[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 4 09:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca7042dd by security tracker role at 2022-05-04T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -264,8 +264,8 @@ CVE-2022-1550
RESERVED
CVE-2022-1549
RESERVED
-CVE-2022-1548
- RESERVED
+CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly restric ...)
+ TODO: check
CVE-2022-1547
RESERVED
CVE-2022-1546
@@ -1027,8 +1027,8 @@ CVE-2022-29809
RESERVED
CVE-2022-1503 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: GetSimple CMS
-CVE-2022-1502
- RESERVED
+CVE-2022-1502 (Permissions were not properly verified in the API on projects using ve ...)
+ TODO: check
CVE-2022-1501
RESERVED
{DSA-5125-1}
@@ -3819,34 +3819,34 @@ CVE-2022-28795 (A vulnerability within the Avira Password Manager Browser Extens
NOT-FOR-US: Avira Password Manager Browser Extensions
CVE-2022-28794
RESERVED
-CVE-2022-28793
- RESERVED
-CVE-2022-28792
- RESERVED
-CVE-2022-28791
- RESERVED
-CVE-2022-28790
- RESERVED
-CVE-2022-28789
- RESERVED
-CVE-2022-28788
- RESERVED
-CVE-2022-28787
- RESERVED
-CVE-2022-28786
- RESERVED
-CVE-2022-28785
- RESERVED
-CVE-2022-28784
- RESERVED
-CVE-2022-28783
- RESERVED
-CVE-2022-28782
- RESERVED
-CVE-2022-28781
- RESERVED
-CVE-2022-28780
- RESERVED
+CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker, improper ...)
+ TODO: check
+CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to version ...)
+ TODO: check
+CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in Galaxy Stor ...)
+ TODO: check
+CVE-2022-28790 (Improper authentication in Link to Windows Service prior to version 2. ...)
+ TODO: check
+CVE-2022-28789 (Unprotected activities in Voice Note prior to version 21.3.51.11 allow ...)
+ TODO: check
+CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior to SMR ...)
+ TODO: check
+CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior to SMR ...)
+ TODO: check
+CVE-2022-28786 (Improper buffer size check logic in aviextractor library prior to SMR ...)
+ TODO: check
+CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior to SMR ...)
+ TODO: check
+CVE-2022-28784 (Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Re ...)
+ TODO: check
+CVE-2022-28783 (Improper validation of removing package name in Galaxy Themes prior to ...)
+ TODO: check
+CVE-2022-28782 (Improper access control vulnerability in Contents To Window prior to S ...)
+ TODO: check
+CVE-2022-28781 (Improper input validation in Settings prior to SMR-May-2022 Release 1 ...)
+ TODO: check
+CVE-2022-28780 (Improper access control vulnerability in Weather prior to SMR May-2022 ...)
+ TODO: check
CVE-2022-28779 (Uncontrolled search path element vulnerability in Samsung Android USB ...)
NOT-FOR-US: Samsung
CVE-2022-28778 (Improper access control vulnerability in Samsung Security Supporter pr ...)
@@ -6090,8 +6090,8 @@ CVE-2022-28057
RESERVED
CVE-2022-28056 (ShopXO v2.2.5 and below was discovered to contain a system re-install ...)
NOT-FOR-US: ShopXO
-CVE-2022-28055
- RESERVED
+CVE-2022-28055 (Fusionpbx v4.4 and below contains a command injection vulnerability vi ...)
+ TODO: check
CVE-2022-28054 (Improper sanitization of trigger action scripts in VanDyke Software VS ...)
NOT-FOR-US: VanDyke Software VShell
CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file upload vul ...)
@@ -7526,8 +7526,8 @@ CVE-2022-27472 (SQL injection vulnerability in Topics Counting feature of Roothu
NOT-FOR-US: Roothub
CVE-2022-27471
RESERVED
-CVE-2022-27470
- RESERVED
+CVE-2022-27470 (SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memor ...)
+ TODO: check
CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute Server- ...)
