[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 29 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc69ffc8 by security tracker role at 2022-08-29T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,473 @@
+CVE-2022-39015
+ RESERVED
+CVE-2022-39014
+ RESERVED
+CVE-2022-39013
+ RESERVED
+CVE-2022-39012
+ RESERVED
+CVE-2022-39011
+ RESERVED
+CVE-2022-39010
+ RESERVED
+CVE-2022-39009
+ RESERVED
+CVE-2022-39008
+ RESERVED
+CVE-2022-39007
+ RESERVED
+CVE-2022-39006
+ RESERVED
+CVE-2022-39005
+ RESERVED
+CVE-2022-39004
+ RESERVED
+CVE-2022-39003
+ RESERVED
+CVE-2022-39002
+ RESERVED
+CVE-2022-39001
+ RESERVED
+CVE-2022-39000
+ RESERVED
+CVE-2022-38999
+ RESERVED
+CVE-2022-38998
+ RESERVED
+CVE-2022-38997
+ RESERVED
+CVE-2022-38996
+ RESERVED
+CVE-2022-38995
+ RESERVED
+CVE-2022-38994
+ RESERVED
+CVE-2022-38993
+ RESERVED
+CVE-2022-38992
+ RESERVED
+CVE-2022-38991
+ RESERVED
+CVE-2022-38990
+ RESERVED
+CVE-2022-38989
+ RESERVED
+CVE-2022-38988
+ RESERVED
+CVE-2022-38987
+ RESERVED
+CVE-2022-38986
+ RESERVED
+CVE-2022-38985
+ RESERVED
+CVE-2022-38984
+ RESERVED
+CVE-2022-38983
+ RESERVED
+CVE-2022-38982
+ RESERVED
+CVE-2022-38981
+ RESERVED
+CVE-2022-38980
+ RESERVED
+CVE-2022-38979
+ RESERVED
+CVE-2022-38978
+ RESERVED
+CVE-2022-38977
+ RESERVED
+CVE-2022-38970
+ RESERVED
+CVE-2022-38969
+ RESERVED
+CVE-2022-38968
+ RESERVED
+CVE-2022-38967
+ RESERVED
+CVE-2022-38966
+ RESERVED
+CVE-2022-38965
+ RESERVED
+CVE-2022-38964
+ RESERVED
+CVE-2022-38963
+ RESERVED
+CVE-2022-38962
+ RESERVED
+CVE-2022-38961
+ RESERVED
+CVE-2022-38960
+ RESERVED
+CVE-2022-38959
+ RESERVED
+CVE-2022-38958
+ RESERVED
+CVE-2022-38957
+ RESERVED
+CVE-2022-38956
+ RESERVED
+CVE-2022-38955
+ RESERVED
+CVE-2022-38954
+ RESERVED
+CVE-2022-38953
+ RESERVED
+CVE-2022-38952
+ RESERVED
+CVE-2022-38951
+ RESERVED
+CVE-2022-38950
+ RESERVED
+CVE-2022-38949
+ RESERVED
+CVE-2022-38948
+ RESERVED
+CVE-2022-38947
+ RESERVED
+CVE-2022-38946
+ RESERVED
+CVE-2022-38945
+ RESERVED
+CVE-2022-38944
+ RESERVED
+CVE-2022-38943
+ RESERVED
+CVE-2022-38942
+ RESERVED
+CVE-2022-38941
+ RESERVED
+CVE-2022-38940
+ RESERVED
+CVE-2022-38939
+ RESERVED
+CVE-2022-38938
+ RESERVED
+CVE-2022-38937
+ RESERVED
+CVE-2022-38936
+ RESERVED
+CVE-2022-38935
+ RESERVED
+CVE-2022-38934
+ RESERVED
+CVE-2022-38933
+ RESERVED
+CVE-2022-38932
+ RESERVED
+CVE-2022-38931
+ RESERVED
+CVE-2022-38930
+ RESERVED
+CVE-2022-38929
+ RESERVED
+CVE-2022-38928
+ RESERVED
+CVE-2022-38927
+ RESERVED
+CVE-2022-38926
+ RESERVED
+CVE-2022-38925
+ RESERVED
+CVE-2022-38924
+ RESERVED
+CVE-2022-38923
+ RESERVED
+CVE-2022-38922
+ RESERVED
+CVE-2022-38921
+ RESERVED
+CVE-2022-38920
+ RESERVED
+CVE-2022-38919
+ RESERVED
+CVE-2022-38918
