Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 51b02391 by security tracker role at 2022-04-22T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,31 @@ +CVE-2022-29578 + RESERVED +CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...) + TODO: check +CVE-2022-29576 + RESERVED +CVE-2022-29575 + RESERVED +CVE-2022-29574 + RESERVED +CVE-2022-29573 + RESERVED +CVE-2022-29572 + RESERVED +CVE-2022-29571 + RESERVED +CVE-2022-29570 + RESERVED +CVE-2022-29569 + RESERVED +CVE-2022-29568 + RESERVED +CVE-2022-29567 + RESERVED +CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...) + TODO: check +CVE-2022-1427 + RESERVED CVE-2022-29565 RESERVED CVE-2022-29564 @@ -692,7 +720,7 @@ CVE-2022-29282 CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of ...) NOT-FOR-US: Notable CVE-2022-29280 - RESERVED + REJECTED CVE-2022-29279 RESERVED CVE-2022-29278 @@ -2054,8 +2082,8 @@ CVE-2022-28745 RESERVED CVE-2022-28744 RESERVED -CVE-2022-28743 - RESERVED +CVE-2022-28743 (Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Fosc ...) + TODO: check CVE-2022-28742 RESERVED CVE-2022-28741 @@ -2870,78 +2898,78 @@ CVE-2022-28447 RESERVED CVE-2022-28446 RESERVED -CVE-2022-28445 - RESERVED -CVE-2022-28444 - RESERVED -CVE-2022-28443 - RESERVED +CVE-2022-28445 (KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulner ...) + TODO: check +CVE-2022-28444 (UCMS v1.6 was discovered to contain an arbitrary file read vulnerabili ...) + TODO: check +CVE-2022-28443 (UCMS v1.6 was discovered to contain an arbitrary file deletion vulnera ...) + TODO: check CVE-2022-28442 RESERVED CVE-2022-28441 RESERVED -CVE-2022-28440 - RESERVED -CVE-2022-28439 - RESERVED -CVE-2022-28438 - RESERVED -CVE-2022-28437 - RESERVED -CVE-2022-28436 - RESERVED -CVE-2022-28435 - RESERVED -CVE-2022-28434 - RESERVED -CVE-2022-28433 - RESERVED -CVE-2022-28432 - RESERVED -CVE-2022-28431 - RESERVED +CVE-2022-28440 (An arbitrary file upload vulnerability in UCMS v1.6 allows attackers t ...) + TODO: check +CVE-2022-28439 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28438 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28437 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28436 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28435 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28434 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28433 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28432 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28431 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check CVE-2022-28430 RESERVED -CVE-2022-28429 - RESERVED +CVE-2022-28429 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check CVE-2022-28428 RESERVED -CVE-2022-28427 - RESERVED -CVE-2022-28426 - RESERVED -CVE-2022-28425 - RESERVED -CVE-2022-28424 - RESERVED -CVE-2022-28423 - RESERVED -CVE-2022-28422 - RESERVED -CVE-2022-28421 - RESERVED -CVE-2022-28420 - RESERVED +CVE-2022-28427 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28426 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28425 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28424 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28423 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28422 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28421 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check +CVE-2022-28420 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + TODO: check CVE-2022-28419 RESERVED CVE-2022-28418 RESERVED -CVE-2022-28417 - RESERVED -CVE-2022-28416 - RESERVED -CVE-2022-28415 - RESERVED -CVE-2022-28414 - RESERVED -CVE-2022-28413 - RESERVED -CVE-2022-28412 - RESERVED -CVE-2022-28411 - RESERVED -CVE-2022-28410 - RESERVED +CVE-2022-28417 (Home Owners Collection Management System v1.0 was discovered to contai ...) + TODO: check +CVE-2022-28416 (Home Owners Collection Management System v1.0 was discovered to contai ...) + TODO: check +CVE-2022-28415 (Home Owners Collection Management System v1.0 was discovered to contai ...) + TODO: check +CVE-2022-28414 (Home Owners Collection Management System v1.0 was discovered to contai ...) + TODO: check +CVE-2022-28413 (Car Driving School Management System v1.0 was discovered to contain a ...) + TODO: check +CVE-2022-28412 (Car Driving School Managment System v1.0 was discovered to contain a S ...) + TODO: check +CVE-2022-28411 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + TODO: check +CVE-2022-28410 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + TODO: check CVE-2022-28409 RESERVED CVE-2022-28408 @@ -3047,10 +3075,10 @@ CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the NOTE: https://github.com/dompdf/dompdf/issues/2598 NOTE: https://github.com/dompdf/dompdf/pull/2808 NOTE: https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d (v1.2.1) -CVE-2022-28367 - RESERVED -CVE-2022-28366 - RESERVED +CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...) + TODO: