[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 27 21:10:32 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10630250 by security tracker role at 2022-06-27T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2022-34734
+ RESERVED
+CVE-2022-34733
+ RESERVED
+CVE-2022-34732
+ RESERVED
+CVE-2022-34731
+ RESERVED
+CVE-2022-34730
+ RESERVED
+CVE-2022-34729
+ RESERVED
+CVE-2022-34728
+ RESERVED
+CVE-2022-34727
+ RESERVED
+CVE-2022-34726
+ RESERVED
+CVE-2022-34725
+ RESERVED
+CVE-2022-34724
+ RESERVED
+CVE-2022-34723
+ RESERVED
+CVE-2022-34722
+ RESERVED
+CVE-2022-34721
+ RESERVED
+CVE-2022-34720
+ RESERVED
+CVE-2022-34719
+ RESERVED
+CVE-2022-34718
+ RESERVED
+CVE-2022-34717
+ RESERVED
+CVE-2022-34716
+ RESERVED
+CVE-2022-34715
+ RESERVED
+CVE-2022-34714
+ RESERVED
+CVE-2022-34713
+ RESERVED
+CVE-2022-34712
+ RESERVED
+CVE-2022-34711
+ RESERVED
+CVE-2022-34710
+ RESERVED
+CVE-2022-34709
+ RESERVED
+CVE-2022-34708
+ RESERVED
+CVE-2022-34707
+ RESERVED
+CVE-2022-34706
+ RESERVED
+CVE-2022-34705
+ RESERVED
+CVE-2022-34704
+ RESERVED
+CVE-2022-34703
+ RESERVED
+CVE-2022-34702
+ RESERVED
+CVE-2022-34701
+ RESERVED
+CVE-2022-34700
+ RESERVED
+CVE-2022-34699
+ RESERVED
+CVE-2022-34698
+ RESERVED
+CVE-2022-34697
+ RESERVED
+CVE-2022-34696
+ RESERVED
+CVE-2022-34695
+ RESERVED
+CVE-2022-34694
+ RESERVED
+CVE-2022-34693
+ RESERVED
+CVE-2022-34692
+ RESERVED
+CVE-2022-34691
+ RESERVED
+CVE-2022-34690
+ RESERVED
+CVE-2022-34689
+ RESERVED
+CVE-2022-34688
+ RESERVED
+CVE-2022-34687
+ RESERVED
+CVE-2022-34686
+ RESERVED
+CVE-2022-34685
+ RESERVED
+CVE-2022-34684
+ RESERVED
+CVE-2022-34683
+ RESERVED
+CVE-2022-34682
+ RESERVED
+CVE-2022-34681
+ RESERVED
+CVE-2022-34680
+ RESERVED
+CVE-2022-34679
+ RESERVED
+CVE-2022-34678
+ RESERVED
+CVE-2022-34677
+ RESERVED
+CVE-2022-34676
+ RESERVED
+CVE-2022-34675
+ RESERVED
+CVE-2022-34674
+ RESERVED
+CVE-2022-34673
+ RESERVED
+CVE-2022-34672
+ RESERVED
+CVE-2022-34671
+ RESERVED
+CVE-2022-34670
+ RESERVED
+CVE-2022-34669
+ RESERVED
+CVE-2022-34668
+ RESERVED
+CVE-2022-34667
+ RESERVED
+CVE-2022-34666
+ RESERVED
+CVE-2022-34665
+ RESERVED
+CVE-2022-34664
+ RESERVED
+CVE-2022-34663
+ RESERVED
+CVE-2022-34662
+ RESERVED
+CVE-2022-34661
+ RESERVED
+CVE-2022-34660
+ RESERVED
+CVE-2022-2225
+ RESERVED
+CVE-2022-2224
+ RESERVED
+CVE-2022-2223
+ RESERVED
+CVE-2022-2222
+ RESERVED
+CVE-2022-2221
+ RESERVED
+CVE-2022-2220
+ RESERVED
+CVE-2022-2219
+ RESERVED
+CVE-2022-2218 (Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/p ...)
