[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 22 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f7a83ca by security tracker role at 2022-08-22T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2022-38666
+ RESERVED
+CVE-2022-38665
+ RESERVED
+CVE-2022-38664
+ RESERVED
+CVE-2022-38663
+ RESERVED
+CVE-2022-38662
+ RESERVED
+CVE-2022-38661
+ RESERVED
+CVE-2022-38660
+ RESERVED
+CVE-2022-38659
+ RESERVED
+CVE-2022-38658
+ RESERVED
+CVE-2022-38657
+ RESERVED
+CVE-2022-38656
+ RESERVED
+CVE-2022-38655
+ RESERVED
+CVE-2022-38654
+ RESERVED
+CVE-2022-38653
+ RESERVED
+CVE-2022-38652
+ RESERVED
+CVE-2022-38651
+ RESERVED
+CVE-2022-38650
+ RESERVED
+CVE-2022-38649
+ RESERVED
+CVE-2022-38648
+ RESERVED
+CVE-2022-2946
+ RESERVED
+CVE-2022-2945
+ RESERVED
+CVE-2022-2944
+ RESERVED
+CVE-2022-2943
+ RESERVED
+CVE-2022-2942
+ RESERVED
+CVE-2022-2941
+ RESERVED
+CVE-2022-2940
+ RESERVED
+CVE-2022-2939
+ RESERVED
+CVE-2022-2938
+ RESERVED
+CVE-2022-2937
+ RESERVED
+CVE-2022-2936
+ RESERVED
+CVE-2022-2935
+ RESERVED
+CVE-2022-2934
+ RESERVED
+CVE-2022-2933
+ RESERVED
+CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...)
+ TODO: check
+CVE-2022-2931
+ RESERVED
+CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...)
+ TODO: check
+CVE-2022-2929
+ RESERVED
+CVE-2022-2928
+ RESERVED
+CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...)
+ TODO: check
+CVE-2022-2926
+ RESERVED
CVE-2022-38647
RESERVED
CVE-2022-38646
@@ -594,8 +674,8 @@ CVE-2022-38397
RESERVED
CVE-2022-2891
RESERVED
-CVE-2022-2890
- RESERVED
+CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
+ TODO: check
CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ...)
- vim 2:9.0.0229-1
NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa
@@ -646,8 +726,7 @@ CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
NOTE: https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79
NOTE: https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (v9.0.0224)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-2873
- RESERVED
+CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel Inte ...)
- linux 5.18.2-1
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -814,8 +893,8 @@ CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedu
NOT-FOR-US: WordPress plugin
CVE-2022-2842
RESERVED
-CVE-2022-2841
- RESERVED
+CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...)
+ TODO: check
CVE-2022-2840
RESERVED
CVE-2022-2839
@@ -3575,8 +3654,8 @@ CVE-2022-37300
RESERVED
CVE-2022-2601
RESERVED
-CVE-2022-2600
- RESERVED
+CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...)
+ TODO: check
CVE-2022-2599
RESERVED
CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
@@ -3592,10 +3671,10 @@ CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prio
NOTE: https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d (v3.2.10)
CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra prior to ...)
NOT-FOR-US: Titra
-CVE-2022-2594
- RESERVED
-CVE-2022-2593
- RESERVED
+CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Cu ...)
+ TODO: check
+CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...)
+ TODO: check
CVE-2022-37299
RESERVED
CVE-2022-37298
@@ -3926,10 +4005,10 @@ CVE-2022-37136
RESERVED
CVE-2022-37135
RESERVED
-CVE-2022-37134
- RESERVED
-CVE-2022-37133
- RESERVED
+CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...)
+ TODO: check
+CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentica ...)
+ TODO: check
CVE-2022-37132
RESERVED
CVE-2022-37131
@@ -4489,10 +4568,10 @@ CVE-2022-2560
RESERVED
CVE-2022-2559
RESERVED
-CVE-2022-2558
- RESERVED
-CVE-2022-2557
- RESERVED
+CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is susceptible to ...)
