[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 6 21:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
68682047 by security tracker role at 2022-06-06T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2022-32498
+ RESERVED
+CVE-2022-32497
+ RESERVED
+CVE-2022-32496
+ RESERVED
+CVE-2022-32495
+ RESERVED
+CVE-2022-32494
+ RESERVED
+CVE-2022-32493
+ RESERVED
+CVE-2022-32492
+ RESERVED
+CVE-2022-32491
+ RESERVED
+CVE-2022-32490
+ RESERVED
+CVE-2022-32489
+ RESERVED
+CVE-2022-32488
+ RESERVED
+CVE-2022-32487
+ RESERVED
+CVE-2022-32486
+ RESERVED
+CVE-2022-32485
+ RESERVED
+CVE-2022-32484
+ RESERVED
+CVE-2022-32483
+ RESERVED
+CVE-2022-32482
+ RESERVED
+CVE-2022-32481
+ RESERVED
+CVE-2022-32480
+ RESERVED
+CVE-2022-32479
+ RESERVED
+CVE-2022-32478
+ RESERVED
+CVE-2022-32477
+ RESERVED
+CVE-2022-32476
+ RESERVED
+CVE-2022-32475
+ RESERVED
+CVE-2022-32474
+ RESERVED
+CVE-2022-32473
+ RESERVED
+CVE-2022-32472
+ RESERVED
+CVE-2022-32471
+ RESERVED
+CVE-2022-32470
+ RESERVED
+CVE-2022-32469
+ RESERVED
+CVE-2022-32468
+ RESERVED
+CVE-2022-32467
+ RESERVED
+CVE-2022-32466
+ RESERVED
+CVE-2022-32465
+ RESERVED
+CVE-2022-32464
+ RESERVED
+CVE-2022-32463
+ RESERVED
+CVE-2022-32462
+ RESERVED
+CVE-2022-32461
+ RESERVED
+CVE-2022-32460
+ RESERVED
+CVE-2022-32459
+ RESERVED
+CVE-2022-32458
+ RESERVED
+CVE-2022-32457
+ RESERVED
+CVE-2022-32456
+ RESERVED
+CVE-2022-30707
+ RESERVED
+CVE-2022-30532
+ RESERVED
+CVE-2022-29890
+ RESERVED
+CVE-2022-2000
+ RESERVED
+CVE-2022-1999
+ RESERVED
+CVE-2022-1998
+ RESERVED
+CVE-2022-1997 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
+ TODO: check
+CVE-2022-1996 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
+ TODO: check
+CVE-2022-1995
+ RESERVED
+CVE-2022-1994
+ RESERVED
+CVE-2017-20045
+ RESERVED
+CVE-2017-20044
+ RESERVED
+CVE-2017-20043
+ RESERVED
+CVE-2017-20042
+ RESERVED
+CVE-2017-20041
+ RESERVED
CVE-2022-32452
RESERVED
CVE-2022-32451
@@ -461,8 +577,8 @@ CVE-2022-32277
RESERVED
CVE-2022-32276
RESERVED
-CVE-2022-32275
- RESERVED
+CVE-2022-32275 (Grafana 8.4.3 allows reading files via (for example) a /dashboard/snap ...)
+ TODO: check
CVE-2022-31472
RESERVED
CVE-2022-29521
@@ -691,8 +807,7 @@ CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050)
CVE-2022-1967
RESERVED
-CVE-2022-1966
- RESERVED
+CVE-2022-1966 (A use-after-free vulnerability was found in the Linux kernel's Netfilt ...)
- linux 5.18.2-1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/31/1
NOTE: https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd
@@ -1566,8 +1681,7 @@ CVE-2022-31800
RESERVED
CVE-2022-1945
RESERVED
-CVE-2022-1944
- RESERVED
+CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
@@ -1587,8 +1701,7 @@ CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043)
CVE-2022-1941
RESERVED
-CVE-2022-1940
- RESERVED
+CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration in Git ...)
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1939
@@ -1628,13 +1741,11 @@ CVE-2022-31798
RESERVED
CVE-2022-31797
RESERVED
-CVE-2022-1936
- RESERVED
+CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
-CVE-2022-1935
- RESERVED
+CVE-2022-1935 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
@@ -1730,8 +1841,8 @@ CVE-2022-31770
RESERVED
CVE-2022-31769
RESERVED
-CVE-2022-31768
- RESERVED
+CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
+ TODO: check
CVE-2022-31767
RESERVED
CVE-2022-31766
@@ -2263,7 +2374,7 @@ CVE-2022-1884
RESERVED
CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...)
NOT-FOR-US: camptocamp/terraboard
-CVE-2022-1882 (A flaw use after free in the Linux kernel pipes functionality was foun ...)
+CVE-2022-1882 (A use-after-free flaw was found in the Linux kernel’s pipes func ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -2721,8 +2832,8 @@ CVE-2022-31495
RESERVED
CVE-2022-31494
RESERVED
-CVE-2022-31493
- RESERVED
+CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. ...)
+ TODO: check
CVE-2022-31492
RESERVED
CVE-2022-31491
@@ -2735,22 +2846,22 @@ CVE-2022-31488 (Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/updat
NOT-FOR-US: Inout Blockchain AltExchanger
CVE-2022-31487 (Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger ...)
NOT-FOR-US: Inout Blockchain AltExchanger
-CVE-2022-31486
- RESERVED
-CVE-2022-31485
- RESERVED
-CVE-2022-31484
- RESERVED
-CVE-2022-31483
- RESERVED
-CVE-2022-31482
- RESERVED
-CVE-2022-31481
- RESERVED
-CVE-2022-31480
- RESERVED
-CVE-2022-31479
- RESERVED
+CVE-2022-31486 (An authenticated attacker can send a specially crafted route to the &# ...)
+ TODO: check
+CVE-2022-31485 (An unauthenticated attacker can send a specially crafted packets to up ...)
+ TODO: check
+CVE-2022-31484 (An unauthenticated attacker can send a specially crafted network packe ...)
+ TODO: check
+CVE-2022-31483 (An authenticated attacker can upload a file with a filename including ...)
+ TODO: check
+CVE-2022-31482 (An unauthenticated attacker can send a specially crafted unauthenticat ...)
+ TODO: check
+CVE-2022-31481 (An unauthenticated attacker can send a specially crafted update file t ...)
+ TODO: check
+CVE-2022-31480 (An unauthenticated attacker could arbitrarily upload firmware files to ...)
+ TODO: check
+CVE-2022-31479 (An unauthenticated attacker can update the hostname with a specially c ...)
+ TODO: check
CVE-2022-31478
RESERVED
CVE-2022-1841
@@ -3210,8 +3321,7 @@ CVE-2022-1823
RESERVED
CVE-2022-1822
RESERVED
-CVE-2022-1821
- RESERVED
+CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
@@ -3920,8 +4030,7 @@ CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.497
NOTE: https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977)
CVE-2022-1784 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1783
- RESERVED
+CVE-2022-1783 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...)
@@ -4437,14 +4546,14 @@ CVE-2022-30865
RESERVED
CVE-2022-30864
RESERVED
-CVE-2022-30863
- RESERVED
+CVE-2022-30863 (FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_ti ...)
+ TODO: check
CVE-2022-30862
RESERVED
-CVE-2022-30861
- RESERVED
-CVE-2022-30860
- RESERVED
+CVE-2022-30861 (FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in For ...)
+ TODO: check
+CVE-2022-30860 (FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload F ...)
+ TODO: check
CVE-2022-30859
RESERVED
CVE-2022-30858
@@ -4675,7 +4784,7 @@ CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows r
- webmin <removed>
CVE-2022-1717
RESERVED
-CVE-2022-1716 (An attacker with physical access to the victim's device can bypass the ...)
+CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...)
TODO: check
CVE-2022-30703
RESERVED
@@ -4715,14 +4824,14 @@ CVE-2022-1714 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2
NOTE: https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1712
- RESERVED
+CVE-2022-1712 (The LiveSync for WordPress plugin through 1.0 does not have CSRF check ...)
+ TODO: check
CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1710
RESERVED
-CVE-2022-1709
- RESERVED
+CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF ...)
+ TODO: check
CVE-2022-1708
RESERVED
CVE-2022-1707
@@ -4976,32 +5085,32 @@ CVE-2022-1697
RESERVED
CVE-2022-1696
RESERVED
-CVE-2022-1695
- RESERVED
+CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...)