+ TODO: check
+CVE-2022-2217 (Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/ ...)
+ TODO: check
+CVE-2022-2216 (Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/pa ...)
+ TODO: check
+CVE-2022-2215
+ RESERVED
+CVE-2020-36553
+ RESERVED
+CVE-2020-36552
+ RESERVED
+CVE-2020-36551
+ RESERVED
+CVE-2020-36550
+ RESERVED
+CVE-2017-20121
+ RESERVED
+CVE-2017-20120
+ RESERVED
+CVE-2017-20119
+ RESERVED
+CVE-2017-20118
+ RESERVED
+CVE-2017-20117
+ RESERVED
+CVE-2017-20116
+ RESERVED
+CVE-2017-20115
+ RESERVED
+CVE-2017-20114
+ RESERVED
+CVE-2017-20113
+ RESERVED
+CVE-2017-20112
+ RESERVED
+CVE-2017-20111
+ RESERVED
+CVE-2017-20110
+ RESERVED
+CVE-2017-20109
+ RESERVED
CVE-2022-34659
RESERVED
CVE-2022-34647
@@ -26,12 +232,12 @@ CVE-2022-29514
RESERVED
CVE-2022-27168
RESERVED
-CVE-2022-2214
- RESERVED
-CVE-2022-2213
- RESERVED
-CVE-2022-2212
- RESERVED
+CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System ...)
+ TODO: check
+CVE-2022-2213 (A vulnerability was found in SourceCodester Library Management System ...)
+ TODO: check
+CVE-2022-2212 (A vulnerability was found in SourceCodester Library Management System ...)
+ TODO: check
CVE-2022-34645
RESERVED
CVE-2022-34644
@@ -349,14 +555,14 @@ CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
- libguestfs <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
TODO: check, upstream references
-CVE-2022-2210
- RESERVED
+CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-2209
RESERVED
-CVE-2022-2208
- RESERVED
-CVE-2022-2207
- RESERVED
+CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
+CVE-2022-2207 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-34493
RESERVED
CVE-2022-34492
@@ -390,12 +596,12 @@ CVE-2017-20104
RESERVED
CVE-2017-20103
RESERVED
-CVE-2017-20102
- RESERVED
-CVE-2017-20101
- RESERVED
-CVE-2017-20100
- RESERVED
+CVE-2017-20102 (A vulnerability was found in Album Lock 4.0 and classified as critical ...)
+ TODO: check
+CVE-2017-20101 (A vulnerability, which was classified as problematic, was found in Pro ...)
+ TODO: check
+CVE-2017-20100 (A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been ra ...)
+ TODO: check
CVE-2017-20099
RESERVED
CVE-2017-20098
@@ -1266,8 +1472,8 @@ CVE-2022-2142
RESERVED
CVE-2022-2141
RESERVED
-CVE-2022-2140
- RESERVED
+CVE-2022-2140 (Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable inpu ...)
+ TODO: check
CVE-2022-2139
RESERVED
CVE-2022-2138
@@ -2070,8 +2276,8 @@ CVE-2022-2108
RESERVED
CVE-2022-2107
RESERVED
-CVE-2022-2106
- RESERVED
+CVE-2022-2106 (Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficient ...)
+ TODO: check
CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user credent ...)
NOT-FOR-US: Secheron
CVE-2022-2104 (The www-data (Apache web server) account is configured to run sudo wit ...)
@@ -2404,8 +2610,8 @@ CVE-2022-33736
RESERVED
CVE-2022-33202 (Authentication bypass vulnerability in the setup screen of L2Blocker(o ...)
NOT-FOR-US: L2Blocker
-CVE-2022-2088
- RESERVED
+CVE-2022-2088 (An authenticated user with admin privileges may be able to terminate a ...)