+ TODO: check
+CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which could all ...)
+ TODO: check
CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...)
NOT-FOR-US: GoAnywhere MFT
CVE-2022-36943
@@ -4539,18 +4618,18 @@ CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Netw
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2556
RESERVED
-CVE-2022-2555
- RESERVED
+CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...)
+ TODO: check
CVE-2022-2554
RESERVED
CVE-2022-2553 (The authfile directive in the booth config file is ignored, preventing ...)
{DSA-5194-1}
- booth 1.0-268-gdce51f9-1
NOTE: https://github.com/ClusterLabs/booth/issues/114
-CVE-2022-2552
- RESERVED
-CVE-2022-2551
- RESERVED
+CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7.1 does not authenticate o ...)
+ TODO: check
+CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of the ...)
+ TODO: check
CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...)
@@ -4859,8 +4938,8 @@ CVE-2022-2546
RESERVED
CVE-2022-2545
RESERVED
-CVE-2022-2544
- RESERVED
+CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...)
+ TODO: check
CVE-2022-2543
RESERVED
CVE-2022-2542
@@ -5544,8 +5623,8 @@ CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab <unfixed>
CVE-2022-2533
RESERVED
-CVE-2022-2532
- RESERVED
+CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...)
+ TODO: check
CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2530
@@ -5705,8 +5784,8 @@ CVE-2022-36371
RESERVED
CVE-2022-36357
RESERVED
-CVE-2022-36346
- RESERVED
+CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...)
+ TODO: check
CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...)
NOT-FOR-US: JustSystems
CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -5731,8 +5810,8 @@ CVE-2022-34868
RESERVED
CVE-2022-34867
RESERVED
-CVE-2022-34857
- RESERVED
+CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...)
+ TODO: check
CVE-2022-34658
RESERVED
CVE-2022-34656
@@ -7145,8 +7224,8 @@ CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly
NOT-FOR-US: WordPress plugin
CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-2407
- RESERVED
+CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some ...)
+ TODO: check
CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-2405
@@ -7592,12 +7671,12 @@ CVE-2022-35658
RESERVED
CVE-2022-35657
RESERVED
-CVE-2022-35656
- RESERVED
-CVE-2022-35655
- RESERVED
-CVE-2022-35654
- RESERVED
+CVE-2022-35656 (Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated ...)
+ TODO: check
+CVE-2022-35655 (Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a m ...)
+ TODO: check
+CVE-2022-35654 (Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an ...)
+ TODO: check
CVE-2022-35653 (A reflected XSS issue was identified in the LTI module of Moodle. The ...)
- moodle <removed>
CVE-2022-35652 (An open redirect issue was found in Moodle due to improper sanitizatio ...)
@@ -7619,16 +7698,16 @@ CVE-2022-31471 (untangle is a python library to convert XML data to python objec
CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a certif ...)
- dogtag-pki <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046
-CVE-2022-2392
- RESERVED
+CVE-2022-2392 (The Lana Downloads Manager WordPress plugin before 1.8.0 is affected b ...)
+ TODO: check
CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had the mutab ...)
NOT-FOR-US: Apps developed with Google Play Services SDK
-CVE-2022-2389
- RESERVED
-CVE-2022-2388
- RESERVED
+CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newslet ...)
+ TODO: check
+CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in ...)
+ TODO: check
CVE-2022-2387
RESERVED
CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...)
@@ -7681,10 +7760,10 @@ CVE-2022-2385 (A security issue was discovered in aws-iam-authenticator where an
NOT-FOR-US: Kubernetes aws-iam-authenticator
CVE-2022-2384 (The Digital Publications by Supsystic WordPress plugin before 1.7.4 do ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2383
- RESERVED
-CVE-2022-2382
- RESERVED
+CVE-2022-2383 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...)
+ TODO: check
+CVE-2022-2382 (The Product Slider for WooCommerce WordPress plugin before 2.5.7 has f ...)
