[Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Apr 20 17:48:18 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
729c2032 by Moritz Muehlenhoff at 2022-04-20T18:47:52+02:00
new gitlab issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1314,7 +1314,7 @@ CVE-2022-1296 (Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub re
NOTE: https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0
NOTE: https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6
CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior ...)
- TODO: check
+ NOT-FOR-US: fullpage.js
CVE-2022-1294
RESERVED
CVE-2022-1293
@@ -1599,9 +1599,9 @@ CVE-2022-28892
CVE-2022-28891
RESERVED
CVE-2022-27629 (Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Pa ...)
- TODO: check
+ NOT-FOR-US: MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership
CVE-2022-1291 (XSS vulnerability with default `onCellHtmlData` function in GitHub rep ...)
- TODO: check
+ NOT-FOR-US: Trudesk
CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub repository ...)
NOT-FOR-US: Trudesk
CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace. It ...)
@@ -2090,7 +2090,7 @@ CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in dri
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3
CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS messages in ...)
- TODO: check
+ NOT-FOR-US: ebics-java
CVE-2022-1278
RESERVED
CVE-2022-1277
@@ -3628,7 +3628,7 @@ CVE-2022-1158
NOTE: https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4
CVE-2022-1157 (Missing sanitization of logged exception messages in all versions prio ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-1156
RESERVED
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...)
@@ -3932,9 +3932,9 @@ CVE-2022-28111
CVE-2022-28110
RESERVED
CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in ...)
- TODO: check
+ NOT-FOR-US: Selenium
CVE-2022-28108 (Selenium Server (Grid) before 4 allows CSRF because it permits non-JSO ...)
- TODO: check
+ NOT-FOR-US: Selenium
CVE-2022-28107
RESERVED
CVE-2022-28106
@@ -4333,7 +4333,7 @@ CVE-2022-1104
CVE-2022-1103
RESERVED
CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance Management System ...)
- TODO: check
+ NOT-FOR-US: Microfinance Management System
CVE-2022-27926
RESERVED
CVE-2022-27925
@@ -4557,9 +4557,9 @@ CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerabl
CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...)
NOT-FOR-US: LifePoint Informatics Patient Portal
CVE-2022-27863 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking ...)
- TODO: check
+ NOT-FOR-US: Vikbooking
CVE-2022-27862 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking ...)
- TODO: check
+ NOT-FOR-US: Vikbooking
CVE-2022-27861
RESERVED
CVE-2022-27860
@@ -4599,7 +4599,7 @@ CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Bac
CVE-2022-1066
RESERVED
CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP allows ...)
- TODO: check
+ NOT-FOR-US: Abacus ERP
CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...)
NOT-FOR-US: forkcms
CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...)
@@ -5218,9 +5218,9 @@ CVE-2022-27580
CVE-2022-27579
RESERVED
CVE-2022-27578 (An attacker can perform a privilege escalation through the SICK OEE if ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15 allows for ...)
- TODO: check
+ NOT-FOR-US: SICK
CVE-2022-27576 (Information exposure vulnerability in Samsung DeX Home prior to SMR Ap ...)
NOT-FOR-US: Samsung
CVE-2022-27575 (Information exposure vulnerability in One UI Home prior to SMR April-2 ...)
@@ -5324,7 +5324,7 @@ CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk Aut
CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 c ...)
NOT-FOR-US: Autodesk
CVE-2022-27527 (A Memory Corruption vulnerability may lead to code execution through m ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-27526 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...)
NOT-FOR-US: Autodesk
CVE-2022-27525 (A malicious crafted .dwf file when consumed through DesignReview.exe a ...)
@@ -5973,9 +5973,9 @@ CVE-2022-27264
CVE-2022-27263 (An arbitrary file upload vulnerability in the file upload module of St ...)
NOT-FOR-US: Strapi
CVE-2022-27262 (An arbitrary file upload vulnerability in the file upload module of Sk ...)
- TODO: check
+ NOT-FOR-US: Skipper
CVE-2022-27261 (An arbitrary file write vulnerability in Express-FileUpload v1.3.1 all ...)
- TODO: check
+ NOT-FOR-US: Express-FileUpload
CVE-2022-27260 (An arbitrary file upload vulnerability in the file upload component of ...)