+ RESERVED
+CVE-2022-38917
+ RESERVED
+CVE-2022-38916
+ RESERVED
+CVE-2022-38915
+ RESERVED
+CVE-2022-38914
+ RESERVED
+CVE-2022-38913
+ RESERVED
+CVE-2022-38912
+ RESERVED
+CVE-2022-38911
+ RESERVED
+CVE-2022-38910
+ RESERVED
+CVE-2022-38909
+ RESERVED
+CVE-2022-38908
+ RESERVED
+CVE-2022-38907
+ RESERVED
+CVE-2022-38906
+ RESERVED
+CVE-2022-38905
+ RESERVED
+CVE-2022-38904
+ RESERVED
+CVE-2022-38903
+ RESERVED
+CVE-2022-38902
+ RESERVED
+CVE-2022-38901
+ RESERVED
+CVE-2022-38900
+ RESERVED
+CVE-2022-38899
+ RESERVED
+CVE-2022-38898
+ RESERVED
+CVE-2022-38897
+ RESERVED
+CVE-2022-38896
+ RESERVED
+CVE-2022-38895
+ RESERVED
+CVE-2022-38894
+ RESERVED
+CVE-2022-38893
+ RESERVED
+CVE-2022-38892
+ RESERVED
+CVE-2022-38891
+ RESERVED
+CVE-2022-38890
+ RESERVED
+CVE-2022-38889
+ RESERVED
+CVE-2022-38888
+ RESERVED
+CVE-2022-38887
+ RESERVED
+CVE-2022-38886
+ RESERVED
+CVE-2022-38885
+ RESERVED
+CVE-2022-38884
+ RESERVED
+CVE-2022-38883
+ RESERVED
+CVE-2022-38882
+ RESERVED
+CVE-2022-38881
+ RESERVED
+CVE-2022-38880
+ RESERVED
+CVE-2022-38879
+ RESERVED
+CVE-2022-38878
+ RESERVED
+CVE-2022-38877
+ RESERVED
+CVE-2022-38876
+ RESERVED
+CVE-2022-38875
+ RESERVED
+CVE-2022-38874
+ RESERVED
+CVE-2022-38873
+ RESERVED
+CVE-2022-38872
+ RESERVED
+CVE-2022-38871
+ RESERVED
+CVE-2022-38870
+ RESERVED
+CVE-2022-38869
+ RESERVED
+CVE-2022-38868
+ RESERVED
+CVE-2022-38867
+ RESERVED
+CVE-2022-38866
+ RESERVED
+CVE-2022-38865
+ RESERVED
+CVE-2022-38864
+ RESERVED
+CVE-2022-38863
+ RESERVED
+CVE-2022-38862
+ RESERVED
+CVE-2022-38861
+ RESERVED
+CVE-2022-38860
+ RESERVED
+CVE-2022-38859
+ RESERVED
+CVE-2022-38858
+ RESERVED
+CVE-2022-38857
+ RESERVED
+CVE-2022-38856
+ RESERVED
+CVE-2022-38855
+ RESERVED
+CVE-2022-38854
+ RESERVED
+CVE-2022-38853
+ RESERVED
+CVE-2022-38852
+ RESERVED
+CVE-2022-38851
+ RESERVED
+CVE-2022-38850
+ RESERVED
+CVE-2022-38849
+ RESERVED
+CVE-2022-38848
+ RESERVED
+CVE-2022-38847
+ RESERVED
+CVE-2022-38846
+ RESERVED
+CVE-2022-38845
+ RESERVED
+CVE-2022-38844
+ RESERVED
+CVE-2022-38843
+ RESERVED
+CVE-2022-38842
+ RESERVED
+CVE-2022-38841
+ RESERVED
+CVE-2022-38840
+ RESERVED
+CVE-2022-38839
+ RESERVED
+CVE-2022-38838
+ RESERVED
+CVE-2022-38837
+ RESERVED
+CVE-2022-38836
+ RESERVED
+CVE-2022-38835
+ RESERVED
+CVE-2022-38834
+ RESERVED
+CVE-2022-38833
+ RESERVED
+CVE-2022-38832
+ RESERVED
+CVE-2022-38831
+ RESERVED
+CVE-2022-38830
+ RESERVED
+CVE-2022-38829
+ RESERVED
+CVE-2022-38828
+ RESERVED
+CVE-2022-38827
+ RESERVED
+CVE-2022-38826
+ RESERVED
+CVE-2022-38825
+ RESERVED
+CVE-2022-38824
+ RESERVED
+CVE-2022-38823
+ RESERVED
+CVE-2022-38822
+ RESERVED
+CVE-2022-38821
+ RESERVED
+CVE-2022-38820
+ RESERVED
+CVE-2022-38819
+ RESERVED
+CVE-2022-38818
+ RESERVED
+CVE-2022-38817
+ RESERVED
+CVE-2022-38816
+ RESERVED
+CVE-2022-38815
+ RESERVED
+CVE-2022-38814
+ RESERVED
+CVE-2022-38813
+ RESERVED
+CVE-2022-38812
+ RESERVED
+CVE-2022-38811
+ RESERVED
+CVE-2022-38810
+ RESERVED
+CVE-2022-38809
+ RESERVED
+CVE-2022-38808
+ RESERVED
+CVE-2022-38807
+ RESERVED
+CVE-2022-38806
+ RESERVED
+CVE-2022-38805
+ RESERVED
+CVE-2022-38804
+ RESERVED
+CVE-2022-38803
+ RESERVED
+CVE-2022-38802
+ RESERVED
+CVE-2022-38801
+ RESERVED
+CVE-2022-38800
+ RESERVED
+CVE-2022-38799
+ RESERVED
+CVE-2022-38798
+ RESERVED
+CVE-2022-38797
+ RESERVED
+CVE-2022-38796
+ RESERVED
+CVE-2022-38453
+ RESERVED
+CVE-2022-38399
+ RESERVED
+CVE-2022-38138
+ RESERVED
+CVE-2022-38100
+ RESERVED
+CVE-2022-38069
+ RESERVED
+CVE-2022-36385
+ RESERVED
+CVE-2022-3033
+ RESERVED
+CVE-2022-3032
+ RESERVED
+CVE-2022-3031
+ RESERVED
+CVE-2022-3030
+ RESERVED
+CVE-2022-3029
+ RESERVED
+CVE-2022-3028
+ RESERVED
+CVE-2022-3027
+ RESERVED
+CVE-2022-3026
+ RESERVED
+CVE-2022-3025
+ RESERVED
+CVE-2022-3024
+ RESERVED
+CVE-2022-3023
+ RESERVED
+CVE-2022-3022
+ RESERVED
+CVE-2022-3021
+ RESERVED
+CVE-2022-3020
+ RESERVED
+CVE-2021-46836
+ RESERVED
CVE-2022-3019 (The forgot password token basically just makes us capable of taking ov ...)
NOT-FOR-US: ToolJet
CVE-2222-XXXX [DoS vulnerability in inetutils-telnetd: NULL pointer dereference when sending the byte sequences]
@@ -31,7 +501,7 @@ CVE-2022-3018
RESERVED
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...)
TODO: check
-CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0285. ...)
+CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286. ...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371
NOTE: https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7 (v9.0.0286)
@@ -354,8 +824,7 @@ CVE-2022-2962
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120631
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171
NOTE: https://lore.kernel.org/qemu-devel/20220821124343.1336880-1-zheyuma97@gmail.com/
-CVE-2022-2961
- RESERVED
+CVE-2022-2961 (A use-after-free flaw was found in the Linux kernel’s PLP Rose f ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595
CVE-2022-2960
@@ -442,8 +911,8 @@ CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reve
NOT-FOR-US: CrowCpp
CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...)
NOT-FOR-US: CrowCpp
-CVE-2022-2953
- RESERVED
+CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tool ...)
+ TODO: check
CVE-2022-2952
RESERVED
CVE-2022-2951
@@ -3900,8 +4369,8 @@ CVE-2022-2639
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (5.18-rc4)
-CVE-2022-2638
- RESERVED
+CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the ...)
