[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 15 20:10:40 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
934ac975 by security tracker role at 2022-12-15T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2022-47512
+ RESERVED
+CVE-2022-47511
+ RESERVED
+CVE-2022-47510
+ RESERVED
+CVE-2022-47509
+ RESERVED
+CVE-2022-47508
+ RESERVED
+CVE-2022-47507
+ RESERVED
+CVE-2022-47506
+ RESERVED
+CVE-2022-47505
+ RESERVED
+CVE-2022-47504
+ RESERVED
+CVE-2022-47503
+ RESERVED
+CVE-2022-47502
+ RESERVED
+CVE-2022-47501
+ RESERVED
+CVE-2022-47500
+ RESERVED
+CVE-2022-47499
+ RESERVED
+CVE-2022-47498
+ RESERVED
+CVE-2022-47497
+ RESERVED
+CVE-2022-47496
+ RESERVED
+CVE-2022-47495
+ RESERVED
+CVE-2022-47494
+ RESERVED
+CVE-2022-47493
+ RESERVED
+CVE-2022-47492
+ RESERVED
+CVE-2022-47491
+ RESERVED
+CVE-2022-47490
+ RESERVED
+CVE-2022-47489
+ RESERVED
+CVE-2022-47488
+ RESERVED
+CVE-2022-47487
+ RESERVED
+CVE-2022-47486
+ RESERVED
+CVE-2022-47485
+ RESERVED
+CVE-2022-47484
+ RESERVED
+CVE-2022-47483
+ RESERVED
+CVE-2022-47482
+ RESERVED
+CVE-2022-47481
+ RESERVED
+CVE-2022-47480
+ RESERVED
+CVE-2022-47479
+ RESERVED
+CVE-2022-47478
+ RESERVED
+CVE-2022-47477
+ RESERVED
+CVE-2022-47476
+ RESERVED
+CVE-2022-47475
+ RESERVED
+CVE-2022-47474
+ RESERVED
+CVE-2022-47473
+ RESERVED
+CVE-2022-47472
+ RESERVED
+CVE-2022-47471
+ RESERVED
+CVE-2022-47470
+ RESERVED
+CVE-2022-47469
+ RESERVED
+CVE-2022-47468
+ RESERVED
+CVE-2022-47467
+ RESERVED
+CVE-2022-47466
+ RESERVED
+CVE-2022-47465
+ RESERVED
+CVE-2022-47464
+ RESERVED
+CVE-2022-47463
+ RESERVED
+CVE-2022-47462
+ RESERVED
+CVE-2022-47461
+ RESERVED
+CVE-2022-47460
+ RESERVED
+CVE-2022-47459
+ RESERVED
+CVE-2022-47458
+ RESERVED
+CVE-2022-47457
+ RESERVED
+CVE-2022-47456
+ RESERVED
+CVE-2022-47455
+ RESERVED
+CVE-2022-47454
+ RESERVED
+CVE-2022-47453
+ RESERVED
+CVE-2022-47452
+ RESERVED
+CVE-2022-47451
+ RESERVED
+CVE-2022-47450
+ RESERVED
+CVE-2022-46732
+ RESERVED
+CVE-2022-46660
+ RESERVED
+CVE-2022-46331
+ RESERVED
+CVE-2022-4517
+ RESERVED
+CVE-2022-4516
+ RESERVED
+CVE-2022-4515
+ RESERVED
+CVE-2022-4514
+ RESERVED
+CVE-2022-4513
+ RESERVED
+CVE-2022-4512
+ RESERVED
+CVE-2022-4511
+ RESERVED
+CVE-2022-4510
+ RESERVED
+CVE-2022-4509
+ RESERVED
+CVE-2022-43494
+ RESERVED
+CVE-2022-38469
+ RESERVED
+CVE-2021-4245
+ RESERVED
CVE-2022-47449
RESERVED
CVE-2022-47448
@@ -1603,21 +1759,21 @@ CVE-2022-46883
RESERVED
CVE-2022-46882
RESERVED
- {DSA-5301-1}
+ {DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46882
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46882
CVE-2022-46881
RESERVED
- {DSA-5301-1}
+ {DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46881
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46881
CVE-2022-46880
RESERVED
- {DSA-5301-1}
+ {DSA-5301-1 DLA-3242-1 DLA-3241-1}
- thunderbird 1:102.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46880
CVE-2022-46879
@@ -1626,7 +1782,7 @@ CVE-2022-46879
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46879
CVE-2022-46878
RESERVED
- {DSA-5301-1}
+ {DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -1649,7 +1805,7 @@ CVE-2022-46875
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46875
CVE-2022-46874
RESERVED
- {DSA-5301-1}
+ {DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -1662,7 +1818,7 @@ CVE-2022-46873
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46873
CVE-2022-46872
RESERVED
- {DSA-5301-1}
+ {DSA-5301-1 DLA-3242-1 DLA-3241-1}
- firefox 108.0-1
- firefox-esr 102.6.0esr-1
