[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 28 21:10:42 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56889653 by security tracker role at 2022-03-28T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2022-28128
+ RESERVED
+CVE-2022-27496
+ RESERVED
+CVE-2022-25348
+ RESERVED
+CVE-2022-1122
+ RESERVED
+CVE-2022-1121
+ RESERVED
+CVE-2022-1120
+ RESERVED
+CVE-2022-1119
+ RESERVED
+CVE-2022-1118
+ RESERVED
+CVE-2022-1117
+ RESERVED
+CVE-2022-1116
+ RESERVED
+CVE-2022-1115
+ RESERVED
+CVE-2022-1114
+ RESERVED
+CVE-2022-1113
+ RESERVED
+CVE-2022-1112
+ RESERVED
+CVE-2022-1111
+ RESERVED
+CVE-2020-36520
+ RESERVED
CVE-2022-28125
RESERVED
CVE-2022-28124
@@ -1084,8 +1116,8 @@ CVE-2022-27664
RESERVED
CVE-2022-27663
RESERVED
-CVE-2022-27658
- RESERVED
+CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...)
+ TODO: check
CVE-2022-27657
RESERVED
CVE-2022-27656
@@ -1102,8 +1134,8 @@ CVE-2022-26420
RESERVED
CVE-2022-26075
RESERVED
-CVE-2022-1056
- RESERVED
+CVE-2022-1056 (Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...)
+ TODO: check
CVE-2022-XXXX [Possible man-in-the-middle attack in TLS connection to servers]
- weechat 3.4.1-1
[stretch] - weechat <not-affected> (Vulnerable code introduced later)
@@ -2848,8 +2880,8 @@ CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpco
[bullseye] - liblouis <no-dsa> (Minor issue)
[buster] - liblouis <no-dsa> (Minor issue)
NOTE: https://github.com/liblouis/liblouis/issues/1171
-CVE-2022-26980
- RESERVED
+CVE-2022-26980 (Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. ...)
+ TODO: check
CVE-2022-0942 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
NOT-FOR-US: ShowDoc
CVE-2022-0941 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...)
@@ -4347,8 +4379,8 @@ CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe bu
NOTE: https://git.kernel.org/linus/9d2231c5d74e13b2a0546fee6737ee4446017903 (5.17-rc6)
NOTE: https://www.openwall.com/lists/oss-security/2022/03/07/1
NOTE: https://dirtypipe.cm4all.com/
-CVE-2022-0846
- RESERVED
+CVE-2022-0846 (The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does n ...)
+ TODO: check
CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-lightning ...)
NOT-FOR-US: pytorchlightning
CVE-2022-26387
@@ -4475,8 +4507,8 @@ CVE-2022-0835
RESERVED
CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0833
- RESERVED
+CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have authori ...)
+ TODO: check
CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -4563,8 +4595,8 @@ CVE-2022-0820 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardc
NOT-FOR-US: Orchard CMS
CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. ...)
- dolibarr <removed>
-CVE-2022-0818
- RESERVED
+CVE-2022-0818 (The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does ...)
+ TODO: check
CVE-2022-0817
RESERVED
CVE-2022-0816
@@ -5103,14 +5135,14 @@ CVE-2022-0789
NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
CVE-2022-0788
RESERVED
-CVE-2022-0787
- RESERVED
+CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...)
+ TODO: check
CVE-2022-0786
RESERVED
CVE-2022-0785
RESERVED
-CVE-2022-0784
- RESERVED
+CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...)
+ TODO: check
CVE-2022-0783
RESERVED
CVE-2022-0782
@@ -5141,8 +5173,8 @@ CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms
NOT-FOR-US: LibreNMS
CVE-2022-0771
RESERVED
-CVE-2022-0770
- RESERVED
+CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...)
+ TODO: check
CVE-2022-0769
RESERVED
CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltub ...)
@@ -5836,8 +5868,7 @@ CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository hesti
NOT-FOR-US: Hestia Control Panel
CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hes ...)