+ TODO: check
CVE-2022-2637
RESERVED
CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
@@ -4197,8 +4666,8 @@ CVE-2022-2601
RESERVED
CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2599
- RESERVED
+CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
+ TODO: check
CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
- vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
@@ -4696,8 +5165,8 @@ CVE-2022-37061 (All FLIR AX8 thermal sensor cameras version up to and including
NOT-FOR-US: FLIR AX8
CVE-2022-37060 (FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is ...)
NOT-FOR-US: FLIR AX8
-CVE-2022-37059
- RESERVED
+CVE-2022-37059 (Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows ...)
+ TODO: check
CVE-2022-37058
RESERVED
CVE-2022-37057 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b ...)
@@ -5107,8 +5576,8 @@ CVE-2022-2561
RESERVED
CVE-2022-2560
RESERVED
-CVE-2022-2559
- RESERVED
+CVE-2022-2559 (The Fluent Support WordPress plugin before 1.5.8 does not properly san ...)
+ TODO: check
CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is susceptible to ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which could all ...)
@@ -5157,8 +5626,8 @@ CVE-2022-36924
RESERVED
CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-2556
- RESERVED
+CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJA ...)
+ TODO: check
CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2554
@@ -5491,8 +5960,8 @@ CVE-2022-2540
RESERVED
CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2022-2538
- RESERVED
+CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does n ...)
+ TODO: check
CVE-2022-XXXX [spip: security issues from 4.1.5 release]
- spip 4.1.5+dfsg-1
[bullseye] - spip 3.2.11-3+deb11u5
@@ -5618,7 +6087,8 @@ CVE-2022-36709
RESERVED
CVE-2022-36708 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Library Management System
-CVE-2022-36707 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+CVE-2022-36707
+ REJECTED
NOT-FOR-US: Library Management System
CVE-2022-36706 (Ingredients Stock Management System v1.0 was discovered to contain a S ...)
NOT-FOR-US: Ingredients Stock Management System
@@ -5652,16 +6122,16 @@ CVE-2022-36692 (Ingredients Stock Management System v1.0 was discovered to conta
NOT-FOR-US: Ingredients Stock Management System
CVE-2022-36691
RESERVED
-CVE-2022-36690
- RESERVED
-CVE-2022-36689
- RESERVED
-CVE-2022-36688
- RESERVED
-CVE-2022-36687
- RESERVED
-CVE-2022-36686
- RESERVED
+CVE-2022-36690 (Ingredients Stock Management System v1.0 was discovered to contain a S ...)
+ TODO: check
+CVE-2022-36689 (Ingredients Stock Management System v1.0 was discovered to contain a S ...)
+ TODO: check
+CVE-2022-36688 (Ingredients Stock Management System v1.0 was discovered to contain a S ...)
+ TODO: check
+CVE-2022-36687 (Ingredients Stock Management System v1.0 was discovered to contain an ...)
+ TODO: check
+CVE-2022-36686 (Ingredients Stock Management System v1.0 was discovered to contain a S ...)
+ TODO: check
CVE-2022-36685
RESERVED
CVE-2022-36684
@@ -6154,8 +6624,8 @@ CVE-2022-36441
RESERVED
CVE-2022-36440
RESERVED
-CVE-2022-2537
- RESERVED
+CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
+ TODO: check
CVE-2022-2536
RESERVED
CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...)
@@ -6925,8 +7395,8 @@ CVE-2022-36202
RESERVED
CVE-2022-36201
RESERVED
-CVE-2022-36200
- RESERVED
+CVE-2022-36200 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submi ...)
+ TODO: check
CVE-2022-36199
RESERVED
CVE-2022-36198 (Multiple SQL injections detected in Bus Pass Management System 1.0 via ...)
@@ -7327,16 +7797,16 @@ CVE-2022-36039
RESERVED
CVE-2022-36038
RESERVED
-CVE-2022-36037
- RESERVED
-CVE-2022-36036
- RESERVED
+CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...)
+ TODO: check
+CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is ...)
+ TODO: check
CVE-2022-36035
RESERVED
-CVE-2022-36034
- RESERVED
-CVE-2022-36033
- RESERVED
+CVE-2022-36034 (nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS ...)
