[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 23 09:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4eabc524 by security tracker role at 2022-08-23T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2022-38699
+ RESERVED
+CVE-2022-38698
+ RESERVED
+CVE-2022-38697
+ RESERVED
+CVE-2022-38696
+ RESERVED
+CVE-2022-38695
+ RESERVED
+CVE-2022-38694
+ RESERVED
+CVE-2022-38693
+ RESERVED
+CVE-2022-38692
+ RESERVED
+CVE-2022-38691
+ RESERVED
+CVE-2022-38690
+ RESERVED
+CVE-2022-38689
+ RESERVED
+CVE-2022-38688
+ RESERVED
+CVE-2022-38687
+ RESERVED
+CVE-2022-38686
+ RESERVED
+CVE-2022-38685
+ RESERVED
+CVE-2022-38684
+ RESERVED
+CVE-2022-38683
+ RESERVED
+CVE-2022-38682
+ RESERVED
+CVE-2022-38681
+ RESERVED
+CVE-2022-38680
+ RESERVED
+CVE-2022-38679
+ RESERVED
+CVE-2022-38678
+ RESERVED
+CVE-2022-38677
+ RESERVED
+CVE-2022-38676
+ RESERVED
+CVE-2022-38675
+ RESERVED
+CVE-2022-38674
+ RESERVED
+CVE-2022-38673
+ RESERVED
+CVE-2022-38672
+ RESERVED
+CVE-2022-38671
+ RESERVED
+CVE-2022-38670
+ RESERVED
+CVE-2022-38669
+ RESERVED
+CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reveal pot ...)
+ TODO: check
+CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...)
+ TODO: check
+CVE-2022-2953
+ RESERVED
+CVE-2022-2952
+ RESERVED
+CVE-2022-2951
+ RESERVED
+CVE-2022-2950
+ RESERVED
+CVE-2022-2949
+ RESERVED
+CVE-2022-2948
+ RESERVED
+CVE-2022-2947
+ RESERVED
CVE-2022-38666
RESERVED
CVE-2022-38665
@@ -394,8 +474,8 @@ CVE-2022-2925
RESERVED
CVE-2022-2924
RESERVED
-CVE-2022-2923
- RESERVED
+CVE-2022-2923 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.023 ...)
+ TODO: check
CVE-2022-38494
RESERVED
CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA priva ...)
@@ -632,8 +712,8 @@ CVE-2022-36420
RESERVED
CVE-2022-36419
RESERVED
-CVE-2022-34652
- RESERVED
+CVE-2022-34652 (A sql injection vulnerability exists in the ObjectYPT functionality of ...)
+ TODO: check
CVE-2022-33310
RESERVED
CVE-2022-2899
@@ -897,8 +977,8 @@ CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoP
NOT-FOR-US: WordPress plugin
CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2842
- RESERVED
+CVE-2022-2842 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...)
NOT-FOR-US: CrowdStrike Falcon
CVE-2022-2840
@@ -946,8 +1026,8 @@ CVE-2022-38364
RESERVED
CVE-2022-38363
RESERVED
-CVE-2022-2829
- RESERVED
+CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
+ TODO: check
CVE-2022-2828
RESERVED
CVE-2022-2827
@@ -1405,8 +1485,7 @@ CVE-2022-38173
RESERVED
CVE-2022-38172
RESERVED
-CVE-2022-38171
- RESERVED
+CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 d ...)
TODO: check, https://bugzilla.redhat.com/show_bug.cgi?id=2120439, might be N/A for us as using poppler
CVE-2022-2794
RESERVED
@@ -2187,8 +2266,8 @@ CVE-2022-37865
RESERVED
CVE-2022-37864
RESERVED
-CVE-2022-35733
- RESERVED
+CVE-2022-35733 (Missing authentication for critical function vulnerability in UNIMO Te ...)
+ TODO: check
CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion failure when ...)
- imagemagick <not-affected> (Specific to IM7)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537
@@ -4311,8 +4390,8 @@ CVE-2020-36564
RESERVED
CVE-2020-36563
RESERVED
-CVE-2019-25075
- RESERVED
+CVE-2019-25075 (HTML injection combined with path traversal in the Email service in Gr ...)
+ TODO: check
CVE-2019-25074
RESERVED
CVE-2019-25073
@@ -8844,8 +8923,8 @@ CVE-2022-35193
RESERVED
CVE-2022-35192
RESERVED
-CVE-2022-35191
- RESERVED
+CVE-2022-35191 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...)
+ TODO: check
CVE-2022-35190
RESERVED
CVE-2022-35189
@@ -9407,8 +9486,8 @@ CVE-2022-34921
RESERVED
CVE-2022-34920
RESERVED
-CVE-2022-34919
- RESERVED
+CVE-2022-34919 (The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 ...)
+ TODO: check
CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A type con ...)
{DSA-5191-1}
- linux 5.18.14-1
@@ -12429,8 +12508,8 @@ CVE-2022-2110
RESERVED
CVE-2022-2109
RESERVED
-CVE-2022-33916
- RESERVED
+CVE-2022-33916 (OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacke ...)
