[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 20 21:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fa5d012f by security tracker role at 2022-06-20T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-34167
+ RESERVED
+CVE-2022-34166
+ RESERVED
+CVE-2022-34165
+ RESERVED
+CVE-2022-34164
+ RESERVED
+CVE-2022-34163
+ RESERVED
+CVE-2022-34162
+ RESERVED
+CVE-2022-34161
+ RESERVED
+CVE-2022-34160
+ RESERVED
+CVE-2022-34159
+ RESERVED
+CVE-2022-34158
+ RESERVED
+CVE-2022-2143
+ RESERVED
+CVE-2022-2142
+ RESERVED
+CVE-2022-2141
+ RESERVED
+CVE-2022-2140
+ RESERVED
+CVE-2022-2139
+ RESERVED
+CVE-2022-2138
+ RESERVED
+CVE-2022-2137
+ RESERVED
+CVE-2022-2136
+ RESERVED
+CVE-2022-2135
+ RESERVED
+CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree prior to 0. ...)
+ TODO: check
+CVE-2022-2133
+ RESERVED
+CVE-2022-2132
+ RESERVED
+CVE-2022-2131
+ RESERVED
+CVE-2022-2130 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
+ TODO: check
CVE-2022-XXXX [vlc issues fixed in 3.0.13]
- vlc 3.0.16-1
[buster] - vlc 3.0.17.4-0+deb10u1
@@ -392,11 +440,12 @@ CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
-CVE-2022-2128
- RESERVED
+CVE-2022-2128 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
+ TODO: check
CVE-2022-2127
RESERVED
CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
NOTE: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123)
@@ -406,6 +455,7 @@ CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122)
CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
NOTE: https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42
NOTE: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120)
@@ -695,8 +745,8 @@ CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j hotpatch package before
NOT-FOR-US: Specific to Amazon AWS Apache Log4j hotpatch package
CVE-2022-33914
RESERVED
-CVE-2022-33913
- RESERVED
+CVE-2022-33913 (In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, fil ...)
+ TODO: check
CVE-2022-33912 (A permission issue affects users that deployed the shipped version of ...)
NOT-FOR-US: Check MK as packaged by upstream
CVE-2022-33911
@@ -2708,8 +2758,8 @@ CVE-2022-32985
RESERVED
CVE-2022-32984
RESERVED
-CVE-2022-32983
- RESERVED
+CVE-2022-32983 (Knot Resolver through 5.5.1 may allow DNS cache poisoning when there i ...)
+ TODO: check
CVE-2022-32982
RESERVED
CVE-2022-32981 (An issue was discovered in the Linux kernel through 5.18.3 on powerpc ...)
@@ -4648,8 +4698,8 @@ CVE-2022-32206
RESERVED
CVE-2022-32205
RESERVED
-CVE-2022-31734
- RESERVED
+CVE-2022-31734 (** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches pr ...)
+ TODO: check
CVE-2022-1976
RESERVED
- linux 5.18.5-1
@@ -4697,6 +4747,7 @@ CVE-2022-1970
CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerable to ...)
NOT-FOR-US: Mobile browser color select plugin for WordPress
CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -5579,8 +5630,8 @@ CVE-2022-31801
RESERVED
CVE-2022-31800
RESERVED
-CVE-2022-1945
- RESERVED
+CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin be ...)
+ TODO: check
CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
@@ -5604,8 +5655,8 @@ CVE-2022-1941
CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration in Git ...)
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
-CVE-2022-1939
- RESERVED
+CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not properly vali ...)
+ TODO: check
CVE-2022-1938
RESERVED
CVE-2022-1937
@@ -5659,10 +5710,10 @@ CVE-2022-31796 (libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBi
NOTE: https://github.com/thorfdbg/libjpeg/issues/71
NOTE: https://github.com/thorfdbg/libjpeg/commit/187035b9726710b4fe11d565c7808975c930895d
NOTE: Crash in CLI tool, no security impact
-CVE-2022-31795
- RESERVED
-CVE-2022-31794
- RESERVED
+CVE-2022-31795 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...)
+ TODO: check
+CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...)
+ TODO: check
CVE-2022-1933
RESERVED
CVE-2022-1932
@@ -5774,8 +5825,8 @@ CVE-2022-1917
RESERVED
CVE-2022-1916
RESERVED
-CVE-2022-1915
- RESERVED
+CVE-2022-1915 (The WP Zillow Review Slider WordPress plugin before 2.4 does not escap ...)
