[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 19 Apr 2022 13:10:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
65898cb4 by security tracker role at 2022-04-19T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-29504
+       RESERVED
+CVE-2022-29503
+       RESERVED
+CVE-2022-1405
+       RESERVED
+CVE-2022-1404
+       RESERVED
+CVE-2022-1403
+       RESERVED
+CVE-2022-1402
+       RESERVED
+CVE-2022-1401
+       RESERVED
+CVE-2022-1400
+       RESERVED
+CVE-2022-1399
+       RESERVED
+CVE-2022-1398
+       RESERVED
+CVE-2022-1397
+       RESERVED
+CVE-2022-1396
+       RESERVED
+CVE-2022-1395
+       RESERVED
+CVE-2022-1394
+       RESERVED
+CVE-2022-1393
+       RESERVED
+CVE-2022-1392
+       RESERVED
+CVE-2022-1391
+       RESERVED
+CVE-2022-1390
+       RESERVED
 CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
        - snort <unfixed> (bug #1009820)
        [bullseye] - snort <no-dsa> (Minor issue)
@@ -427,8 +463,8 @@ CVE-2022-29317
        RESERVED
 CVE-2022-29316
        RESERVED
-CVE-2022-29315
-       RESERVED
+CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the 
Description fi ...)
+       TODO: check
 CVE-2022-29314
        RESERVED
 CVE-2022-29313
@@ -873,8 +909,8 @@ CVE-2022-29155
        RESERVED
 CVE-2022-29154
        RESERVED
-CVE-2022-29153
-       RESERVED
+CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 
allow SSRF. ...)
+       TODO: check
 CVE-2022-29152
        RESERVED
 CVE-2022-29151
@@ -1065,7 +1101,7 @@ CVE-2022-29074
        RESERVED
 CVE-2022-29073
        RESERVED
-CVE-2022-29072 (7-Zip through 21.07 on Windows allows privilege escalation and 
command ...)
+CVE-2022-29072 (** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege 
escalat ...)
        TODO: check
 CVE-2022-29071
        RESERVED
@@ -4265,8 +4301,8 @@ CVE-2022-1104
        RESERVED
 CVE-2022-1103
        RESERVED
-CVE-2022-27927
-       RESERVED
+CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance 
Management System ...)
+       TODO: check
 CVE-2022-27926
        RESERVED
 CVE-2022-27925
@@ -4531,8 +4567,8 @@ CVE-2022-27844 (Arbitrary File Read vulnerability in 
WPvivid Team Migration, Bac
        NOT-FOR-US: WordPress plugin
 CVE-2022-1066
        RESERVED
-CVE-2022-1065
-       RESERVED
+CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP 
allows ...)
+       TODO: check
 CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in 
GitHub  ...)
        NOT-FOR-US: forkcms
 CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not 
sanitise an ...)
@@ -6580,8 +6616,8 @@ CVE-2022-27106
        RESERVED
 CVE-2022-27105
        RESERVED
-CVE-2022-27104
-       RESERVED
+CVE-2022-27104 (An Unauthenticated time-based blind SQL injection 
vulnerability exists ...)
+       TODO: check
 CVE-2022-27103
        RESERVED
 CVE-2022-27102
@@ -6678,8 +6714,8 @@ CVE-2022-27057
        RESERVED
 CVE-2022-27056
        RESERVED
-CVE-2022-27055
-       RESERVED
+CVE-2022-27055 (** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable 
to inform ...)
+       TODO: check
 CVE-2022-27054
        RESERVED
 CVE-2022-27053
@@ -7830,12 +7866,12 @@ CVE-2022-26597
        RESERVED
 CVE-2022-26596
        RESERVED
-CVE-2022-26595
-       RESERVED
+CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 
fix pack 1 ...)
+       TODO: check
 CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay 
Portal  ...)
        NOT-FOR-US: Liferay
-CVE-2022-26593
-       RESERVED
+CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's 
asset c ...)
+       TODO: check
 CVE-2022-26592
        RESERVED
 CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows 
unauthenticated attac ...)
@@ -9301,6 +9337,7 @@ CVE-2021-4224
 CVE-2022-26111
        RESERVED
 CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x 
before  ...)
+       {DLA-2984-1}
        - condor <unfixed> (bug #1008634)
        NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003
        NOTE: 
https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca
 (V8_8_16)
@@ -9688,8 +9725,8 @@ CVE-2022-25759
        RESERVED
 CVE-2022-25758
        RESERVED
-CVE-2022-25648
-       RESERVED
+CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command 
Injection via  ...)
