022-22195 (An Improper Update of Reference Count vulnerability in the
kernel of J ...)
+ TODO: check
+CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in
the Rout ...)
+ TODO: check
CVE-2022-22192
RESERVED
-CVE-2022-22191
- RESERVED
-CVE-2022-22190
- RESERVED
-CVE-2022-22189
- RESERVED
-CVE-2022-22188
- RESERVED
-CVE-2022-22187
- RESERVED
-CVE-2022-22186
- RESERVED
-CVE-2022-22185
- RESERVED
+CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a
flood o ...)
+ TODO: check
+CVE-2022-22190 (An Improper Access Control vulnerability in the Juniper
Networks Parag ...)
+ TODO: check
+CVE-2022-22189 (An Incorrect Ownership Assignment vulnerability in Juniper
Networks Co ...)
+ TODO: check
+CVE-2022-22188 (An Uncontrolled Memory Allocation vulnerability leading to a
Heap-base ...)
+ TODO: check
+CVE-2022-22187 (An Improper Privilege Management vulnerability in the Windows
Installe ...)
+ TODO: check
+CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper
Networks Ju ...)
+ TODO: check
+CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series,
allows a n ...)
+ TODO: check
CVE-2022-22184
RESERVED
-CVE-2022-22183
- RESERVED
-CVE-2022-22182
- RESERVED
-CVE-2022-22181
- RESERVED
+CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks
Junos OS ...)
+ TODO: check
+CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks
Junos O ...)
+ TODO: check
+CVE-2022-22181 (A reflected Cross-site Scripting (XSS) vulnerability in J-Web
of Junip ...)
+ TODO: check
CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset
in Input ...)
@@ -24144,10 +24175,10 @@ CVE-2021-45230 (In Apache Airflow prior to 2.2.0.
This CVE applies to a specific
- airflow <itp> (bug #819700)
CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen
was suscep ...)
- airflow <itp> (bug #819700)
-CVE-2021-45228
- RESERVED
-CVE-2021-45227
- RESERVED
+CVE-2021-45228 (An XSS issue was discovered in COINS Construction Cloud 11.12.
Due to ...)
+ TODO: check
+CVE-2021-45227 (An issue was discovered in COINS Construction Cloud 11.12. Due
to an i ...)
+ TODO: check
CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due
to impr ...)
NOT-FOR-US: COINS Construction Cloud
CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due
to impr ...)
@@ -30250,8 +30281,8 @@ CVE-2021-43635 (A Cross Site Scripting (XSS)
vulnerability exists in Codex befor
NOT-FOR-US: Codex
CVE-2021-43634
RESERVED
-CVE-2021-43633
- RESERVED
+CVE-2021-43633 (Sourcecodester Messaging Web Application 1.0 is vulnerable to
stored X ...)
+ TODO: check
CVE-2021-43632
RESERVED
CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to
SQL inj ...)
@@ -31311,16 +31342,16 @@ CVE-2021-43292
RESERVED
CVE-2021-43291
RESERVED
-CVE-2021-43290
- RESERVED
-CVE-2021-43289
- RESERVED
-CVE-2021-43288
- RESERVED
-CVE-2021-43287
- RESERVED
-CVE-2021-43286
- RESERVED
+CVE-2021-43290 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An
attacke ...)
+ TODO: check
+CVE-2021-43289 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An
attacke ...)
+ TODO: check
+CVE-2021-43288 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An
attacke ...)
+ TODO: check
+CVE-2021-43287 (An issue was discovered in ThoughtWorks GoCD before 21.3.0.
The busine ...)
+ TODO: check
+CVE-2021-43286 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An
attacke ...)
+ TODO: check
CVE-2021-43285
RESERVED
CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through
1.0.3. The r ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f71c4a02ca9ce9ae3d67690324ffdf870c602ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f71c4a02ca9ce9ae3d67690324ffdf870c602ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
