[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 20 May 2022 01:10:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c663e63c by security tracker role at 2022-05-20T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-31246
+       RESERVED
+CVE-2022-31245
+       RESERVED
+CVE-2022-31244
+       RESERVED
+CVE-2022-31243
+       RESERVED
+CVE-2022-31242
+       RESERVED
+CVE-2022-31241
+       RESERVED
+CVE-2022-31240
+       RESERVED
+CVE-2022-1805
+       RESERVED
+CVE-2022-1804
+       RESERVED
+CVE-2022-1803
+       RESERVED
+CVE-2022-1802
+       RESERVED
+CVE-2020-36522
+       RESERVED
 CVE-2022-31239
        RESERVED
 CVE-2022-31238
@@ -698,8 +722,8 @@ CVE-2022-30946 (A cross-site request forgery (CSRF) 
vulnerability in Jenkins Scr
        NOT-FOR-US: Jenkins plugin
 CVE-2022-30945 (Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and 
earlier allow ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2022-1754
-       RESERVED
+CVE-2022-1754 (Integer Overflow or Wraparound in GitHub repository 
polonel/trudesk pr ...)
+       TODO: check
 CVE-2022-1753 (A vulnerability, which was classified as critical, was found in 
WoWond ...)
        NOT-FOR-US: WoWonder
 CVE-2022-1752
@@ -3443,7 +3467,7 @@ CVE-2022-29918
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29918
 CVE-2022-29917
        RESERVED
-       {DSA-5129-1 DLA-2994-1}
+       {DSA-5141-1 DSA-5129-1 DLA-2994-1}
        - firefox 100.0-1
        - firefox-esr 91.9.0esr-1
        - thunderbird 1:91.9.0-1
@@ -3452,7 +3476,7 @@ CVE-2022-29917
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29917
 CVE-2022-29916
        RESERVED
-       {DSA-5129-1 DLA-2994-1}
+       {DSA-5141-1 DSA-5129-1 DLA-2994-1}
        - firefox 100.0-1
        - firefox-esr 91.9.0esr-1
        - thunderbird 1:91.9.0-1
@@ -3465,7 +3489,7 @@ CVE-2022-29915
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29915
 CVE-2022-29914
        RESERVED
-       {DSA-5129-1 DLA-2994-1}
+       {DSA-5141-1 DSA-5129-1 DLA-2994-1}
        - firefox 100.0-1
        - firefox-esr 91.9.0esr-1
        - thunderbird 1:91.9.0-1
@@ -3474,11 +3498,12 @@ CVE-2022-29914
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29914
 CVE-2022-29913
        RESERVED
+       {DSA-5141-1}
        - thunderbird 1:91.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29913
 CVE-2022-29912
        RESERVED
-       {DSA-5129-1 DLA-2994-1}
+       {DSA-5141-1 DSA-5129-1 DLA-2994-1}
        - firefox 100.0-1
        - firefox-esr 91.9.0esr-1
        - thunderbird 1:91.9.0-1
@@ -3487,7 +3512,7 @@ CVE-2022-29912
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29912
 CVE-2022-29911
        RESERVED
-       {DSA-5129-1 DLA-2994-1}
+       {DSA-5141-1 DSA-5129-1 DLA-2994-1}
        - firefox 100.0-1
        - firefox-esr 91.9.0esr-1
        - thunderbird 1:91.9.0-1
@@ -3500,7 +3525,7 @@ CVE-2022-29910
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29910
 CVE-2022-29909
        RESERVED
-       {DSA-5129-1 DLA-2994-1}
+       {DSA-5141-1 DSA-5129-1 DLA-2994-1}
        - firefox 100.0-1
        - firefox-esr 91.9.0esr-1
        - thunderbird 1:91.9.0-1
@@ -3657,6 +3682,7 @@ CVE-2022-1521
        RESERVED
 CVE-2022-1520
        RESERVED
+       {DSA-5141-1}
        - thunderbird 1:91.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520
 CVE-2022-1519
@@ -4370,8 +4396,8 @@ CVE-2022-29654
        RESERVED
 CVE-2022-29653
        RESERVED
-CVE-2022-29652
-       RESERVED
+CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL 
Injectio ...)
+       TODO: check
 CVE-2022-29651
        RESERVED
 CVE-2022-29650
@@ -5320,8 +5346,8 @@ CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to 
contain a SQL injection vul
        NOT-FOR-US: Ionize CMS
 CVE-2022-29305
        RESERVED
-CVE-2022-29304
-       RESERVED
+CVE-2022-29304 (Online Sports Complex Booking System 1.0 is vulnerable to SQL 
Injectio ...)