+ TODO: check
+CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning, scrapin ...)
+ TODO: check
CVE-2022-36032
RESERVED
CVE-2022-36031 (Directus is a free and open-source data platform for headless content ...)
@@ -7481,8 +7951,8 @@ CVE-2022-35964
RESERVED
CVE-2022-35963
RESERVED
-CVE-2022-35962
- RESERVED
+CVE-2022-35962 (Zulip is an open source team chat and Zulip Mobile is an app for iOS a ...)
+ TODO: check
CVE-2022-35961 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2022-35960
@@ -8324,10 +8794,10 @@ CVE-2022-2376
RESERVED
CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2374
- RESERVED
-CVE-2022-2373
- RESERVED
+CVE-2022-2374 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does ...)
+ TODO: check
+CVE-2022-2373 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is mi ...)
+ TODO: check
CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper authori ...)
@@ -9847,20 +10317,20 @@ CVE-2022-35022
RESERVED
CVE-2022-35021
RESERVED
-CVE-2022-35020
- RESERVED
-CVE-2022-35019
- RESERVED
-CVE-2022-35018
- RESERVED
-CVE-2022-35017
- RESERVED
-CVE-2022-35016
- RESERVED
-CVE-2022-35015
- RESERVED
-CVE-2022-35014
- RESERVED
+CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
+ TODO: check
+CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...)
+ TODO: check
+CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
+ TODO: check
+CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer overflow. ...)
+ TODO: check
+CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault. ...)
+ TODO: check
CVE-2022-35013 (PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at / ...)
NOT-FOR-US: bitbank2/PNGdec
CVE-2022-35012 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...)
@@ -10386,8 +10856,8 @@ CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 do
NOT-FOR-US: WordPress plugin
CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2267
- RESERVED
+CVE-2022-2267 (The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJA ...)
+ TODO: check
CVE-2022-2266
RESERVED
CVE-2022-2265
@@ -10401,8 +10871,8 @@ CVE-2022-2263 (A vulnerability was found in Online Hotel Booking System 1.0 and
NOT-FOR-US: Online Hotel Booking System
CVE-2022-2262 (A vulnerability has been found in Online Hotel Booking System 1.0 and ...)
NOT-FOR-US: Online Hotel Booking System
-CVE-2022-2261
- RESERVED
+CVE-2022-2261 (The WPIDE WordPress plugin before 3.0 does not sanitize and validate t ...)
+ TODO: check
CVE-2022-2260 (The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error and res ...)
@@ -14623,8 +15093,8 @@ CVE-2022-2082
RESERVED
CVE-2022-2081
RESERVED
-CVE-2022-2080
- RESERVED
+CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the ...)
+ TODO: check
CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...)
NOT-FOR-US: nocodb
CVE-2022-2078 (A vulnerability was found in the Linux kernel's nft_set_desc_concat_pa ...)
@@ -16175,8 +16645,8 @@ CVE-2022-25649 (Multiple Improper Access Control vulnerabilities in StoreApps Af
NOT-FOR-US: WooCommerce addon
CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in the pla ...)
NOT-FOR-US: SCORM Engine
-CVE-2022-2034
- RESERVED
+CVE-2022-2034 (The Sensei LMS WordPress plugin before 4.5.0 does not have proper perm ...)
+ TODO: check
CVE-2022-2033
RESERVED
CVE-2022-2032 (In Pandora FMS v7.0NG.761 and below, in the file manager section, the ...)
@@ -17049,7 +17519,7 @@ CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import() all
NOT-FOR-US: Real Player
CVE-2022-32269 (In Real Player 20.0.8.310, the G2 Control allows injection of unsafe j ...)
NOT-FOR-US: Real Player
-CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. ...)
+CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A fl ...)
NOT-FOR-US: StarWind SAN and NAS
CVE-2022-32267
RESERVED
@@ -18798,8 +19268,8 @@ CVE-2022-31679
RESERVED
CVE-2022-31678
RESERVED
-CVE-2022-31677
- RESERVED
+CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the Pinnipe ...)
+ TODO: check
CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege es ...)