NOT-FOR-US: Hestia Control Panel
-CVE-2022-0751
- RESERVED
+CVE-2022-0751 (Inaccurate display of Snippet files containing special characters in a ...)
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
@@ -5937,16 +5968,14 @@ CVE-2022-0740
RESERVED
CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0738
- RESERVED
+CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
CVE-2022-0737
RESERVED
CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...)
NOT-FOR-US: mlflow
-CVE-2022-0735
- RESERVED
+CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
@@ -6317,8 +6346,8 @@ CVE-2022-0722
RESERVED
CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...)
NOT-FOR-US: microweber
-CVE-2022-0720
- RESERVED
+CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper authori ...)
+ TODO: check
CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
CVE-2022-0718
@@ -7156,10 +7185,10 @@ CVE-2022-0682
RESERVED
CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0680
- RESERVED
-CVE-2022-0679
- RESERVED
+CVE-2022-0680 (The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing u ...)
+ TODO: check
+CVE-2022-0679 (The Narnoo Distributor WordPress plugin through 2.5.1 fails to validat ...)
+ TODO: check
CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
NOT-FOR-US: microweber
CVE-2022-0677
@@ -7435,8 +7464,8 @@ CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x seri
NOT-FOR-US: a-blog cms
CVE-2022-0648 (The Team Circle Image Slider With Lightbox WordPress plugin before 1.0 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0647
- RESERVED
+CVE-2022-0647 (The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and ...)
+ TODO: check
CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
@@ -7449,12 +7478,12 @@ CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
[bullseye] - linux 5.10.84-1
[stretch] - linux 4.9.290-1
NOTE: https://git.kernel.org/linus/032146cda85566abcd1c4884d9d23e4e30a07e9a (5.15-rc7)
-CVE-2022-0643
- RESERVED
+CVE-2022-0643 (The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and e ...)
+ TODO: check
CVE-2022-0642
RESERVED
-CVE-2022-0641
- RESERVED
+CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not sanitize and ...)
+ TODO: check
CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
@@ -7600,12 +7629,12 @@ CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
NOTE: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580
CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...)
NOT-FOR-US: snipe-it
-CVE-2022-0621
- RESERVED
-CVE-2022-0620
- RESERVED
-CVE-2022-0619
- RESERVED
+CVE-2022-0621 (The dTabs WordPress plugin through 1.4 does not sanitize and escape th ...)
+ TODO: check
+CVE-2022-0620 (The Delete Old Orders WordPress plugin through 0.2 does not sanitize a ...)
+ TODO: check
+CVE-2022-0619 (The Database Peek WordPress plugin through 1.2 does not sanitize and e ...)
+ TODO: check
CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
NOT-FOR-US: Jenkins Chef Sinatra Plugin
CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
@@ -7830,18 +7859,18 @@ CVE-2022-0602
RESERVED
CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0600
- RESERVED
-CVE-2022-0599
- RESERVED
+CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not saniti ...)
+ TODO: check
+CVE-2022-0599 (The Mapping Multiple URLs Redirect Same Page WordPress plugin through ...)
+ TODO: check
CVE-2022-0598
RESERVED
CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
NOT-FOR-US: microweber
CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
NOT-FOR-US: microweber
-CVE-2022-0595
- RESERVED
+CVE-2022-0595 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 ...)
+ TODO: check
CVE-2022-0594
RESERVED
CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 includes a f ...)
@@ -8790,6 +8819,7 @@ CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
CVE-2022-24765
RESERVED
CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- pjproject <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
@@ -8831,6 +8861,7 @@ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recove
NOTE: https://github.com/bareos/bareos/pull/1121
NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
NOTE: https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
@@ -9029,8 +9060,7 @@ CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in
NOT-FOR-US: Nozomi Networks
CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upload i ...)
NOT-FOR-US: Nozomi Networks
-CVE-2022-0549
- RESERVED
+CVE-2022-0549 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
@@ -9815,8 +9845,8 @@ CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/bea
CVE-2022-0500 (A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leadi ...)