check +CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...) + TODO: check CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...) NOT-FOR-US: Reprise License Manager CVE-2022-28364 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) @@ -4256,56 +4284,56 @@ CVE-2022-28032 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_aj NOT-FOR-US: AtomCMS CVE-2022-28031 RESERVED -CVE-2022-28030 - RESERVED -CVE-2022-28029 - RESERVED -CVE-2022-28028 - RESERVED +CVE-2022-28030 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + TODO: check +CVE-2022-28029 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + TODO: check +CVE-2022-28028 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + TODO: check CVE-2022-28027 RESERVED -CVE-2022-28026 - RESERVED -CVE-2022-28025 - RESERVED -CVE-2022-28024 - RESERVED -CVE-2022-28023 - RESERVED -CVE-2022-28022 - RESERVED -CVE-2022-28021 - RESERVED -CVE-2022-28020 - RESERVED -CVE-2022-28019 - RESERVED -CVE-2022-28018 - RESERVED -CVE-2022-28017 - RESERVED -CVE-2022-28016 - RESERVED -CVE-2022-28015 - RESERVED -CVE-2022-28014 - RESERVED -CVE-2022-28013 - RESERVED -CVE-2022-28012 - RESERVED -CVE-2022-28011 - RESERVED -CVE-2022-28010 - RESERVED -CVE-2022-28009 - RESERVED -CVE-2022-28008 - RESERVED -CVE-2022-28007 - RESERVED -CVE-2022-28006 - RESERVED +CVE-2022-28026 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + TODO: check +CVE-2022-28025 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + TODO: check +CVE-2022-28024 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + TODO: check +CVE-2022-28023 (Purchase Order Management System v1.0 was discovered to contain a SQL ...) + TODO: check +CVE-2022-28022 (Purchase Order Management System v1.0 was discovered to contain a SQL ...) + TODO: check +CVE-2022-28021 (Purchase Order Management System v1.0 was discovered to contain a remo ...) + TODO: check +CVE-2022-28020 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28019 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28018 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28017 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28016 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28015 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28014 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28013 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28012 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28011 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28010 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28009 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28008 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check +CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + TODO: check CVE-2022-28005 RESERVED CVE-2022-28004 @@ -5599,8 +5627,8 @@ CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All NOT-FOR-US: Siemens CVE-2022-27479 (Apache Superset before 1.4.2 is vulnerable to SQL injection in chart d ...) NOT-FOR-US: Apache Superset -CVE-2022-27478 - RESERVED +CVE-2022-27478 (Victor v1.0 was discovered to contain a remote code execution (RCE) vu ...) + TODO: check CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload ...) NOT-FOR-US: Newbee-Mall CVE-2022-27476 (A cross-site scripting (XSS) vulnerability at /admin/goods/update in N ...) @@ -7381,8 +7409,8 @@ CVE-2022-26858 RESERVED CVE-2022-26857 RESERVED -CVE-2022-26856 - RESERVED +CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...) + TODO: check CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect d ...) NOT-FOR-US: Dell CVE-2022-26854 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptograph ...) @@ -7893,12 +7921,12 @@ CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an unauthen NOT-FOR-US: aEnrich a+HRD CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters in URLs. ...) NOT-FOR-US: aEnrich a+HRD -CVE-2022-26674 - RESERVED -CVE-2022-26673 - RESERVED -CVE-2022-26672 - RESERVED +CVE-2022-26674 (ASUS RT-AX88U has a Format String vulnerability, which allows an unaut ...) + TODO: check +CVE-2022-26673 (ASUS RT-AX88U has insufficient filtering for special characters in the ...) + TODO: check +CVE-2022-26672 (ASUS WebStorage has a hardcoded API Token in the APP source code. An u ...) + TODO: check CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system’s login page has a hard ...) NOT-FOR-US: Taiwan Secom Dr.ID Access Control system CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...) @@ -14098,10 +14126,10 @@ CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update version NOT-FOR-US: Dell CVE-2022-24425 RESERVED -CVE-2022-24424 - RESERVED -CVE-2022-24423 - RESERVED +CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vul ...) + TODO: check +CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of servi ...) + TODO: check CVE-2022-24422 RESERVED CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...) @@ -17095,8 +17123,7 @@ CVE-2022-23713 RESERVED CVE-2022-23712 RESERVED -CVE-2022-23711 - RESERVED +CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information related t ...) - kibana <itp> (bug #700337) CVE-2022-23710 (A cross-site-scripting (XSS) vulnerability was discovered in the Data ...) - kibana <itp> (bug #700337) @@ -19539,8 +19566,8 @@ CVE-2022-22971 RESERVED CVE-2022-22970 RESERVED -CVE-2022-22969 - RESERVED +CVE-2022-22969 (<Issue Description> Spring Security OAuth versions 2.5.x prior t ...) + TODO: check CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...) - libspring-java <unfixed> [bullseye] - libspring-java <no-dsa> (Minor issue) @@ -21153,8 +21180,8 @@ CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded crede NOT-FOR-US: EMC CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...) NOT-FOR-US: Dell PowerScale OneFS -CVE-2022-22558 - RESERVED +CVE-2022-22558 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...) + TODO: check CVE-2022-22557 RESERVED CVE-2022-22556 @@ -31211,8 +31238,8 @@ CVE-2021-43710 RESERVED CVE-2021-43709 RESERVED -CVE-2021-43708 - RESERVED +CVE-2021-43708 (The Labeling tool in Titus Classification Suite 18.8.1910.140 allows u ...) + TODO: check CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link ...) NOT-FOR-US: Maccms CVE-2021-43706 @@ -33133,10 +33160,10 @@ CVE-2022-20807 RESERVED CVE-2022-20806 RESERVED -CVE-2022-20805 - RESERVED -CVE-2022-20804 - RESERVED +CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella ...) + TODO: check +CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...) + TODO: check CVE-2022-20803 RESERVED CVE-2022-20802 @@ -33153,8 +33180,8 @@ CVE-2022-20797 RESERVED CVE-2022-20796 RESERVED -CVE-2022-20795 - RESERVED +CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS) proto ...) + TODO: check CVE-2022-20794 RESERVED CVE-2022-20793 @@ -33163,22 +33190,22 @@ CVE-2022-20792 RESERVED CVE-2022-20791 RESERVED -CVE-2022-20790 - RESERVED -CVE-2022-20789 - RESERVED -CVE-2022-20788 - RESERVED -CVE-2022-20787 - RESERVED -CVE-2022-20786 - RESERVED +CVE-2022-20790 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check +CVE-2022-20789 (A vulnerability in the software upgrade process of Cisco Unified Commu ...) + TODO: check +CVE-2022-20788 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check +CVE-2022-20787 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check +CVE-2022-20786 (A vulnerability in the web-based management interface of Cisco Unified ...) + TODO: check CVE-2022-20785 RESERVED CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cis ...) NOT-FOR-US: Cisco -CVE-2022-20783 - RESERVED +CVE-2022-20783 (A vulnerability in the packet processing functionality of Cisco TelePr ...) + TODO: check CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) @@ -33187,8 +33214,8 @@ CVE-2022-20780 RESERVED CVE-2022-20779 RESERVED -CVE-2022-20778 - RESERVED +CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex Meeting ...) + TODO: check CVE-2022-20777 RESERVED CVE-2022-20776 @@ -33197,8 +33224,8 @@ CVE-2022-20775 RESERVED CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...) NOT-FOR-US: Cisco -CVE-2022-20773 - RESERVED +CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...) + TODO: check CVE-2022-20772 RESERVED CVE-2022-20771 @@ -33279,8 +33306,8 @@ CVE-2022-20734 RESERVED CVE-2022-20733 RESERVED -CVE-2022-20732 - RESERVED +CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...) + TODO: check CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...) NOT-FOR-US: Cisco CVE-2022-20730 @@ -33798,7 +33825,7 @@ CVE-2021-43131 RESERVED CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...) NOT-FOR-US: Sourcecodester -CVE-2021-43129 (An Access Control vulnerability exists in Desire2Learn/D2L Learning Ma ...) +CVE-2021-43129 (A bypass exists for Desire2Learn/D2L Brightspace’s “Disabl ...) NOT-FOR-US: D2L Brightspace LMS CVE-2021-43128 RESERVED @@ -54578,8 +54605,8 @@ CVE-2021-35231 (As a result of an unquoted service path vulnerability present in NOT-FOR-US: Kiwi Syslog Server Installation Wizard CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...) NOT-FOR-US: Kiwi CatTools Installation Wizard -CVE-2021-35229 - RESERVED +CVE-2021-35229 (Cross-site scripting vulnerability is present in Database Performance ...) + TODO: check CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...) NOT-FOR-US: Solarwinds CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...) @@ -85053,8 +85080,8 @@ CVE-2021-23057 RESERVED CVE-2021-23056 RESERVED -CVE-2021-23055 - RESERVED +CVE-2021-23055 (On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line re ...) + TODO: check CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b0239166b92f6e0d022998ef6b921bee72c8a9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51b0239166b92f6e0d022998ef6b921bee72c8a9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits