[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jul 17 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1f7e782e by security tracker role at 2022-07-17T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-36128
+ RESERVED
+CVE-2022-36127
+ RESERVED
+CVE-2022-2454
+ RESERVED
+CVE-2022-2453
+ RESERVED
+CVE-2022-2452
+ RESERVED
+CVE-2022-2451
+ RESERVED
CVE-2022-36126 (An issue was discovered in Inductive Automation Ignition before 7.9.20 ...)
TODO: check
CVE-2022-2450
@@ -20,8 +32,8 @@ CVE-2017-20139
RESERVED
CVE-2016-15003
RESERVED
-CVE-2015-10003
- RESERVED
+CVE-2015-10003 (A vulnerability, which was classified as problematic, was found in Fil ...)
+ TODO: check
CVE-2022-36125
RESERVED
CVE-2022-36124
@@ -648,8 +660,8 @@ CVE-2022-35863
RESERVED
CVE-2022-35862
RESERVED
-CVE-2022-35861
- RESERVED
+CVE-2022-35861 (pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a ...)
+ TODO: check
CVE-2022-35860
RESERVED
CVE-2022-35859
@@ -3588,8 +3600,8 @@ CVE-2022-2224
RESERVED
CVE-2022-2223
RESERVED
-CVE-2022-2222
- RESERVED
+CVE-2022-2222 (The Download Monitor WordPress plugin before 4.5.91 does not ensure th ...)
+ TODO: check
CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of Devolutio ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
CVE-2022-2220
@@ -4198,8 +4210,8 @@ CVE-2022-2196
RESERVED
CVE-2022-2195
RESERVED
-CVE-2022-2194
- RESERVED
+CVE-2022-2194 (The Accept Stripe Payments WordPress plugin before 2.0.64 does not san ...)
+ TODO: check
CVE-2019-25071 (A vulnerability was found in Apple iPhone up to 12.4.1. It has been de ...)
NOT-FOR-US: Apple iPhone
CVE-2022-34463
@@ -4446,10 +4458,10 @@ CVE-2022-2189
RESERVED
CVE-2022-2188
RESERVED
-CVE-2022-2187
- RESERVED
-CVE-2022-2186
- RESERVED
+CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not esca ...)
+ TODO: check
+CVE-2022-2186 (The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise ...)
+ TODO: check
CVE-2017-20097 (A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4 ...)
NOT-FOR-US: WordPress plugin
CVE-2017-20096 (A vulnerability classified as problematic has been found in WP-SpamFre ...)
@@ -4658,18 +4670,18 @@ CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
-CVE-2022-2173
- RESERVED
+CVE-2022-2173 (The Advanced Database Cleaner WordPress plugin before 3.1.1 does not e ...)
+ TODO: check
CVE-2022-2172
RESERVED
CVE-2022-2171
RESERVED
CVE-2022-2170
RESERVED
-CVE-2022-2169
- RESERVED
-CVE-2022-2168
- RESERVED
+CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 1.0.83 do ...)
+ TODO: check
+CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not escape a ...)
+ TODO: check
CVE-2022-2167
RESERVED
CVE-2022-34270
@@ -4962,22 +4974,22 @@ CVE-2022-2153
NOTE: https://git.kernel.org/linus/b1e34d325397a33d97d845e312d7cf2a8b646b44 (5.18-rc1)
CVE-2022-2152
RESERVED
-CVE-2022-2151
- RESERVED
+CVE-2022-2151 (The Best Contact Management Software WordPress plugin through 3.7.3 do ...)
+ TODO: check
CVE-2022-2150
RESERVED
-CVE-2022-2149
- RESERVED
-CVE-2022-2148
- RESERVED
+CVE-2022-2149 (The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanit ...)
+ TODO: check
+CVE-2022-2148 (The LinkedIn Company Updates WordPress plugin through 1.5.3 does not s ...)
+ TODO: check
CVE-2022-2147 (Cloudflare Warp for Windows from version 2022.2.95.0 contained an unqu ...)
NOT-FOR-US: Cloudflare Warp for Windows
-CVE-2022-2146
- RESERVED
+CVE-2022-2146 (The Import CSV Files WordPress plugin through 1.0 does not sanitise an ...)
+ TODO: check
CVE-2022-2145 (Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed cre ...)
NOT-FOR-US: Cloudflare WARP client for Windows
-CVE-2022-2144
- RESERVED
+CVE-2022-2144 (The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 d ...)
+ TODO: check
CVE-2022-34167 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-s ...)
NOT-FOR-US: IBM
CVE-2022-34166 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scr ...)