+ TODO: check
CVE-2022-1694
RESERVED
CVE-2022-1693
RESERVED
-CVE-2022-1692
- RESERVED
-CVE-2022-1691
- RESERVED
-CVE-2022-1690
- RESERVED
-CVE-2022-1689
- RESERVED
-CVE-2022-1688
- RESERVED
-CVE-2022-1687
- RESERVED
-CVE-2022-1686
- RESERVED
-CVE-2022-1685
- RESERVED
-CVE-2022-1684
- RESERVED
-CVE-2022-1683
- RESERVED
+CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before 1.0.68 does ...)
+ TODO: check
+CVE-2022-1691 (The Realty Workstation WordPress plugin through 1.0.6 does not sanitis ...)
+ TODO: check
+CVE-2022-1690 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...)
+ TODO: check
+CVE-2022-1689 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...)
+ TODO: check
+CVE-2022-1688 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...)
+ TODO: check
+CVE-2022-1687 (The Logo Slider WordPress plugin through 1.4.8 does not sanitise and e ...)
+ TODO: check
+CVE-2022-1686 (The Five Minute Webshop WordPress plugin through 1.3.2 does not saniti ...)
+ TODO: check
+CVE-2022-1685 (The Five Minute Webshop WordPress plugin through 1.3.2 does not proper ...)
+ TODO: check
+CVE-2022-1684 (The Cube Slider WordPress plugin through 1.2 does not sanitise and esc ...)
+ TODO: check
+CVE-2022-1683 (The amtyThumb WordPress plugin through 4.2.0 does not sanitise and esc ...)
+ TODO: check
CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository neorazorx/f ...)
NOT-FOR-US: facturascripts
CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in GitHub rep ...)
@@ -5050,8 +5159,8 @@ CVE-2022-30588
RESERVED
CVE-2022-30587
RESERVED
-CVE-2022-30586
- RESERVED
+CVE-2022-30586 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...)
+ TODO: check
CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an ...)
NOT-FOR-US: Archer
CVE-2022-30584 (Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access ...)
@@ -5117,8 +5226,7 @@ CVE-2022-30558
RESERVED
CVE-2022-30557 (Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion is ...)
NOT-FOR-US: Foxit PDF Reader and PDF Editor
-CVE-2022-1680
- RESERVED
+CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE affecting a ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
@@ -5164,8 +5272,8 @@ CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp
NOTE: https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385
NOTE: https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 (v8.2.4938)
NOTE: Negligible security impact; crash in CLI tool
-CVE-2022-1673
- RESERVED
+CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 doe ...)
+ TODO: check
CVE-2022-1672
RESERVED
CVE-2022-1671
@@ -5290,8 +5398,8 @@ CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in rada
NOTE: https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1
CVE-2022-1648
RESERVED
-CVE-2022-1647
- RESERVED
+CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...)
+ TODO: check
CVE-2022-30526
RESERVED
CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...)
@@ -5956,10 +6064,10 @@ CVE-2022-1600
RESERVED
CVE-2022-1599
RESERVED
-CVE-2022-1598
- RESERVED
-CVE-2022-1597
- RESERVED
+CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...)
+ TODO: check
+CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...)
+ TODO: check
CVE-2022-1596
RESERVED
CVE-2022-1595
@@ -6143,8 +6251,8 @@ CVE-2022-1579
RESERVED
CVE-2022-1578
RESERVED
-CVE-2022-1577
- RESERVED
+CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...)
+ TODO: check
CVE-2022-1576
RESERVED
CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...)
@@ -6157,10 +6265,10 @@ CVE-2022-1572
RESERVED
CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...)
NOT-FOR-US: facturascripts
-CVE-2022-1570
- RESERVED
-CVE-2022-1569
- RESERVED
+CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not have a ...)
+ TODO: check
+CVE-2022-1569 (The Drag & Drop Builder, Human Face Detector, Pre-built Templates, ...)
+ TODO: check
CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape some of ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46810
@@ -6482,7 +6590,7 @@ CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS dire
CVE-2022-1551
RESERVED
CVE-2022-1550
- RESERVED
+ REJECTED
CVE-2022-1549
RESERVED
CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly restric ...)
@@ -6987,8 +7095,8 @@ CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudik
NOT-FOR-US: scoold
CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1541
- RESERVED
+CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize or es ...)
+ TODO: check
CVE-2022-1540
RESERVED
CVE-2022-1539
@@ -7298,8 +7406,8 @@ CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_f
- chafa 1.10.2-1
NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/
NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2)
-CVE-2022-1506
- RESERVED
+CVE-2022-1506 (The WP Born Babies WordPress plugin through 1.0 does not sanitise and ...)