- thunderbird 1:102.6.0-1
@@ -2240,34 +2396,34 @@ CVE-2022-46704
RESERVED
CVE-2022-46703
RESERVED
-CVE-2022-46702
- RESERVED
-CVE-2022-46701
- RESERVED
-CVE-2022-46700
- RESERVED
-CVE-2022-46699
- RESERVED
-CVE-2022-46698
- RESERVED
-CVE-2022-46697
- RESERVED
-CVE-2022-46696
- RESERVED
-CVE-2022-46695
- RESERVED
-CVE-2022-46694
- RESERVED
-CVE-2022-46693
- RESERVED
-CVE-2022-46692
- RESERVED
-CVE-2022-46691
- RESERVED
-CVE-2022-46690
- RESERVED
-CVE-2022-46689
- RESERVED
+CVE-2022-46702 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-46701 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2022-46700 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2022-46699 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2022-46698 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2022-46697 (An out-of-bounds access issue was addressed with improved bounds check ...)
+ TODO: check
+CVE-2022-46696 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2022-46695 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
+ TODO: check
+CVE-2022-46694 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2022-46693 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2022-46692 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2022-46691 (A memory consumption issue was addressed with improved memory handling ...)
+ TODO: check
+CVE-2022-46690 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2022-46689 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
CVE-2022-46688 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Ger ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-46687 (Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build d ...)
@@ -9524,8 +9680,8 @@ CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2022-44589
RESERVED
-CVE-2022-44588
- RESERVED
+CVE-2022-44588 (Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plu ...)
+ TODO: check
CVE-2022-44587
RESERVED
CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiL ...)
@@ -14180,8 +14336,8 @@ CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtif
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413
CVE-2021-46846 (Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integ ...)
NOT-FOR-US: HPE
-CVE-2020-36607
- RESERVED
+CVE-2020-36607 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remo ...)
+ TODO: check
CVE-2016-20017 (D-Link DSL-2750B devices before 1.05 allow remote unauthenticated comm ...)
NOT-FOR-US: D-Link
CVE-2016-20016 (MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108 ...)
@@ -15874,68 +16030,68 @@ CVE-2022-3459
RESERVED
CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource Manage ...)
NOT-FOR-US: SourceCodester
-CVE-2022-42867
- RESERVED
-CVE-2022-42866
- RESERVED
-CVE-2022-42865
- RESERVED
-CVE-2022-42864
- RESERVED
-CVE-2022-42863
- RESERVED
-CVE-2022-42862
- RESERVED
-CVE-2022-42861
- RESERVED
+CVE-2022-42867 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2022-42866 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2022-42865 (This issue was addressed by enabling hardened runtime. This issue is f ...)
+ TODO: check
+CVE-2022-42864 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2022-42863 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2022-42862 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ TODO: check
+CVE-2022-42861 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2022-42860
RESERVED
-CVE-2022-42859
- RESERVED
+CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...)
+ TODO: check
CVE-2022-42858
RESERVED
CVE-2022-42857
RESERVED
-CVE-2022-42856
- RESERVED
-CVE-2022-42855
- RESERVED
-CVE-2022-42854
- RESERVED
-CVE-2022-42853
- RESERVED
-CVE-2022-42852
- RESERVED
-CVE-2022-42851
- RESERVED
-CVE-2022-42850
- RESERVED
-CVE-2022-42849
- RESERVED
-CVE-2022-42848
- RESERVED
-CVE-2022-42847
- RESERVED
-CVE-2022-42846
- RESERVED
-CVE-2022-42845
- RESERVED
-CVE-2022-42844
- RESERVED
-CVE-2022-42843
- RESERVED
-CVE-2022-42842
- RESERVED
-CVE-2022-42841
- RESERVED
-CVE-2022-42840
- RESERVED
+CVE-2022-42856 (A type confusion issue was addressed with improved state handling. Thi ...)
+ TODO: check
+CVE-2022-42855 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2022-42854 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42853 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
+CVE-2022-42852 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42851 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42850 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42849 (An access issue existed with privileged API calls. This issue was addr ...)
+ TODO: check
+CVE-2022-42848 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2022-42847 (An out-of-bounds write issue was addressed with improved input validat ...)
+ TODO: check
+CVE-2022-42846 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42845 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42844 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42843 (This issue was addressed with improved data protection. This issue is ...)
+ TODO: check
+CVE-2022-42842 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2022-42841 (A type confusion issue was addressed with improved checks. This issue ...)
+ TODO: check
+CVE-2022-42840 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
CVE-2022-42839
RESERVED
CVE-2022-42838
RESERVED
-CVE-2022-42837
- RESERVED
+CVE-2022-42837 (An issue existed in the parsing of URLs. This issue was addressed with ...)
+ TODO: check
CVE-2022-42836
RESERVED
CVE-2022-42835
@@ -15972,8 +16128,8 @@ CVE-2022-42823 (A type confusion issue was addressed with improved memory handli
NOTE: https://webkitgtk.org/security/WSA-2022-0010.html
CVE-2022-42822
RESERVED
-CVE-2022-42821
- RESERVED
+CVE-2022-42821 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
CVE-2022-42820 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2022-42819 (An access issue was addressed with improved access restrictions. This ...)
@@ -16004,8 +16160,8 @@ CVE-2022-42807
RESERVED
CVE-2022-42806 (A race condition was addressed with improved locking. This issue is fi ...)
NOT-FOR-US: Apple
-CVE-2022-42805
- RESERVED
+CVE-2022-42805 (An integer overflow was addressed with improved input validation. This ...)
+ TODO: check
CVE-2022-42804
RESERVED
CVE-2022-42803 (A race condition was addressed with improved locking. This issue is fi ...)
@@ -22170,8 +22326,8 @@ CVE-2022-40375
RESERVED
CVE-2022-40374
RESERVED
-CVE-2022-40373
- RESERVED
+CVE-2022-40373 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remo ...)
+ TODO: check
CVE-2022-40372
RESERVED
CVE-2022-40371
@@ -23073,12 +23229,12 @@ CVE-2022-40004
RESERVED
CVE-2022-40003
RESERVED
-CVE-2022-40002
- RESERVED
-CVE-2022-40001
- RESERVED
-CVE-2022-40000
- RESERVED
+CVE-2022-40002 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...)
+ TODO: check
+CVE-2022-40001 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...)
+ TODO: check
+CVE-2022-40000 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...)
+ TODO: check
CVE-2022-39999
RESERVED
CVE-2022-39998
@@ -23210,61 +23366,61 @@ CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail
CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a de ...)