NOT-FOR-US: Monstaftp
CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file upload w ...)
@@ -7653,8 +7653,8 @@ CVE-2022-27433
RESERVED
CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...)
NOT-FOR-US: Pluck CMS
-CVE-2022-27431
- RESERVED
+CVE-2022-27431 (Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
CVE-2022-27430
RESERVED
CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forger ...)
@@ -7675,8 +7675,8 @@ CVE-2022-27422 (A reflected cross-site scripting (XSS) vulnerability in Chamilo
NOT-FOR-US: Chamilo LMS
CVE-2022-27421 (Chamilo LMS v1.11.13 lacks validation on the user modification form, a ...)
NOT-FOR-US: Chamilo LMS
-CVE-2022-27420
- RESERVED
+CVE-2022-27420 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...)
- rtl-433 <unfixed> (bug #1009788)
[bullseye] - rtl-433 <not-affected> (Vulnerable code introduced later)
@@ -7704,8 +7704,8 @@ CVE-2022-27415
RESERVED
CVE-2022-27414
RESERVED
-CVE-2022-27413
- RESERVED
+CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
CVE-2022-27412
RESERVED
CVE-2022-27411
@@ -7933,8 +7933,8 @@ CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to wri
- zammad <itp> (bug #841355)
CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts administrative con ...)
- zammad <itp> (bug #841355)
-CVE-2022-27330
- RESERVED
+CVE-2022-27330 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...)
+ TODO: check
CVE-2022-27329
RESERVED
CVE-2022-27328
@@ -7967,8 +7967,8 @@ CVE-2022-27315
RESERVED
CVE-2022-27314
RESERVED
-CVE-2022-27313
- RESERVED
+CVE-2022-27313 (An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attac ...)
+ TODO: check
CVE-2022-27312
RESERVED
CVE-2022-27311 (Gibbon v3.4.4 and below allows attackers to execute a Server-Side Requ ...)
@@ -14766,8 +14766,8 @@ CVE-2022-24903
RESERVED
CVE-2022-24902
RESERVED
-CVE-2022-24901
- RESERVED
+CVE-2022-24901 (Improper validation of the Apple certificate URL in the Apple Game Cen ...)
+ TODO: check
CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to light up as ...)
NOT-FOR-US: Piano LED Visualizer
CVE-2022-24899
@@ -30563,8 +30563,8 @@ CVE-2022-21745
RESERVED
CVE-2022-21744
RESERVED
-CVE-2022-21743
- RESERVED
+CVE-2022-21743 (In ion, there is a possible use after free due to an integer overflow. ...)
+ TODO: check
CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...)
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2021-44229
@@ -32521,6 +32521,7 @@ CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server
CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...)
NOT-FOR-US: Oracle
CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32564,6 +32565,7 @@ CVE-2022-21478 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
NOT-FOR-US: Oracle
CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32624,6 +32626,7 @@ CVE-2022-21451 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub produc ...)
NOT-FOR-US: Oracle
CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u322-ga-1
- openjdk-11 <unfixed>
- openjdk-17 17.0.3+7-1
@@ -32640,6 +32643,7 @@ CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32661,6 +32665,7 @@ CVE-2022-21436 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32681,6 +32686,7 @@ CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -35780,18 +35786,18 @@ CVE-2021-43166
RESERVED
CVE-2021-43165
RESERVED
-CVE-2021-43164
- RESERVED
-CVE-2021-43163
- RESERVED
-CVE-2021-43162
- RESERVED
-CVE-2021-43161
- RESERVED
-CVE-2021-43160
- RESERVED
-CVE-2021-43159
- RESERVED
+CVE-2021-43164 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...)
+ TODO: check
+CVE-2021-43163 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...)
+ TODO: check
+CVE-2021-43162 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...)
+ TODO: check
+CVE-2021-43161 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...)
+ TODO: check
+CVE-2021-43160 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...)
+ TODO: check
+CVE-2021-43159 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...)
+ TODO: check
CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...)