+ TODO: check
CVE-2022-2381 (The E Unlocked - Student Result WordPress plugin through 1.0.4 is lack ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2380 (The Linux kernel was found vulnerable out of bounds memory access in t ...)
@@ -7696,12 +7775,12 @@ CVE-2022-2379 (The Easy Student Results WordPress plugin through 2.2.8 lacks aut
NOT-FOR-US: WordPress plugin
CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2377
- RESERVED
+CVE-2022-2377 (The Directorist WordPress plugin before 7.3.0 does not have authorisat ...)
+ TODO: check
CVE-2022-2376
RESERVED
-CVE-2022-2375
- RESERVED
+CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...)
+ TODO: check
CVE-2022-2374
RESERVED
CVE-2022-2373
@@ -7804,8 +7883,8 @@ CVE-2022-35585 (A stored cross-site scripting (XSS) issue in the ForkCMS version
NOT-FOR-US: ForkCMS
CVE-2022-35584
RESERVED
-CVE-2022-35583
- RESERVED
+CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to g ...)
+ TODO: check
CVE-2022-35582
RESERVED
CVE-2022-35581
@@ -8158,10 +8237,10 @@ CVE-2022-2364 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: Simple Parking Management System
CVE-2022-2363 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Simple Parking Management System
-CVE-2022-2362
- RESERVED
-CVE-2022-2361
- RESERVED
+CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes gettin ...)
+ TODO: check
+CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...)
+ TODO: check
CVE-2022-35413
RESERVED
CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...)
@@ -8686,8 +8765,8 @@ CVE-2022-2314 (The VR Calendar WordPress plugin through 2.2.2 lets any user exec
NOT-FOR-US: WordPress plugin
CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...)
NOT-FOR-US: MA Smart Installer for Windows
-CVE-2022-2312
- RESERVED
+CVE-2022-2312 (The Student Result or Employee Database WordPress plugin before 1.7.5 ...)
+ TODO: check
CVE-2022-2311
RESERVED
CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...)
@@ -8840,8 +8919,8 @@ CVE-2022-35152
RESERVED
CVE-2022-35151 (kkFileView v4.1.0 was discovered to contain multiple cross-site script ...)
NOT-FOR-US: kkFileview
-CVE-2022-35150
- RESERVED
+CVE-2022-35150 (Baijicms v4 was discovered to contain an arbitrary file upload vulnera ...)
+ TODO: check
CVE-2022-35149
RESERVED
CVE-2022-35148 (maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain ...)
@@ -9565,8 +9644,8 @@ CVE-2022-34871 (This vulnerability allows remote attackers to escalate privilege
- centreon-web <itp> (bug #913903)
CVE-2022-34870
RESERVED
-CVE-2022-34858
- RESERVED
+CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for ...)
+ TODO: check
CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) Persistent Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34847
@@ -9585,12 +9664,12 @@ CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored
NOT-FOR-US: WordPress plugin
CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34347
- RESERVED
+CVE-2022-34347 (Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Ma ...)
+ TODO: check
CVE-2022-34155
RESERVED
-CVE-2022-34149
- RESERVED
+CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...)
+ TODO: check
CVE-2022-34148
RESERVED
CVE-2022-33974
@@ -9603,8 +9682,8 @@ CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Inje
NOT-FOR-US: WordPress plugin
CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-33900
- RESERVED
+CVE-2022-33900 (PHP Object Injection vulnerability in Easy Digital Downloads plugin &l ...)
+ TODO: check
CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob Adhik ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
@@ -9631,10 +9710,10 @@ CVE-2022-26366
RESERVED
CVE-2022-25952
RESERVED
-CVE-2022-2276
- RESERVED
-CVE-2022-2275
- RESERVED
+CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisa ...)
+ TODO: check
+CVE-2022-2275 (The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in a ...)
+ TODO: check
CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA implemen ...)