@@ -5018,8 +5030,8 @@ CVE-2022-2135
RESERVED
CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree prior to 0. ...)
NOT-FOR-US: inventree
-CVE-2022-2133
- RESERVED
+CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't valida ...)
+ TODO: check
CVE-2022-2132
RESERVED
CVE-2022-2131
@@ -5598,8 +5610,8 @@ CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provide
- dcmtk <unfixed> (bug #1014044)
[bullseye] - dcmtk <no-dsa> (Minor issue)
[buster] - dcmtk <no-dsa> (Minor issue)
-CVE-2022-2118
- RESERVED
+CVE-2022-2118 (The 404s WordPress plugin before 3.5.1 does not sanitise and escape it ...)
+ TODO: check
CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...)
- ffmpeg <not-affected> (Fixed before re-introduction to Debian as src:ffmpeg)
NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e42ccb9dbc13836cd52cda594f819d17af9afa2 (n2.2-rc1)
@@ -5720,8 +5732,8 @@ CVE-2022-2116
RESERVED
CVE-2022-2115
RESERVED
-CVE-2022-2114
- RESERVED
+CVE-2022-2114 (The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 ...)
+ TODO: check
CVE-2022-2113 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...)
NOT-FOR-US: inventree
CVE-2022-2112 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
@@ -5857,10 +5869,10 @@ CVE-2022-33870
RESERVED
CVE-2022-33869
RESERVED
-CVE-2022-2100
- RESERVED
-CVE-2022-2099
- RESERVED
+CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not sanitise and ...)
+ TODO: check
+CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored ...)
+ TODO: check
CVE-2022-2098 (Weak Password Requirements in GitHub repository kromitgmbh/titra prior ...)
NOT-FOR-US: Titra
CVE-2020-36549 (A vulnerability classified as critical was found in GE Voluson S8. Aff ...)
@@ -6108,8 +6120,8 @@ CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin
NOT-FOR-US: WordPress plugin
CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not implement nonc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2090
- RESERVED
+CVE-2022-2090 (The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does ...)
+ TODO: check
CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33758
@@ -9397,8 +9409,8 @@ CVE-2022-32322
RESERVED
CVE-2022-32321
RESERVED
-CVE-2022-32320
- RESERVED
+CVE-2022-32320 (A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium ...)
+ TODO: check
CVE-2022-32319
RESERVED
CVE-2022-32318 (Fast Food Ordering System v1.0 was discovered to contain a persistent ...)
@@ -10908,8 +10920,8 @@ CVE-2022-31795 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (C
NOT-FOR-US: Fujitsu
CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...)
NOT-FOR-US: Fujitsu
-CVE-2022-1933
- RESERVED
+CVE-2022-1933 (The CDI WordPress plugin before 5.1.9 does not sanitise and escape a p ...)
+ TODO: check
CVE-2022-1932
RESERVED
CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding. ...)
@@ -14634,8 +14646,7 @@ CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow. ...)
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4)
CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause ...)
NOT-FOR-US: OPC UA Legacy Java Stack
-CVE-2022-30550 [Privilege escalation possible in dovecot when imilar master and non-master passdbs are used]
- RESERVED
+CVE-2022-30550 (An issue was discovered in the auth component in Dovecot 2.2 and 2.3 b ...)
- dovecot <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/9
NOTE: https://github.com/dovecot/core/commit/7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904
@@ -14654,8 +14665,8 @@ CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp
NOTE: Negligible security impact; crash in CLI tool
CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1672
- RESERVED
+CVE-2022-1672 (The Insights from Google PageSpeed WordPress plugin before 4.0.7 does ...)
+ TODO: check
CVE-2022-1671
RESERVED
- linux 5.17.3-1
@@ -100634,8 +100645,8 @@ CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 3.2.4 do ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24655
- RESERVED
+CVE-2021-24655 (The WP User Manager WordPress plugin before 2.6.3 does not ensure that ...)
+ TODO: check
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
@@ -174671,8 +174682,8 @@ CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects
NOT-FOR-US: Node paypal-adaptive
CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The ...)
NOT-FOR-US: Node lazysizes
-CVE-2020-7641
- RESERVED
+CVE-2020-7641 (This affects all versions of package grunt-util-property. The function ...)
+ TODO: check
CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary commands. The ...)
NOT-FOR-US: Node pixl-class
CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7e782eea22fec7ab83ffb415fcedb108698ed2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7e782eea22fec7ab83ffb415fcedb108698ed2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220717/2b41db68/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list