NOT-FOR-US: ProjectWorlds Online Shopping System PHP
CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
@@ -38891,62 +38897,62 @@ CVE-2021-42330 (The “Teacher Edit” function of ShinHer StudyOnline S
NOT-FOR-US: ShinHer StudyOnline System
CVE-2021-42329 (The “List_Add” function of message board of ShinHer StudyO ...)
NOT-FOR-US: ShinHer StudyOnline System
-CVE-2022-20111
- RESERVED
-CVE-2022-20110
- RESERVED
-CVE-2022-20109
- RESERVED
-CVE-2022-20108
- RESERVED
-CVE-2022-20107
- RESERVED
-CVE-2022-20106
- RESERVED
-CVE-2022-20105
- RESERVED
-CVE-2022-20104
- RESERVED
-CVE-2022-20103
- RESERVED
-CVE-2022-20102
- RESERVED
-CVE-2022-20101
- RESERVED
-CVE-2022-20100
- RESERVED
-CVE-2022-20099
- RESERVED
-CVE-2022-20098
- RESERVED
-CVE-2022-20097
- RESERVED
-CVE-2022-20096
- RESERVED
-CVE-2022-20095
- RESERVED
-CVE-2022-20094
- RESERVED
-CVE-2022-20093
- RESERVED
-CVE-2022-20092
- RESERVED
-CVE-2022-20091
- RESERVED
-CVE-2022-20090
- RESERVED
-CVE-2022-20089
- RESERVED
-CVE-2022-20088
- RESERVED
-CVE-2022-20087
- RESERVED
+CVE-2022-20111 (In ion, there is a possible use after free due to incorrect error hand ...)
+ TODO: check
+CVE-2022-20110 (In ion, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
+CVE-2022-20109 (In ion, there is a possible use after free due to improper update of r ...)
+ TODO: check
+CVE-2022-20108 (In voice service, there is a possible out of bounds write due to a sta ...)
+ TODO: check
+CVE-2022-20107 (In subtitle service, there is a possible application crash due to an i ...)
+ TODO: check
+CVE-2022-20106 (In MM service, there is a possible out of bounds write due to a heap-b ...)
+ TODO: check
+CVE-2022-20105 (In MM service, there is a possible out of bounds write due to a stack- ...)
+ TODO: check
+CVE-2022-20104 (In aee daemon, there is a possible information disclosure due to impro ...)
+ TODO: check
+CVE-2022-20103 (In aee daemon, there is a possible information disclosure due to symbo ...)
+ TODO: check
+CVE-2022-20102 (In aee daemon, there is a possible information disclosure due to a mis ...)
+ TODO: check
+CVE-2022-20101 (In aee daemon, there is a possible information disclosure due to a pat ...)
+ TODO: check
+CVE-2022-20100 (In aee daemon, there is a possible information disclosure due to a mis ...)
+ TODO: check
+CVE-2022-20099 (In aee daemon, there is a possible out of bounds write due to improper ...)
+ TODO: check
+CVE-2022-20098 (In aee daemon, there is a possible information disclosure due to a mis ...)
+ TODO: check
+CVE-2022-20097 (In aee daemon, there is a possible information disclosure due to a rac ...)
+ TODO: check
+CVE-2022-20096 (In camera, there is a possible information disclosure due to uninitial ...)
+ TODO: check
+CVE-2022-20095 (In imgsensor, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-20094 (In imgsensor, there is a possible out of bounds write due to an incorr ...)
+ TODO: check
+CVE-2022-20093 (In telephony, there is a possible way to disable receiving SMS message ...)
+ TODO: check
+CVE-2022-20092 (In alac decoder, there is a possible out of bounds read due to a missi ...)
+ TODO: check
+CVE-2022-20091 (In aee driver, there is a possible use after free due to a race condit ...)
+ TODO: check
+CVE-2022-20090 (In aee driver, there is a possible use after free due to a race condit ...)
+ TODO: check
+CVE-2022-20089 (In aee driver, there is a possible memory corruption due to active deb ...)