NOT-FOR-US: Apache Linkis
CVE-2022-39943
- RESERVED
+ REJECTED
CVE-2022-39942
- RESERVED
+ REJECTED
CVE-2022-39941
- RESERVED
+ REJECTED
CVE-2022-39940
- RESERVED
+ REJECTED
CVE-2022-39939
- RESERVED
+ REJECTED
CVE-2022-39938
- RESERVED
+ REJECTED
CVE-2022-39937
- RESERVED
+ REJECTED
CVE-2022-39936
- RESERVED
+ REJECTED
CVE-2022-39935
- RESERVED
+ REJECTED
CVE-2022-39934
- RESERVED
+ REJECTED
CVE-2022-39933
- RESERVED
+ REJECTED
CVE-2022-39932
- RESERVED
+ REJECTED
CVE-2022-39931
- RESERVED
+ REJECTED
CVE-2022-39930
- RESERVED
+ REJECTED
CVE-2022-39929
- RESERVED
+ REJECTED
CVE-2022-39928
- RESERVED
+ REJECTED
CVE-2022-39927
- RESERVED
+ REJECTED
CVE-2022-39926
- RESERVED
+ REJECTED
CVE-2022-39925
- RESERVED
+ REJECTED
CVE-2022-39924
- RESERVED
+ REJECTED
CVE-2022-39923
- RESERVED
+ REJECTED
CVE-2022-39922
- RESERVED
+ REJECTED
CVE-2022-39921
- RESERVED
+ REJECTED
CVE-2022-39920
- RESERVED
+ REJECTED
CVE-2022-39919
- RESERVED
+ REJECTED
CVE-2022-39918
- RESERVED
+ REJECTED
CVE-2022-39917
- RESERVED
+ REJECTED
CVE-2022-39916
- RESERVED
+ REJECTED
CVE-2022-39915 (Improper access control vulnerability in Calendar prior to versions 11 ...)
NOT-FOR-US: Samsung
CVE-2022-39914 (Exposure of Sensitive Information from an Unauthorized Actor vulnerabi ...)
@@ -29914,7 +30070,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...)
- {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-3175-1 DLA-3174-1}
+ {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-3243-1 DLA-3175-1 DLA-3174-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
@@ -42217,20 +42373,20 @@ CVE-2022-32950
RESERVED
CVE-2022-32949
RESERVED
-CVE-2022-32948
- RESERVED
+CVE-2022-32948 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
CVE-2022-32947 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32946 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
-CVE-2022-32945
- RESERVED
+CVE-2022-32945 (An access issue was addressed with additional sandbox restrictions on ...)
+ TODO: check
CVE-2022-32944 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
-CVE-2022-32943
- RESERVED
-CVE-2022-32942
- RESERVED
+CVE-2022-32943 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2022-32942 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
CVE-2022-32941 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2022-32940 (The issue was addressed with improved bounds checks. This issue is fix ...)
@@ -42284,8 +42440,8 @@ CVE-2022-32918 (This issue was addressed with improved data protection. This iss
NOT-FOR-US: Apple
CVE-2022-32917 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
-CVE-2022-32916
- RESERVED
+CVE-2022-32916 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
+ TODO: check
CVE-2022-32915 (A type confusion issue was addressed with improved checks. This issue ...)
NOT-FOR-US: Apple
CVE-2022-32914 (A use after free issue was addressed with improved memory management. ...)
@@ -42411,8 +42567,8 @@ CVE-2022-32862 (This issue was addressed with improved data protection. This iss
NOT-FOR-US: Apple
CVE-2022-32861 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
-CVE-2022-32860
- RESERVED
+CVE-2022-32860 (An out-of-bounds write was addressed with improved input validation. T ...)
+ TODO: check
CVE-2022-32859 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2022-32858 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -42465,8 +42621,8 @@ CVE-2022-32835 (This issue was addressed with improved entitlements. This issue
NOT-FOR-US: Apple
CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. This i ...)
NOT-FOR-US: Apple
-CVE-2022-32833
- RESERVED
+CVE-2022-32833 (An issue existed with the file paths used to store website data. The i ...)
+ TODO: check
CVE-2022-32832 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -42592,8 +42748,8 @@ CVE-2022-32771 (A cross-site scripting (xss) vulnerability exists in the footer
NOT-FOR-US: WWBN AVideo
CVE-2022-32770 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...)
NOT-FOR-US: WWBN AVideo
-CVE-2022-32763
- RESERVED
+CVE-2022-32763 (A cross-site scripting (xss) sanitization vulnerability bypass exists ...)
