[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 16 21:10:23 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1d015a9 by security tracker role at 2022-06-16T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-33880
+ RESERVED
+CVE-2022-33879
+ RESERVED
+CVE-2022-33878
+ RESERVED
+CVE-2022-33877
+ RESERVED
+CVE-2022-33876
+ RESERVED
+CVE-2022-33875
+ RESERVED
+CVE-2022-33874
+ RESERVED
+CVE-2022-33873
+ RESERVED
+CVE-2022-33872
+ RESERVED
+CVE-2022-33871
+ RESERVED
+CVE-2022-33870
+ RESERVED
+CVE-2022-33869
+ RESERVED
+CVE-2022-2100
+ RESERVED
+CVE-2022-2099
+ RESERVED
+CVE-2022-2098 (Weak Password Requirements in GitHub repository kromitgmbh/titra prior ...)
+ TODO: check
+CVE-2020-36549
+ RESERVED
+CVE-2020-36548
+ RESERVED
+CVE-2020-36547
+ RESERVED
CVE-2022-33868
RESERVED
CVE-2022-33867
@@ -1102,8 +1138,7 @@ CVE-2022-33331
RESERVED
CVE-2022-33330
RESERVED
-CVE-2022-2085
- RESERVED
+CVE-2022-2085 (A NULL pointer dereference vulnerability was found in Ghostscript, whi ...)
- ghostscript 9.56.0~dfsg-1
[bullseye] - ghostscript <no-dsa> (Minor issue)
[buster] - ghostscript <no-dsa> (Minor issue)
@@ -1863,14 +1898,14 @@ CVE-2020-36546
RESERVED
CVE-2020-36545
RESERVED
-CVE-2017-20056
- RESERVED
-CVE-2017-20055
- RESERVED
-CVE-2017-20054
- RESERVED
-CVE-2017-20053
- RESERVED
+CVE-2017-20056 (A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It ...)
+ TODO: check
+CVE-2017-20055 (A vulnerability classified as problematic has been found in BestWebSof ...)
+ TODO: check
+CVE-2017-20054 (A vulnerability was found in XYZScripts Contact Form Manager Plugin. I ...)
+ TODO: check
+CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager Plugin. I ...)
+ TODO: check
CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.7.13. ...)
TODO: check
CVE-2022-2058
@@ -2847,12 +2882,12 @@ CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been de
NOT-FOR-US: InnoSetup
CVE-2022-32548
RESERVED
-CVE-2022-32547
- RESERVED
-CVE-2022-32546
- RESERVED
-CVE-2022-32545
- RESERVED
+CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...)
+ TODO: check
+CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...)
+ TODO: check
+CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...)
+ TODO: check
CVE-2022-32543
RESERVED
CVE-2022-32542
@@ -4496,24 +4531,24 @@ CVE-2022-31916
RESERVED
CVE-2022-31915
RESERVED
-CVE-2022-31914
- RESERVED
-CVE-2022-31913
- RESERVED
-CVE-2022-31912
- RESERVED
-CVE-2022-31911
- RESERVED
-CVE-2022-31910
- RESERVED
+CVE-2022-31914 (Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2022-31913 (Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scriptin ...)
+ TODO: check
+CVE-2022-31912 (Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps ...)
+ TODO: check
+CVE-2022-31911 (Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via / ...)
+ TODO: check
+CVE-2022-31910 (Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (X ...)
+ TODO: check
CVE-2022-31909
RESERVED
-CVE-2022-31908
- RESERVED
+CVE-2022-31908 (Student Registration and Fee Payment System v1.0 is vulnerable to SQL ...)
+ TODO: check
CVE-2022-31907
RESERVED
-CVE-2022-31906
- RESERVED
+CVE-2022-31906 (Online Fire Reporting System v1.0 is vulnerable to Cross Site Scriptin ...)
+ TODO: check
CVE-2022-31905
RESERVED
CVE-2022-31904
@@ -4626,8 +4661,8 @@ CVE-2022-31851
RESERVED
CVE-2022-31850
RESERVED
-CVE-2022-31849
- RESERVED
+CVE-2022-31849 (MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to con ...)
+ TODO: check
CVE-2022-31848
RESERVED
CVE-2022-31847 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M ...)
@@ -6121,12 +6156,12 @@ CVE-2022-31386 (A Server-Side Request Forgery (SSRF) in the getFileBinary functi
NOT-FOR-US: nbnbk cms
CVE-2022-31385
RESERVED
-CVE-2022-31384
- RESERVED
-CVE-2022-31383
- RESERVED
-CVE-2022-31382
- RESERVED
+CVE-2022-31384 (Directory Management System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
+CVE-2022-31383 (Directory Management System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
+CVE-2022-31382 (Directory Management System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-31381
RESERVED
CVE-2022-31380
@@ -6145,8 +6180,8 @@ CVE-2022-31374
RESERVED
CVE-2022-31373
RESERVED
-CVE-2022-31372
- RESERVED
+CVE-2022-31372 (Wiris Mathtype v7.28.0 was discovered to contain a path traversal vuln ...)