{DSA-5215-1 DLA-3081-1}
- open-vm-tools 2:12.1.0-1 (bug #1018012)
@@ -22253,8 +22723,8 @@ CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management syst
NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 (1.20.10)
NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 (1.19.8)
NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be (1.18.26)
-CVE-2022-1663
- RESERVED
+CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does not prope ...)
+ TODO: check
CVE-2022-30529
RESERVED
CVE-2022-30528
@@ -23426,7 +23896,7 @@ CVE-2022-30127 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
NOT-FOR-US: Microsoft
CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called wp-js.php with ...)
NOT-FOR-US: WP-JS plugin for WordPress
-CVE-2022-1566 (The Quotes llama WordPress plugin through 0.7 does not sanitise and es ...)
+CVE-2022-1566 (The Quotes llama WordPress plugin before 1.0.0 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1565 (The plugin WP All Import is vulnerable to arbitrary file uploads due t ...)
NOT-FOR-US: WordPress plugin
@@ -25027,7 +25497,7 @@ CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE:
NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0
NOTE: Issue exists because of an incomplete fix for CVE-2019-3839
CVE-2022-29599 (In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...)
- {DLA-3059-1}
+ {DLA-3086-1 DLA-3059-1}
- maven-shared-utils 3.3.4-1 (bug #1012314)
NOTE: https://github.com/apache/maven-shared-utils/pull/40
NOTE: https://issues.apache.org/jira/browse/MSHARED-297
@@ -28627,8 +29097,7 @@ CVE-2022-1205
{DSA-5173-1 DSA-5127-1}
- linux 5.17.6-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4
-CVE-2022-1204
- RESERVED
+CVE-2022-1204 (A use-after-free flaw was found in the Linux kernel’s Amateur Ra ...)
{DSA-5173-1 DSA-5127-1}
- linux 5.17.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
@@ -28795,14 +29264,12 @@ CVE-2022-28281
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28281
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28281
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281
-CVE-2022-1199
- RESERVED
+CVE-2022-1199 (A flaw was found in the Linux kernel. This flaw allows an attacker to ...)
{DSA-5173-1 DSA-5127-1 DLA-3065-1}
- linux 5.16.18-1
[buster] - linux 4.19.235-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/5
-CVE-2022-1198
- RESERVED
+CVE-2022-1198 (A use-after-free vulnerabilitity was discovered in drivers/net/hamradi ...)
{DSA-5173-1 DSA-5127-1 DLA-3065-1}
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3
@@ -29038,8 +29505,7 @@ CVE-2022-28220
RESERVED
CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...)
- gitlab <unfixed>
-CVE-2022-1184
- RESERVED
+CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
NOTE: https://git.kernel.org/linus/65f8ea4cd57dbd46ea13b41dc8bac03176b04233
@@ -29542,8 +30008,8 @@ CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
- gitlab <unfixed>
-CVE-2022-1123
- RESERVED
+CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPr ...)
+ TODO: check
CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...)
NOT-FOR-US: Firebase PHP-JWT
CVE-2020-36521
@@ -29569,13 +30035,11 @@ CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary
NOT-FOR-US: WordPress plugin
CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbenc ...)
NOT-FOR-US: Rockwell Automation
-CVE-2022-1117
- RESERVED
+CVE-2022-1117 (A vulnerability was found in fapolicyd. The vulnerability occurs due t ...)
NOT-FOR-US: fapolicyd
CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux Kern ...)
- linux <not-affected> (Vulnerable code not present; introduced in 5.4.24; fixed in 5.4.189)
-CVE-2022-1115
- RESERVED
+CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick’s PushShort ...)
- imagemagick <unfixed> (bug #1013282)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <no-dsa> (Minor issue)
@@ -30878,8 +31342,7 @@ CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/tru
NOT-FOR-US: Trudesk
CVE-2022-1044 (Sensitive Data Exposure Due To Insecure Storage Of Profile Image in Gi ...)
NOT-FOR-US: Trudesk
-CVE-2022-1043 [Linux Kernel io_uring Use-After-Free Privilege Escalation Vulnerability]
- RESERVED
+CVE-2022-1043 (A flaw was found in the Linux kernel’s io_uring implementation. ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -31028,8 +31491,8 @@ CVE-2022-27560
RESERVED
CVE-2022-27559
RESERVED
-CVE-2022-27558
- RESERVED
+CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks vulnera ...)