+ TODO: check
CVE-2022-1914
RESERVED
CVE-2022-1913
@@ -5798,8 +5849,8 @@ CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior
NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba (v0.11)
CVE-2022-1906
RESERVED
-CVE-2022-1905
- RESERVED
+CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not properly ...)
+ TODO: check
CVE-2022-1904
RESERVED
CVE-2022-1903
@@ -5957,6 +6008,7 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -5969,10 +6021,10 @@ CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)
-CVE-2022-1896
- RESERVED
-CVE-2022-1895
- RESERVED
+CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not sanitise o ...)
+ TODO: check
+CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not have CSRF ...)
+ TODO: check
CVE-2022-1894
RESERVED
CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...)
@@ -6266,8 +6318,8 @@ CVE-2022-1891
RESERVED
CVE-2022-1890
RESERVED
-CVE-2022-1889
- RESERVED
+CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...)
+ TODO: check
CVE-2022-1888
RESERVED
CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...)
@@ -6498,6 +6550,7 @@ CVE-2022-1852 [KVM: x86: avoid calling x86 emulator without a decoded instructio
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9
CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -7214,26 +7267,26 @@ CVE-2022-1834
CVE-2022-1833
RESERVED
NOT-FOR-US: Red Hat AMQ Broker
-CVE-2022-1832
- RESERVED
-CVE-2022-1831
- RESERVED
-CVE-2022-1830
- RESERVED
-CVE-2022-1829
- RESERVED
-CVE-2022-1828
- RESERVED
-CVE-2022-1827
- RESERVED
-CVE-2022-1826
- RESERVED
+CVE-2022-1832 (The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF c ...)
+ TODO: check
+CVE-2022-1831 (The WPlite WordPress plugin through 1.3.1 does not have CSRF check in ...)
+ TODO: check
+CVE-2022-1830 (The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not ha ...)
+ TODO: check
+CVE-2022-1829 (The Inline Google Maps WordPress plugin through 5.11 does not have CSR ...)
+ TODO: check
+CVE-2022-1828 (The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have ...)
+ TODO: check
+CVE-2022-1827 (The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have ...)
+ TODO: check
+CVE-2022-1826 (The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF c ...)
+ TODO: check
CVE-2022-1825 (Cross-site Scripting (XSS) - Reflected in GitHub repository collective ...)
NOT-FOR-US: collectiveaccess/providence
-CVE-2022-1824
- RESERVED
-CVE-2022-1823
- RESERVED
+CVE-2022-1824 (An uncontrolled search path vulnerability in McAfee Consumer Product R ...)
+ TODO: check
+CVE-2022-1823 (Improper privilege management vulnerability in McAfee Consumer Product ...)
+ TODO: check
CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable to Refle ...)
NOT-FOR-US: Zephyr Project Manager plugin for WordPress
CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -7244,8 +7297,8 @@ CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to Refle
NOT-FOR-US: Keep Backup Daily plugin for WordPress
CVE-2022-1819 (A vulnerability, which was classified as problematic, was found in Stu ...)
NOT-FOR-US: Student Information System
-CVE-2022-1818
- RESERVED
+CVE-2022-1818 (The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF ...)
+ TODO: check
CVE-2022-1817 (A vulnerability, which was classified as problematic, was found in Bad ...)
NOT-FOR-US: Badminton Center Management System
CVE-2022-1816 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -7401,8 +7454,8 @@ CVE-2022-31217 (Vulnerabilities in the Drive Composer allow a low privileged att
NOT-FOR-US: Drive Composer
CVE-2022-31216 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...)
NOT-FOR-US: Drive Composer
-CVE-2022-1801
- RESERVED
+CVE-2022-1801 (The Very Simple Contact Form WordPress plugin before 11.6 exposes the ...)
+ TODO: check
CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1799
@@ -8328,6 +8381,7 @@ CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repo
CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -8757,8 +8811,8 @@ CVE-2022-30759
RESERVED
CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows remote ...)
- webmin <removed>
-CVE-2022-1717
- RESERVED
+CVE-2022-1717 (The Custom Share Buttons with Floating Sidebar WordPress plugin before ...)
+ TODO: check
CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...)
NOT-FOR-US: Keep My Notes
CVE-2022-30703 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an expo ...)