NOT-FOR-US: ButterCMS
CVE-2022-27259
@@ -6099,7 +6099,7 @@ CVE-2022-26349 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004)
CVE-2022-25880 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-1019 (Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vu ...)
- TODO: check
+ NOT-FOR-US: Automated Logic WebCtrl Server
CVE-2022-1018 (When opening a malicious solution file provided by an attacker, the ap ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-27172
@@ -6574,9 +6574,9 @@ CVE-2022-27142
CVE-2022-27141
RESERVED
CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload module of Ex ...)
- TODO: check
+ NOT-FOR-US: Express FileUpload
CVE-2022-27139 (An arbitrary file upload vulnerability in the file upload module of Gh ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2022-27138
RESERVED
CVE-2022-27137
@@ -6646,7 +6646,7 @@ CVE-2022-27106
CVE-2022-27105
RESERVED
CVE-2022-27104 (An Unauthenticated time-based blind SQL injection vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2022-27103
RESERVED
CVE-2022-27102
@@ -6744,7 +6744,7 @@ CVE-2022-27057
CVE-2022-27056
RESERVED
CVE-2022-27055 (** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to inform ...)
- TODO: check
+ NOT-FOR-US: ecjia-daojia
CVE-2022-27054
RESERVED
CVE-2022-27053
@@ -7083,9 +7083,9 @@ CVE-2022-26913
CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26911 (Skype for Business Information Disclosure Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26910 (Skype for Business and Lync Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -7285,7 +7285,7 @@ CVE-2022-26848
CVE-2022-26843
RESERVED
CVE-2022-26832 (.NET Framework Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-26831 (Windows LDAP Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26830 (DiskUsage.exe Remote Code Execution Vulnerability. ...)
@@ -7896,11 +7896,11 @@ CVE-2022-26597
CVE-2022-26596
RESERVED
CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 1 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...)
NOT-FOR-US: Liferay
CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's asset c ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2022-26592
RESERVED
CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...)
@@ -9406,7 +9406,7 @@ CVE-2022-26094 (Null pointer dereference vulnerability in parser_auxC function i
CVE-2022-26093 (Null pointer dereference vulnerability in parser_irot function in libs ...)
NOT-FOR-US: Samsung
CVE-2022-26092 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-26091 (Improper access control vulnerability in Knox Manage prior to SMR Apr- ...)
NOT-FOR-US: Samsung
CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior to SMR ...)
@@ -9971,9 +9971,9 @@ CVE-2022-25835
CVE-2022-25834
RESERVED
CVE-2022-25833 (Improper authentication in ImsService prior to SMR Apr-2022 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-25832 (Improper authentication vulnerability in S Secure prior to SMR Apr-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2022-25831 (Improper access control vulnerability in S Secure prior to SMR Apr-202 ...)
NOT-FOR-US: Samsung
CVE-2022-25830 (Information Exposure vulnerability in Galaxy Watch3 Plugin prior to ve ...)
@@ -10098,7 +10098,7 @@ CVE-2022-25790 (A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2
CVE-2022-25789 (A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022 ...)
NOT-FOR-US: Autodesk
CVE-2022-25788 (A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2022-25787
RESERVED
CVE-2022-25786
@@ -11677,7 +11677,7 @@ CVE-2022-25228
CVE-2022-25227
RESERVED
CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass the aut ...)
- TODO: check
+ NOT-FOR-US: ThinVNC
CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin user to in ...)
NOT-FOR-US: Network Olympus
CVE-2022-25224
@@ -12698,7 +12698,7 @@ CVE-2022-24862
CVE-2022-24861
RESERVED
CVE-2022-24860 (Databasir is a team-oriented relational database model document manage ...)
- TODO: check
+ NOT-FOR-US: Databasir
CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
- pypdf2 <unfixed> (bug #1009879)
NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
@@ -12727,7 +12727,7 @@ CVE-2022-24851 (LDAP Account Manager (LAM) is an open source web frontend for ma
CVE-2022-24850 (Discourse is an open source platform for community discussion. A categ ...)
NOT-FOR-US: Discourse
CVE-2022-24849 (DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5 ...)
- TODO: check
+ NOT-FOR-US: DisCatSharp
CVE-2022-24848
RESERVED
CVE-2022-24847 (GeoServer is an open source software server written in Java that allow ...)
