[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 4 21:10:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
abdf38c1 by security tracker role at 2022-07-04T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2022-34917
+ RESERVED
+CVE-2022-34916
+ RESERVED
+CVE-2022-2306
+ RESERVED
+CVE-2022-2305
+ RESERVED
+CVE-2022-2304
+ RESERVED
+CVE-2022-2303
+ RESERVED
+CVE-2022-2302
+ RESERVED
+CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. ...)
+ TODO: check
+CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+ TODO: check
+CVE-2022-2299
+ RESERVED
CVE-2022-2298
RESERVED
CVE-2022-2297
@@ -273,8 +293,8 @@ CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions sta
TODO: check
CVE-2022-2269
RESERVED
-CVE-2022-2268
- RESERVED
+CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...)
+ TODO: check
CVE-2022-2267
RESERVED
CVE-2022-2266
@@ -607,6 +627,7 @@ CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE af
TODO: check
CVE-2022-2226
RESERVED
+ {DSA-5175-1}
- thunderbird 1:91.11.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226
CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel Booki ...)
@@ -1251,7 +1272,7 @@ CVE-2022-2201
RESERVED
CVE-2022-2200
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -1266,7 +1287,7 @@ CVE-2022-34485
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34485
CVE-2022-34484
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -1283,7 +1304,7 @@ CVE-2022-34482
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34482
CVE-2022-34481
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -1296,7 +1317,7 @@ CVE-2022-34480
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34480
CVE-2022-34479
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -1333,7 +1354,7 @@ CVE-2022-34473
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34473
CVE-2022-34472
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -1346,7 +1367,7 @@ CVE-2022-34471
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34471
CVE-2022-34470
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -1359,7 +1380,7 @@ CVE-2022-34469
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34469
CVE-2022-34468
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 102.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -1866,8 +1887,7 @@ CVE-2022-34267
RESERVED
CVE-2022-34266
RESERVED
-CVE-2022-34265 [Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments]
- RESERVED
+CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...)
- python-django <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/2
NOTE: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
@@ -4503,8 +4523,8 @@ CVE-2022-33173
RESERVED
CVE-2022-33172
RESERVED
-CVE-2022-33171
- RESERVED
+CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either ...)
+ TODO: check
CVE-2022-33170
RESERVED
CVE-2022-33169
@@ -7019,8 +7039,8 @@ CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050)
-CVE-2022-1967
- RESERVED
+CVE-2022-1967 (The WP Championship WordPress plugin before 9.3 is lacking CSRF checks ...)
+ TODO: check
CVE-2022-1966
REJECTED
CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...)
@@ -7895,8 +7915,8 @@ CVE-2022-1948
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...)
NOT-FOR-US: Trudesk
-CVE-2022-1946
- RESERVED
+CVE-2022-1946 (The Gallery WordPress plugin before 2.0.0 does not sanitise and escape ...)
+ TODO: check
CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...)
- apache2 2.4.54-1 (bug #1012513)
[bullseye] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
@@ -8235,7 +8255,7 @@ CVE-2022-31745
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745
CVE-2022-31744
RESERVED
- {DSA-5172-1 DLA-3064-1}
+ {DSA-5175-1 DSA-5172-1 DLA-3064-1}
- firefox 101.0-1
- firefox-esr 91.11.0esr-1
- thunderbird 1:91.11.0-1
@@ -13597,8 +13617,8 @@ CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin
NOT-FOR-US: RAD-ISM-900-EN
CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...)
NOT-FOR-US: RAD-ISM-900-EN
-CVE-2022-29892
- RESERVED
+CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...)
+ TODO: check
CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...)
- tomcat9 9.0.63-1
[bullseye] - tomcat9 <postponed> (Minor issue)
@@ -13635,34 +13655,34 @@ CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions
NOT-FOR-US: Siemens
CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...)
NOT-FOR-US: Koyo Screen Creator Advance2
-CVE-2022-29513
- RESERVED
-CVE-2022-29484
- RESERVED
-CVE-2022-29471
- RESERVED
-CVE-2022-29467
- RESERVED
-CVE-2022-28718
- RESERVED
-CVE-2022-28713
- RESERVED
-CVE-2022-28692
- RESERVED
-CVE-2022-27807
- RESERVED
-CVE-2022-27803
- RESERVED
-CVE-2022-27661
- RESERVED
-CVE-2022-27627
- RESERVED
-CVE-2022-26368
- RESERVED
-CVE-2022-26054
- RESERVED
-CVE-2022-26051
- RESERVED
+CVE-2022-29513 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10. ...)
+ TODO: check
+CVE-2022-29484 (Operation restriction bypass vulnerability in Space of Cybozu Garoon 4 ...)
+ TODO: check
+CVE-2022-29471 (Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon a ...)
+ TODO: check
+CVE-2022-29467 (Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to ...)