+ TODO: check
CVE-2022-27557
RESERVED
CVE-2022-27556
@@ -31050,10 +31513,10 @@ CVE-2022-27549 (HCL Launch may store certain data for recurring activities in a
NOT-FOR-US: HCL
CVE-2022-27548 (HCL Launch stores user credentials in plain clear text which can be re ...)
NOT-FOR-US: HCL
-CVE-2022-27547
- RESERVED
-CVE-2022-27546
- RESERVED
+CVE-2022-27547 (HCL iNotes is susceptible to a link to non-existent domain vulnerabili ...)
+ TODO: check
+CVE-2022-27546 (HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vu ...)
+ TODO: check
CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection for the ...)
NOT-FOR-US: BigFix Web Reports
CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials in clear ...)
@@ -31869,7 +32332,7 @@ CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of Net
CVE-2022-1025 (All unpatched versions of Argo CD starting with v1.0.0 are vulnerable ...)
NOT-FOR-US: Argo CD
CVE-2022-1024
- RESERVED
+ REJECTED
CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
@@ -31922,8 +32385,7 @@ CVE-2022-27172 (A hard-coded password vulnerability exists in the console infact
NOT-FOR-US: InHand Networks InRouter302
CVE-2022-1017
RESERVED
-CVE-2022-1016
- RESERVED
+CVE-2022-1016 (A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c ...)
{DSA-5173-1 DSA-5127-1 DLA-3065-1}
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5
@@ -32983,8 +33445,7 @@ CVE-2022-26885
RESERVED
CVE-2022-26884
RESERVED
-CVE-2022-0934
- RESERVED
+CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was found in dn ...)
- dnsmasq <unfixed> (bug #1014715)
[bullseye] - dnsmasq <no-dsa> (Minor issue)
[buster] - dnsmasq <no-dsa> (Minor issue)
@@ -34261,14 +34722,11 @@ CVE-2022-0854 (A memory leak flaw was found in the Linux kernel’s DMA subs
NOTE: https://git.kernel.org/linus/901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544 (5.18-rc1)
CVE-2022-0853 (A flaw was found in JBoss-client. The vulnerability occurs due to a me ...)
NOT-FOR-US: jboss-client
-CVE-2022-0852
- RESERVED
+CVE-2022-0852 (There is a flaw in convert2rhel. convert2rhel passes the Red Hat accou ...)
NOT-FOR-US: Red Hat convert2rhel
-CVE-2022-0851
- RESERVED
+CVE-2022-0851 (There is a flaw in convert2rhel. When the --activationkey option is us ...)
NOT-FOR-US: Red Hat convert2rhel
-CVE-2022-0850
- RESERVED
+CVE-2022-0850 (A vulnerability was found in linux kernel, where an information leak o ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
@@ -35009,8 +35467,7 @@ CVE-2022-26080
RESERVED
CVE-2022-26057 (Vulnerabilities in the Mint WorkBench allow a low privileged attacker ...)
NOT-FOR-US: Mind Workbench
-CVE-2022-0812 [NFS over RDMA random memory leakage]
- RESERVED
+CVE-2022-0812 (An information leak flaw was found in NFS over RDMA in the net/sunrpc/ ...)
{DSA-5173-1 DLA-3065-1}
- linux 5.7.10-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058955
@@ -36419,8 +36876,7 @@ CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper au
NOT-FOR-US: WordPress plugin
CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
-CVE-2022-0718
- RESERVED
+CVE-2022-0718 (A flaw was found in python-oslo-utils. Due to improper parsing, passwo ...)
- python-oslo.utils 4.10.1-1
[bullseye] - python-oslo.utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056850
@@ -37370,8 +37826,7 @@ CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system "
- ceph 16.2.10+ds-1 (bug #1016069)
NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
NOTE: https://docs.ceph.com/en/latest/security/CVE-2022-0670/
-CVE-2022-0669
- RESERVED
+CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious vhost-user mast ...)