- openssl 3.0.4-2 (bug #1013441)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
@@ -9813,20 +9892,20 @@ CVE-2022-34778 (Jenkins TestNG Results Plugin 554.va4a552116332 and earlier rend
NOT-FOR-US: Jenkins plugin
CVE-2022-34777 (Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fiel ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-34776
- RESERVED
-CVE-2022-34775
- RESERVED
-CVE-2022-34774
- RESERVED
-CVE-2022-34773
- RESERVED
-CVE-2022-34772
- RESERVED
-CVE-2022-34771
- RESERVED
-CVE-2022-34770
- RESERVED
+CVE-2022-34776 (Tabit - giftcard stealth. Several APIs on the web system display, with ...)
+ TODO: check
+CVE-2022-34775 (Tabit - Excessive data exposure. Another endpoint mapped by the tiny u ...)
+ TODO: check
+CVE-2022-34774 (Tabit - Arbitrary account modification. One of the endpoints mapped by ...)
+ TODO: check
+CVE-2022-34773 (Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configura ...)
+ TODO: check
+CVE-2022-34772 (Tabit - password enumeration. Description: Tabit - password enumeratio ...)
+ TODO: check
+CVE-2022-34771 (Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tab ...)
+ TODO: check
+CVE-2022-34770 (Tabit - sensitive information disclosure. Several APIs on the web syst ...)
+ TODO: check
CVE-2022-34769 (Michlol - rashim web interface Insecure direct object references (IDOR ...)
NOT-FOR-US: Michlol
CVE-2022-34768 (Supersmart.me - Walk Through Performing unauthorized actions on other ...)
@@ -10784,8 +10863,8 @@ CVE-2022-34465 (A vulnerability has been identified in Parasolid V33.1 (All vers
NOT-FOR-US: Siemens
CVE-2022-34464 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
NOT-FOR-US: Siemens
-CVE-2022-2198
- RESERVED
+CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion plug ...)
+ TODO: check
CVE-2022-2197 (By using a specific credential string, an attacker with network access ...)
NOT-FOR-US: Exemys
CVE-2022-2196
@@ -11257,8 +11336,8 @@ CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository micro
NOT-FOR-US: microweber
CVE-2022-2173 (The Advanced Database Cleaner WordPress plugin before 3.1.1 does not e ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2172
- RESERVED
+CVE-2022-2172 (The LinkWorth WordPress plugin before 3.3.4 does not implement nonce c ...)
+ TODO: check
CVE-2022-2171 (The Progressive License WordPress plugin through 1.1.0 is lacking any ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2170 (The Microsoft Advertising Universal Event Tracking (UET) WordPress plu ...)
@@ -11554,7 +11633,7 @@ CVE-2022-2153
NOTE: https://git.kernel.org/linus/7ec37d1cbe17d8189d9562178d8b29167fe1c31a (5.18-rc1)
NOTE: https://git.kernel.org/linus/00b5f37189d24ac3ed46cb7f11742094778c46ce (5.18-rc1)
NOTE: https://git.kernel.org/linus/b1e34d325397a33d97d845e312d7cf2a8b646b44 (5.18-rc1)
-CVE-2022-2152 (The Duplicate Page and Post Plugin WordPress plugin through 2.7 does n ...)
+CVE-2022-2152 (The Duplicate Page and Post WordPress plugin before 2.8 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2151 (The Best Contact Management Software WordPress plugin through 3.7.3 do ...)
NOT-FOR-US: WordPress plugin
@@ -12292,8 +12371,8 @@ CVE-2022-33934
RESERVED
CVE-2022-33933
RESERVED
-CVE-2022-33932
- RESERVED
+CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
+ TODO: check
CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...)
NOT-FOR-US: Dell Wyse Management Suite
CVE-2022-33930 (Dell Wyse Management Suite 3.6.1 and below contains Information Disclo ...)
@@ -15687,8 +15766,8 @@ CVE-2022-32482
RESERVED
CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...)
