[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 21 20:10:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b31a24e by security tracker role at 2022-03-21T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,499 @@
+CVE-2022-27492
+ RESERVED
+CVE-2022-27491
+ RESERVED
+CVE-2022-27490
+ RESERVED
+CVE-2022-27489
+ RESERVED
+CVE-2022-27488
+ RESERVED
+CVE-2022-27487
+ RESERVED
+CVE-2022-27486
+ RESERVED
+CVE-2022-27485
+ RESERVED
+CVE-2022-27484
+ RESERVED
+CVE-2022-27483
+ RESERVED
+CVE-2022-27482
+ RESERVED
+CVE-2022-27481
+ RESERVED
+CVE-2022-27480
+ RESERVED
+CVE-2022-27479
+ RESERVED
+CVE-2022-27478
+ RESERVED
+CVE-2022-27477
+ RESERVED
+CVE-2022-27476
+ RESERVED
+CVE-2022-27475
+ RESERVED
+CVE-2022-27474
+ RESERVED
+CVE-2022-27473
+ RESERVED
+CVE-2022-27472
+ RESERVED
+CVE-2022-27471
+ RESERVED
+CVE-2022-27470
+ RESERVED
+CVE-2022-27469
+ RESERVED
+CVE-2022-27468
+ RESERVED
+CVE-2022-27467
+ RESERVED
+CVE-2022-27466
+ RESERVED
+CVE-2022-27465
+ RESERVED
+CVE-2022-27464
+ RESERVED
+CVE-2022-27463
+ RESERVED
+CVE-2022-27462
+ RESERVED
+CVE-2022-27461
+ RESERVED
+CVE-2022-27460
+ RESERVED
+CVE-2022-27459
+ RESERVED
+CVE-2022-27458
+ RESERVED
+CVE-2022-27457
+ RESERVED
+CVE-2022-27456
+ RESERVED
+CVE-2022-27455
+ RESERVED
+CVE-2022-27454
+ RESERVED
+CVE-2022-27453
+ RESERVED
+CVE-2022-27452
+ RESERVED
+CVE-2022-27451
+ RESERVED
+CVE-2022-27450
+ RESERVED
+CVE-2022-27449
+ RESERVED
+CVE-2022-27448
+ RESERVED
+CVE-2022-27447
+ RESERVED
+CVE-2022-27446
+ RESERVED
+CVE-2022-27445
+ RESERVED
+CVE-2022-27444
+ RESERVED
+CVE-2022-27443
+ RESERVED
+CVE-2022-27442
+ RESERVED
+CVE-2022-27441
+ RESERVED
+CVE-2022-27440
+ RESERVED
+CVE-2022-27439
+ RESERVED
+CVE-2022-27438
+ RESERVED
+CVE-2022-27437
+ RESERVED
+CVE-2022-27436
+ RESERVED
+CVE-2022-27435
+ RESERVED
+CVE-2022-27434
+ RESERVED
+CVE-2022-27433
+ RESERVED
+CVE-2022-27432
+ RESERVED
+CVE-2022-27431
+ RESERVED
+CVE-2022-27430
+ RESERVED
+CVE-2022-27429
+ RESERVED
+CVE-2022-27428
+ RESERVED
+CVE-2022-27427
+ RESERVED
+CVE-2022-27426
+ RESERVED
+CVE-2022-27425
+ RESERVED
+CVE-2022-27424
+ RESERVED
+CVE-2022-27423
+ RESERVED
+CVE-2022-27422
+ RESERVED
+CVE-2022-27421
+ RESERVED
+CVE-2022-27420
+ RESERVED
+CVE-2022-27419
+ RESERVED
+CVE-2022-27418
+ RESERVED
+CVE-2022-27417
+ RESERVED
+CVE-2022-27416
+ RESERVED
+CVE-2022-27415
+ RESERVED
+CVE-2022-27414
+ RESERVED
+CVE-2022-27413
+ RESERVED
+CVE-2022-27412
+ RESERVED
+CVE-2022-27411