+ TODO: check
CVE-2022-30690 (A cross-site scripting (xss) vulnerability exists in the image403 func ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-28712 (A cross-site scripting (xss) vulnerability exists in the videoAddNew f ...)
@@ -42700,22 +42856,22 @@ CVE-2022-32740 (A reply to a forwarded email article by a 3rd party could uninte
CVE-2022-32739 (When Secure::DisableBanner system configuration has been disabled and ...)
NOT-FOR-US: OTRS
NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
-CVE-2022-32573
- RESERVED
+CVE-2022-32573 (A directory traversal vulnerability exists in the AssetActions.aspx ad ...)
+ TODO: check
CVE-2022-30605 (A privilege escalation vulnerability exists in the session id function ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...)
NOT-FOR-US: ESTsoft Alyac
-CVE-2022-29517
- RESERVED
-CVE-2022-29511
- RESERVED
+CVE-2022-29517 (A directory traversal vulnerability exists in the HelpdeskActions.aspx ...)
+ TODO: check
+CVE-2022-29511 (A directory traversal vulnerability exists in the KnowledgebasePageAct ...)
+ TODO: check
CVE-2022-29468 (A cross-site request forgery (CSRF) vulnerability exists in WWBN AVide ...)
NOT-FOR-US: WWBN AVideo
-CVE-2022-28703
- RESERVED
-CVE-2022-27498
- RESERVED
+CVE-2022-28703 (A stored cross-site scripting vulnerability exists in the HdConfigActi ...)
+ TODO: check
+CVE-2022-27498 (A directory traversal vulnerability exists in the TicketTemplateAction ...)
+ TODO: check
CVE-2022-2039 (The Free Live Chat Support plugin for WordPress is vulnerable to Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2038
@@ -43204,8 +43360,8 @@ CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfi
[bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2
-CVE-2022-32531
- RESERVED
+CVE-2022-32531 (The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does ...)
+ TODO: check
CVE-2022-2022 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...)
NOT-FOR-US: nocodb
CVE-2022-2021
@@ -45890,7 +46046,7 @@ CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using i
NOTE: Introduced by: https://github.com/php/php-src/commit/88b603768f8e5074ad5cbdccc1e0779089fac9d0 (php-7.4.0alpha2)
NOTE: Fixed by: https://github.com/php/php-src/commit/ac45ce85c8750a6fb9745093180674d029acc5bd (PHP-8.1.12)
CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...)
- {DSA-5277-1}
+ {DSA-5277-1 DLA-3243-1}
- php8.1 8.1.12-1 (bug #1021138)
- php7.4 <removed>
- php7.3 <removed>
@@ -45898,7 +46054,7 @@ CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerabil
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727
NOTE: https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca
CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...)
- {DSA-5277-1}
+ {DSA-5277-1 DLA-3243-1}
- php8.1 8.1.12-1 (bug #1021138)
- php7.4 <removed>
- php7.3 <removed>
@@ -45914,7 +46070,7 @@ CVE-2022-31627 (In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81723
NOTE: https://github.com/php/php-src/commit/ca6d511fa54b34d5b75bf120a86482a1b9e1e686
CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...)
- {DSA-5179-1}
+ {DSA-5179-1 DLA-3243-1}
- php8.1 8.1.7-1 (bug #1014533)
- php7.4 <removed>
- php7.3 <removed>
@@ -45924,7 +46080,7 @@ CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81719
NOTE: https://github.com/php/php-src/commit/58006537fc5f133ae8549efe5118cde418b3ace9 (php-7.4.30)
CVE-2022-31625 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...)
- {DSA-5179-1}
+ {DSA-5179-1 DLA-3243-1}
- php8.1 8.1.7-1 (bug #1014533)
- php7.4 <removed>
- php7.3 <removed>
@@ -54173,8 +54329,8 @@ CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace
CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...)
- apache-jena 4.5.0-1 (bug #1014982)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1
-CVE-2021-4226
- RESERVED
+CVE-2021-4226 (RSFirewall tries to identify the original IP address by looking at dif ...)
