Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52f5f6e1 by security tracker role at 2022-04-26T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2022-1476
+ RESERVED
+CVE-2022-1475
+ RESERVED
+CVE-2022-1474
+ RESERVED
+CVE-2022-1473
+ RESERVED
+CVE-2022-1472
+ RESERVED
+CVE-2022-1471
+ RESERVED
+CVE-2022-1470
+ RESERVED
+CVE-2022-1469
+ RESERVED
CVE-2022-29808
RESERVED
CVE-2022-29807
@@ -19,8 +35,8 @@ CVE-2022-1468
RESERVED
CVE-2022-1467
RESERVED
-CVE-2022-1466
- RESERVED
+CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is
vulnerable to ...)
+ TODO: check
CVE-2022-29801
RESERVED
CVE-2022-29800
@@ -4230,8 +4246,8 @@ CVE-2022-1175 (Improper neutralization of user input in
GitLab CE/EE versions 14
- gitlab <unfixed>
CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE
versions ...)
- gitlab <unfixed>
-CVE-2022-1173
- RESERVED
+CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33.
...)
+ TODO: check
CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub
repositor ...)
- gpac <unfixed>
[bullseye] - gpac <ignored> (Minor issue)
@@ -4257,8 +4273,8 @@ CVE-2022-1164 (The Wyzi Theme was affected by reflected
XSS vulnerabilities in t
NOT-FOR-US: Wordpress theme
CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an
unauthe ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-28218
- RESERVED
+CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1
through ...)
+ TODO: check
CVE-2022-28217
RESERVED
CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI
Workspace) - ve ...)
@@ -4983,10 +4999,10 @@ CVE-2022-27987
RESERVED
CVE-2022-27986
RESERVED
-CVE-2022-27985
- RESERVED
-CVE-2022-27984
- RESERVED
+CVE-2022-27985 (CuppaCMS v1.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2022-27984 (CuppaCMS v1.0 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
CVE-2022-27983
RESERVED
CVE-2022-27982
@@ -5376,8 +5392,8 @@ CVE-2022-27856
RESERVED
CVE-2022-27855
RESERVED
-CVE-2022-27854
- RESERVED
+CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander
Ustimenko ...)
+ TODO: check
CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site
Scripting (XSS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerabili ...)
@@ -6254,10 +6270,10 @@ CVE-2022-27471
RESERVED
CVE-2022-27470
RESERVED
-CVE-2022-27469
- RESERVED
-CVE-2022-27468
- RESERVED
+CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute
Server- ...)
+ TODO: check
+CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file
upload w ...)
+ TODO: check
CVE-2022-27467
RESERVED
CVE-2022-27466
@@ -6721,8 +6737,8 @@ CVE-2022-27301
RESERVED
CVE-2022-27300
RESERVED
-CVE-2022-27299
- RESERVED
+CVE-2022-27299 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
CVE-2022-27298
RESERVED
CVE-2022-27297
@@ -13494,12 +13510,12 @@ CVE-2022-24885
RESERVED
CVE-2022-24884
RESERVED
-CVE-2022-24883
- RESERVED
-CVE-2022-24882
- RESERVED
-CVE-2022-24881
- RESERVED
+CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
+ TODO: check
+CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP). ...)
+ TODO: check
+CVE-2022-24881 (Ballcat Codegen provides the function of online editing code
to genera ...)
+ TODO: check
CVE-2022-24880 (flask-session-captcha is a package which allows users to
extend Flask ...)
NOT-FOR-US: flask-session-captcha
CVE-2022-24879
@@ -13531,8 +13547,8 @@ CVE-2022-24868 (GLPI is a Free Asset and IT Management
Software package, that pr
CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that
provides ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2022-24866
- RESERVED
+CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in
Discour ...)
+ TODO: check
CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In
affected versio ...)
NOT-FOR-US: HumHub
CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin
Protocol pro ...)
@@ -14016,8 +14032,7 @@ CVE-2022-24708 (Anuko Time Tracker is an open source,
web-based time tracking ap
NOT-FOR-US: Anuko Time Tracker
CVE-2022-24707 (Anuko Time Tracker is an open source, web-based time tracking
applicat ...)
NOT-FOR-US: Anuko Time Tracker
-CVE-2022-24706
- RESERVED
+CVE-2022-24706 (In Apache CouchDB prior to 3.2.2, an attacker can access an
improperly ...)
- couchdb <removed>
NOTE: https://www.openwall.com/lists/oss-security/2022/04/26/1
CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a
memcpy ...)
@@ -16712,8 +16727,7 @@ CVE-2022-23943 (Out-of-bounds Write vulnerability in
mod_sed of Apache HTTP Serv
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943
NOTE: Fixed by: https://svn.apache.org/r1898695
NOTE: Fixed by: https://svn.apache.org/r1898772
-CVE-2022-23942
- RESERVED
+CVE-2022-23942 (Apache Doris, prior to 1.0.0, used a hardcoded key and IV to
initializ ...)
NOT-FOR-US: Apache Doris (different from src:doris)
CVE-2022-21184
RESERVED
@@ -51277,8 +51291,8 @@ CVE-2021-36897
RESERVED
CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36895
- RESERVED
+CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in
Tripetto's ...)
+ TODO: check
CVE-2021-36894
RESERVED
CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
@@ -51333,8 +51347,8 @@ CVE-2021-36869 (Reflected Cross-Site Scripting (XSS)
vulnerability in WordPress
NOT-FOR-US: WordPress plugin
CVE-2021-36868
RESERVED
-CVE-2021-36867
- RESERVED
+CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander
Ustimenko ...)
+ TODO: check
CVE-2021-36866
RESERVED
CVE-2021-36865
@@ -77126,10 +77140,10 @@ CVE-2021-26631
RESERVED
CVE-2021-26630
RESERVED
-CVE-2021-26629
- RESERVED
-CVE-2021-26628
- RESERVED
+CVE-2021-26629 (A path traversal vulnerability in XPLATFORM's runtime archive
function ...)
+ TODO: check
+CVE-2021-26628 (Insufficient script validation of the admin page enables XSS,
which ca ...)
+ TODO: check
CVE-2021-26627 (Real-time image information exposure is caused by insufficient
authent ...)
NOT-FOR-US: EDrhyme QCP camera
CVE-2021-26626 (Improper input validation vulnerability in XPLATFORM's
execBrowser met ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f5f6e163894ceaf0ff866e83d854cb19bd44d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f5f6e163894ceaf0ff866e83d854cb19bd44d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