+ RESERVED
+CVE-2022-27410
+ RESERVED
+CVE-2022-27409
+ RESERVED
+CVE-2022-27408
+ RESERVED
+CVE-2022-27407
+ RESERVED
+CVE-2022-27406
+ RESERVED
+CVE-2022-27405
+ RESERVED
+CVE-2022-27404
+ RESERVED
+CVE-2022-27403
+ RESERVED
+CVE-2022-27402
+ RESERVED
+CVE-2022-27401
+ RESERVED
+CVE-2022-27400
+ RESERVED
+CVE-2022-27399
+ RESERVED
+CVE-2022-27398
+ RESERVED
+CVE-2022-27397
+ RESERVED
+CVE-2022-27396
+ RESERVED
+CVE-2022-27395
+ RESERVED
+CVE-2022-27394
+ RESERVED
+CVE-2022-27393
+ RESERVED
+CVE-2022-27392
+ RESERVED
+CVE-2022-27391
+ RESERVED
+CVE-2022-27390
+ RESERVED
+CVE-2022-27389
+ RESERVED
+CVE-2022-27388
+ RESERVED
+CVE-2022-27387
+ RESERVED
+CVE-2022-27386
+ RESERVED
+CVE-2022-27385
+ RESERVED
+CVE-2022-27384
+ RESERVED
+CVE-2022-27383
+ RESERVED
+CVE-2022-27382
+ RESERVED
+CVE-2022-27381
+ RESERVED
+CVE-2022-27380
+ RESERVED
+CVE-2022-27379
+ RESERVED
+CVE-2022-27378
+ RESERVED
+CVE-2022-27377
+ RESERVED
+CVE-2022-27376
+ RESERVED
+CVE-2022-27375
+ RESERVED
+CVE-2022-27374
+ RESERVED
+CVE-2022-27373
+ RESERVED
+CVE-2022-27372
+ RESERVED
+CVE-2022-27371
+ RESERVED
+CVE-2022-27370
+ RESERVED
+CVE-2022-27369
+ RESERVED
+CVE-2022-27368
+ RESERVED
+CVE-2022-27367
+ RESERVED
+CVE-2022-27366
+ RESERVED
+CVE-2022-27365
+ RESERVED
+CVE-2022-27364
+ RESERVED
+CVE-2022-27363
+ RESERVED
+CVE-2022-27362
+ RESERVED
+CVE-2022-27361
+ RESERVED
+CVE-2022-27360
+ RESERVED
+CVE-2022-27359
+ RESERVED
+CVE-2022-27358
+ RESERVED
+CVE-2022-27357
+ RESERVED
+CVE-2022-27356
+ RESERVED
+CVE-2022-27355
+ RESERVED
+CVE-2022-27354
+ RESERVED
+CVE-2022-27353
+ RESERVED
+CVE-2022-27352
+ RESERVED
+CVE-2022-27351
+ RESERVED
+CVE-2022-27350
+ RESERVED
+CVE-2022-27349
+ RESERVED
+CVE-2022-27348
+ RESERVED
+CVE-2022-27347
+ RESERVED
+CVE-2022-27346
+ RESERVED
+CVE-2022-27345
+ RESERVED
+CVE-2022-27344
+ RESERVED
+CVE-2022-27343
+ RESERVED
+CVE-2022-27342
+ RESERVED
+CVE-2022-27341
+ RESERVED
+CVE-2022-27340
+ RESERVED
+CVE-2022-27339
+ RESERVED
+CVE-2022-27338
+ RESERVED
+CVE-2022-27337
+ RESERVED
+CVE-2022-27336
+ RESERVED
+CVE-2022-27335
+ RESERVED
+CVE-2022-27334
+ RESERVED
+CVE-2022-27333
+ RESERVED
+CVE-2022-27332
+ RESERVED
+CVE-2022-27331
+ RESERVED
+CVE-2022-27330
+ RESERVED
+CVE-2022-27329
+ RESERVED
+CVE-2022-27328
+ RESERVED
+CVE-2022-27327
+ RESERVED
+CVE-2022-27326
+ RESERVED
+CVE-2022-27325
+ RESERVED
+CVE-2022-27324
+ RESERVED
+CVE-2022-27323
+ RESERVED
+CVE-2022-27322
+ RESERVED
+CVE-2022-27321
