Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0850d5ab by security tracker role at 2022-05-28T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-31793
+ RESERVED
+CVE-2022-31792
+ RESERVED
+CVE-2022-31791
+ RESERVED
+CVE-2022-31790
+ RESERVED
+CVE-2022-31789
+ RESERVED
+CVE-2022-31788
+ RESERVED
+CVE-2022-31787
+ RESERVED
+CVE-2022-31786
+ RESERVED
+CVE-2022-31785
+ RESERVED
+CVE-2022-31784
+ RESERVED
+CVE-2022-31783 (Liblouis 3.21.0 has an out-of-bounds write in compileRule in
compileTr ...)
+ TODO: check
+CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a
heap-based bu ...)
+ TODO: check
+CVE-2022-31781
+ RESERVED
CVE-2022-31780
RESERVED
CVE-2022-31779
@@ -3537,8 +3563,8 @@ CVE-2022-1625
RESERVED
CVE-2022-1624
RESERVED
-CVE-2022-30521
- RESERVED
+CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based
Buffer Overfl ...)
+ TODO: check
CVE-2022-30520
RESERVED
CVE-2022-30519
@@ -3587,8 +3613,8 @@ CVE-2022-30498
RESERVED
CVE-2022-30497
RESERVED
-CVE-2022-30496
- RESERVED
+CVE-2022-30496 (SQL injection in Logon Page of IDCE MV's application, version
1.0, all ...)
+ TODO: check
CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name
id param ...)
NOT-FOR-US: oretnom23 Automotive Shop Management System
CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first
and las ...)
@@ -4143,7 +4169,7 @@ CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in
PyScript through 2022-
TODO: check
CVE-2022-30285
RESERVED
-CVE-2022-30284 (In the python-libnmap package through 0.7.2 for Python, remote
command ...)
+CVE-2022-30284 (** DISPUTED ** In the python-libnmap package through 0.7.2 for
Python, ...)
- python-libnmap <unfixed>
[bullseye] - python-libnmap <no-dsa> (Minor issue)
[buster] - python-libnmap <no-dsa> (Minor issue)
@@ -5907,14 +5933,14 @@ CVE-2022-29697
RESERVED
CVE-2022-29696
RESERVED
-CVE-2022-29695
- RESERVED
-CVE-2022-29694
- RESERVED
-CVE-2022-29693
- RESERVED
-CVE-2022-29692
- RESERVED
+CVE-2022-29695 (Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an
incomplet ...)
+ TODO: check
+CVE-2022-29694 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain
a NULL p ...)
+ TODO: check
+CVE-2022-29693 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain
a memory ...)
+ TODO: check
+CVE-2022-29692 (Unicorn Engine v1.0.3 was discovered to contain a
use-after-free vulne ...)
+ TODO: check
CVE-2022-29691
RESERVED
CVE-2022-29690
@@ -6041,10 +6067,10 @@ CVE-2022-29630
RESERVED
CVE-2022-29629
RESERVED
-CVE-2022-29628
- RESERVED
-CVE-2022-29627
- RESERVED
+CVE-2022-29628 (A cross-site scripting (XSS) vulnerability in /omps/seller of
Online M ...)
+ TODO: check
+CVE-2022-29627 (An insecure direct object reference (IDOR) in Online Market
Place Site ...)
+ TODO: check
CVE-2022-29626
RESERVED
CVE-2022-29625
@@ -16522,8 +16548,8 @@ CVE-2022-25881
RESERVED
CVE-2022-25879
RESERVED
-CVE-2022-25878
- RESERVED
+CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to
Prototype Pollu ...)
+ TODO: check
CVE-2022-25877
RESERVED
CVE-2022-25876
@@ -20599,8 +20625,8 @@ CVE-2022-24583
RESERVED
CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to
XSS-PHPSESSID-Hijac ...)
NOT-FOR-US: Accounting Journal Management
-CVE-2022-24581
- RESERVED
+CVE-2022-24581 (ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash
capture v ...)
+ TODO: check
CVE-2022-24580
RESERVED
CVE-2022-24579
@@ -21738,14 +21764,14 @@ CVE-2022-24243
RESERVED
CVE-2022-24242
RESERVED
-CVE-2022-24241
- RESERVED
-CVE-2022-24240
- RESERVED
-CVE-2022-24239
- RESERVED
-CVE-2022-24238
- RESERVED
+CVE-2022-24241 (ACEweb Online Portal 3.5.065 was discovered to contain an
External Con ...)
+ TODO: check
+CVE-2022-24240 (ACEweb Online Portal 3.5.065 was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2022-24239 (ACEweb Online Portal 3.5.065 was discovered to contain an
unrestricted ...)
+ TODO: check
+CVE-2022-24238 (ACEweb Online Portal 3.5.065 was discovered to contain a
cross-site sc ...)
+ TODO: check
CVE-2022-24237 (The snaptPowered2 component of Snapt Aria v12.8 was discovered
to cont ...)
NOT-FOR-US: Snapt Aria
CVE-2022-24236 (An insecure permissions vulnerability in Snapt Aria v12.8
allows unaut ...)
@@ -41835,7 +41861,7 @@ CVE-2021-3894 [sctp: local DoS: unprivileged user can
cause BUG()]
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014970
CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested
JSON objec ...)
- {DSA-5023-1}
+ {DSA-5023-1 DLA-3031-1}
- modsecurity 3.0.6-1
[bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector
packages in Debian)
[buster] - modsecurity <no-dsa> (Minor issue; does not have connector
packages in Debian)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0850d5ab57ef7eb5e383a290190ff21979d88bb5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0850d5ab57ef7eb5e383a290190ff21979d88bb5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