{DSA-5130-1}
- dpdk 20.11.5-1 (bug #1010641)
[buster] - dpdk <not-affected> (Vulnerable code introduced later)
@@ -37579,7 +38034,7 @@ CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Tr
CVE-2022-0645 (Open redirect vulnerability via endpoint authorize_and_redirect/?redir ...)
NOT-FOR-US: posthog
CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
- RESERVED
+ REJECTED
{DSA-5096-1 DLA-2941-1}
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
@@ -40204,13 +40659,11 @@ CVE-2022-0499 (The Sermon Browser WordPress plugin through 0.45.22 does not have
NOT-FOR-US: WordPress plugin
CVE-2022-0498
REJECTED
-CVE-2022-0497
- RESERVED
+CVE-2022-0497 (A vulnerbiility was found in Openscad, where a .scad file with no trai ...)
- openscad 2021.01-4 (unimportant; bug #1005641)
NOTE: https://github.com/openscad/openscad/issues/4043
NOTE: Crash in CLI tool, no security impact
-CVE-2022-0496
- RESERVED
+CVE-2022-0496 (A vulnerbiility was found in Openscad, where a DXF-format drawing with ...)
- openscad 2021.01-4 (unimportant; bug #1005641)
NOTE: https://github.com/openscad/openscad/issues/4037
NOTE: Crash in CLI tool, no security impact
@@ -40330,8 +40783,7 @@ CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remov
NOTE: CONFIG_MMC_MOXART is not set in Debian.
CVE-2022-0486 (Improper file permissions in the CommandPost, Collector, Sensor, and S ...)
NOT-FOR-US: Fidelis
-CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image]
- RESERVED
+CVE-2022-0485 (A flaw was found in the copying tool `nbdcopy` of libnbd. When perform ...)
- libnbd 1.10.5-1 (bug #1005307)
[bullseye] - libnbd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2050324
@@ -40505,8 +40957,7 @@ CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists t
NOT-FOR-US: Schneider Electric
CVE-2022-24309 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
-CVE-2022-0480
- RESERVED
+CVE-2022-0480 (A flaw was found in the filelock_init in fs/locks.c function in the Li ...)
- linux 5.15.3-1
[bullseye] - linux <ignored> (Minor issue)
[buster] - linux <ignored> (Minor issue)
@@ -41303,8 +41754,7 @@ CVE-2022-0402
RESERVED
CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
NOT-FOR-US: Node w-zip
-CVE-2022-0400 [Out of bounds read in the smc protocol stack]
- RESERVED
+CVE-2022-0400 (An out-of-bounds read vulnerability was discovered in linux kernel in ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575
@@ -42054,8 +42504,8 @@ CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/
NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
-CVE-2022-0367
- RESERVED
+CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...)
+ TODO: check
CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...)
NOT-FOR-US: Sophos
CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...)
@@ -42082,8 +42532,7 @@ CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214)
-CVE-2022-0358
- RESERVED
+CVE-2022-0358 (A flaw was found in the QEMU virtio-fs shared file system daemon (virt ...)
{DSA-5133-1}
- qemu 1:7.0+dfsg-1
[buster] - qemu <not-affected> (Vulnerable code not present)
@@ -42734,8 +43183,7 @@ CVE-2022-23835 (** DISPUTED ** The Visual Voice Mail (VVM) application through 2
NOT-FOR-US: Visual Voice Mail (VVM) application
CVE-2022-0337
RESERVED
-CVE-2022-0336 [Samba AD users with permission to write to an account can impersonate arbitrary services]
- RESERVED
+CVE-2022-0336 (The Samba AD DC includes checks when adding service principals names ( ...)
[experimental] - samba 2:4.16.0+dfsg-1
- samba 2:4.16.0+dfsg-2 (bug #1004694)
[bullseye] - samba 2:4.13.13+dfsg-1~deb11u3
@@ -43902,8 +44350,7 @@ CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference
[stretch] - linux <not-affected> (Vulnerable code introduced later)
CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
-CVE-2022-0284
- RESERVED
+CVE-2022-0284 (A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixel ...)
- imagemagick <not-affected> (Specific to IM7)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045943
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc69ffc860127a557f636b2c4fa58e31d0e738d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc69ffc860127a557f636b2c4fa58e31d0e738d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220829/2e299d40/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list