NOT-FOR-US: Dell
-CVE-2022-32480
- RESERVED
+CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9 ...)
+ TODO: check
CVE-2022-32479
RESERVED
CVE-2022-32478
@@ -17586,8 +17665,8 @@ CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (C
NOT-FOR-US: Fujitsu
CVE-2022-1933 (The CDI WordPress plugin before 5.1.9 does not sanitise and escape a p ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1932
- RESERVED
+CVE-2022-1932 (The Rezgo Online Booking WordPress plugin before 4.1.8 does not saniti ...)
+ TODO: check
CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding. ...)
{DSA-5159-1 DLA-3048-1}
- python-bottle 0.12.20-1
@@ -19360,10 +19439,10 @@ CVE-2020-36522
RESERVED
CVE-2022-31239
RESERVED
-CVE-2022-31238
- RESERVED
-CVE-2022-31237
- RESERVED
+CVE-2022-31238 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...)
+ TODO: check
+CVE-2022-31237 (Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and ...)
+ TODO: check
CVE-2022-31236
RESERVED
CVE-2022-31235
@@ -25599,8 +25678,8 @@ CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null wr
NOTE: https://github.com/vgropp/bwm-ng/issues/26
NOTE: https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17
NOTE: No security impact
-CVE-2022-1340
- RESERVED
+CVE-2022-1340 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
+ TODO: check
CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0 does n ...)
@@ -25828,8 +25907,8 @@ CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...)
NOT-FOR-US: WordPress theme
-CVE-2022-1322
- RESERVED
+CVE-2022-1322 (The Coming Soon - Under Construction WordPress plugin through 1.1.9 do ...)
+ TODO: check
CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not properly san ...)
@@ -26962,8 +27041,8 @@ CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde2
NOTE: https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8
CVE-2022-1252 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
NOT-FOR-US: gnuboard5
-CVE-2022-1251
- RESERVED
+CVE-2022-1251 (The Ask me WordPress theme before 6.8.4 does not perform nonce checks ...)
+ TODO: check
CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...)
@@ -27236,8 +27315,8 @@ CVE-2022-28600
RESERVED
CVE-2022-28599 (A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1 ...)
NOT-FOR-US: FUEL-CMS
-CVE-2022-28598
- RESERVED
+CVE-2022-28598 (Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does no ...)
+ TODO: check
CVE-2022-28597
RESERVED
CVE-2022-28596
@@ -35236,12 +35315,12 @@ CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems wit
NOTE: https://github.com/USBGuard/usbguard/pull/531
CVE-2022-25813
RESERVED
-CVE-2022-25812
- RESERVED
-CVE-2022-25811
- RESERVED
-CVE-2022-25810
- RESERVED
+CVE-2022-25812 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
+ TODO: check
+CVE-2022-25811 (The Transposh WordPress Translation WordPress plugin through 1.0.8 doe ...)
+ TODO: check
+CVE-2022-25810 (The Transposh WordPress Translation WordPress plugin through 1.0.8 exp ...)
+ TODO: check
CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a rem ...)
- linux 5.16.14-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -39928,8 +40007,8 @@ CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise an
NOT-FOR-US: WordPress plugin
CVE-2022-0447 (The Post Grid WordPress plugin before 2.1.16 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0446
- RESERVED
+CVE-2022-0446 (The Simple Banner WordPress plugin before 2.12.0 does not properly san ...)
+ TODO: check
CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...)
@@ -75598,8 +75677,8 @@ CVE-2021-37291 (An SQL Injection vulnerability exists in KevinLAB Inc Building E
NOT-FOR-US: KevinLAB
CVE-2021-37290
RESERVED
-CVE-2021-37289
- RESERVED
+CVE-2021-37289 (Insecure Permissions in administration interface in Planex MZK-DP150N ...)