+ TODO: check
CVE-2022-2087 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Bank Management System
CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -4504,10 +4710,10 @@ CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba
NOTE: https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835 (v8.2.5072)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-2041
- RESERVED
-CVE-2022-2040
- RESERVED
+CVE-2022-2041 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...)
+ TODO: check
+CVE-2022-2040 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...)
+ TODO: check
CVE-2021-46819
RESERVED
CVE-2021-46818 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
@@ -5306,10 +5512,10 @@ CVE-2022-1996 (Authorization Bypass Through User-Controlled Key in GitHub reposi
[buster] - golang-github-emicklei-go-restful <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1/
NOTE: https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10
-CVE-2022-1995
- RESERVED
-CVE-2022-1994
- RESERVED
+CVE-2022-1995 (The Malware Scanner WordPress plugin before 4.5.2 does not sanitise an ...)
+ TODO: check
+CVE-2022-1994 (The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator ...)
+ TODO: check
CVE-2017-20045 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been d ...)
NOT-FOR-US: Navetti PricePoint
CVE-2017-20044 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been c ...)
@@ -5806,8 +6012,8 @@ CVE-2022-1992 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. ..
NOT-FOR-US: Go Git Service
CVE-2022-1991 (A vulnerability classified as problematic has been found in Fast Food ...)
NOT-FOR-US: Fast Food Ordering System
-CVE-2022-1990
- RESERVED
+CVE-2022-1990 (The Nested Pages WordPress plugin before 3.1.21 does not escape and sa ...)
+ TODO: check
CVE-2022-1989
RESERVED
CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/fa ...)
@@ -5928,8 +6134,8 @@ CVE-2022-1979 (A vulnerability was found in SourceCodester Product Show Room Sit
NOT-FOR-US: SourceCodester Product Show Room Site
CVE-2022-1978
RESERVED
-CVE-2022-1977
- RESERVED
+CVE-2022-1977 (The Import Export All WordPress Images, Users & Post Types WordPre ...)
+ TODO: check
CVE-2022-32230 (Microsoft Windows SMBv3 suffers from a null pointer dereference in ver ...)
NOT-FOR-US: Microsoft
CVE-2022-32229
@@ -6046,8 +6252,8 @@ CVE-2022-32204
RESERVED
CVE-2022-32203
RESERVED
-CVE-2022-1971
- RESERVED
+CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...)
+ TODO: check
CVE-2022-1970
RESERVED
NOT-FOR-US: Keycloak
@@ -6066,8 +6272,8 @@ CVE-2022-1966
REJECTED
CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...)
NOT-FOR-US: CODESYS
-CVE-2022-1964
- RESERVED
+CVE-2022-1964 (The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise u ...)
+ TODO: check
CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...)
- libjpeg 0.0~git20220615.842c7ba-1 (unimportant)
NOTE: https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7
@@ -6226,8 +6432,8 @@ CVE-2022-1962
RESERVED
CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1960
- RESERVED
+CVE-2022-1960 (The MyCSS WordPress plugin through 1.1 does not have CSRF check in pla ...)
+ TODO: check
CVE-2022-1959
RESERVED
CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...)
@@ -6240,8 +6446,8 @@ CVE-2022-1955
RESERVED
CVE-2022-1954
RESERVED
-CVE-2022-1953
- RESERVED
+CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...)
+ TODO: check
CVE-2022-1952
RESERVED
CVE-2022-1951
@@ -7130,14 +7336,14 @@ CVE-2022-1918 (The ToolBar to Share plugin for WordPress is vulnerable to Cross-
NOT-FOR-US: ToolBar to Share plugin for WordPress
CVE-2022-1917
RESERVED
-CVE-2022-1916
- RESERVED
+CVE-2022-1916 (The Active Products Tables for WooCommerce. Professional products tabl ...)
+ TODO: check
CVE-2022-1915 (The WP Zillow Review Slider WordPress plugin before 2.4 does not escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1914
- RESERVED
-CVE-2022-1913
- RESERVED
+CVE-2022-1914 (The Clean-Contact WordPress plugin through 1.6 does not have CSRF chec ...)
