[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 29 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1c5205a by security tracker role at 2022-04-29T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2022-29944
+ RESERVED
+CVE-2022-29943
+ RESERVED
+CVE-2022-29942
+ RESERVED
+CVE-2022-29941
+ RESERVED
+CVE-2022-29940
+ RESERVED
+CVE-2022-29939
+ RESERVED
+CVE-2022-29938
+ RESERVED
+CVE-2022-29937 (USU Oracle Optimization before 5.17.5 allows authenticated DataCollect ...)
+ TODO: check
+CVE-2022-29936 (USU Oracle Optimization before 5.17 allows authenticated quantum users ...)
+ TODO: check
+CVE-2022-29935 (USU Oracle Optimization before 5.17.5 allows attackers to discover the ...)
+ TODO: check
+CVE-2022-29934 (USU Oracle Optimization before 5.17.5 lacks Polkit authentication, whi ...)
+ TODO: check
+CVE-2022-29933
+ RESERVED
+CVE-2022-29932
+ RESERVED
+CVE-2022-29931
+ RESERVED
+CVE-2022-29930
+ RESERVED
+CVE-2022-29929
+ RESERVED
+CVE-2022-29928
+ RESERVED
+CVE-2022-29927
+ RESERVED
+CVE-2022-29922
+ RESERVED
+CVE-2022-29918
+ RESERVED
+CVE-2022-29917
+ RESERVED
+CVE-2022-29916
+ RESERVED
+CVE-2022-29915
+ RESERVED
+CVE-2022-29914
+ RESERVED
+CVE-2022-29913
+ RESERVED
+CVE-2022-29912
+ RESERVED
+CVE-2022-29911
+ RESERVED
+CVE-2022-29910
+ RESERVED
+CVE-2022-29909
+ RESERVED
+CVE-2022-29492
+ RESERVED
+CVE-2022-29490
+ RESERVED
+CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...)
+ TODO: check
+CVE-2022-1542
+ RESERVED
+CVE-2022-1541
+ RESERVED
+CVE-2022-1540
+ RESERVED
+CVE-2022-1539
+ RESERVED
+CVE-2022-1538
+ RESERVED
+CVE-2022-1537
+ RESERVED
+CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified ...)
+ TODO: check
+CVE-2022-1535
+ RESERVED
+CVE-2022-1534 (Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszews ...)
+ TODO: check
+CVE-2022-1533 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
+ TODO: check
+CVE-2022-1532
+ RESERVED
+CVE-2022-1531 (SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in ...)
+ TODO: check
+CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehel ...)
+ TODO: check
+CVE-2022-1529
+ RESERVED
+CVE-2022-1528
+ RESERVED
+CVE-2022-1527
+ RESERVED
+CVE-2021-4227
+ RESERVED
CVE-2022-29908
RESERVED
CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...)
@@ -12,8 +110,8 @@ CVE-2022-29903 (The Private Domains extension for MediaWiki through 1.37.2 (befo
NOT-FOR-US: MediaWiki Private Domains extension
CVE-2022-29902
RESERVED
-CVE-2022-1526
- RESERVED
+CVE-2022-1526 (A vulnerability, which was classified as problematic, was found in Eml ...)
+ TODO: check
CVE-2022-29901
RESERVED
CVE-2022-29900
@@ -148,8 +246,8 @@ CVE-2022-29858
RESERVED
CVE-2022-29857
RESERVED
-CVE-2022-29856
- RESERVED
+CVE-2022-29856 (A hardcoded cryptographic key in Automation360 22 allows an attacker t ...)
+ TODO: check
CVE-2022-29855
RESERVED
CVE-2022-29854
@@ -1225,10 +1323,10 @@ CVE-2022-1405
RESERVED
CVE-2022-1404
RESERVED
-CVE-2022-1403
- RESERVED
-CVE-2022-1402
- RESERVED
+CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...)
+ TODO: check
+CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...)
+ TODO: check
CVE-2022-1401
RESERVED
CVE-2022-1400
@@ -1386,8 +1484,8 @@ CVE-2022-29453
RESERVED
CVE-2022-29452
RESERVED
-CVE-2022-29451
- RESERVED
+CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vul ...)
+ TODO: check
CVE-2022-29450
RESERVED
CVE-2022-29449
@@ -1460,8 +1558,8 @@ CVE-2022-29416
RESERVED
CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29414
- RESERVED
+CVE-2022-29414 (Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WP ...)