+ TODO: check
CVE-2021-37288
RESERVED
CVE-2021-37287
@@ -75773,8 +75852,7 @@ CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-s
NOTE: https://github.com/hashicorp/nomad/commit/61a922afcf12784281757402c8e0b61686ff855d (release-1.0.11)
CVE-2021-37217
RESERVED
-CVE-2021-3659 [NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c]
- RESERVED
+CVE-2021-3659 (A NULL pointer dereference flaw was found in the Linux kernel’s ...)
- linux 5.10.38-1
[buster] - linux 4.19.194-1
[stretch] - linux 4.9.272-1
@@ -76604,8 +76682,8 @@ CVE-2021-36859
RESERVED
CVE-2021-36858
RESERVED
-CVE-2021-36857
- RESERVED
+CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
+ TODO: check
CVE-2021-36856
RESERVED
CVE-2021-36855
@@ -76614,8 +76692,8 @@ CVE-2021-36854
RESERVED
CVE-2021-36853
RESERVED
-CVE-2021-36852
- RESERVED
+CVE-2021-36852 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel ...)
+ TODO: check
CVE-2021-36851 (Authenticated (editor or higher user role) Cross-Site Scripting (XSS) ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
@@ -76624,8 +76702,8 @@ CVE-2021-36849 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnera
NOT-FOR-US: WordPress plugin
CVE-2021-36848 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36847
- RESERVED
+CVE-2021-36847 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2021-36846 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
@@ -77842,8 +77920,7 @@ CVE-2021-3640 (A flaw use-after-free in function sco_sock_sendmsg() of the Linux
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
-CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
- RESERVED
+CVE-2021-3639 (A flaw was found in mod_auth_mellon where it does not sanitize logout ...)
- libapache2-mod-auth-mellon 0.18.0-1 (bug #991730)
[bullseye] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
[buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
@@ -82442,8 +82519,7 @@ CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability ...
NOT-FOR-US: Microsoft
CVE-2021-3591
REJECTED
-CVE-2021-3590
- RESERVED
+CVE-2021-3590 (A flaw was found in Foreman project. A credential leak was identified ...)
- foreman <itp> (bug #663101)
CVE-2021-3589 (An authorization flaw was found in Foreman Ansible. An authenticated a ...)
NOT-FOR-US: Foreman Ansible
@@ -82802,8 +82878,7 @@ CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions <
NOT-FOR-US: JT2Go
CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...)
NOT-FOR-US: JT2Go
-CVE-2021-3586
- RESERVED
+CVE-2021-3586 (A flaw was found in servicemesh-operator. The NetworkPolicy resources ...)
NOT-FOR-US: Maistra
CVE-2021-3585
RESERVED
@@ -89075,8 +89150,7 @@ CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes
- rubygems <unfixed>
[bullseye] - rubygems <no-dsa> (Minor issue)
NOTE: https://github.com/rubygems/rubygems/issues/3982
-CVE-2021-3521
- RESERVED
+CVE-2021-3521 (There is a flaw in RPM's signature functionality. OpenPGP subkeys are ...)
- rpm <unfixed> (bug #1014723)
[bullseye] - rpm <no-dsa> (Minor issue)
[buster] - rpm <no-dsa> (Minor issue)
@@ -89324,8 +89398,7 @@ CVE-2019-25031 (** DISPUTED ** Unbound before 1.9.5 allows configuration injecti
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
NOTE: Not deemed an exploitable vulnerability by upstream
-CVE-2021-3513
- RESERVED
+CVE-2021-3513 (A flaw was found in keycloak where a brute force attack is possible ev ...)
NOT-FOR-US: Keycloak
CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...)
NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
@@ -93642,7 +93715,7 @@ CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as
NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae
NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
CVE-2021-3484
- RESERVED
+ REJECTED
CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...)
{DLA-2690-1 DLA-2689-1}
- linux 5.10.28-1
@@ -94417,8 +94490,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4
NOTE: https://github.com/Exiv2/exiv2/issues/1522
NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
-CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
- RESERVED
+CVE-2021-3481 (A flaw was found in Qt. An out-of-bounds read vulnerability was found ...)