+ TODO: check
+CVE-2022-1913 (The Add Post URL WordPress plugin through 2.1.0 does not have CSRF che ...)
+ TODO: check
CVE-2022-1912
RESERVED
CVE-2022-1911
@@ -7158,10 +7364,10 @@ CVE-2022-1906
RESERVED
CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1904
- RESERVED
-CVE-2022-1903
- RESERVED
+CVE-2022-1904 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does ...)
+ TODO: check
+CVE-2022-1903 (The ARMember WordPress plugin before 3.4.8 is vulnerable to account ta ...)
+ TODO: check
CVE-2020-36528 (A vulnerability, which was classified as critical, was found in Platin ...)
NOT-FOR-US: Platinum Mobile
CVE-2022-31763 (The kernel module has the null pointer and out-of-bounds array vulnera ...)
@@ -7643,8 +7849,8 @@ CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a
NOTE: https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7 (v8.2.5016)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1885
- RESERVED
+CVE-2022-1885 (The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not ...)
+ TODO: check
CVE-2022-1884
RESERVED
CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...)
@@ -7871,18 +8077,18 @@ CVE-2022-1849 (Session Fixation in GitHub repository filegator/filegator prior t
NOT-FOR-US: filegator
CVE-2022-1848 (Business Logic Errors in GitHub repository erudika/para prior to 1.45. ...)
NOT-FOR-US: erudika/para
-CVE-2022-1847
- RESERVED
-CVE-2022-1846
- RESERVED
-CVE-2022-1845
- RESERVED
-CVE-2022-1844
- RESERVED
-CVE-2022-1843
- RESERVED
-CVE-2022-1842
- RESERVED
+CVE-2022-1847 (The Rotating Posts WordPress plugin through 1.11 does not have CSRF ch ...)
+ TODO: check
+CVE-2022-1846 (The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF ...)
+ TODO: check
+CVE-2022-1845 (The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF c ...)
+ TODO: check
+CVE-2022-1844 (The WP Sentry WordPress plugin through 1.0 does not have CSRF check in ...)
+ TODO: check
+CVE-2022-1843 (The MailPress WordPress plugin through 7.2.1 does not have CSRF checks ...)
+ TODO: check
+CVE-2022-1842 (The OpenBook Book Data WordPress plugin through 3.5.2 does not have CS ...)
+ TODO: check
CVE-2021-4230 (A vulnerability has been found in Airfield Online and classified as pr ...)
NOT-FOR-US: Airfield Online
CVE-2021-4229 (A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has b ...)
@@ -9355,8 +9561,8 @@ CVE-2022-1778
RESERVED
CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisation c ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1776
- RESERVED
+CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
+ TODO: check
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
- gpac <unfixed>
[stretch] - gpac <end-of-life> (No longer supported in LTS)
@@ -10444,7 +10650,7 @@ CVE-2022-1693
RESERVED
CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before 1.0.68 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1691 (The Realty Workstation WordPress plugin through 1.0.6 does not sanitis ...)
+CVE-2022-1691 (The Realty Workstation WordPress plugin before 1.0.15 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1690 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
@@ -10737,8 +10943,8 @@ CVE-2022-1655
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2075681
CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow ...)
NOT-FOR-US: Jupiter Theme and JupiterX Core Plugin
-CVE-2022-1653
- RESERVED
+CVE-2022-1653 (The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 do ...)
+ TODO: check
CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary code on ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
@@ -10859,12 +11065,12 @@ CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository
NOTE: Crash in CLI tool, no security impact
CVE-2022-1628
RESERVED
-CVE-2022-1627
- RESERVED
+CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...)
+ TODO: check
CVE-2022-1626
RESERVED
-CVE-2022-1625
- RESERVED
+CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have CSRF ch ...)
+ TODO: check
CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer Overfl ...)