+ TODO: check
CVE-2022-29413 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29412 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit & ...)
@@ -1855,8 +1953,7 @@ CVE-2022-1354
[buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
-CVE-2022-1353 [af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register]
- RESERVED
+CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/key/af ...)
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
CVE-2022-1352
@@ -2608,8 +2705,8 @@ CVE-2022-28996
RESERVED
CVE-2022-28995
RESERVED
-CVE-2022-28994
- RESERVED
+CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...)
+ TODO: check
CVE-2022-28993
RESERVED
CVE-2022-28992
@@ -3447,8 +3544,7 @@ CVE-2022-1263
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/1
NOTE: https://www.spinics.net/lists/kvm/msg273052.html
-CVE-2022-1249 [NULL pointer dereference in cms_set_pw_data()]
- RESERVED
+CVE-2022-1249 (A NULL pointer dereference flaw was found in pesign's cms_set_pw_data( ...)
- pesign <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/rhboot/pesign/pull/79
NOTE: Introduced by: https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a (114)
@@ -3589,8 +3685,7 @@ CVE-2022-1229
RESERVED
CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1227
- RESERVED
+CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows an a ...)
- libpod 3.4.7+ds1-1
- golang-github-containers-psgo 1.7.1+ds1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070368
@@ -3890,8 +3985,8 @@ CVE-2022-28482
RESERVED
CVE-2022-28481
RESERVED
-CVE-2022-28480
- RESERVED
+CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.ex ...)
+ TODO: check
CVE-2022-28479
RESERVED
CVE-2022-28478
@@ -3946,8 +4041,8 @@ CVE-2022-28454 (Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).
NOT-FOR-US: Limbas
CVE-2022-28453
RESERVED
-CVE-2022-28452
- RESERVED
+CVE-2022-28452 (Red Planet Laundry Management System 1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
CVE-2022-28451
RESERVED
CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...)
@@ -4453,8 +4548,7 @@ CVE-2022-1196
- thunderbird 1:91.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1196
-CVE-2022-1195
- RESERVED
+CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in driver ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
@@ -5142,8 +5236,7 @@ CVE-2022-1115
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51
-CVE-2022-1114
- RESERVED
+CVE-2022-1114 (A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInf ...)
- imagemagick <unfixed>
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -5541,7 +5634,7 @@ CVE-2022-1109
RESERVED
CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
NOT-FOR-US: Lenovo
-CVE-2022-1107 (A potential vulnerability due to use of Boot Services in the SmmOEMInt ...)
+CVE-2022-1107 (During an internal product security audit a potential vulnerability du ...)
NOT-FOR-US: Lenovo
CVE-2022-27947 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...)
NOT-FOR-US: NETGEAR
@@ -6366,7 +6459,7 @@ CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub reposito
NOTE: https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4
CVE-2022-1051
RESERVED
-CVE-2022-1050 (Guest driver might execute HW commands when shared buffers are not yet ...)
+CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
[buster] - qemu <no-dsa> (Minor issue)
@@ -6380,8 +6473,7 @@ CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The p
NOTE: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5
NOTE: https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5
NOTE: Introduced by https://github.com/ClusterLabs/pcs/commit/8378cf1a81efc0cd421483234943057e2be0a8ed (v0.10)
-CVE-2022-1048 [race condition in snd_pcm_hw_free leading to use-after-free]
- RESERVED
+CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound subs ...)
- linux 5.16.18-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4
@@ -7427,8 +7519,7 @@ CVE-2022-1016
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5
NOTE: Fixed by: https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d
-CVE-2022-1015
- RESERVED
+CVE-2022-1015 (A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_ ...)
- linux 5.16.18-1
[bullseye] - linux <not-affected> (Vulnerability introduced later in 5.12-rc1)
[buster] - linux <not-affected> (Vulnerability introduced later in 5.12-rc1)
@@ -7443,7 +7534,7 @@ CVE-2022-1013
RESERVED
CVE-2022-1012
RESERVED
-CVE-2022-1011 (A flaw use after free in the Linux kernel FUSE filesystem was found in ...)
+CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s FUSE files ...)
- linux 5.16.18-1
[bullseye] - linux 5.10.106-1
NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8)
@@ -7549,11 +7640,9 @@ CVE-2022-0987 [PackageKit: Information Disclosure in Transaction Interface via t
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315
CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...)