@@ -9472,8 +9526,8 @@ CVE-2022-1632
NOT-FOR-US: OpenShift
CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub reposi ...)
NOT-FOR-US: microweber
-CVE-2022-1630
- RESERVED
+CVE-2022-1630 (The WP-EMail WordPress plugin before 2.69.0 does not protect its log d ...)
+ TODO: check
CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository vim/ ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee
@@ -10008,16 +10062,16 @@ CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allo
NOT-FOR-US: ABB e-Design
CVE-2022-1615
RESERVED
-CVE-2022-1614
- RESERVED
+CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...)
+ TODO: check
CVE-2022-1613
RESERVED
CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1610
- RESERVED
+CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not have CSR ...)
+ TODO: check
CVE-2022-1609
RESERVED
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...)
@@ -10030,8 +10084,8 @@ CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1603
- RESERVED
+CVE-2022-1603 (The Mail Subscribe List WordPress plugin before 2.1.4 does not have CS ...)
+ TODO: check
CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ...)
- uclibc <unfixed> (unimportant)
NOTE: https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
@@ -11583,8 +11637,8 @@ CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, cont
- openssl <not-affected> (Only affects OpenSSL 3.0)
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1 (openssl-3.0.3)
-CVE-2022-1472
- RESERVED
+CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does not pro ...)
+ TODO: check
CVE-2022-1471
RESERVED
CVE-2022-1470
@@ -12468,12 +12522,14 @@ CVE-2022-29502 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Contr
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
NOTE: https://github.com/SchedMD/slurm/commit/351669e7db3b5bc84b5791dc3626d683b8abe18e (slurm-21-08-8-1)
CVE-2022-29501 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...)
+ {DSA-5166-1}
- slurm-wlm 21.08.8.2-1 (bug #1010633)
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
NOTE: https://github.com/SchedMD/slurm/commit/ef62acfd2a566afc5187c554e908e4aa975211a1 (slurm-21-08-8-1)
NOTE: https://github.com/SchedMD/slurm/commit/863c763c241db46039c27c4b7438ef5d33defb12 (slurm-20-11-9-1)
CVE-2022-29500 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...)
+ {DSA-5166-1}
- slurm-wlm 21.08.8.2-1 (bug #1010634)
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
@@ -14708,8 +14764,8 @@ CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1266
- RESERVED
+CVE-2022-1266 (The Post Grid, Slider & Carousel Ultimate WordPress plugin before ...)
+ TODO: check
CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1264
@@ -19766,6 +19822,7 @@ CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in
CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in GitHub ...)
NOT-FOR-US: sqlpad
CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim ...)
+ {DLA-3053-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -23088,8 +23145,8 @@ CVE-2022-25774
RESERVED
CVE-2022-25773
RESERVED
-CVE-2022-25772
- RESERVED
+CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...)
+ TODO: check
CVE-2022-25771
RESERVED
CVE-2022-25770
@@ -24361,8 +24418,8 @@ CVE-2022-0665 (Path Traversal in GitHub repository pimcore/pimcore prior to 10.3
NOT-FOR-US: pimcore
CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...)
NOT-FOR-US: Go github.com/gravitl/netmaker
-CVE-2022-0663
- RESERVED
+CVE-2022-0663 (The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 d ...)
+ TODO: check
CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...)
@@ -24605,7 +24662,7 @@ CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize and
NOT-FOR-US: WordPress plugin
CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0626 (The Advanced Admin Search WordPress plugin through 1.1.2 does not sani ...)
+CVE-2022-0626 (The Advanced Admin Search WordPress plugin before 1.1.6 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize ...)
NOT-FOR-US: WordPress plugin
@@ -28080,6 +28137,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -28472,7 +28530,7 @@ CVE-2022-0390 (Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4,
- gitlab <unfixed>
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin through ...)
+CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4217 [Null pointer dereference in Unicode strings code]
RESERVED
@@ -34590,8 +34648,8 @@ CVE-2022-22416
RESERVED
CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 21.0.1 ...)
NOT-FOR-US: IBM
-CVE-2022-22414
- RESERVED
+CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user to obta ...)
+ TODO: check
CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-22412
@@ -34782,10 +34840,10 @@ CVE-2022-22320 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scriptin
NOT-FOR-US: IBM
CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register user on t ...)
