[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 19 21:10:38 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c56aecdc by security tracker role at 2022-08-19T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2022-38466
+ RESERVED
+CVE-2022-38465
+ RESERVED
+CVE-2022-38089
+ RESERVED
+CVE-2022-38080
+ RESERVED
+CVE-2022-37333
+ RESERVED
+CVE-2022-2908
+ RESERVED
+CVE-2022-2907
+ RESERVED
+CVE-2022-2906
+ RESERVED
+CVE-2022-2905
+ RESERVED
+CVE-2022-2904
+ RESERVED
+CVE-2022-2903
+ RESERVED
+CVE-2022-2902
+ RESERVED
+CVE-2022-2901
+ RESERVED
+CVE-2022-2900
+ RESERVED
CVE-2022-38464
RESERVED
CVE-2022-38463
@@ -148,7 +176,7 @@ CVE-2022-2892
RESERVED
CVE-2021-46834
RESERVED
-CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 2.0 does not escap ...)
+CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ...)
[experimental] - ruby-omniauth 2.0.4-1~exp1
- ruby-omniauth <unfixed>
NOTE: https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2 (v2.0.0-rc1)
@@ -174,14 +202,14 @@ CVE-2022-2891
RESERVED
CVE-2022-2890
RESERVED
-CVE-2022-2889
- RESERVED
+CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ...)
+ TODO: check
CVE-2022-2888
RESERVED
CVE-2022-2887
RESERVED
-CVE-2022-2886
- RESERVED
+CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...)
+ TODO: check
CVE-2022-2885
RESERVED
CVE-2022-38396
@@ -278,7 +306,7 @@ CVE-2022-2864
RESERVED
CVE-2022-2863
RESERVED
-CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0220. ...)
+CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
NOTE: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (v9.0.0221)
@@ -377,7 +405,7 @@ CVE-2022-2847 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Guest Management System
CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar Event ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217. ...)
+CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
NOTE: https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c (v9.0.0218)
@@ -751,11 +779,11 @@ CVE-2022-38219
RESERVED
CVE-2022-38218
RESERVED
-CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0212. ...)
+CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0213. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f
NOTE: https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20 (v9.0.0213)
-CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0211. ...)
+CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58
NOTE: https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666 (v9.0.0212)
@@ -3257,8 +3285,8 @@ CVE-2022-37256
RESERVED
CVE-2022-37255
RESERVED
-CVE-2022-37254
- RESERVED
+CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Backg ...)
+ TODO: check
CVE-2022-37253
RESERVED
CVE-2022-37252
@@ -4770,10 +4798,10 @@ CVE-2022-36608
RESERVED
CVE-2022-36607
RESERVED
-CVE-2022-36606
- RESERVED
-CVE-2022-36605
- RESERVED
+CVE-2022-36606 (Ywoa before v6.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2022-36605 (Yimioa v6.1 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
CVE-2022-36604
RESERVED
CVE-2022-36603
@@ -4824,12 +4852,12 @@ CVE-2022-36581
RESERVED
CVE-2022-36580
RESERVED
-CVE-2022-36579
- RESERVED
-CVE-2022-36578
- RESERVED
-CVE-2022-36577
- RESERVED
+CVE-2022-36579 (Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). ...)
+ TODO: check
+CVE-2022-36578 (jizhicms v2.3.1 has SQL injection in the background. ...)
+ TODO: check
+CVE-2022-36577 (An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerabil ...)
+ TODO: check
CVE-2022-36576
RESERVED
CVE-2022-36575
@@ -5746,8 +5774,8 @@ CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists
NOT-FOR-US: Airspan AirSpot
CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...)
NOT-FOR-US: Airspan AirSpot
-CVE-2022-36263
- RESERVED
+CVE-2022-36263 (StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access ...)
+ TODO: check
CVE-2022-36262 (An issue was discovered in taocms 3.0.2. in the website settings that ...)
NOT-FOR-US: taocms
CVE-2022-36261
@@ -5822,18 +5850,18 @@ CVE-2022-36227
RESERVED
CVE-2022-36226
RESERVED
-CVE-2022-36225
- RESERVED
-CVE-2022-36224
- RESERVED
+CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (C ...)
+ TODO: check
+CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). ...)
+ TODO: check
CVE-2022-36223
RESERVED
CVE-2022-36222
RESERVED
CVE-2022-36221
RESERVED
-CVE-2022-36220
- RESERVED
+CVE-2022-36220 (Kiosk breakout (without quit password) in Safe Exam Browser (Windows) ...)
+ TODO: check
CVE-2022-36219
RESERVED
CVE-2022-36218
@@ -6521,12 +6549,12 @@ CVE-2022-35913
RESERVED
CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...)
- grails <itp> (bug #473213)
-CVE-2022-35911 (On Patlite NH-FB series devices through 1.46, remote attackers can cau ...)
+CVE-2022-35911 (** DISPUTED ** On Patlite NH-FB series devices through 1.46, remote at ...)
NOT-FOR-US: Patlite NH-FB
-CVE-2022-35910
- RESERVED
-CVE-2022-35909
- RESERVED
+CVE-2022-35910 (In Jellyfin before 10.8, stored XSS allows theft of an admin access to ...)