+ RESERVED
+CVE-2022-27320
+ RESERVED
+CVE-2022-27319
+ RESERVED
+CVE-2022-27318
+ RESERVED
+CVE-2022-27317
+ RESERVED
+CVE-2022-27316
+ RESERVED
+CVE-2022-27315
+ RESERVED
+CVE-2022-27314
+ RESERVED
+CVE-2022-27313
+ RESERVED
+CVE-2022-27312
+ RESERVED
+CVE-2022-27311
+ RESERVED
+CVE-2022-27310
+ RESERVED
+CVE-2022-27309
+ RESERVED
+CVE-2022-27308
+ RESERVED
+CVE-2022-27307
+ RESERVED
+CVE-2022-27306
+ RESERVED
+CVE-2022-27305
+ RESERVED
+CVE-2022-27304
+ RESERVED
+CVE-2022-27303
+ RESERVED
+CVE-2022-27302
+ RESERVED
+CVE-2022-27301
+ RESERVED
+CVE-2022-27300
+ RESERVED
+CVE-2022-27299
+ RESERVED
+CVE-2022-27298
+ RESERVED
+CVE-2022-27297
+ RESERVED
+CVE-2022-27296
+ RESERVED
+CVE-2022-27295
+ RESERVED
+CVE-2022-27294
+ RESERVED
+CVE-2022-27293
+ RESERVED
+CVE-2022-27292
+ RESERVED
+CVE-2022-27291
+ RESERVED
+CVE-2022-27290
+ RESERVED
+CVE-2022-27289
+ RESERVED
+CVE-2022-27288
+ RESERVED
+CVE-2022-27287
+ RESERVED
+CVE-2022-27286
+ RESERVED
+CVE-2022-27285
+ RESERVED
+CVE-2022-27284
+ RESERVED
+CVE-2022-27283
+ RESERVED
+CVE-2022-27282
+ RESERVED
+CVE-2022-27281
+ RESERVED
+CVE-2022-27280
+ RESERVED
+CVE-2022-27279
+ RESERVED
+CVE-2022-27278
+ RESERVED
+CVE-2022-27277
+ RESERVED
+CVE-2022-27276
+ RESERVED
+CVE-2022-27275
+ RESERVED
+CVE-2022-27274
+ RESERVED
+CVE-2022-27273
+ RESERVED
+CVE-2022-27272
+ RESERVED
+CVE-2022-27271
+ RESERVED
+CVE-2022-27270
+ RESERVED
+CVE-2022-27269
+ RESERVED
+CVE-2022-27268
+ RESERVED
+CVE-2022-27267
+ RESERVED
+CVE-2022-27266
+ RESERVED
+CVE-2022-27265
+ RESERVED
+CVE-2022-27264
+ RESERVED
+CVE-2022-27263
+ RESERVED
+CVE-2022-27262
+ RESERVED
+CVE-2022-27261
+ RESERVED
+CVE-2022-27260
+ RESERVED
+CVE-2022-27259
+ RESERVED
+CVE-2022-27232
+ RESERVED
+CVE-2022-27179
+ RESERVED
+CVE-2022-26519
+ RESERVED
+CVE-2022-26516
+ RESERVED
+CVE-2022-26419
+ RESERVED
+CVE-2022-26417
+ RESERVED
+CVE-2022-26022
+ RESERVED
+CVE-2022-25959
+ RESERVED
+CVE-2022-1037
+ RESERVED
+CVE-2022-1036
+ RESERVED
+CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...)
+ TODO: check
+CVE-2022-1034
+ RESERVED
+CVE-2022-1033
+ RESERVED
+CVE-2022-1032
+ RESERVED
CVE-2022-1031
RESERVED
CVE-2022-27258
@@ -115,8 +611,8 @@ CVE-2022-1006
RESERVED
CVE-2022-1005
RESERVED
-CVE-2022-1004
- RESERVED
+CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...)
+ TODO: check
CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to proper ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...)