+       TODO: check
 CVE-2022-25647
        RESERVED
 CVE-2022-25646
@@ -11492,8 +11529,8 @@ CVE-2022-0647 (The Bulk Creator WordPress plugin 
through 1.0.1 does not sanitize
 CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component 
Transpo ...)
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://lore.kernel.org/all/[email protected]/T/
-CVE-2022-0645
-       RESERVED
+CVE-2022-0645 (Open redirect vulnerability via endpoint 
authorize_and_redirect/?redir ...)
+       TODO: check
 CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
        RESERVED
        {DSA-5096-1 DLA-2941-1}
@@ -27435,8 +27472,8 @@ CVE-2021-4039 (A command injection vulnerability in the 
web interface of the Zyx
        NOT-FOR-US: Zyxel
 CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an 
Authenticate ...)
        NOT-FOR-US: Citrix XenMobile Server
-CVE-2021-44519
-       RESERVED
+CVE-2021-44519 (In Citrix XenMobile Server through 10.12 RP9, there is an 
Authenticate ...)
+       TODO: check
 CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel 
Padlock ...)
        NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for 
Android
 CVE-2021-44517
@@ -33457,8 +33494,8 @@ CVE-2021-43131
        RESERVED
 CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester 
Customer Relat ...)
        NOT-FOR-US: Sourcecodester
-CVE-2021-43129
-       RESERVED
+CVE-2021-43129 (An Access Control vulnerability exists in Desire2Learn/D2L 
Learning Ma ...)
+       TODO: check
 CVE-2021-43128
        RESERVED
 CVE-2021-43127
@@ -38511,8 +38548,8 @@ CVE-2021-41572
        RESERVED
 CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper 
that do ...)
        NOT-FOR-US: Apache Pulsar
-CVE-2021-41570
-       RESERVED
+CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the 
NetBackup ...)
+       TODO: check
 CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File 
Inclusion. Th ...)
        NOT-FOR-US: SAS/Intrnet
 CVE-2021-3826
@@ -44779,20 +44816,20 @@ CVE-2021-39080 (Due to weak obfuscation, IBM Cognos 
Analytics Mobile for Android
        NOT-FOR-US: IBM
 CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to 
version  ...)
        NOT-FOR-US: IBM
-CVE-2021-39078
-       RESERVED
+CVE-2021-39078 (IBM Security Guardium 10.5 stores user credentials in plain 
clear text ...)
+       TODO: check
 CVE-2021-39077
        RESERVED
-CVE-2021-39076
-       RESERVED
+CVE-2021-39076 (IBM Security Guardium 10.5 and 11.3 uses weaker than expected 
cryptogr ...)
+       TODO: check
 CVE-2021-39075
        RESERVED
 CVE-2021-39074
        RESERVED
 CVE-2021-39073
        RESERVED
-CVE-2021-39072
-       RESERVED
+CVE-2021-39072 (IBM Security Guardium 11.3 could allow a remote attacker to 
obtain sen ...)
+       TODO: check
 CVE-2021-39071
        RESERVED
 CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 
with the ad ...)
@@ -44869,8 +44906,8 @@ CVE-2021-39035
        RESERVED
 CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack 
caused by a ...)
        NOT-FOR-US: IBM
-CVE-2021-39033
-       RESERVED
+CVE-2021-39033 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.0.3.5 a ...)
+       TODO: check
 CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores 
potential ...)
        NOT-FOR-US: IBM
 CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 
22.0.0.1 c ...)
@@ -46691,13 +46728,13 @@ CVE-2021-38271
        RESERVED
 CVE-2021-38270
        RESERVED
-CVE-2021-38269 (Liferay Portal through v7.4.0 and Liferay DXP through v7.1 
were discov ...)
+CVE-2021-38269 (Cross-site scripting (XSS) vulnerability in the Gogo Shell 
module in L ...)
        NOT-FOR-US: Liferay
 CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 
through 7.3.6, ...)
        NOT-FOR-US: Liferay
-CVE-2021-38267 (Liferay Portal through v7.3.6 and Liferay DXP through v7.3 
were discov ...)
+CVE-2021-38267 (Cross-site scripting (XSS) vulnerability in the Blogs module's 
edit bl ...)
        NOT-FOR-US: Liferay
-CVE-2021-38266 (Liferay Portal through v7.2.1 and Liferay DXP through v7.2 
does not co ...)
+CVE-2021-38266 (The Portal Security module in Liferay Portal 7.2.1 and 
earlier, and Li ...)
        NOT-FOR-US: Liferay
 CVE-2021-38265 (Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below 
were di ...)
        NOT-FOR-US: Liferay



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65898cb43224ff0d14050ff527ede3cdd3852e0e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65898cb43224ff0d14050ff527ede3cdd3852e0e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to