+ TODO: check
CVE-2022-28889 (In Apache Druid 0.22.1 and earlier, the server did not set appropriate ...)
- druid <itp> (bug #825797)
CVE-2022-1288 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -98145,12 +98301,12 @@ CVE-2021-39430
RESERVED
CVE-2021-39429
RESERVED
-CVE-2021-39428
- RESERVED
-CVE-2021-39427
- RESERVED
-CVE-2021-39426
- RESERVED
+CVE-2021-39428 (Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 ...)
+ TODO: check
+CVE-2021-39427 (Cross site scripting vulnerability in 188Jianzhan 2.10 allows attacker ...)
+ TODO: check
+CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11 ...)
+ TODO: check
CVE-2021-39425
RESERVED
CVE-2021-39424
@@ -105445,10 +105601,10 @@ CVE-2021-36575
RESERVED
CVE-2021-36574
RESERVED
-CVE-2021-36573
- RESERVED
-CVE-2021-36572
- RESERVED
+CVE-2021-36573 (File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to ...)
+ TODO: check
+CVE-2021-36572 (Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allow ...)
+ TODO: check
CVE-2021-36571
RESERVED
CVE-2021-36570
@@ -105784,12 +105940,14 @@ CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in G
NOTE: https://github.com/gpac/gpac/issues/1838
NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e (v2.0.0)
CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
+ {DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/302
NOTE: https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c
CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
+ {DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
@@ -105798,12 +105956,14 @@ CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-m
CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
NOT-FOR-US: Bitdefender
CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
+ {DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/300
NOTE: https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c
CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
+ {DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <no-dsa> (Minor issue)
@@ -108240,6 +108400,7 @@ CVE-2021-35454
CVE-2021-35453
RESERVED
CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...)
+ {DLA-3240-1}
- libde265 1.0.8-1.1 (bug #1014977)
[bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -113098,8 +113259,8 @@ CVE-2021-33422
RESERVED
CVE-2021-33421
RESERVED
-CVE-2021-33420
- RESERVED
+CVE-2021-33420 (A deserialization issue discovered in inikulin replicator before 1.0.4 ...)
+ TODO: check
CVE-2021-33419
RESERVED
CVE-2021-33418
@@ -142737,7 +142898,7 @@ CVE-2021-21708 (In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.
NOTE: Fixed in 8.1.3, 7.4.28
NOTE: PHP Bug: https://bugs.php.net/81708
CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...)
- {DSA-5082-1}
+ {DSA-5082-1 DLA-3243-1}
- php8.1 8.1.0-1
- php8.0 <removed>
- php7.4 7.4.26-1
@@ -167064,8 +167225,8 @@ CVE-2020-24857
RESERVED
CVE-2020-24856
RESERVED
-CVE-2020-24855
- RESERVED
+CVE-2020-24855 (Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allo ...)
+ TODO: check
CVE-2020-24854
RESERVED
CVE-2020-24853
@@ -174256,6 +174417,7 @@ CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weigh
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/strukturag/libde265/issues/243
CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
+ {DLA-3240-1}
- libde265 1.0.9-1 (bug #1014999)
[bullseye] - libde265 <no-dsa> (Minor issue)
[stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
@@ -175089,8 +175251,8 @@ CVE-2020-21221
RESERVED
CVE-2020-21220
RESERVED
-CVE-2020-21219
- RESERVED
+CVE-2020-21219 (Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Rel ...)
+ TODO: check
CVE-2020-21218
RESERVED
CVE-2020-21217
@@ -176405,10 +176567,10 @@ CVE-2020-20591
RESERVED
CVE-2020-20590
RESERVED
-CVE-2020-20589
- RESERVED
-CVE-2020-20588
- RESERVED
+CVE-2020-20589 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remo ...)
+ TODO: check
+CVE-2020-20588 (File upload vulnerability in function upload in action/Core.class.php ...)
+ TODO: check
CVE-2020-20587
RESERVED
CVE-2020-20586 (A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s= ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934ac975390cb6486c26cf2776685cae37861c42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934ac975390cb6486c26cf2776685cae37861c42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221215/c4a920dc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list