@@ -11442,8 +11648,8 @@ CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the
NOT-FOR-US: WordPress plugin
CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1593
- RESERVED
+CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 does no ...)
+ TODO: check
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
NOT-FOR-US: clinical-genomics/scout
CVE-2022-1591
@@ -11632,12 +11838,12 @@ CVE-2022-1576
RESERVED
CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1574
- RESERVED
-CVE-2022-1573
- RESERVED
-CVE-2022-1572
- RESERVED
+CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...)
+ TODO: check
+CVE-2022-1573 (The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in ...)
+ TODO: check
+CVE-2022-1572 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...)
+ TODO: check
CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...)
NOT-FOR-US: facturascripts
CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not have a ...)
@@ -12979,8 +13185,8 @@ CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does no
NOT-FOR-US: WordPress plugin
CVE-2022-1471
RESERVED
-CVE-2022-1470
- RESERVED
+CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 doe ...)
+ TODO: check
CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29808
@@ -13665,6 +13871,7 @@ CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
NOTE: https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (v8.2.4774)
CVE-2021-46784
RESERVED
+ {DSA-5171-1}
- squid 5.6-1
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
@@ -15002,10 +15209,10 @@ CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions start
NOTE: https://gitlab.com/muttmua/mutt/-/issues/404
NOTE: https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
NOTE: https://gitlab.com/neomutt/neomutt/-/commit/ee7cb4e461c1cdf0ac14817b03687d5908b85f84
-CVE-2022-1327
- RESERVED
-CVE-2022-1326
- RESERVED
+CVE-2022-1327 (The Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does n ...)
+ TODO: check
+CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not saniti ...)
+ TODO: check
CVE-2022-1325
RESERVED
CVE-2022-1324
@@ -15014,8 +15221,8 @@ CVE-2022-1323
RESERVED
CVE-2022-1322
RESERVED
-CVE-2022-1321
- RESERVED
+CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...)
+ TODO: check
CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not properly san ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29081 (Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pr ...)
@@ -17728,10 +17935,10 @@ CVE-2022-28174
RESERVED
CVE-2022-28173
RESERVED
-CVE-2022-28172
- RESERVED
-CVE-2022-28171
- RESERVED
+CVE-2022-28172 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...)
+ TODO: check
+CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...)
+ TODO: check
CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...)
NOT-FOR-US: minewebcms
CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...)
@@ -17747,12 +17954,12 @@ CVE-2022-28170
RESERVED
CVE-2022-28169
RESERVED
-CVE-2022-28168
- RESERVED
-CVE-2022-28167
- RESERVED
-CVE-2022-28166
- RESERVED
+CVE-2022-28168 (In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1 ...)
+ TODO: check
+CVE-2022-28167 (Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2 ...)
+ TODO: check
+CVE-2022-28166 (In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before ...)
+ TODO: check
CVE-2022-28165 (A vulnerability in the role-based access control (RBAC) functionality ...)
NOT-FOR-US: Brocade SANnav
CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symme ...)
@@ -18037,8 +18244,8 @@ CVE-2022-1114 (A heap-use-after-free flaw was found in ImageMagick's RelinquishD
[stretch] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4947
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f
-CVE-2022-1113
- RESERVED
+CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.5.10 doe ...)
+ TODO: check
CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...)
@@ -18652,8 +18859,8 @@ CVE-2022-1096
- chromium 99.0.4844.84-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1095
- RESERVED
+CVE-2022-1095 (The Mihdan: No External Links WordPress plugin through 4.8.0 does not ...)
+ TODO: check
CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or esc ...)
@@ -20276,10 +20483,10 @@ CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to obtain
NOT-FOR-US: UNISOC
CVE-2022-1030 (Okta Advanced Server Access Client for Linux and macOS prior to versio ...)
NOT-FOR-US: Okta Advanced Server Access Client
-CVE-2022-1029
- RESERVED
-CVE-2022-1028
- RESERVED
+CVE-2022-1029 (The Limit Login Attempts WordPress plugin before 4.0.72 does not sanit ...)