@@ -924,8 +1420,8 @@ CVE-2022-26962
RESERVED
CVE-2022-26961
RESERVED
-CVE-2022-26960
- RESERVED
+CVE-2022-26960 (connector.minimal.php in std42 elFinder through 2.1.60 is affected by ...)
+ TODO: check
CVE-2022-26959
RESERVED
CVE-2022-26958
@@ -2034,8 +2530,8 @@ CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow w
{DSA-5100-1 DLA-2944-1}
- nbd 1:3.24-1 (bug #1006915)
NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html
-CVE-2022-26494
- RESERVED
+CVE-2022-26494 (An XSS was identified in the Admin Web interface of PrimeKey SignServe ...)
+ TODO: check
CVE-2022-26493
RESERVED
CVE-2022-26492
@@ -2358,7 +2854,7 @@ CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-ligh
NOT-FOR-US: pytorchlightning
CVE-2022-26387
RESERVED
- {DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -2367,7 +2863,7 @@ CVE-2022-26387
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387
CVE-2022-26386
RESERVED
- {DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2942-1}
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386
@@ -2378,7 +2874,7 @@ CVE-2022-26385
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385
CVE-2022-26384
RESERVED
- {DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -2387,7 +2883,7 @@ CVE-2022-26384
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384
CVE-2022-26383
RESERVED
- {DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -2400,7 +2896,7 @@ CVE-2022-26382
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382
CVE-2022-26381
RESERVED
- {DSA-5097-1 DLA-2942-1}
+ {DSA-5106-1 DSA-5097-1 DLA-2942-1}
- firefox 98.0-1
- firefox-esr 91.7.0esr-1
- thunderbird 1:91.7.0-1
@@ -3303,8 +3799,8 @@ CVE-2022-26088
RESERVED
CVE-2022-0761
RESERVED
-CVE-2022-0760
- RESERVED
+CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...)
+ TODO: check
CVE-2022-0759
RESERVED
CVE-2022-26085
@@ -3619,8 +4115,8 @@ CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper Input
TODO: check
CVE-2022-25767
RESERVED
-CVE-2022-25766
- RESERVED
+CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...)
+ TODO: check
CVE-2022-25765
RESERVED
CVE-2022-25764
@@ -3832,8 +4328,8 @@ CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The socke
NOT-FOR-US: SinGooCMS
CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Ex ...)
TODO: check
-CVE-2022-0747
- RESERVED
+CVE-2022-0747 (The Infographic Maker WordPress plugin before 4.3.8 does not validate ...)
+ TODO: check
CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...)
- dolibarr <removed>
CVE-2022-0745
@@ -3920,8 +4416,8 @@ CVE-2022-0741
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0740
RESERVED
-CVE-2022-0739
- RESERVED
+CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...)
+ TODO: check
CVE-2022-0738
RESERVED
- gitlab <not-affected> (Vulnerable code introduced later)
@@ -4540,8 +5036,8 @@ CVE-2022-25572
RESERVED
CVE-2022-25571
RESERVED
-CVE-2022-25570
- RESERVED
+CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...)
+ TODO: check
CVE-2022-25569
RESERVED
CVE-2022-25568
@@ -4977,8 +5473,8 @@ CVE-2022-25370
RESERVED
CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handl ...)
NOT-FOR-US: EC-CUBE
-CVE-2022-0694
- RESERVED
+CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0 does not v ...)
+ TODO: check
CVE-2022-0693
RESERVED
CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
@@ -4999,8 +5495,8 @@ CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/mic
NOT-FOR-US: microweber
CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
-CVE-2022-0687
- RESERVED
+CVE-2022-0687 (The Amelia WordPress plugin before 1.0.47 stores image blobs into actu ...)
+ TODO: check
CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
- node-url-parse 1.5.9+~1.4.8-1
[stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
@@ -5132,8 +5628,8 @@ CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulne
NOT-FOR-US: WordPress plugin
CVE-2022-0682
RESERVED
-CVE-2022-0681
- RESERVED
+CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not have CSRF ...)
+ TODO: check
CVE-2022-0680
RESERVED
CVE-2022-0679
@@ -5423,8 +5919,8 @@ CVE-2022-0642
RESERVED
CVE-2022-0641
RESERVED
-CVE-2022-0640
- RESERVED
+CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...)