- linux 5.16.10-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
-CVE-2022-0499
- RESERVED
+CVE-2022-0499 (The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF ...)
+ TODO: check
CVE-2022-0498
REJECTED
CVE-2022-0497
@@ -9834,8 +9864,8 @@ CVE-2022-0495
CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...)
- linux 5.16.14-1
NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5)
-CVE-2022-0493
- RESERVED
+CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not properly val ...)
+ TODO: check
CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...)
- atftp 0.7.git20210915-1 (bug #1004974)
[bullseye] - atftp 0.7.git20120829-3.3+deb11u2
@@ -9897,8 +9927,8 @@ CVE-2022-0489
[experimental] - gitlab 14.6.5+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
-CVE-2022-0488
- RESERVED
+CVE-2022-0488 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST s ...)
NOT-FOR-US: SAP
CVE-2022-24398 (Under certain conditions SAP Business Objects Business Intelligence Pl ...)
@@ -10125,8 +10155,8 @@ CVE-2022-0480
[stretch] - linux <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700
NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)
-CVE-2022-0479
- RESERVED
+CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise and ...)
+ TODO: check
CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0477
@@ -10312,8 +10342,8 @@ CVE-2022-0452
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
NOT-FOR-US: Dart SDK
-CVE-2022-0450
- RESERVED
+CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not ...)
+ TODO: check
CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and escape va ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...)
@@ -10480,8 +10510,8 @@ CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress pl
NOT-FOR-US: WordPress plugin
CVE-2022-0428
RESERVED
-CVE-2022-0427
- RESERVED
+CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...)
+ TODO: check
CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0425
@@ -10930,10 +10960,10 @@ CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin befo
NOT-FOR-US: WordPress plugin
CVE-2022-0398
RESERVED
-CVE-2022-0397
- RESERVED
-CVE-2018-25030
- RESERVED
+CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 d ...)
+ TODO: check
+CVE-2018-25030 (A vulnerability classified as problematic has been found in Mirmay Sec ...)
+ TODO: check
CVE-2017-20016
RESERVED
CVE-2017-20015
@@ -10946,8 +10976,8 @@ CVE-2017-20012
RESERVED
CVE-2017-20011
RESERVED
-CVE-2015-10002
- RESERVED
+CVE-2015-10002 (A vulnerability classified as problematic has been found in Kiddoware ...)
+ TODO: check
CVE-2010-10001
RESERVED
CVE-2008-10001
@@ -11181,8 +11211,8 @@ CVE-2022-0390
RESERVED
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0388
- RESERVED
+CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin through ...)
+ TODO: check
CVE-2021-4217 [Null pointer dereference in Unicode strings code]
RESERVED
- unzip <unfixed> (unimportant)
@@ -11614,8 +11644,8 @@ CVE-2022-23949
RESERVED
CVE-2022-23948
RESERVED
-CVE-2022-0371
- RESERVED
+CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0369
@@ -11839,12 +11869,12 @@ CVE-2022-23886
RESERVED
CVE-2022-23885
RESERVED
-CVE-2022-23884
- RESERVED
+CVE-2022-23884 (Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overf ...)
+ TODO: check
CVE-2022-23883
RESERVED
-CVE-2022-23882
- RESERVED
+CVE-2022-23882 (TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\B ...)
+ TODO: check
CVE-2022-23881 (ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execut ...)
NOT-FOR-US: zzzcms
CVE-2022-23880 (An arbitrary file upload vulnerability in the File Management function ...)
@@ -11900,12 +11930,12 @@ CVE-2022-0346
RESERVED
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0344
- RESERVED
+CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-0343
RESERVED
-CVE-2022-0342
- RESERVED
+CVE-2022-0342 (An authentication bypass vulnerability in the CGI program of Zyxel USG ...)
+ TODO: check
CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...)
NOT-FOR-US: Issabel
CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...)