{DLA-2895-1 DLA-2885-1}
- qtsvg-opensource-src 5.15.2-3 (bug #986798)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -98079,8 +98151,7 @@ CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versi
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/269
NOTE: https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
-CVE-2021-3442
- RESERVED
+CVE-2021-3442 (A flaw was found in the Red Hat OpenShift API Management product. User ...)
NOT-FOR-US: Red Hat OpenShift API Management
CVE-2021-28483 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
NOT-FOR-US: Microsoft
@@ -99045,45 +99116,45 @@ CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on t
CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run before cr ...)
NOT-FOR-US: Hollow
CVE-2020-36276
- RESERVED
+ REJECTED
CVE-2020-36275
- RESERVED
+ REJECTED
CVE-2020-36274
- RESERVED
+ REJECTED
CVE-2020-36273
- RESERVED
+ REJECTED
CVE-2020-36272
- RESERVED
+ REJECTED
CVE-2020-36271
- RESERVED
+ REJECTED
CVE-2020-36270
- RESERVED
+ REJECTED
CVE-2020-36269
- RESERVED
+ REJECTED
CVE-2020-36268
- RESERVED
+ REJECTED
CVE-2020-36267
- RESERVED
+ REJECTED
CVE-2020-36266
- RESERVED
+ REJECTED
CVE-2020-36265
- RESERVED
+ REJECTED
CVE-2020-36264
- RESERVED
+ REJECTED
CVE-2020-36263
- RESERVED
+ REJECTED
CVE-2020-36262
- RESERVED
+ REJECTED
CVE-2020-36261
- RESERVED
+ REJECTED
CVE-2020-36260
- RESERVED
+ REJECTED
CVE-2020-36259
- RESERVED
+ REJECTED
CVE-2020-36258
- RESERVED
+ REJECTED
CVE-2020-36257
- RESERVED
+ REJECTED
CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...)
NOT-FOR-US: Forescout CounterACT
CVE-2021-28097
@@ -101201,7 +101272,7 @@ CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of N
CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...)
NOT-FOR-US: Node get-ip-range
CVE-2021-3408
- RESERVED
+ REJECTED
NOTE: Red Hat duplicate for CVE-2021-20233
CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...)
NOT-FOR-US: PEEL Shopping cart
@@ -107060,12 +107131,12 @@ CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not hav
NOT-FOR-US: WordPress plugin
CVE-2021-24913 (The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24912
- RESERVED
-CVE-2021-24911
- RESERVED
-CVE-2021-24910
- RESERVED
+CVE-2021-24912 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
+ TODO: check
+CVE-2021-24911 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
+ TODO: check
+CVE-2021-24910 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...)
+ TODO: check
CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...)
@@ -130874,14 +130945,13 @@ CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race co
NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/660
NOTE: https://gitlab.gnome.org/GNOME/gdm/-/commit/dcdbaaa04012541ad2813cf83559d91d52f208b9 (master)
NOTE: https://gitlab.gnome.org/GNOME/gdm/-/commit/9b6d9b24a5f69674447c7bc9aacfab0988b914bd (3.38.2.1)
-CVE-2020-27836
- RESERVED
+CVE-2020-27836 (A flaw was found in cluster-ingress-operator. A change to how the rout ...)
NOT-FOR-US: OpenShift
CVE-2020-27835 (A use after free in the Linux kernel infiniband hfi1 driver in version ...)
- linux 5.9.15-1
NOTE: https://git.kernel.org/linus/3d2a9d642512c21a12d19b9250e7a835dcb41a79
CVE-2020-27834 [attacker can send the same request over and over again without changing the CSRF token]
- RESERVED
+ REJECTED
NOTE: Bogus report for Zabbix, no actionable information:
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1907497
NOTE: http://almorabea.net/cves/zabbix.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7a83caa04518110b4bcf40ba703e8694975f55
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f7a83caa04518110b4bcf40ba703e8694975f55
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220822/1d5f3956/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list