+ TODO: check
CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
- node-url-parse 1.5.7-1
[bullseye] - node-url-parse <no-dsa> (Minor issue)
@@ -5468,10 +5964,10 @@ CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397)
-CVE-2022-0628
- RESERVED
-CVE-2022-0627
- RESERVED
+CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize and esca ...)
+ TODO: check
+CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and escape ...)
+ TODO: check
CVE-2022-0626
RESERVED
CVE-2022-0625
@@ -5598,8 +6094,8 @@ CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file syst
- linux 5.16.7-1
NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
-CVE-2022-0616
- RESERVED
+CVE-2022-0616 (The Amelia WordPress plugin before 1.0.47 does not have CSRF check in ...)
+ TODO: check
CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products for Lin ...)
NOT-FOR-US: ESET
CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
@@ -5813,10 +6309,10 @@ CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 include
NOT-FOR-US: WordPress plugin
CVE-2022-0592
RESERVED
-CVE-2022-0591
- RESERVED
-CVE-2022-0590
- RESERVED
+CVE-2022-0591 (The FormCraft WordPress plugin before 3.8.28 does not validate the URL ...)
+ TODO: check
+CVE-2022-0590 (The BulletProof Security WordPress plugin before 5.8 does not sanitise ...)
+ TODO: check
CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
NOT-FOR-US: LibreNMS
CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
@@ -6711,8 +7207,8 @@ CVE-2022-24777
RESERVED
CVE-2022-24776
RESERVED
-CVE-2022-24775
- RESERVED
+CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...)
+ TODO: check
CVE-2022-24774
RESERVED
CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
@@ -6735,8 +7231,8 @@ CVE-2022-24768
RESERVED
CVE-2022-24767
RESERVED
-CVE-2022-24766
- RESERVED
+CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...)
+ TODO: check
CVE-2022-24765
RESERVED
CVE-2022-24764
@@ -7197,8 +7693,8 @@ CVE-2022-24658
RESERVED
CVE-2022-24657
RESERVED
-CVE-2022-24656
- RESERVED
+CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting ...)
+ TODO: check
CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear ...)
NOT-FOR-US: Netgear
CVE-2022-24654
@@ -7708,10 +8204,10 @@ CVE-2022-22147
RESERVED
CVE-2022-21130
RESERVED
-CVE-2022-0515
- RESERVED
-CVE-2022-0514
- RESERVED
+CVE-2022-0515 (Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/ ...)
+ TODO: check
+CVE-2022-0514 (Business Logic Errors in GitHub repository crater-invoice/crater prior ...)
+ TODO: check
CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
@@ -8082,8 +8578,8 @@ CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
NOTE: https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b
-CVE-2022-0475
- RESERVED
+CVE-2022-0475 (Malicious translator is able to inject JavaScript code in few translat ...)
+ TODO: check
CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...)
NOT-FOR-US: OTRS
NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
@@ -8110,6 +8606,7 @@ CVE-2022-24303
NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1)
CVE-2022-24302 (In Paramiko before 2.10.1, a race condition (between creation and chmo ...)
+ {DLA-2959-1}
- paramiko <unfixed> (bug #1008012)
NOTE: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1)
CVE-2022-24296
@@ -8428,8 +8925,8 @@ CVE-2022-0425
RESERVED
CVE-2022-0424
RESERVED
-CVE-2022-0423
- RESERVED
+CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...)
+ TODO: check
CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0421
@@ -8508,12 +9005,12 @@ CVE-2022-24239
RESERVED
CVE-2022-24238
RESERVED
-CVE-2022-24237
- RESERVED
-CVE-2022-24236
- RESERVED
-CVE-2022-24235
- RESERVED
+CVE-2022-24237 (The snaptPowered2 component of Snapt Aria v12.8 was discovered to cont ...)
+ TODO: check
+CVE-2022-24236 (An insecure permissions vulnerability in Snapt Aria v12.8 allows unaut ...)