+ TODO: check
CVE-2022-31371
RESERVED
CVE-2022-31370
@@ -6287,28 +6322,28 @@ CVE-2022-31303
RESERVED
CVE-2022-31302
RESERVED
-CVE-2022-31301
- RESERVED
-CVE-2022-31300
- RESERVED
+CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripting (XS ...)
+ TODO: check
+CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...)
+ TODO: check
CVE-2022-31299
RESERVED
-CVE-2022-31298
- RESERVED
+CVE-2022-31298 (A cross-site scripting vulnerability in the ads comment section of Har ...)
+ TODO: check
CVE-2022-31297
RESERVED
CVE-2022-31296
RESERVED
CVE-2022-31295
RESERVED
-CVE-2022-31294
- RESERVED
+CVE-2022-31294 (An issue in the save_users() function of Online Discussion Forum Site ...)
+ TODO: check
CVE-2022-31293
RESERVED
CVE-2022-31292
RESERVED
-CVE-2022-31291
- RESERVED
+CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows atta ...)
+ TODO: check
CVE-2022-31290
RESERVED
CVE-2022-31289 (https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3 ...)
@@ -6335,8 +6370,8 @@ CVE-2022-31279 (Laravel 9.1.8, when processing attacker-controlled data for dese
NOT-FOR-US: Laravel
CVE-2022-31278
RESERVED
-CVE-2022-31277
- RESERVED
+CVE-2022-31277 (Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay at ...)
+ TODO: check
CVE-2022-31276
RESERVED
CVE-2022-31275
@@ -8024,8 +8059,8 @@ CVE-2022-30672
RESERVED
CVE-2022-30671
RESERVED
-CVE-2022-30670
- RESERVED
+CVE-2022-30670 (RoboHelp Server earlier versions than RHS 11 Update 3 are affected by ...)
+ TODO: check
CVE-2022-30669 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
TODO: check
CVE-2022-30668 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
@@ -8034,38 +8069,38 @@ CVE-2022-30667 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and
TODO: check
CVE-2022-30666 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
TODO: check
-CVE-2022-30665
- RESERVED
-CVE-2022-30664
- RESERVED
-CVE-2022-30663
- RESERVED
-CVE-2022-30662
- RESERVED
-CVE-2022-30661
- RESERVED
-CVE-2022-30660
- RESERVED
-CVE-2022-30659
- RESERVED
-CVE-2022-30658
- RESERVED
-CVE-2022-30657
- RESERVED
-CVE-2022-30656
- RESERVED
-CVE-2022-30655
- RESERVED
-CVE-2022-30654
- RESERVED
-CVE-2022-30653
- RESERVED
-CVE-2022-30652
- RESERVED
-CVE-2022-30651
- RESERVED
-CVE-2022-30650
- RESERVED
+CVE-2022-30665 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...)
+ TODO: check
+CVE-2022-30664 (Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bo ...)
+ TODO: check
+CVE-2022-30663 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...)
+ TODO: check
+CVE-2022-30662 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...)
+ TODO: check
+CVE-2022-30661 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...)
+ TODO: check
+CVE-2022-30660 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...)
+ TODO: check
+CVE-2022-30659 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...)
+ TODO: check
+CVE-2022-30658 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...)
+ TODO: check
+CVE-2022-30657 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-30656 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-30655 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-30654 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-30653 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-30652 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-30651 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-30650 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
CVE-2022-30649 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
TODO: check
CVE-2022-30648 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
@@ -8564,8 +8599,8 @@ CVE-2022-30522 (If Apache HTTP Server 2.4.53 is configured to do transformations
[buster] - apache2 <no-dsa> (Minor issue; can be fixed in point release)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522
-CVE-2022-1642
- RESERVED
+CVE-2022-1642 (A program using swift-corelibs-foundation is vulnerable to a denial of ...)
+ TODO: check
CVE-2022-1641
RESERVED
{DSA-5134-1}
@@ -9931,8 +9966,8 @@ CVE-2022-30025
RESERVED
CVE-2022-30024
RESERVED
-CVE-2022-30023
- RESERVED
+CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...)
+ TODO: check
CVE-2022-30022
RESERVED
CVE-2022-30021
@@ -10424,16 +10459,16 @@ CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable
NOT-FOR-US: 1Password
CVE-2022-29867
RESERVED
-CVE-2022-29866
- RESERVED
-CVE-2022-29865
- RESERVED
-CVE-2022-29864
- RESERVED
-CVE-2022-29863
- RESERVED
-CVE-2022-29862
- RESERVED
+CVE-2022-29866 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaus ...)