+ TODO: check
+CVE-2022-1028 (The WordPress Security Firewall, Malware Scanner, Secure Login and Bac ...)
+ TODO: check
CVE-2022-27249 (An unrestricted file upload vulnerability in IdeaRE RefTree before 202 ...)
NOT-FOR-US: IdeaRE RefTree
CVE-2022-27248 (A directory traversal vulnerability in IdeaRE RefTree before 2021.09.1 ...)
@@ -20387,8 +20594,8 @@ CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s FUSE
- linux 5.16.18-1
[bullseye] - linux 5.10.106-1
NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8)
-CVE-2022-1010
- RESERVED
+CVE-2022-1010 (The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin be ...)
+ TODO: check
CVE-2022-1009 (The Smush WordPress plugin before 3.9.9 does not sanitise and escape a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does not valid ...)
@@ -22358,8 +22565,8 @@ CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstac
NOT-FOR-US: bookstack
CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0875
- RESERVED
+CVE-2022-0875 (The Google Authenticator WordPress plugin before 1.0.5 does not have C ...)
+ TODO: check
CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0873 (The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanit ...)
@@ -22508,8 +22715,8 @@ CVE-2022-26479
RESERVED
CVE-2022-26478
RESERVED
-CVE-2022-26477
- RESERVED
+CVE-2022-26477 (The Security Team noticed that the termination condition of the for lo ...)
+ TODO: check
CVE-2022-0867 (The Pricing Table WordPress plugin before 3.6.1 fails to properly sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0866 (This is a concurrency issue that can result in the wrong caller princi ...)
@@ -24807,8 +25014,8 @@ CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository mi
NOT-FOR-US: microweber
CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
-CVE-2022-0722
- RESERVED
+CVE-2022-0722 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...)
NOT-FOR-US: microweber
CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper authori ...)
@@ -29025,8 +29232,8 @@ CVE-2022-0446
RESERVED
CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie C ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0444
- RESERVED
+CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...)
+ TODO: check
CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3011-1}
- vim 2:8.2.4659-1
@@ -42050,6 +42257,7 @@ CVE-2021-44536
CVE-2021-44535
RESERVED
CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it was n ...)
+ {DSA-5170-1}
- nodejs 12.22.9~dfsg-1 (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
@@ -42057,16 +42265,19 @@ CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it
CVE-2021-44534
RESERVED
CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did ...)
+ {DSA-5170-1}
- nodejs 12.22.9~dfsg-1 (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533
NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x)
CVE-2021-44532 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 conv ...)
+ {DSA-5170-1}
- nodejs 12.22.9~dfsg-1 (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532
NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x)
CVE-2021-44531 (Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI ...)
+ {DSA-5170-1}
- nodejs 12.22.9~dfsg-1 (bug #1004177)
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531
@@ -55197,8 +55408,8 @@ CVE-2021-40943
RESERVED
CVE-2021-40942
RESERVED
-CVE-2021-40941
- RESERVED
+CVE-2021-40941 (In Bento4 1.6.0-638, there is an allocator is out of memory in the fun ...)
+ TODO: check
CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...)
NOT-FOR-US: Monstra CMS
CVE-2021-40939
@@ -55280,20 +55491,20 @@ CVE-2021-40903 (A vulnerability in Antminer Monitor 0.50.0 exists because of bac
NOT-FOR-US: Antminer
CVE-2021-40902 (flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) i ...)