+ TODO: check
+CVE-2022-20088 (In aee driver, there is a possible reference count mistake due to inco ...)
+ TODO: check
+CVE-2022-20087 (In ccu, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2022-20086
RESERVED
-CVE-2022-20085
- RESERVED
-CVE-2022-20084
- RESERVED
+CVE-2022-20085 (In netdiag, there is a possible symbolic link following due to an impr ...)
+ TODO: check
+CVE-2022-20084 (In telephony, there is a possible way to disable receiving emergency b ...)
+ TODO: check
CVE-2022-20083
RESERVED
CVE-2022-20082
@@ -54333,7 +54339,7 @@ CVE-2021-36205 (Under certain circumstances the session token is not cleared on
NOT-FOR-US: Johnson Controls
CVE-2021-36204
RESERVED
-CVE-2021-36203 (A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 ...)
+CVE-2021-36203 (The affected product may allow an attacker to identify and forge reque ...)
NOT-FOR-US: Johnson Controls
CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
NOT-FOR-US: Johnson Controls Metasys
@@ -76601,52 +76607,52 @@ CVE-2021-27441
RESERVED
CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...)
NOT-FOR-US: GE
-CVE-2021-27439
- RESERVED
+CVE-2021-27439 (TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in f ...)
+ TODO: check
CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...)
NOT-FOR-US: GE
CVE-2021-27437 (The affected product allows attackers to obtain sensitive information ...)
NOT-FOR-US: WISE-PaaS
CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
NOT-FOR-US: WebAccess/SCADA
-CVE-2021-27435
- RESERVED
+CVE-2021-27435 (ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in ...)
+ TODO: check
CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...)
NOT-FOR-US: Unified Automation .NET
-CVE-2021-27433
- RESERVED
+CVE-2021-27433 (ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer ...)
+ TODO: check
CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...)
NOT-FOR-US: OPC Foundation UA .NET
-CVE-2021-27431
- RESERVED
+CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap ...)
+ TODO: check
CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused ha ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27429
RESERVED
CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports upgrading f ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27427
- RESERVED
+CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its ...)
+ TODO: check
CVE-2021-27426 (GE UR IED firmware versions prior to version 8.1x with “Basic ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27425
- RESERVED
+CVE-2021-27425 (Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-aro ...)
+ TODO: check
CVE-2021-27424 (GE UR firmware versions prior to version 8.1x shares MODBUS memory map ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27423
RESERVED
CVE-2021-27422 (GE UR firmware versions prior to version 8.1x web server interface is ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27421
- RESERVED
+CVE-2021-27421 (NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer o ...)
+ TODO: check
CVE-2021-27420 (GE UR firmware versions prior to version 8.1x web server task does not ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27419
- RESERVED
+CVE-2021-27419 (uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-arou ...)
+ TODO: check
CVE-2021-27418 (GE UR firmware versions prior to version 8.1x supports web interface w ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27417
- RESERVED
+CVE-2021-27417 (eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable t ...)
+ TODO: check
CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB Power Grid ...)
NOT-FOR-US: Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM)
CVE-2021-27415
@@ -76657,8 +76663,8 @@ CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versio
NOT-FOR-US: Omron CX-One
CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
NOT-FOR-US: Delta Electronics
-CVE-2021-27411
- RESERVED
+CVE-2021-27411 (Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-ar ...)
+ TODO: check
CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
NOT-FOR-US: Welch Allyn
CVE-2021-27409
@@ -88232,8 +88238,8 @@ CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default
NOT-FOR-US: Cscape
CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...)
NOT-FOR-US: Rockwell Automation
-CVE-2021-22680
- RESERVED
+CVE-2021-22680 (NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in m ...)
+ TODO: check
CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...)
NOT-FOR-US: SimpleLink
CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7042dda049cedc9cbf11cf012595f9b4b3b55a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7042dda049cedc9cbf11cf012595f9b4b3b55a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220504/bc59a8f4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list