@@ -12737,9 +12737,9 @@ CVE-2022-24846 (GeoWebCache is a tile caching server implemented in Java. The Ge
CVE-2022-24845 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
TODO: check
CVE-2022-24844 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
- TODO: check
+ NOT-FOR-US: Gin-vue-admin
CVE-2022-24843 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
- TODO: check
+ NOT-FOR-US: Gin-vue-admin
CVE-2022-24842 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
NOT-FOR-US: MinIO
CVE-2022-24841 (fleetdm/fleet is an open source device management, built on osquery. A ...)
@@ -15691,9 +15691,9 @@ CVE-2022-23978
CVE-2022-23977
RESERVED
CVE-2022-23976 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 ...)
- TODO: check
+ NOT-FOR-US: Access Demo Importer
CVE-2022-23975 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 ...)
- TODO: check
+ NOT-FOR-US: Access Demo Importer
CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path allowed ...)
NOT-FOR-US: Apache Pinot
CVE-2022-23103
@@ -15723,7 +15723,7 @@ CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0373 (Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...)
NOT-FOR-US: Crater
CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
@@ -15909,7 +15909,7 @@ CVE-2022-23939
CVE-2022-23938
RESERVED
CVE-2022-23937 (In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to ...)
- TODO: check no mention of this CVE at windriver.com urls
+ NOT-FOR-US: Wind River
CVE-2022-23936
RESERVED
CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
@@ -15975,7 +15975,7 @@ CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 d
CVE-2022-23910
RESERVED
CVE-2022-23909 (There is an unquoted service path in Sherpa Connector Service (SherpaC ...)
- TODO: check
+ NOT-FOR-US: Sherpa Connector Service
CVE-2022-23908
RESERVED
CVE-2022-23907 (CMS Made Simple v2.2.15 was discovered to contain a reflected cross-si ...)
@@ -15997,7 +15997,7 @@ CVE-2022-23901 (A stack overflow re2c 2.2 exists due to infinite recursion issue
NOTE: https://github.com/skvadrik/re2c/commit/039c18949190c5de5397eba504d2c75dad2ea9ca (3.0)
NOTE: Crash im CLI tool, no security impact
CVE-2022-23900 (A command injection vulnerability in the API of the Wavlink WL-WN531P3 ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...)
NOT-FOR-US: MCMS
CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...)
@@ -16067,7 +16067,7 @@ CVE-2022-23867
CVE-2022-23866
RESERVED
CVE-2022-23865 (Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/L ...)
- TODO: check
+ NOT-FOR-US: Nyron
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
NOT-FOR-US: calibre-web
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...)
@@ -16869,7 +16869,7 @@ CVE-2022-23734
CVE-2022-23733
RESERVED
CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...)
NOT-FOR-US: LG
CVE-2022-23730 (The public API error causes for the attacker to be able to bypass API ...)
@@ -16927,19 +16927,19 @@ CVE-2022-23705
CVE-2022-23704
RESERVED
CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23702 (A potential security vulnerability has been identified in HPE Superdom ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23701 (A potential remote host header injection security vulnerability has be ...)
NOT-FOR-US: HPE
CVE-2022-23700 (A local unauthorized read access to files vulnerability was discovered ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23699 (A local authentication restriction bypass vulnerability was discovered ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23698 (A remote unauthenticated disclosure of information vulnerability was d ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23697 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2022-23696
RESERVED
CVE-2022-23695
@@ -17513,7 +17513,7 @@ CVE-2022-23448 (A vulnerability has been identified in SIMATIC Energy Manager Ba
CVE-2022-23447
RESERVED
CVE-2022-23446 (A improper control of a resource through its lifetime in Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-23445
RESERVED
CVE-2022-23444
@@ -17523,9 +17523,9 @@ CVE-2022-23443
CVE-2022-23442
RESERVED
CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in the r ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2022-23439
RESERVED
CVE-2022-23438
@@ -18272,7 +18272,7 @@ CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
CVE-2022-0250
RESERVED
CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
@@ -18349,7 +18349,7 @@ CVE-2022-23294 (Windows Event Tracing Remote Code Execution Vulnerability. ...)
CVE-2022-23293 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...)
NOT-FOR-US: Microsoft
CVE-2022-23292 (Microsoft Power BI Spoofing Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23291 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
NOT-FOR-US: Microsoft
CVE-2022-23290 (Windows Inking COM Elevation of Privilege Vulnerability. ...)
