[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 8 21:10:45 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e94d45b by security tracker role at 2022-08-08T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-37876
+ RESERVED
+CVE-2022-37875
+ RESERVED
+CVE-2022-37874
+ RESERVED
+CVE-2022-37873
+ RESERVED
+CVE-2022-37872
+ RESERVED
+CVE-2022-37871
+ RESERVED
+CVE-2022-37870
+ RESERVED
+CVE-2022-37869
+ RESERVED
+CVE-2022-37868
+ RESERVED
+CVE-2022-37867
+ RESERVED
+CVE-2022-37866
+ RESERVED
+CVE-2022-37865
+ RESERVED
+CVE-2022-37864
+ RESERVED
+CVE-2022-35733
+ RESERVED
+CVE-2022-2718
+ RESERVED
+CVE-2022-2717
+ RESERVED
+CVE-2022-2716
+ RESERVED
+CVE-2022-2715
+ RESERVED
+CVE-2022-2714
+ RESERVED
+CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...)
+ TODO: check
+CVE-2022-2712
+ RESERVED
+CVE-2022-2711
+ RESERVED
+CVE-2022-2710
+ RESERVED
+CVE-2022-2709
+ RESERVED
CVE-2022-37863
RESERVED
CVE-2022-37862
@@ -820,26 +868,26 @@ CVE-2022-37454
RESERVED
CVE-2022-37453
RESERVED
-CVE-2022-2708
- RESERVED
-CVE-2022-2707
- RESERVED
-CVE-2022-2706
- RESERVED
-CVE-2022-2705
- RESERVED
-CVE-2022-2704
- RESERVED
-CVE-2022-2703
- RESERVED
-CVE-2022-2702
- RESERVED
-CVE-2022-2701
- RESERVED
-CVE-2022-2700
- RESERVED
-CVE-2022-2699
- RESERVED
+CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2022-2707 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+ TODO: check
+CVE-2022-2706 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2022-2705 (A vulnerability was found in SourceCodester Simple Student Information ...)
+ TODO: check
+CVE-2022-2704 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
+ TODO: check
+CVE-2022-2703 (A vulnerability was found in SourceCodester Gym Management System. It ...)
+ TODO: check
+CVE-2022-2702 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
+ TODO: check
+CVE-2022-2701 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2022-2700 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2022-2699 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
+ TODO: check
CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...)
@@ -3636,6 +3684,7 @@ CVE-2022-32570
CVE-2022-32232
RESERVED
CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...)
+ {DSA-5203-1}
- gnutls28 3.7.7-1
NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted)
@@ -3984,8 +4033,8 @@ CVE-2022-36277
RESERVED
CVE-2022-36276
RESERVED
-CVE-2022-2460
- RESERVED
+CVE-2022-2460 (The WPDating WordPress plugin through 7.1.9 does not properly escape u ...)
+ TODO: check
CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2458
@@ -4010,14 +4059,14 @@ CVE-2022-36269
RESERVED
CVE-2022-36268
RESERVED
-CVE-2022-36267
- RESERVED
-CVE-2022-36266
- RESERVED
-CVE-2022-36265
- RESERVED
-CVE-2022-36264
- RESERVED
+CVE-2022-36267 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Una ...)
+ TODO: check
+CVE-2022-36266 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a sto ...)
+ TODO: check
+CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hid ...)
+ TODO: check
+CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...)
+ TODO: check
CVE-2022-36263
RESERVED
CVE-2022-36262
@@ -4882,14 +4931,14 @@ CVE-2022-2428
RESERVED
CVE-2022-2427
RESERVED
-CVE-2022-2426
- RESERVED
-CVE-2022-2425
- RESERVED
-CVE-2022-2424
- RESERVED
-CVE-2022-2423
- RESERVED
+CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitis ...)
+ TODO: check
+CVE-2022-2425 (The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise an ...)
+ TODO: check
+CVE-2022-2424 (The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not san ...)
+ TODO: check
+CVE-2022-2423 (The DW Promobar WordPress plugin through 1.0.4 does not sanitise and e ...)
+ TODO: check
CVE-2022-2422
RESERVED
CVE-2022-2421
@@ -4935,14 +4984,14 @@ CVE-2022-2414 (Access to external entities when parsing XML documents can lead t
NOTE: https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055
CVE-2022-2413
RESERVED
-CVE-2022-2412
- RESERVED
-CVE-2022-2411
- RESERVED
-CVE-2022-2410
- RESERVED
-CVE-2022-2409
- RESERVED
+CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise ...)
+ TODO: check
+CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and ...)
+ TODO: check
+CVE-2022-2410 (The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and e ...)
+ TODO: check
+CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly escap ...)
+ TODO: check
CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-2407
@@ -5214,8 +5263,8 @@ CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 authenticatio ...)
NOT-FOR-US: Apache CloudStack
-CVE-2022-2398
- RESERVED
+CVE-2022-2398 (The WordPress Comments Fields WordPress plugin before 4.1 does not esc ...)