NOT-FOR-US: IBM
-CVE-2022-22318
- RESERVED
-CVE-2022-22317
- RESERVED
+CVE-2022-22318 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...)
+ TODO: check
+CVE-2022-22317 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...)
+ TODO: check
CVE-2022-22316 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and a ...)
NOT-FOR-US: IBM
CVE-2022-22315 (IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user w ...)
@@ -47241,6 +47299,7 @@ CVE-2021-3905 [External triggered memory leak in Open vSwitch while processing f
CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...)
NOT-FOR-US: Grav CMS
CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-3053-1}
- vim 2:8.2.3565-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -51883,10 +51942,10 @@ CVE-2021-41685
RESERVED
CVE-2021-41684
RESERVED
-CVE-2021-41683
- RESERVED
-CVE-2021-41682
- RESERVED
+CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...)
+ TODO: check
+CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...)
+ TODO: check
CVE-2021-41681
RESERVED
CVE-2021-41680
@@ -93987,8 +94046,8 @@ CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat ve
NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1
NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43)
NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63)
-CVE-2021-25121
- RESERVED
+CVE-2021-25121 (The Rating by BestWebSoft WordPress plugin through 1.5 does not valida ...)
+ TODO: check
CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files and automa ...)
@@ -94021,8 +94080,8 @@ CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator W
NOT-FOR-US: WordPress plugin
CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25104
- RESERVED
+CVE-2021-25104 (The Ocean Extra WordPress plugin before 1.9.5 does not escape generate ...)
+ TODO: check
CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25102 (The All In One WP Security & Firewall WordPress plugin before 4.4. ...)
@@ -94053,8 +94112,8 @@ CVE-2021-25090 (The Portfolio Gallery, Product Catalog WordPress plugin before 2
NOT-FOR-US: WordPress plugin
CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25088
- RESERVED
+CVE-2021-25088 (The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and e ...)
+ TODO: check
CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not have any ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not ...)
@@ -94315,7 +94374,7 @@ CVE-2021-24959 (The WP Email Users WordPress plugin through 1.7.6 does not escap
NOT-FOR-US: WordPress plugin
CVE-2021-24958 (The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24957 (The Advanced Page Visit Counter WordPress plugin through 5.0.8 does no ...)
+CVE-2021-24957 (The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
NOT-FOR-US: WordPress plugin
@@ -162428,7 +162487,7 @@ CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829
NOTE: Crash in CLI tool, no security impact
CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...)
- {DLA-2137-1}
+ {DLA-3054-1 DLA-2137-1}
- sleuthkit 4.9.0+dfsg-2 (low; bug #953976)
[buster] - sleuthkit 4.6.5-1+deb10u1
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
@@ -218327,6 +218386,7 @@ CVE-2019-1010067
CVE-2019-1010066 (Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: ...)
NOT-FOR-US: Lawrence Livermore National Laboratory msr-safe
CVE-2019-1010065 (The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The ...)
+ {DLA-3054-1}
- sleuthkit 4.6.1-1 (unimportant)
NOTE: https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b (4.6.1)
NOTE: Negligible security impact
@@ -245553,7 +245613,7 @@ CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code E
CVE-2018-19498 (The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XS ...)
NOT-FOR-US: Atlassian plugin
CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs. ...)
- {DLA-1610-1}
+ {DLA-3054-1 DLA-1610-1}
- sleuthkit 4.6.5-1 (low; bug #914796)
NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
NOTE: https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d
@@ -310743,6 +310803,7 @@ CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. ..
CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magento2, when used with a thi ...)
NOT-FOR-US: Fastly CDN module for Magento2
CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in t ...)
+ {DLA-3054-1}
- sleuthkit 4.4.2-3 (unimportant; bug #873724)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/906
NOTE: Negligible security impact
@@ -310762,10 +310823,12 @@ CVE-2017-13757 (The Binary File Descriptor (BFD) library (aka libbfd), as distri
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22018
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a
CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers i ...)
+ {DLA-3054-1}
- sleuthkit 4.4.2-3 (unimportant; bug #873725)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/914
NOTE: Negligible security impact
CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image trigge ...)
+ {DLA-3054-1}
- sleuthkit 4.4.2-3 (unimportant; bug #873726)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/913
NOTE: Negligible security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa5d012f5a4e075d3c8c00f95a022ff7ab6284f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa5d012f5a4e075d3c8c00f95a022ff7ab6284f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/f14876cc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list