[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 22 21:10:35 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
858f73d1 by security tracker role at 2022-07-22T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2022-36407
+ RESERVED
+CVE-2022-36389
+ RESERVED
+CVE-2022-36386
+ RESERVED
+CVE-2022-36379
+ RESERVED
+CVE-2022-36378
+ RESERVED
+CVE-2022-36375
+ RESERVED
+CVE-2022-36371
+ RESERVED
+CVE-2022-36357
+ RESERVED
+CVE-2022-36346
+ RESERVED
+CVE-2022-36344
+ RESERVED
+CVE-2022-36343
+ RESERVED
+CVE-2022-36341
+ RESERVED
+CVE-2022-36296
+ RESERVED
+CVE-2022-36292
+ RESERVED
+CVE-2022-36288
+ RESERVED
+CVE-2022-36285
+ RESERVED
+CVE-2022-36284
+ RESERVED
+CVE-2022-36282
+ RESERVED
+CVE-2022-35882
+ RESERVED
+CVE-2022-34868
+ RESERVED
+CVE-2022-34867
+ RESERVED
+CVE-2022-34857
+ RESERVED
+CVE-2022-34658
+ RESERVED
+CVE-2022-34656
+ RESERVED
+CVE-2022-34648
+ RESERVED
+CVE-2022-34344
+ RESERVED
+CVE-2022-34154
+ RESERVED
+CVE-2022-33970
+ RESERVED
+CVE-2022-33969
+ RESERVED
+CVE-2022-33943
+ RESERVED
+CVE-2022-33201
+ RESERVED
+CVE-2022-33142
+ RESERVED
+CVE-2022-2515
+ RESERVED
+CVE-2022-2514
+ RESERVED
+CVE-2022-2513
+ RESERVED
+CVE-2022-2512
+ RESERVED
+CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...)
+ TODO: check
+CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" ...)
+ TODO: check
CVE-2019-XXXX [djangorestframework XSS]
- djangorestframework 3.10.2-1
[buster] - djangorestframework 3.9.0-1+deb10u1
@@ -210,22 +286,27 @@ CVE-2022-2482
RESERVED
CVE-2022-2481
RESERVED
+ {DSA-5187-1}
- chromium 103.0.5060.134-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2480
RESERVED
+ {DSA-5187-1}
- chromium 103.0.5060.134-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2479
RESERVED
+ {DSA-5187-1}
- chromium 103.0.5060.134-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2478
RESERVED
+ {DSA-5187-1}
- chromium 103.0.5060.134-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2477
RESERVED
+ {DSA-5187-1}
- chromium 103.0.5060.134-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-36305 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...)
@@ -258,8 +339,8 @@ CVE-2022-2472
RESERVED
CVE-2022-2471
RESERVED
-CVE-2022-2470
- RESERVED
+CVE-2022-2470 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
+ TODO: check
CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious authen ...)
- gsasl 2.0.1-1
NOTE: Advisory: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00001.html
@@ -627,8 +708,8 @@ CVE-2022-36133
RESERVED
CVE-2022-36132
RESERVED
-CVE-2022-36131
- RESERVED
+CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to s ...)
+ TODO: check
CVE-2022-36130
RESERVED
CVE-2022-36129
@@ -665,16 +746,16 @@ CVE-2022-2448
RESERVED
CVE-2022-2447
RESERVED
-CVE-2017-20143
- RESERVED
-CVE-2017-20142
- RESERVED
-CVE-2017-20141
- RESERVED
-CVE-2017-20140
- RESERVED
-CVE-2017-20139
- RESERVED
+CVE-2017-20143 (A vulnerability, which was classified as critical, has been found in I ...)
+ TODO: check
+CVE-2017-20142 (A vulnerability classified as critical was found in Itech Movie Portal ...)
+ TODO: check
+CVE-2017-20141 (A vulnerability classified as critical has been found in Itech Movie P ...)
+ TODO: check
+CVE-2017-20140 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...)
+ TODO: check
+CVE-2017-20139 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...)
+ TODO: check
CVE-2016-15003 (A vulnerability has been found in FileZilla Client 3.17.0.0 and classi ...)
- filezilla <not-affected> (Installer not relevant to Debian)
CVE-2015-10003 (A vulnerability, which was classified as problematic, was found in Fil ...)
@@ -2731,8 +2812,8 @@ CVE-2022-2329
RESERVED
CVE-2022-2328
RESERVED
-CVE-2022-2327
- RESERVED
+CVE-2022-2327 (io_uring use work_flags to determine which identity need to grab from ...)