@@ -18397,7 +18397,7 @@ CVE-2022-23270
CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23268 (Windows Hyper-V Denial of Service Vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23267
RESERVED
CVE-2022-23266 (Microsoft Defender for IoT Elevation of Privilege Vulnerability. ...)
@@ -18415,11 +18415,11 @@ CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
CVE-2022-23260
RESERVED
CVE-2022-23259 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23257 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability. ...)
@@ -19299,11 +19299,11 @@ CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overfl
CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...)
NOT-FOR-US: Western Digital
CVE-2022-21234 (An SQL injection vulnerability exists in the EchoAssets.aspx functiona ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-21210 (An SQL injection vulnerability exists in the AssetActions.aspx functio ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-21145 (A stored cross-site scripting vulnerability exists in the WebUserActio ...)
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2022-0182 (Stored cross-site scripting vulnerability in Quiz And Survey Master ve ...)
NOT-FOR-US: Quiz And Survey Master
CVE-2022-0181 (Reflected cross-site scripting vulnerability in Quiz And Survey Master ...)
@@ -20564,7 +20564,7 @@ CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions
CVE-2022-0137
RESERVED
CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2022-0135 [out-of-bounds write in read_transfer_data()]
RESERVED
- virglrenderer <unfixed> (bug #1009073)
@@ -20691,7 +20691,7 @@ CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions sta
CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- gitlab <unfixed>
CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2021-4200
RESERVED
CVE-2022-22677
@@ -20933,9 +20933,9 @@ CVE-2022-22574
CVE-2022-22573
RESERVED
CVE-2022-22572 (A non-admin user with user management permission can escalate his priv ...)
- TODO: check
+ NOT-FOR-US: Incapptic
CVE-2022-22571 (An authenticated high privileged user can perform a stored XSS attack ...)
- TODO: check
+ NOT-FOR-US: Incapptic
CVE-2022-22570 (A buffer overflow vulnerability found in the UniFi Door Access Reader ...)
NOT-FOR-US: UniFi Door Access Reader Lite
CVE-2022-22569
@@ -21225,19 +21225,19 @@ CVE-2022-22521
CVE-2022-22520
RESERVED
CVE-2022-22519 (A remote, authenticated attacker can send a specific crafted HTTP or H ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially applied secur ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-22517 (An unauthenticated, remote attacker can disrupt existing communication ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-22516 (The SysDrv3S driver in the CODESYS Control runtime system on Microsoft ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-22515 (A remote, unauthenticated attacker could utilize the control programme ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferenced po ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-22513 (An authenticated remote attacker can cause a null pointer dereference ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2022-22512
RESERVED
CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...)
@@ -22356,7 +22356,7 @@ CVE-2022-22281
CVE-2022-22280
RESERVED
CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file r ...)
- TODO: check
+ NOT-FOR-US: Sonicwall
CVE-2022-22278
RESERVED
CVE-2022-22277
@@ -30304,23 +30304,23 @@ CVE-2022-21492 (Vulnerability in the Oracle Business Intelligence Enterprise Edi
CVE-2022-21491 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
CVE-2022-21490 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- TODO: check
+ NOT-FOR-US: MySQL Cluster
CVE-2022-21489 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- TODO: check
+ NOT-FOR-US: MySQL Cluster
CVE-2022-21488 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
CVE-2022-21487 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
CVE-2022-21486 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- TODO: check
+ NOT-FOR-US: MySQL Cluster
CVE-2022-21485 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- TODO: check
+ NOT-FOR-US: MySQL Cluster
CVE-2022-21484 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- TODO: check
+ NOT-FOR-US: MySQL Cluster
CVE-2022-21483 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- TODO: check
+ NOT-FOR-US: MySQL Cluster
CVE-2022-21482 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- TODO: check
+ NOT-FOR-US: MySQL Cluster
CVE-2022-21481 (Vulnerability in the PeopleSoft Enterprise FIN Cash Management product ...)
NOT-FOR-US: Oracle
CVE-2022-21480 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729c20321c16cc4a3ee7afd2f5fe34c7947ea5e8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/729c20321c16cc4a3ee7afd2f5fe34c7947ea5e8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/1543db86/attachment.htm>
More information about the debian-security-tracker-commits
mailing list