NOT-FOR-US: flatCore CMS
-CVE-2021-40901
- RESERVED
-CVE-2021-40900
- RESERVED
-CVE-2021-40899
- RESERVED
-CVE-2021-40898
- RESERVED
-CVE-2021-40897
- RESERVED
-CVE-2021-40896
- RESERVED
-CVE-2021-40895
- RESERVED
+CVE-2021-40901 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-40900 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-40899 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-40898 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-40897 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-40896 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
+CVE-2021-40895 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ TODO: check
CVE-2021-40894 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
NOT-FOR-US: underscore-99xp
CVE-2021-40893 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
@@ -73211,22 +73422,22 @@ CVE-2021-33656
RESERVED
CVE-2021-33655
RESERVED
-CVE-2021-33654
- RESERVED
-CVE-2021-33653
- RESERVED
-CVE-2021-33652
- RESERVED
-CVE-2021-33651
- RESERVED
-CVE-2021-33650
- RESERVED
-CVE-2021-33649
- RESERVED
-CVE-2021-33648
- RESERVED
-CVE-2021-33647
- RESERVED
+CVE-2021-33654 (When performing the initialization operation of the Split operator, if ...)
+ TODO: check
+CVE-2021-33653 (When performing the derivation shape operation of the SpaceToBatch ope ...)
+ TODO: check
+CVE-2021-33652 (When the Reduce operator run operation is executed, if there is a valu ...)
+ TODO: check
+CVE-2021-33651 (When performing the analytical operation of the DepthwiseConv2D operat ...)
+ TODO: check
+CVE-2021-33650 (When performing the inference shape operation of the SparseToDense ope ...)
+ TODO: check
+CVE-2021-33649 (When performing the inference shape operation of the Transpose operato ...)
+ TODO: check
+CVE-2021-33648 (When performing the inference shape operation of Affine, Concat, MatMu ...)
+ TODO: check
+CVE-2021-33647 (When performing the inference shape operation of the Tile operator, if ...)
+ TODO: check
CVE-2021-33646
RESERVED
CVE-2021-33645
@@ -87811,6 +88022,7 @@ CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover
NOTE: Plasma 5.21: https://commits.kde.org/plasma/discover/94478827aab63d2e2321f0ca9ec5553718798e60
NOTE: Plasma 5.18: https://commits.kde.org/plasma/discover/fcd3b30552bf03a384b1a16f9bb8db029c111356
CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...)
+ {DSA-5171-1}
- squid 5.2-1 (bug #986804)
- squid3 <removed>
[stretch] - squid3 <postponed> (Check later when information is public)
@@ -100233,10 +100445,12 @@ CVE-2021-22962
CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...)
NOT-FOR-US: GlassWire
CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk ...)
+ {DSA-5170-1}
- nodejs 12.22.7~dfsg-1
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the heade ...)
+ {DSA-5170-1}
- nodejs 12.22.7~dfsg-1
[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959
@@ -135747,8 +135961,8 @@ CVE-2020-21163
RESERVED
CVE-2020-21162
RESERVED
-CVE-2020-21161
- RESERVED
+CVE-2020-21161 (Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ...)
+ TODO: check
CVE-2020-21160
RESERVED
CVE-2020-21159
@@ -447433,7 +447647,7 @@ CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local u
[squeeze] - suds 0.3.9-1+deb6u1
[wheezy] - suds 0.4.1-5+deb7u1
CVE-2013-2216
- RESERVED
+ REJECTED
CVE-2013-2215
REJECTED
CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does no ...)
@@ -447567,7 +447781,7 @@ CVE-2013-2181 (Cross-site scripting (XSS) vulnerability in the Directory Listing
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2180
- RESERVED
+ REJECTED
NOT-FOR-US: uk-cookie Wordpress plugin
CVE-2013-2179 (X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing ...)
- xdm <not-affected> (Not affected when PAM is used)
@@ -447886,7 +448100,7 @@ CVE-2013-2086 (The configuration loader in ownCloud 5.0.x before 5.0.6 allows re
CVE-2013-2085 (Directory traversal vulnerability in apps/files_trashbin/index.php in ...)
- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2084
- RESERVED
+ REJECTED
CVE-2013-2083 (The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10 ...)
- moodle 2.5-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1063025031ad86d9c1d3dc6ab932fb4954716d1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1063025031ad86d9c1d3dc6ab932fb4954716d1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220627/755ec58a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list