+ TODO: check
CVE-2022-2326
RESERVED
CVE-2022-35234
@@ -3294,12 +3375,12 @@ CVE-2022-34985
RESERVED
CVE-2022-34984
RESERVED
-CVE-2022-34983
- RESERVED
-CVE-2022-34982
- RESERVED
-CVE-2022-34981
- RESERVED
+CVE-2022-34983 (The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execu ...)
+ TODO: check
+CVE-2022-34982 (The eziod package in PyPI before v0.0.1 included a code execution back ...)
+ TODO: check
+CVE-2022-34981 (The PyCrowdTangle package in PyPI before v0.0.1 included a code execut ...)
+ TODO: check
CVE-2022-34980
RESERVED
CVE-2022-34979
@@ -3663,12 +3744,12 @@ CVE-2022-34870
RESERVED
CVE-2022-34858
RESERVED
-CVE-2022-34853
- RESERVED
+CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) Persistent Cr ...)
+ TODO: check
CVE-2022-34847
RESERVED
-CVE-2022-34839
- RESERVED
+CVE-2022-34839 (Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server ...)
+ TODO: check
CVE-2022-34838
RESERVED
CVE-2022-34837
@@ -3677,8 +3758,8 @@ CVE-2022-34836
RESERVED
CVE-2022-34654
RESERVED
-CVE-2022-34650
- RESERVED
+CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
+ TODO: check
CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34347
@@ -3695,16 +3776,16 @@ CVE-2022-33965
RESERVED
CVE-2022-33961
RESERVED
-CVE-2022-33960
- RESERVED
-CVE-2022-33901
- RESERVED
+CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
+ TODO: check
+CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...)
+ TODO: check
CVE-2022-33900
RESERVED
CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob Adhik ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-33191
- RESERVED
+CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
+ TODO: check
CVE-2022-33177
RESERVED
CVE-2022-32970
@@ -3713,16 +3794,16 @@ CVE-2022-32776
RESERVED
CVE-2022-32587
RESERVED
-CVE-2022-30998
- RESERVED
+CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...)
+ TODO: check
CVE-2022-30705
RESERVED
-CVE-2022-29495
- RESERVED
+CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...)
+ TODO: check
CVE-2022-29489
RESERVED
-CVE-2022-27235
- RESERVED
+CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share Buttons ...)
+ TODO: check
CVE-2022-26366
RESERVED
CVE-2022-25952
@@ -4592,8 +4673,8 @@ CVE-2022-34522
RESERVED
CVE-2022-34521
RESERVED
-CVE-2022-34520
- RESERVED
+CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ...)
+ TODO: check
CVE-2022-34519
RESERVED
CVE-2022-34518
@@ -4614,8 +4695,8 @@ CVE-2022-34511
RESERVED
CVE-2022-34510
RESERVED
-CVE-2022-34509
- RESERVED
+CVE-2022-34509 (The wikifaces package in PyPI v1.0 included a code execution backdoor ...)
+ TODO: check
CVE-2022-34508
RESERVED
CVE-2022-34507
@@ -4626,14 +4707,14 @@ CVE-2022-34505
RESERVED
CVE-2022-34504
RESERVED
-CVE-2022-34503
- RESERVED
-CVE-2022-34502
- RESERVED
-CVE-2022-34501
- RESERVED
-CVE-2022-34500
- RESERVED
+CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via the f ...)
+ TODO: check
+CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...)
+ TODO: check
+CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...)
+ TODO: check
+CVE-2022-34500 (The bin-collect package in PyPI before v0.1 included a code execution ...)
+ TODO: check
CVE-2022-34499
RESERVED
CVE-2022-34498
@@ -4670,8 +4751,8 @@ CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25
NOTE: https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa (v8.2.5164)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-2209
- RESERVED
+CVE-2022-2209 (io_uring uses work_flags to determine which identity need to grab from ...)
+ TODO: check
CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.516 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1
@@ -5581,7 +5662,7 @@ CVE-2022-2164
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2163
RESERVED
- {DSA-5168-1}
+ {DSA-5187-1 DSA-5168-1}
- chromium 103.0.5060.53-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -5674,24 +5755,24 @@ CVE-2022-34159
RESERVED
CVE-2022-34158
RESERVED
-CVE-2022-2143
- RESERVED
-CVE-2022-2142
- RESERVED
+CVE-2022-2143 (The affected product is vulnerable to two instances of command injecti ...)
+ TODO: check
+CVE-2022-2142 (The affected product is vulnerable to a SQL injection with high attack ...)
+ TODO: check
CVE-2022-2141 (SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker wi ...)
NOT-FOR-US: MiCODUS
CVE-2022-2140 (Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable inpu ...)