+ TODO: check
CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j hotpatch package before log4j- ...)
NOT-FOR-US: Specific to Amazon AWS Apache Log4j hotpatch package
CVE-2022-33914
@@ -14092,12 +14171,12 @@ CVE-2022-33153
RESERVED
CVE-2022-33152
RESERVED
-CVE-2022-33149
- RESERVED
-CVE-2022-33148
- RESERVED
-CVE-2022-33147
- RESERVED
+CVE-2022-33149 (A sql injection vulnerability exists in the ObjectYPT functionality of ...)
+ TODO: check
+CVE-2022-33148 (A sql injection vulnerability exists in the ObjectYPT functionality of ...)
+ TODO: check
+CVE-2022-33147 (A sql injection vulnerability exists in the ObjectYPT functionality of ...)
+ TODO: check
CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...)
NOT-FOR-US: Apache NiFi
CVE-2022-33139 (A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All ver ...)
@@ -14444,24 +14523,24 @@ CVE-2022-32987 (Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?pa
NOT-FOR-US: Simple Bakery Shop Management System
CVE-2022-32986
RESERVED
-CVE-2022-32761
- RESERVED
+CVE-2022-32761 (An information disclosure vulnerability exists in the aVideoEncoderRec ...)
+ TODO: check
CVE-2022-32760
RESERVED
-CVE-2022-32572
- RESERVED
-CVE-2022-32282
- RESERVED
-CVE-2022-30547
- RESERVED
-CVE-2022-30534
- RESERVED
+CVE-2022-32572 (An os command injection vulnerability exists in the aVideoEncoder wget ...)
+ TODO: check
+CVE-2022-32282 (An improper password check exists in the login functionality of WWBN A ...)
+ TODO: check
+CVE-2022-30547 (A directory traversal vulnerability exists in the unzipDirectory funct ...)
+ TODO: check
+CVE-2022-30534 (An OS command injection vulnerability exists in the aVideoEncoder chun ...)
+ TODO: check
CVE-2022-29477
RESERVED
CVE-2022-29475
RESERVED
-CVE-2022-28710
- RESERVED
+CVE-2022-28710 (An information disclosure vulnerability exists in the chunkFile functi ...)
+ TODO: check
CVE-2022-27805
RESERVED
CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not sanitise an ...)
@@ -14990,24 +15069,24 @@ CVE-2022-32780
RESERVED
CVE-2022-32779
RESERVED
-CVE-2022-32778
- RESERVED
-CVE-2022-32777
- RESERVED
-CVE-2022-32772
- RESERVED
-CVE-2022-32771
- RESERVED
-CVE-2022-32770
- RESERVED
+CVE-2022-32778 (An information disclosure vulnerability exists in the cookie functiona ...)
+ TODO: check
+CVE-2022-32777 (An information disclosure vulnerability exists in the cookie functiona ...)
+ TODO: check
+CVE-2022-32772 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...)
+ TODO: check
+CVE-2022-32771 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...)
+ TODO: check
+CVE-2022-32770 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...)
+ TODO: check
CVE-2022-32763
RESERVED
-CVE-2022-30690
- RESERVED
-CVE-2022-28712
- RESERVED
-CVE-2022-26842
- RESERVED
+CVE-2022-30690 (A cross-site scripting (xss) vulnerability exists in the image403 func ...)
+ TODO: check
+CVE-2022-28712 (A cross-site scripting (xss) vulnerability exists in the videoAddNew f ...)
+ TODO: check
+CVE-2022-26842 (A reflected cross-site scripting (xss) vulnerability exists in the cha ...)
+ TODO: check
CVE-2022-2049 (In affected versions of Octopus Deploy it is possible to perform a Reg ...)
NOT-FOR-US: Octopus Deploy
CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...)
@@ -15045,10 +15124,10 @@ CVE-2021-46817 (Adobe Media Encoder version 15.4 (and earlier) are affected by a
NOT-FOR-US: Adobe
CVE-2021-46816 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...)
NOT-FOR-US: Adobe
-CVE-2022-32769
- RESERVED
-CVE-2022-32768
- RESERVED
+CVE-2022-32769 (Multiple authentication bypass vulnerabilities exist in the objects id ...)
+ TODO: check
+CVE-2022-32768 (Multiple authentication bypass vulnerabilities exist in the objects id ...)
+ TODO: check
CVE-2022-32759
RESERVED
CVE-2022-32758
@@ -15111,16 +15190,16 @@ CVE-2022-32739 (When Secure::DisableBanner system configuration has been disable
NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
CVE-2022-32573
RESERVED
-CVE-2022-30605
- RESERVED
+CVE-2022-30605 (A privilege escalation vulnerability exists in the session id function ...)
+ TODO: check
CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...)
NOT-FOR-US: ESTsoft Alyac
CVE-2022-29517
RESERVED
CVE-2022-29511
RESERVED
-CVE-2022-29468
- RESERVED
+CVE-2022-29468 (A cross-site request forgery (CSRF) vulnerability exists in WWBN AVide ...)