@@ -12154,10 +12184,10 @@ CVE-2021-46436
RESERVED
CVE-2021-46435
RESERVED
-CVE-2021-46434
- RESERVED
-CVE-2021-46433
- RESERVED
+CVE-2021-46434 (** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by ...)
+ TODO: check
+CVE-2021-46433 (In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template ...)
+ TODO: check
CVE-2021-46432
RESERVED
CVE-2021-46431
@@ -12961,6 +12991,7 @@ CVE-2022-23610 (wire-server provides back end services for Wire, an open source
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
@@ -13467,8 +13498,8 @@ CVE-2022-0284
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045943
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7
-CVE-2022-0283
- RESERVED
+CVE-2022-0283 (An issue has been discovered affecting GitLab versions prior to 13.5. ...)
+ TODO: check
CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
NOT-FOR-US: microweber
CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
@@ -14072,8 +14103,8 @@ CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2022-0250
RESERVED
-CVE-2022-0249
- RESERVED
+CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...)
+ TODO: check
CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...)
@@ -14422,8 +14453,8 @@ CVE-2022-0223
RESERVED
CVE-2022-0222
RESERVED
-CVE-2022-0221
- RESERVED
+CVE-2022-0221 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...)
+ TODO: check
CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
@@ -16340,8 +16371,8 @@ CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions
NOT-FOR-US: Airspan Networks
CVE-2022-0137
RESERVED
-CVE-2022-0136
- RESERVED
+CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...)
+ TODO: check
CVE-2022-0135 [out-of-bounds write in read_transfer_data()]
RESERVED
- virglrenderer <undetermined>
@@ -16468,8 +16499,8 @@ CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <unfixed>
CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
- gitlab <unfixed>
-CVE-2022-0123
- RESERVED
+CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
+ TODO: check
CVE-2021-4200
RESERVED
CVE-2022-22677
@@ -18097,8 +18128,7 @@ CVE-2021-4192 (vim is vulnerable to Use After Free ...)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949)
-CVE-2021-4191
- RESERVED
+CVE-2021-4191 (An issue has been discovered in GitLab CE/EE affecting versions 13.0 t ...)
[experimental] - gitlab 14.6.5+ds1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
@@ -24362,8 +24392,8 @@ CVE-2021-44126
RESERVED
CVE-2021-44125
RESERVED
-CVE-2021-44124
- RESERVED
+CVE-2021-44124 (Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Trave ...)
+ TODO: check
CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...)
{DSA-5028-1 DLA-2867-1}
- spip 3.2.12-1
@@ -24421,8 +24451,8 @@ CVE-2021-44105
RESERVED
CVE-2021-44104
RESERVED
-CVE-2021-44103
- RESERVED
+CVE-2021-44103 (Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to high ...)
+ TODO: check
CVE-2021-44102
RESERVED
CVE-2021-44101
@@ -24931,6 +24961,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole wa
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2)
CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
@@ -24940,6 +24971,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
@@ -25463,6 +25495,7 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
NOT-FOR-US: solidus_frontend
CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
@@ -25565,6 +25598,7 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
@@ -26630,16 +26664,16 @@ CVE-2021-43727
RESERVED
CVE-2021-43726
RESERVED
-CVE-2021-43725
- RESERVED
+CVE-2021-43725 (There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login. ...)
+ TODO: check
CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS throug ...)
NOT-FOR-US: Subrion CMS
CVE-2021-43723
RESERVED
CVE-2021-43722
RESERVED
-CVE-2021-43721
- RESERVED
+CVE-2021-43721 (Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markd ...)
+ TODO: check
CVE-2021-43720
RESERVED
CVE-2021-43719
@@ -27797,30 +27831,35 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
@@ -35337,6 +35376,7 @@ CVE-2021-41143
CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
NOT-FOR-US: Tuleap
CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc
NOTE: https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196
@@ -38493,8 +38533,8 @@ CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jir
- gitlab <unfixed>
CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
- gitlab <unfixed>
-CVE-2021-39876
- RESERVED
+CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...)