+ TODO: check
+CVE-2022-35909 (In Jellyfin before 10.8, the /users endpoint has incorrect access cont ...)
+ TODO: check
CVE-2022-35908
RESERVED
CVE-2022-35907
@@ -8289,8 +8317,8 @@ CVE-2022-35203
RESERVED
CVE-2022-35202
RESERVED
-CVE-2022-35201
- RESERVED
+CVE-2022-35201 (Tenda-AC18 V15.03.05.05 was discovered to contain a remote command exe ...)
+ TODO: check
CVE-2022-35200
RESERVED
CVE-2022-35199
@@ -9844,14 +9872,14 @@ CVE-2022-34626
RESERVED
CVE-2022-34625 (Mealie1.0.0beta3 was discovered to contain a Server-Side Template Inje ...)
NOT-FOR-US: hay-kot/mealie
-CVE-2022-34624
- RESERVED
-CVE-2022-34623
- RESERVED
+CVE-2022-34624 (Mealie1.0.0beta3 does not terminate download tokens after a user logs ...)
+ TODO: check
+CVE-2022-34623 (Mealie1.0.0beta3 is vulnerable to user enumeration via timing response ...)
+ TODO: check
CVE-2022-34622
RESERVED
-CVE-2022-34621
- RESERVED
+CVE-2022-34621 (Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object ...)
+ TODO: check
CVE-2022-34620
RESERVED
CVE-2022-34619 (A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 all ...)
@@ -9862,8 +9890,8 @@ CVE-2022-34617
RESERVED
CVE-2022-34616
RESERVED
-CVE-2022-34615
- RESERVED
+CVE-2022-34615 (Mealie 1.0.0beta3 employs weak password requirements which allows atta ...)
+ TODO: check
CVE-2022-34614
RESERVED
CVE-2022-34613 (Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability whic ...)
@@ -11460,7 +11488,7 @@ CVE-2022-34009 (Fossil 2.18 on Windows allows attackers to cause a denial of ser
- fossil <not-affected> (Windows-specific)
CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...)
NOT-FOR-US: Comodo Antivirus
-CVE-2022-34007 (EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafte ...)
+CVE-2022-34007 (EQS Integrity Line Professional through 2022-07-01 allows a stored XSS ...)
NOT-FOR-US: EQS Integrity Line
CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...)
NOT-FOR-US: TitanFTP
@@ -13481,10 +13509,10 @@ CVE-2022-2077
REJECTED
CVE-2022-2076
REJECTED
-CVE-2022-2075
- RESERVED
-CVE-2022-2074
- RESERVED
+CVE-2022-2075 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
+ TODO: check
+CVE-2022-2074 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
+ TODO: check
CVE-2022-2073 (Code Injection in GitHub repository getgrav/grav prior to 1.7.34. ...)
NOT-FOR-US: Grav CMS
CVE-2021-46821
@@ -14473,8 +14501,8 @@ CVE-2022-28712
RESERVED
CVE-2022-26842
RESERVED
-CVE-2022-2049
- RESERVED
+CVE-2022-2049 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
+ TODO: check
CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...)
{DSA-5198-1}
- jetty9 9.4.48-1
@@ -17345,8 +17373,8 @@ CVE-2022-31750
CVE-2022-1902
RESERVED
NOT-FOR-US: StackRox Kubernetes Security Platform
-CVE-2022-1901
- RESERVED
+CVE-2022-1901 (In affected versions of Octopus Deploy it is possible to unmask sensit ...)
+ TODO: check
CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
NOT-FOR-US: Copify plugin for WordPress
CVE-2021-46815
@@ -23329,8 +23357,8 @@ CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an in
NOTE: https://forums.zoneminder.com/viewtopic.php?t=31638
NOTE: https://github.com/ZoneMinder/zoneminder/commit/9fee64b62fbdff5bf5ece1d617f1f53c7b1967cb
NOTE: Only supported for trusted users/behind auth, see README.debian.security
-CVE-2022-29805
- RESERVED
+CVE-2022-29805 (A Java Deserialization vulnerability in the Fishbowl Server in Fishbow ...)
+ TODO: check
CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid, absolute paths ...)
- golang-1.18 <not-affected> (Only affects Go on Windows)
- golang-1.17 <not-affected> (Only affects Go on Windows)
@@ -30662,8 +30690,8 @@ CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 doe
NOT-FOR-US: WordPress plugin
CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
NOT-FOR-US: chatwoot
-CVE-2022-1021
- RESERVED
+CVE-2022-1021 (Insecure Storage of Sensitive Information in GitHub repository chatwoo ...)
+ TODO: check
CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...)
@@ -38289,8 +38317,8 @@ CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, d
- redis 5:6.0.16-2 (bug #1005787)
[stretch] - redis <not-affected> (Lua support plus packaging issue introduced later)
NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
-CVE-2022-0542
- RESERVED
+CVE-2022-0542 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...)
+ TODO: check
CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into wp-conf ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56aecdc4047bc6a340d0bb360b8b80899130769
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56aecdc4047bc6a340d0bb360b8b80899130769
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220819/1ccc6c6a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list