+ TODO: check
+CVE-2022-28718 (Operation restriction bypass vulnerability in Bulletin of Cybozu Garoo ...)
+ TODO: check
+CVE-2022-28713 (Improper authentication vulnerability in Scheduler of Cybozu Garoon 4. ...)
+ TODO: check
+CVE-2022-28692 (Improper input validation vulnerability in Scheduler of Cybozu Garoon ...)
+ TODO: check
+CVE-2022-27807 (Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 ...)
+ TODO: check
+CVE-2022-27803 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...)
+ TODO: check
+CVE-2022-27661 (Operation restriction bypass vulnerability in Workflow of Cybozu Garoo ...)
+ TODO: check
+CVE-2022-27627 (Cross-site scripting vulnerability in Organization's Information of Cy ...)
+ TODO: check
+CVE-2022-26368 (Browse restriction bypass and operation restriction bypass vulnerabili ...)
+ TODO: check
+CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Garoon 4. ...)
+ TODO: check
+CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...)
+ TODO: check
CVE-2022-1525
RESERVED
CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...)
@@ -16276,8 +16296,8 @@ CVE-2022-1303 (The Slide Anything WordPress plugin before 2.3.44 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...)
NOT-FOR-US: MZ Automation LibIEC61850
-CVE-2022-1301
- RESERVED
+CVE-2022-1301 (The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize ...)
+ TODO: check
CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service function ...)
NOT-FOR-US: TRUMPF TruTops
CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize and esc ...)
@@ -28897,14 +28917,14 @@ CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication by
NOTE: https://github.com/OpenVPN/openvpn/commit/58ec3bb4aac77131118dbbc39a65181e7847adee (v2.4.12)
NOTE: https://github.com/OpenVPN/openvpn/commit/af3e382649d96ae77cc5e42be8270f355e5cfec5 (v2.5.6)
CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...)
- {DLA-3060-1}
+ {DSA-5176-1 DLA-3060-1}
- blender 3.1.2+dfsg-1
NOTE: Issue: https://developer.blender.org/T94572
NOTE: Patch: https://developer.blender.org/D11952
NOTE: https://developer.blender.org/rB77616082f44da5258faf9ec0d53618c721b88c62 (v3.1.0)
NOTE: https://developer.blender.org/rB1ee4e6bf31ff32f87f9cd1eafa548d6811794380 (v2.93.9)
CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads to a w ...)
- {DLA-3060-1}
+ {DSA-5176-1 DLA-3060-1}
- blender 3.1.2+dfsg-1
NOTE: Issue: https://developer.blender.org/T94629
NOTE: Patch: https://developer.blender.org/D13744
@@ -28912,7 +28932,7 @@ CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads t
NOTE: https://developer.blender.org/rBe07f16776bca5e9494e6b143170f31d5eeb160ce (v2.93.8)
NOTE: https://developer.blender.org/rB63fdcbb5889e31b5f07d8d5c8e923cc57900fe1b (v2.83.19)
CVE-2022-0544 (An integer underflow in the DDS loader of Blender leads to an out-of-b ...)
- {DLA-3060-1}
+ {DSA-5176-1 DLA-3060-1}
- blender 3.1.2+dfsg-1
NOTE: Issue: https://developer.blender.org/T94661
NOTE: https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816 (v3.1.0)
@@ -33908,8 +33928,8 @@ CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the jso
NOT-FOR-US: WordPress plugin
CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2022-0250
- RESERVED
+CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does ...)
+ TODO: check
CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...)
- gitlab <unfixed>
CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...)
@@ -96612,7 +96632,7 @@ CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat ve
NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1
NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43)
NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63)
-CVE-2021-25121 (The Rating by BestWebSoft WordPress plugin through 1.5 does not valida ...)
+CVE-2021-25121 (The Rating by BestWebSoft WordPress plugin before 1.6 does not validat ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do no ...)
NOT-FOR-US: WordPress plugin
@@ -96722,8 +96742,8 @@ CVE-2021-25068 (The Sync WooCommerce Product feed to Google Shopping WordPress p
NOT-FOR-US: WordPress plugin
CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25066
- RESERVED
+CVE-2021-25066 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not s ...)
+ TODO: check
CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25064 (The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize us ...)
@@ -96742,8 +96762,8 @@ CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25056
- RESERVED
+CVE-2021-25056 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not s ...)
+ TODO: check
CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...)
@@ -97884,7 +97904,7 @@ CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any
NOT-FOR-US: WordPress plugin
CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...)
+CVE-2021-24485 (The Special Text Boxes WordPress plugin before 5.9.110 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abdf38c13878c7d802bd66cea91e0d3f4ceffc2f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abdf38c13878c7d802bd66cea91e0d3f4ceffc2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/1d9dc739/attachment.htm>
More information about the debian-security-tracker-commits
mailing list