+ TODO: check
CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...)
- gitlab <unfixed>
CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
@@ -44063,6 +44103,7 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2962-1}
- asterisk <unfixed>
- pjproject <removed>
- ring <unfixed>
@@ -56123,7 +56164,7 @@ CVE-2021-32687 (Redis is an open source, in-memory database that persists on dis
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-4999-1}
+ {DSA-4999-1 DLA-2962-1}
- asterisk 1:16.16.1~dfsg-2 (bug #991931)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -75937,22 +75978,22 @@ CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF check
NOT-FOR-US: WordPress plugin
CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25071
- RESERVED
-CVE-2021-25070
- RESERVED
+CVE-2021-25071 (The WordPress plugin through 2.0.1 does not sanitise and escape the tr ...)
+ TODO: check
+CVE-2021-25070 (The Block Bad Bots WordPress plugin before 6.88 does not properly sani ...)
+ TODO: check
CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25068
- RESERVED
+CVE-2021-25068 (The Sync WooCommerce Product feed to Google Shopping WordPress plugin ...)
+ TODO: check
CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25066
RESERVED
CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25064
- RESERVED
+CVE-2021-25064 (The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize us ...)
+ TODO: check
CVE-2021-25063 (The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...)
@@ -76055,8 +76096,8 @@ CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authori
NOT-FOR-US: WordPress plugin
CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25012
- RESERVED
+CVE-2021-25012 (The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and ...)
+ TODO: check
CVE-2021-25011 (The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 do ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25010 (The Post Snippets WordPress plugin before 3.1.4 does not have CSRF che ...)
@@ -76123,8 +76164,8 @@ CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sani
NOT-FOR-US: WordPress plugin
CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24978
- RESERVED
+CVE-2021-24978 (The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to ...)
+ TODO: check
CVE-2021-24977 (The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
@@ -76155,8 +76196,8 @@ CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not prope
NOT-FOR-US: WordPress plugin
CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24962
- RESERVED
+CVE-2021-24962 (The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 ...)
+ TODO: check
CVE-2021-24961 (The WordPress File Upload WordPress plugin before 4.16.3, wordpress-fi ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24960 (The WordPress File Upload WordPress plugin before 4.16.3, wordpress-fi ...)
@@ -76587,8 +76628,8 @@ CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not p
NOT-FOR-US: WordPress plugin
CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for authenticated S ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24746
- RESERVED
+CVE-2021-24746 (The Social Sharing Plugin WordPress plugin before 3.3.40 does not esca ...)
+ TODO: check
CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
@@ -81035,14 +81076,14 @@ CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could
NOT-FOR-US: Schneider Electric
CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22797
- RESERVED
+CVE-2021-22797 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
NOT-FOR-US: Schneider Electric
-CVE-2021-22795
- RESERVED
-CVE-2021-22794
- RESERVED
+CVE-2021-22795 (A CWE-78 Improper Neutralization of Special Elements used in an OS Com ...)
+ TODO: check
+CVE-2021-22794 (A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( ...)
+ TODO: check
CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
NOT-FOR-US: Schneider Electric
CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...)
@@ -208586,8 +208627,8 @@ CVE-2019-6836 (A CWE-863: Incorrect Authorization vulnerability exists in U.moti
NOT-FOR-US: Schneider
CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...)
NOT-FOR-US: Schneider
-CVE-2019-6834
- RESERVED
+CVE-2019-6834 (A CWE-502: Deserialization of Untrusted Data vulnerability exists whic ...)
+ TODO: check
CVE-2019-6833 (A CWE-754 – Improper Check for Unusual or Exceptional Conditions ...)
NOT-FOR-US: Schneider
CVE-2019-6832 (A CWE-287: Authentication vulnerability exists in spaceLYnk (all versi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56889653f5815c97ae05ee066c9d0c8e845f9b03
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56889653f5815c97ae05ee066c9d0c8e845f9b03
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220328/541e0df2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list