+ TODO: check
+CVE-2022-29865 (OPC UA .NET Standard Stack allows a remote attacker to bypass the appl ...)
+ TODO: check
+CVE-2022-29864 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause ...)
+ TODO: check
+CVE-2022-29863 (OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a ...)
+ TODO: check
+CVE-2022-29862 (An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remot ...)
+ TODO: check
CVE-2022-29861
RESERVED
CVE-2022-29860
@@ -17243,10 +17278,10 @@ CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Se
NOT-FOR-US: Kaspersky
CVE-2022-27533
RESERVED
-CVE-2022-27532
- RESERVED
-CVE-2022-27531
- RESERVED
+CVE-2022-27532 (A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can b ...)
+ TODO: check
+CVE-2022-27531 (A maliciously crafted TIF file can be forced to read beyond allocated ...)
+ TODO: check
CVE-2022-27530 (A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, ...)
NOT-FOR-US: Autodesk
CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2 ...)
@@ -31658,8 +31693,8 @@ CVE-2022-22955 (VMware Workspace ONE Access has two authentication bypass vulner
NOT-FOR-US: VMware
CVE-2022-22954 (VMware Workspace ONE Access and Identity Manager contain a remote code ...)
NOT-FOR-US: VMware
-CVE-2022-22953
- RESERVED
+CVE-2022-22953 (VMware HCX update addresses an information disclosure vulnerability. A ...)
+ TODO: check
CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
NOT-FOR-US: VMware
CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...)
@@ -51067,8 +51102,8 @@ CVE-2021-41656
RESERVED
CVE-2021-41655
RESERVED
-CVE-2021-41654
- RESERVED
+CVE-2021-41654 (SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows at ...)
+ TODO: check
CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...)
NOT-FOR-US: TP-Link
CVE-2021-41652 (Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 al ...)
@@ -51476,8 +51511,8 @@ CVE-2021-41489
RESERVED
CVE-2021-41488
RESERVED
-CVE-2021-41487
- RESERVED
+CVE-2021-41487 (NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserNam ...)
+ TODO: check
CVE-2021-41486
RESERVED
CVE-2021-41485
@@ -51538,8 +51573,8 @@ CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters
[stretch] - gpac <not-affected> (Vulnerable code not present)
NOTE: https://github.com/gpac/gpac/issues/1912
NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 (v2.0.0)
-CVE-2021-41458
- RESERVED
+CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/e ...)
+ TODO: check
CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
- gpac 2.0.0+dfsg1-2
[buster] - gpac <not-affected> (Vulnerable code not present)
@@ -51620,10 +51655,10 @@ CVE-2021-41423
RESERVED
CVE-2021-41422
RESERVED
-CVE-2021-41421
- RESERVED
-CVE-2021-41420
- RESERVED
+CVE-2021-41421 (A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an a ...)
+ TODO: check
+CVE-2021-41420 (A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authentic ...)
+ TODO: check
CVE-2021-41419
RESERVED
CVE-2021-41418 (AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulner ...)
@@ -51640,8 +51675,8 @@ CVE-2021-41413 (ok-file-formats master 2021-9-12 is affected by a buffer overflo
TODO: check
CVE-2021-41412
RESERVED
-CVE-2021-41411
- RESERVED
+CVE-2021-41411 (drools <=7.59.x is affected by an XML External Entity (XXE) vulnera ...)
+ TODO: check
CVE-2021-41410
RESERVED
CVE-2021-41409
@@ -51658,8 +51693,8 @@ CVE-2021-41404
RESERVED
CVE-2021-41403 (flatCore-CMS version 2.0.8 calls dangerous functions, causing server-s ...)
TODO: check
-CVE-2021-41402
- RESERVED
+CVE-2021-41402 (flatCore-CMS v2.0.8 has a code execution vulnerability, which could le ...)
+ TODO: check
CVE-2021-41401
RESERVED
CVE-2021-41400
@@ -60802,8 +60837,8 @@ CVE-2021-3677 (A flaw was found in postgresql. A purpose-crafted query can read
NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/
CVE-2021-3676
REJECTED
-CVE-2021-3675
- RESERVED
+CVE-2021-3675 (Improper Input Validation vulnerability in synaTEE.signed.dll of Synap ...)
+ TODO: check
CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...)
NOT-FOR-US: resolution SAML SSO apps for Atlassian products
CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...)
@@ -63182,8 +63217,8 @@ CVE-2021-36829
RESERVED
CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36827
- RESERVED
+CVE-2021-36827 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2021-36826 (Authenticated (subscriber or higher user role if allowed to access pro ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36825
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d015a9ffd5ee0e906fe09f8ca58f54839ac570
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1d015a9ffd5ee0e906fe09f8ca58f54839ac570
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220616/b95bbd66/attachment.htm>
More information about the debian-security-tracker-commits
mailing list