+ TODO: check
+CVE-2022-24235 (A Cross-Site Request Forgery (CSRF) in the management portal of Snapt ...)
+ TODO: check
CVE-2022-24234
RESERVED
CVE-2022-24233
@@ -8739,8 +9236,8 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2
NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245)
CVE-2022-0416
RESERVED
-CVE-2022-0415
- RESERVED
+CVE-2022-0415 (Remote Command Execution in uploading repository file in GitHub reposi ...)
+ TODO: check
CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...)
{DLA-2913-1}
- xterm 370-2 (bug #1004689)
@@ -9599,8 +10096,8 @@ CVE-2022-0366 (An authenticated and authorized agent user could potentially gain
NOT-FOR-US: Sophos
CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...)
NOT-FOR-US: Ricon Mobile
-CVE-2022-0364
- RESERVED
+CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not ...)
+ TODO: check
CVE-2022-0363
RESERVED
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
@@ -12254,8 +12751,8 @@ CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
NOT-FOR-US: livehelperchat
CVE-2022-0230 (The Better WordPress Google XML Sitemaps WordPress plugin through 1.4. ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0229
- RESERVED
+CVE-2022-0229 (The miniOrange's Google Authenticator WordPress plugin before 5.5 does ...)
+ TODO: check
CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46304
@@ -15137,8 +15634,8 @@ CVE-2022-22396
RESERVED
CVE-2022-22395
RESERVED
-CVE-2022-22394
- RESERVED
+CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote attack ...)
+ TODO: check
CVE-2022-22393
RESERVED
CVE-2022-22392
@@ -16355,12 +16852,12 @@ CVE-2021-45880
RESERVED
CVE-2021-45879
RESERVED
-CVE-2021-45878
- RESERVED
-CVE-2021-45877
- RESERVED
-CVE-2021-45876
- RESERVED
+CVE-2021-45878 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrec ...)
+ TODO: check
+CVE-2021-45877 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard cod ...)
+ TODO: check
+CVE-2021-45876 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthen ...)
+ TODO: check
CVE-2021-45875
RESERVED
CVE-2021-45874
@@ -18869,8 +19366,8 @@ CVE-2021-45119
RESERVED
CVE-2021-45118
RESERVED
-CVE-2021-45117
- RESERVED
+CVE-2021-45117 (The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not hand ...)
+ TODO: check
CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
- python-django 2:3.2.11-1 (bug #1003113)
[bullseye] - python-django <postponed> (Minor issue; fix in next update)
@@ -45682,8 +46179,8 @@ CVE-2021-36102
RESERVED
CVE-2021-36101
RESERVED
-CVE-2021-36100
- RESERVED
+CVE-2021-36100 (Specially crafted string in OTRS system configuration can allow the ex ...)
+ TODO: check
CVE-2021-36099
RESERVED
CVE-2021-36098
@@ -73896,8 +74393,8 @@ CVE-2021-25021 (The OMGF | Host Google Fonts Locally WordPress plugin before 4.5
NOT-FOR-US: WordPress plugin
CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25019
- RESERVED
+CVE-2021-25019 (The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does no ...)
+ TODO: check
CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...)
@@ -74124,8 +74621,8 @@ CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugi
NOT-FOR-US: WordPress plugin
CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not check for ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24905
- RESERVED
+CVE-2021-24905 (The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not ...)
+ TODO: check
CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24903 (The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise ...)
@@ -74412,7 +74909,7 @@ CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have p
NOT-FOR-US: WordPress plugin
CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...)
+CVE-2021-24761 (The Error Log Viewer WordPress plugin before 1.1.2 does not perform no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...)
NOT-FOR-US: WordPress plugin
@@ -105951,8 +106448,8 @@ CVE-2020-24774
RESERVED
CVE-2020-24773
RESERVED
-CVE-2020-24772
- RESERVED
+CVE-2020-24772 (In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a we ...)
+ TODO: check
CVE-2020-24771
RESERVED
CVE-2020-24770
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b31a24e32e6de27e121bd4e7446587b6af7e517
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b31a24e32e6de27e121bd4e7446587b6af7e517
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220321/12e8a1bb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list