+ TODO: check
CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...)
NOT-FOR-US: RSVPMaker plugin for WordPress
CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...)
@@ -7488,8 +7596,8 @@ CVE-2022-1471
RESERVED
CVE-2022-1470
RESERVED
-CVE-2022-1469
- RESERVED
+CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...)
+ TODO: check
CVE-2022-29808
RESERVED
CVE-2022-29807
@@ -8151,14 +8259,14 @@ CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions sta
TODO: check
CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1424
- RESERVED
+CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF checks f ...)
+ TODO: check
CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...)
TODO: check
-CVE-2022-1422
- RESERVED
-CVE-2022-1421
- RESERVED
+CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF tokens in ...)
+ TODO: check
+CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...)
+ TODO: check
CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
- vim 2:8.2.4793-1
[bullseye] - vim <no-dsa> (Minor issue)
@@ -8335,8 +8443,8 @@ CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 do ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1394
- RESERVED
+CVE-2022-1394 (The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not prop ...)
+ TODO: check
CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not validate t ...)
@@ -10631,8 +10739,8 @@ CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leadin
NOT-FOR-US: URI.js
CVE-2022-1242
RESERVED
-CVE-2022-1241
- RESERVED
+CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly sanitise and ...)
+ TODO: check
CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1)
@@ -11890,8 +11998,8 @@ CVE-2022-28226
RESERVED
CVE-2022-28225
RESERVED
-CVE-2022-28224
- RESERVED
+CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico Enterprise (v ...)
+ TODO: check
CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...)
NOT-FOR-US: livehelperchat
CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...)
@@ -14835,8 +14943,8 @@ CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does
NOT-FOR-US: WordPress plugin
CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1005
- RESERVED
+CVE-2022-1005 (The WP Statistics WordPress plugin before 13.2.2 does not sanitise the ...)
+ TODO: check
CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...)
NOT-FOR-US: OTRS
NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x
@@ -16883,6 +16991,7 @@ CVE-2022-26493 (Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Sin
CVE-2022-26492
RESERVED
CVE-2022-26491 (An issue was discovered in Pidgin before 2.14.9. A remote attacker who ...)
+ {DLA-3043-1}
- pidgin 2.14.9-1
NOTE: https://pidgin.im/about/security/advisories/cve-2022-26491/
NOTE: https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc
@@ -17284,7 +17393,7 @@ CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hesti
NOT-FOR-US: Hestia Control Panel
CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper authori ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0836 (The SEMA API WordPress plugin through 3.64 does not properly sanitise ...)
+CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-26365
RESERVED
@@ -17970,8 +18079,8 @@ CVE-2022-0789 (Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0788
- RESERVED
+CVE-2022-0788 (The WP Fundraising Donation and Crowdfunding Platform WordPress plugin ...)
+ TODO: check
CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0786
@@ -17988,8 +18097,8 @@ CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not sanitis
NOT-FOR-US: WordPress plugin
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0779
- RESERVED
+CVE-2022-0779 (The User Meta WordPress plugin before 2.4.4 does not validate the file ...)
+ TODO: check
CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...)
{DSA-5103-1 DLA-2953-1 DLA-2952-1}
- openssl 1.1.1n-1
@@ -18939,6 +19048,7 @@ CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monit
CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...)
- dolibarr <removed>
CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows ...)
+ {DLA-3045-1}
- php-horde-mime-viewer 2.2.4+debian0-1
NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28
@@ -25844,8 +25954,8 @@ CVE-2022-23714
RESERVED
CVE-2022-23713
RESERVED
-CVE-2022-23712
- RESERVED
+CVE-2022-23712 (A Denial of Service flaw was discovered in Elasticsearch. Using this v ...)
+ TODO: check
CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information related t ...)
- kibana <itp> (bug #700337)
CVE-2022-23710 (A cross-site-scripting (XSS) vulnerability was discovered in the Data ...)
@@ -30442,8 +30552,8 @@ CVE-2022-22398
RESERVED
CVE-2022-22397
RESERVED
-CVE-2022-22396
- RESERVED
+CVE-2022-22396 (Credentials are printed in clear text in the IBM Spectrum Protect Plus ...)
+ TODO: check
CVE-2022-22395
RESERVED
CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote attack ...)