+ TODO: check
CVE-2022-2397
RESERVED
CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -5272,8 +5321,8 @@ CVE-2022-29870
RESERVED
CVE-2022-27170
RESERVED
-CVE-2022-2395
- RESERVED
+CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...)
+ TODO: check
CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...)
NOT-FOR-US: Puppet Bolt
CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...)
@@ -5421,8 +5470,8 @@ CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a c
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046
CVE-2022-2392
RESERVED
-CVE-2022-2391
- RESERVED
+CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...)
+ TODO: check
CVE-2022-2390
RESERVED
CVE-2022-2389
@@ -5431,8 +5480,8 @@ CVE-2022-2388
RESERVED
CVE-2022-2387
RESERVED
-CVE-2022-2386
- RESERVED
+CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...)
+ TODO: check
CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...)
NOT-FOR-US: Nautilus treadmills
CVE-2022-35647
@@ -5506,18 +5555,18 @@ CVE-2022-2374
RESERVED
CVE-2022-2373
RESERVED
-CVE-2022-2372
- RESERVED
-CVE-2022-2371
- RESERVED
+CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape ...)
+ TODO: check
+CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper authori ...)
+ TODO: check
CVE-2022-2370 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2368 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
NOT-FOR-US: microweber
-CVE-2022-2367
- RESERVED
+CVE-2022-2367 (The WSM Downloader WordPress plugin through 1.4.0 allows only specific ...)
+ TODO: check
CVE-2022-35626
RESERVED
CVE-2022-35625
@@ -5784,20 +5833,20 @@ CVE-2022-35495
RESERVED
CVE-2022-35494
RESERVED
-CVE-2022-35493
- RESERVED
+CVE-2022-35493 (A Cross-site scripting (XSS) vulnerability in json search parse and th ...)
+ TODO: check
CVE-2022-35492
RESERVED
CVE-2022-35491
RESERVED
-CVE-2022-35490
- RESERVED
-CVE-2022-35489
- RESERVED
-CVE-2022-35488
- RESERVED
-CVE-2022-35487
- RESERVED
+CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...)
+ TODO: check
+CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...)
+ TODO: check
+CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ...)
+ TODO: check
+CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...)
+ TODO: check
CVE-2022-35486
RESERVED
CVE-2022-35485
@@ -5969,12 +6018,12 @@ CVE-2022-2359
RESERVED
CVE-2022-2358
RESERVED
-CVE-2022-2357
- RESERVED
-CVE-2022-2356
- RESERVED
-CVE-2022-2355
- RESERVED
+CVE-2022-2357 (The WSM Downloader WordPress plugin through 1.4.0 allows any visitor t ...)
+ TODO: check
+CVE-2022-2356 (The Frontend File Manager & Sharing WordPress plugin before 1.1.3 ...)
+ TODO: check
+CVE-2022-2355 (The Easy Username Updater WordPress plugin before 1.0.5 does not imple ...)
+ TODO: check
CVE-2022-2354
RESERVED
CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle ...)
@@ -7422,8 +7471,8 @@ CVE-2022-2271
RESERVED
CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2022-2269
- RESERVED
+CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...)
+ TODO: check
CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2267
@@ -8959,8 +9008,8 @@ CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
NOT-FOR-US: totd
CVE-2022-34294
RESERVED
-CVE-2022-34293
- RESERVED
+CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...)
+ TODO: check
CVE-2022-34292
RESERVED
CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...)
@@ -12689,8 +12738,8 @@ CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0
- jetty9 9.4.48-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q
NOTE: https://github.com/eclipse/jetty.project/pull/8146
-CVE-2022-2046
- RESERVED
+CVE-2022-2046 (The Directorist WordPress plugin before 7.2.3 allows administrators to ...)
+ TODO: check
CVE-2022-2045
RESERVED
CVE-2022-2044
@@ -17871,7 +17920,7 @@ CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not ha
NOT-FOR-US: WordPress plugin
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1757 (The Pagebar WordPress plugin through 2.65 does not have CSRF check in ...)
+CVE-2022-1757 (The pagebar WordPress plugin before 2.70 does not have CSRF check in p ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...)
NOT-FOR-US: WordPress plugin
@@ -23540,8 +23589,8 @@ CVE-2022-1325
RESERVED
CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1323
- RESERVED
+CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...)
+ TODO: check
CVE-2022-1322
RESERVED
CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...)
@@ -36471,11 +36520,13 @@ CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O
CVE-2022-0531 (The Migration, Backup, Staging WordPress plugin before 0.9.70 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...)
+ {DSA-5202-1}
- unzip 6.0-27 (bug #1010355)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
NOTE: https://github.com/ByteHackr/unzip_poc
NOTE: Unclear status, checking with upstream
CVE-2022-0529 (A flaw was found in Unzip. The vulnerability occurs during the convers ...)
+ {DSA-5202-1}
- unzip 6.0-27 (bug #1010355)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402
NOTE: https://github.com/ByteHackr/unzip_poc
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e94d45b7a7316bc33b96d67df64a4c5fd765724
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e94d45b7a7316bc33b96d67df64a4c5fd765724
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220808/fd47c892/attachment.htm>
More information about the debian-security-tracker-commits
mailing list