+       TODO: check
 CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command 
injecti ...)
        NOT-FOR-US: SolarView Compact
 CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local 
file disc ...)
@@ -6266,12 +6292,12 @@ CVE-2022-28989
        RESERVED
 CVE-2022-28988
        RESERVED
-CVE-2022-28987
-       RESERVED
+CVE-2022-28987 (ManageEngine ADSelfService Plus v6.1 allows attackers to 
perform usern ...)
+       TODO: check
 CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle 
Affected:  ...)
        NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle
-CVE-2022-28985
-       RESERVED
+CVE-2022-28985 (A stored cross-site scripting (XSS) vulnerability in the 
addNewPost co ...)
+       TODO: check
 CVE-2022-28984
        RESERVED
 CVE-2022-28983
@@ -6310,28 +6336,28 @@ CVE-2022-28967
        RESERVED
 CVE-2022-28966 (Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in 
m3_code ...)
        NOT-FOR-US: wasm3
-CVE-2022-28965
-       RESERVED
-CVE-2022-28964
-       RESERVED
+CVE-2022-28965 (Multiple DLL hijacking vulnerabilities via the components 
instup.exe a ...)
+       TODO: check
+CVE-2022-28964 (An arbitrary file write vulnerability in Avast Premium 
Security before ...)
+       TODO: check
 CVE-2022-28963
        RESERVED
-CVE-2022-28962
-       RESERVED
-CVE-2022-28961
-       RESERVED
+CVE-2022-28962 (Online Sports Complex Booking System 1.0 is vulnerable to SQL 
Injectio ...)
+       TODO: check
+CVE-2022-28961 (Spip Web Framework v3.1.13 and below was discovered to contain 
multipl ...)
+       {DSA-4798-1}
        - spip 3.2.8-1
        NOTE: 
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr
        NOTE: 
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
        NOTE: 
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
-CVE-2022-28960
-       RESERVED
+CVE-2022-28960 (A PHP injection vulnerability in Spip before v3.2.8 allows 
attackers t ...)
+       {DSA-4798-1}
        - spip 3.2.8-1
        NOTE: 
https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr
        NOTE: 
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
        NOTE: 
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
-CVE-2022-28959
-       RESERVED
+CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the 
component / ...)
+       TODO: check
 CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote 
code execut ...)
        NOT-FOR-US: D-Link
 CVE-2022-28957
@@ -6352,8 +6378,8 @@ CVE-2022-28950
        RESERVED
 CVE-2022-28949
        RESERVED
-CVE-2022-28948
-       RESERVED
+CVE-2022-28948 (An issue in the Unmarshal function in Go-Yaml v3 causes the 
program to ...)
+       TODO: check
 CVE-2022-28947
        RESERVED
 CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent 
v0.39.0 c ...)
@@ -35576,8 +35602,8 @@ CVE-2022-21502
        RESERVED
 CVE-2022-21501
        RESERVED
-CVE-2022-21500
-       RESERVED
+CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage 
Proxies).  ...)
+       TODO: check
 CVE-2022-21499
        RESERVED
 CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database 
Server. Supp ...)
@@ -35690,6 +35716,7 @@ CVE-2022-21451 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compo
 CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction 
Hub produc ...)
        NOT-FOR-US: Oracle
 CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5128-1}
        - openjdk-17 17.0.3+7-1
        - openjdk-18 18.0.1+10-1
 CVE-2022-21448 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
@@ -62471,8 +62498,8 @@ CVE-2021-34113
        RESERVED
 CVE-2021-34112
        RESERVED
-CVE-2021-34111
-       RESERVED
+CVE-2021-34111 (Thecus 4800Eco was discovered to contain a command injection 
vulnerabi ...)
+       TODO: check
 CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, 
allowin ...)
        NOT-FOR-US: WinWaste.NET
 CVE-2021-34109
@@ -169737,8 +169764,8 @@ CVE-2020-4109
        RESERVED
 CVE-2020-4108
        RESERVED
-CVE-2020-4107
-       RESERVED
+CVE-2020-4107 (HCL Domino is affected by an Insufficient Access Control 
vulnerability ...)
+       TODO: check
 CVE-2020-4106
        RESERVED
 CVE-2020-4105



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c663e63c91c07814e1ac3a0ac8283f214a51c46e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c663e63c91c07814e1ac3a0ac8283f214a51c46e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to