@@ -37347,42 +37457,42 @@ CVE-2022-21764
RESERVED
CVE-2022-21763
RESERVED
-CVE-2022-21762
- RESERVED
-CVE-2022-21761
- RESERVED
-CVE-2022-21760
- RESERVED
-CVE-2022-21759
- RESERVED
-CVE-2022-21758
- RESERVED
-CVE-2022-21757
- RESERVED
-CVE-2022-21756
- RESERVED
-CVE-2022-21755
- RESERVED
-CVE-2022-21754
- RESERVED
-CVE-2022-21753
- RESERVED
-CVE-2022-21752
- RESERVED
-CVE-2022-21751
- RESERVED
-CVE-2022-21750
- RESERVED
-CVE-2022-21749
- RESERVED
-CVE-2022-21748
- RESERVED
-CVE-2022-21747
- RESERVED
-CVE-2022-21746
- RESERVED
-CVE-2022-21745
- RESERVED
+CVE-2022-21762 (In apusys driver, there is a possible system crash due to an integer o ...)
+ TODO: check
+CVE-2022-21761 (In apusys driver, there is a possible system crash due to an integer o ...)
+ TODO: check
+CVE-2022-21760 (In apusys driver, there is a possible system crash due to an integer o ...)
+ TODO: check
+CVE-2022-21759 (In power service, there is a possible out of bounds write due to a mis ...)
+ TODO: check
+CVE-2022-21758 (In ccu, there is a possible memory corruption due to a double free. Th ...)
+ TODO: check
+CVE-2022-21757 (In WIFI Firmware, there is a possible system crash due to a missing co ...)
+ TODO: check
+CVE-2022-21756 (In WLAN driver, there is a possible out of bounds read due to an incor ...)
+ TODO: check
+CVE-2022-21755 (In WLAN driver, there is a possible out of bounds read due to an incor ...)
+ TODO: check
+CVE-2022-21754 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21753 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21752 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21751 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21750 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21749 (In telephony, there is a possible information disclosure due to a miss ...)
+ TODO: check
+CVE-2022-21748 (In telephony, there is a possible information disclosure due to a miss ...)
+ TODO: check
+CVE-2022-21747 (In imgsensor, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2022-21746 (In imgsensor, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2022-21745 (In WIFI Firmware, there is a possible memory corruption due to a use a ...)
+ TODO: check
CVE-2022-21744
RESERVED
CVE-2022-21743 (In ion, there is a possible use after free due to an integer overflow. ...)
@@ -46190,8 +46300,8 @@ CVE-2021-42247
RESERVED
CVE-2021-42246
RESERVED
-CVE-2021-42245
- RESERVED
+CVE-2021-42245 (FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in p ...)
+ TODO: check
CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo ...)
NOT-FOR-US: PaquitoSoftware Notimoo
CVE-2021-42243
@@ -47001,8 +47111,8 @@ CVE-2021-41934
RESERVED
CVE-2021-41933
RESERVED
-CVE-2021-41932
- RESERVED
+CVE-2021-41932 (A blind SQL injection vulnerability in search form in TeamMate+ Audit ...)
+ TODO: check
CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...)
NOT-FOR-US: Company's Recruitment Management System
CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...)
@@ -51999,8 +52109,8 @@ CVE-2021-39949
RESERVED
CVE-2021-39948
RESERVED
-CVE-2021-39947
- RESERVED
+CVE-2021-39947 (In specific circumstances, trace file buffers in GitLab Runner version ...)
+ TODO: check
CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...)
- gitlab <unfixed>
CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...)
@@ -81971,6 +82081,7 @@ CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application
CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overfl ...)
NOT-FOR-US: Wind River VxWorks
CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...)
+ {DLA-3044-1}
- glib2.0 2.66.7-2 (bug #984969)
[buster] - glib2.0 2.58.3-2+deb10u3
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
@@ -85137,11 +85248,13 @@ CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hy
NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html
CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before ...)
+ {DLA-3044-1}
- glib2.0 2.66.7-1 (bug #982779)
[buster] - glib2.0 2.58.3-2+deb10u3
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
NOTE: Test case depends on CVE-2021-27219 fix
CVE-2021-27219 (An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before ...)
+ {DLA-3044-1}
- glib2.0 2.66.6-1 (bug #982778)
[buster] - glib2.0 2.58.3-2+deb10u3
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/686820476ff6119b00d54d9ee85ad011498706a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/686820476ff6119b00d54d9ee85ad011498706a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220606/c988f451/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list