+ TODO: check
CVE-2022-28703
RESERVED
CVE-2022-27498
@@ -17681,8 +17760,8 @@ CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request bin
NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 (0.12.20)
CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk prior t ...)
NOT-FOR-US: Trudesk
-CVE-2022-1930
- RESERVED
+CVE-2022-1930 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
+ TODO: check
CVE-2022-1929 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
NOT-FOR-US: devcert Nodejs module
CVE-2022-1928 (Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gite ...)
@@ -32295,12 +32374,12 @@ CVE-2022-26892
RESERVED
CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-26061
- RESERVED
-CVE-2022-25972
- RESERVED
-CVE-2022-25942
- RESERVED
+CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...)
+ TODO: check
+CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...)
+ TODO: check
+CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...)
+ TODO: check
CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...)
NOT-FOR-US: livehelperchat
CVE-2022-26886
@@ -34916,8 +34995,8 @@ CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0
NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util
CVE-2022-25890
RESERVED
-CVE-2022-25888
- RESERVED
+CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
+ TODO: check
CVE-2022-25887
RESERVED
CVE-2022-25886
@@ -35021,8 +35100,8 @@ CVE-2022-25765
RESERVED
CVE-2022-25764
RESERVED
-CVE-2022-25761
- RESERVED
+CVE-2022-25761 (The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before ...)
+ TODO: check
CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...)
NOT-FOR-US: accesslog Nodejs module
CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to Remote Cod ...)
@@ -35069,12 +35148,12 @@ CVE-2022-25345 (All versions of package @discordjs/opus are vulnerable to Denial
NOT-FOR-US: @discordjs/opus
CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Service (Do ...)
NOT-FOR-US: justmoon/node-bignum
-CVE-2022-25304
- RESERVED
+CVE-2022-25304 (All versions of package opcua; all versions of package asyncua are vul ...)
+ TODO: check
CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...)
NOT-FOR-US: whoogle-search
-CVE-2022-25302
- RESERVED
+CVE-2022-25302 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...)
+ TODO: check
CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...)
NOT-FOR-US: jsgui-lang-essentials
CVE-2022-25300
@@ -35083,8 +35162,8 @@ CVE-2022-25233
RESERVED
CVE-2022-25232
RESERVED
-CVE-2022-25231
- RESERVED
+CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
+ TODO: check
CVE-2022-25171
RESERVED
CVE-2022-24913
@@ -35117,8 +35196,8 @@ CVE-2022-24430
RESERVED
CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...)
NOT-FOR-US: Node convert-svg-core
-CVE-2022-24381
- RESERVED
+CVE-2022-24381 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...)
+ TODO: check
CVE-2022-24377
RESERVED
CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
@@ -35127,8 +35206,8 @@ CVE-2022-24375
RESERVED
CVE-2022-24373
RESERVED
-CVE-2022-24298
- RESERVED
+CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...)
+ TODO: check
CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...)
NOT-FOR-US: madlib-object-utils
CVE-2022-24278 (The package convert-svg-core before 0.6.4 are vulnerable to Directory ...)
@@ -35196,8 +35275,8 @@ CVE-2022-21213 (This affects all versions of package mout. The deepFillIn functi
NOT-FOR-US: mout
CVE-2022-21211 (This affects all versions of package posix. When invoking the toString ...)
NOT-FOR-US: Node posix
-CVE-2022-21208
- RESERVED
+CVE-2022-21208 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
+ TODO: check
CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...)
NOT-FOR-US: AlexFlipnote/url_regex
CVE-2022-21192
@@ -63032,8 +63111,8 @@ CVE-2021-42234
RESERVED
CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cros ...)
NOT-FOR-US: Simple Blog plugin in Wondercms
-CVE-2021-42232
- RESERVED
+CVE-2021-42232 (TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command inj ...)
+ TODO: check
CVE-2021-42231
RESERVED
CVE-2021-42230 (Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to R ...)
@@ -94640,8 +94719,8 @@ CVE-2021-29893
RESERVED
CVE-2021-29892
RESERVED
-CVE-2021-29891
- RESERVED
+CVE-2021-29891 (IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an ...)
+ TODO: check
CVE-2021-29890
RESERVED
CVE-2021-29889
@@ -97178,8 +97257,8 @@ CVE-2021-28863
RESERVED
CVE-2021-28862
RESERVED
-CVE-2021-28861
- RESERVED
+CVE-2021-28861 (Python 3.x through 3.10 has an open redirection vulnerability in lib/h ...)
+ TODO: check
CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...)
NOT-FOR-US: Node mixme
CVE-2021-28859
@@ -115499,8 +115578,8 @@ CVE-2020-35994
RESERVED
CVE-2020-35993
RESERVED
-CVE-2020-35992
- RESERVED
+CVE-2020-35992 (Fiserv Prologue through 2020-12-16 does not properly protect the datab ...)
+ TODO: check
CVE-2020-35991
RESERVED
CVE-2020-35990
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eabc52415065248edccf7df1f60e9f3d46ac8d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eabc52415065248edccf7df1f60e9f3d46ac8d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220823/acdf1170/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list