NOT-FOR-US: Hestia Control Panel
-CVE-2022-0985
- RESERVED
+CVE-2022-0985 (Insufficient capability checks could allow users with the moodle/site: ...)
- moodle <removed>
-CVE-2022-0984
- RESERVED
+CVE-2022-0984 (Users with the capability to configure badge criteria (teachers and ma ...)
- moodle <removed>
CVE-2022-0983 (An SQL injection risk was identified in Badges code relating to config ...)
- moodle <removed>
@@ -13959,8 +14048,8 @@ CVE-2022-24902
RESERVED
CVE-2022-24901
RESERVED
-CVE-2022-24900
- RESERVED
+CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to light up as ...)
+ TODO: check
CVE-2022-24899
RESERVED
CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...)
@@ -20057,14 +20146,12 @@ CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to sin
NOT-FOR-US: WordPress plugin
CVE-2021-44760 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-4207
- RESERVED
+CVE-2021-4207 (A flaw was found in the QXL display device emulation in QEMU. A double ...)
- qemu 1:7.0+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036966
NOTE: https://starlabs.sg/advisories/22-4207/
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895 (v7.0.0-rc4)
-CVE-2021-4206
- RESERVED
+CVE-2021-4206 (A flaw was found in the QXL display device emulation in QEMU. An integ ...)
- qemu 1:7.0+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036998
NOTE: https://starlabs.sg/advisories/22-4206/
@@ -28530,10 +28617,10 @@ CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scr
NOT-FOR-US: Attendance Management System
CVE-2021-44597 (An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider ...)
NOT-FOR-US: Gerapy
-CVE-2021-44596
- RESERVED
-CVE-2021-44595
- RESERVED
+CVE-2021-44596 (Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remot ...)
+ TODO: check
+CVE-2021-44595 (Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to ...)
+ TODO: check
CVE-2021-44594
RESERVED
CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
@@ -30400,8 +30487,7 @@ CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.23
NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...)
NOT-FOR-US: Wolters Kluwer TeamMate AM
-CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation]
- RESERVED
+CVE-2021-3982 (Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed ...)
- gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711
@@ -30993,10 +31079,10 @@ CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center
NOT-FOR-US: Atlassian Confluence
CVE-2021-43939 (Elcomplus SmartPTT is vulnerable when a low-authenticated user can acc ...)
NOT-FOR-US: Elcomplus SmartPTT
-CVE-2021-43938
- RESERVED
-CVE-2021-43937
- RESERVED
+CVE-2021-43938 (Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated us ...)
+ TODO: check
+CVE-2021-43937 (Elcomplus SmartPTT SCADA Server web application does not, or cannot, s ...)
+ TODO: check
CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...)
NOT-FOR-US: Distributed Data Systems
CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...)
@@ -39183,8 +39269,8 @@ CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev
NOT-FOR-US: ResourceSpace
CVE-2021-41949
RESERVED
-CVE-2021-41948
- RESERVED
+CVE-2021-41948 (A cross-site scripting (XSS) vulnerability exists in the "contact us" ...)
+ TODO: check
CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
NOT-FOR-US: Subrion CMS
CVE-2021-41946
@@ -39200,8 +39286,8 @@ CVE-2021-41944
RESERVED
CVE-2021-41943
RESERVED
-CVE-2021-41942
- RESERVED
+CVE-2021-41942 (The Magic CMS MSVOD v10 video system has a SQL injection vulnerability ...)
+ TODO: check
CVE-2021-41941
RESERVED
CVE-2021-41940
@@ -46395,8 +46481,8 @@ CVE-2021-39084
RESERVED
CVE-2021-39083
RESERVED
-CVE-2021-39082
- RESERVED
+CVE-2021-39082 (IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptogra ...)
+ TODO: check
CVE-2021-39081
RESERVED
CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...)
@@ -53456,8 +53542,8 @@ CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possi
NOT-FOR-US: JetBrains
CVE-2021-36208
RESERVED
-CVE-2021-36207
- RESERVED
+CVE-2021-36207 (Under certain circumstances improper privilege management in Metasys A ...)
+ TODO: check
CVE-2021-36206
RESERVED
CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1c5205ae6c73df7edf77f51a98cfec879da2bc4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1c5205ae6c73df7edf77f51a98cfec879da2bc4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/95316d8c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list