NOT-FOR-US: Elcomplus SmartICS
-CVE-2022-2139
- RESERVED
-CVE-2022-2138
- RESERVED
-CVE-2022-2137
- RESERVED
-CVE-2022-2136
- RESERVED
-CVE-2022-2135
- RESERVED
+CVE-2022-2139 (The affected product is vulnerable to directory traversal, which may a ...)
+ TODO: check
+CVE-2022-2138 (The affected product is vulnerable due to missing authentication, whic ...)
+ TODO: check
+CVE-2022-2137 (The affected product is vulnerable to two SQL injections that require ...)
+ TODO: check
+CVE-2022-2136 (The affected product is vulnerable to multiple SQL injections that req ...)
+ TODO: check
+CVE-2022-2135 (The affected product is vulnerable to multiple SQL injections, which m ...)
+ TODO: check
CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree prior to 0. ...)
NOT-FOR-US: inventree
CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't valida ...)
@@ -5925,8 +6006,8 @@ CVE-2022-34039
RESERVED
CVE-2022-34038
RESERVED
-CVE-2022-34037
- RESERVED
+CVE-2022-34037 (An out-of-bounds read in the rewrite function at /modules/caddyhttp/re ...)
+ TODO: check
CVE-2022-34036
RESERVED
CVE-2022-34035 (HTMLDoc v1.9.12 and below was discovered to contain a heap overflow vi ...)
@@ -13466,8 +13547,8 @@ CVE-2022-31170 (OpenZeppelin Contracts is a library for smart contract developme
NOT-FOR-US: OpenZeppelin Contracts
CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wa ...)
TODO: check
-CVE-2022-31168
- RESERVED
+CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect authorizat ...)
+ TODO: check
CVE-2022-31167
RESERVED
CVE-2022-31166
@@ -15434,8 +15515,7 @@ CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (&
NOT-FOR-US: Jupiter Theme
CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logge ...)
NOT-FOR-US: JupiterX Theme
-CVE-2022-1655
- RESERVED
+CVE-2022-1655 (An Incorrect Permission Assignment for Critical Resource flaw was foun ...)
- horizon <not-affected> (Red Hat-specific packaging issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2075681
NOTE: Seems to be specific to the way Red Hat distributes Horizon, the Debian
@@ -20345,10 +20425,10 @@ CVE-2022-28881
RESERVED
CVE-2022-28880
RESERVED
-CVE-2022-28879
- RESERVED
-CVE-2022-28878
- RESERVED
+CVE-2022-28879 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ TODO: check
+CVE-2022-28878 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
+ TODO: check
CVE-2022-28877 (This vulnerability allows local user to delete arbitrary file in the s ...)
TODO: check
CVE-2022-28876 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
@@ -71975,8 +72055,8 @@ CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Cont
NOT-FOR-US: Johnson Controls Metasys
CVE-2021-36201
RESERVED
-CVE-2021-36200
- RESERVED
+CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...)
+ TODO: check
CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...)
NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...)
@@ -130747,6 +130827,7 @@ CVE-2020-25628 (The filter in the tag manager required extra sanitizing to preve
CVE-2020-25627 (The moodlenetprofile user profile field required extra sanitizing to p ...)
- moodle <removed>
CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0 and b ...)
+ {DSA-5186-1}
- djangorestframework 3.12.1-1 (bug #971554)
[stretch] - djangorestframework <no-dsa> (Minor issue)
NOTE: https://github.com/encode/django-rest-framework/commit/ae649336b110afe21b9429f2554052f31a9dfaf9
@@ -156995,8 +157076,8 @@ CVE-2020-14128
RESERVED
CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
NOT-FOR-US: Xiaomi
-CVE-2020-14126
- RESERVED
+CVE-2020-14126 (Information leakage vulnerability exists in the Mi Sound APP. This vul ...)
+ TODO: check
CVE-2020-14125 (A denial of service vulnerability exists in some Xiaomi models of phon ...)
NOT-FOR-US: Xiaomi
CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...)
@@ -157019,8 +157100,8 @@ CVE-2020-14116 (An intent redirection vulnerability in the Mi Browser product. T
NOT-FOR-US: Xiaomi
CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router AX3600. ...)
NOT-FOR-US: Xiaomi
-CVE-2020-14114
- RESERVED
+CVE-2020-14114 (information leakage vulnerability exists in the Xiaomi SmartHome APP. ...)
+ TODO: check
CVE-2020-14113
RESERVED
CVE-2020-14112 (Information Leak Vulnerability exists in the Xiaomi Router AX6000. The ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/858f73d1097f500bd9f6476599c4fe8869b4885f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/858f73d1097f500bd9f6476599c4fe8869b4885f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220722/37d966e9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list