[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 5 21:10:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9da1bcb5 by security tracker role at 2022-05-05T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-1600
+ RESERVED
+CVE-2022-1599
+ RESERVED
+CVE-2022-1598
+ RESERVED
+CVE-2022-1597
+ RESERVED
+CVE-2022-1596
+ RESERVED
+CVE-2022-1595
+ RESERVED
+CVE-2022-1594
+ RESERVED
+CVE-2022-1593
+ RESERVED
+CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
+ TODO: check
+CVE-2022-1591
+ RESERVED
+CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...)
+ TODO: check
+CVE-2022-1589
+ RESERVED
CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reserv ...)
- squirrel3 <unfixed>
NOTE: https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d
@@ -156,8 +180,8 @@ CVE-2022-1577
RESERVED
CVE-2022-1576
RESERVED
-CVE-2022-1575
- RESERVED
+CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...)
+ TODO: check
CVE-2022-1574
RESERVED
CVE-2022-1573
@@ -849,12 +873,12 @@ CVE-2022-29942 (Talend Administration Center has a vulnerability that allows an
NOT-FOR-US: Talend Administration Center
CVE-2022-29941
RESERVED
-CVE-2022-29940
- RESERVED
-CVE-2022-29939
- RESERVED
-CVE-2022-29938
- RESERVED
+CVE-2022-29940 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters f ...)
+ TODO: check
+CVE-2022-29939 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters d ...)
+ TODO: check
+CVE-2022-29938 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter pa ...)
+ TODO: check
CVE-2022-29937 (USU Oracle Optimization before 5.17.5 allows authenticated DataCollect ...)
NOT-FOR-US: USU Oracle Optimization
CVE-2022-29936 (USU Oracle Optimization before 5.17 allows authenticated quantum users ...)
@@ -885,14 +909,14 @@ CVE-2022-29918
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29918
CVE-2022-29917
RESERVED
- {DSA-5129-1}
+ {DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29917
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29917
CVE-2022-29916
RESERVED
- {DSA-5129-1}
+ {DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29916
@@ -903,7 +927,7 @@ CVE-2022-29915
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29915
CVE-2022-29914
RESERVED
- {DSA-5129-1}
+ {DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29914
@@ -912,14 +936,14 @@ CVE-2022-29913
RESERVED
CVE-2022-29912
RESERVED
- {DSA-5129-1}
+ {DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29912
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29912
CVE-2022-29911
RESERVED
- {DSA-5129-1}
+ {DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29911
@@ -930,7 +954,7 @@ CVE-2022-29910
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29910
CVE-2022-29909
RESERVED
- {DSA-5129-1}
+ {DSA-5129-1 DLA-2994-1}
- firefox 100.0-1
- firefox-esr 91.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29909
@@ -1083,8 +1107,7 @@ CVE-2022-1518
RESERVED
CVE-2022-1517
RESERVED
-CVE-2022-1516
- RESERVED
+CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel’s ...)
{DSA-5127-1}
- linux 5.17.3-1 (unimportant)
NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1)
@@ -1444,8 +1467,8 @@ CVE-2022-29803
RESERVED
CVE-2022-29802
RESERVED
-CVE-2022-1468
- RESERVED
+CVE-2022-1468 (On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...)
+ TODO: check
CVE-2022-1467
RESERVED
CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...)
@@ -1488,8 +1511,8 @@ CVE-2022-27174
RESERVED
CVE-2022-1465
RESERVED
-CVE-2022-1464
- RESERVED
+CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the ...)
+ TODO: check
CVE-2022-1463
RESERVED
CVE-2022-1462
@@ -1951,8 +1974,8 @@ CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/2175
NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb
-CVE-2022-29592
- RESERVED
+CVE-2022-29592 (Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_r ...)
+ TODO: check
CVE-2022-29591
RESERVED
CVE-2022-29590
@@ -2177,8 +2200,8 @@ CVE-2022-1413
RESERVED
CVE-2022-1412
RESERVED
-CVE-2022-1411
- RESERVED
+CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
+ TODO: check
CVE-2022-1410
RESERVED
CVE-2022-1409
@@ -2252,22 +2275,19 @@ CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
[bullseye] - snort <no-dsa> (Minor issue)
[buster] - snort <no-dsa> (Minor issue)
[stretch] - snort <no-dsa> (Minor issue)
-CVE-2022-29502
- RESERVED
+CVE-2022-29502 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...)
- slurm-wlm <unfixed> (bug #1010632)
[bullseye] - slurm-wlm <not-affected> (Vulnerable code introduced later; affects only 21.08.x)
- slurm-llnl <not-affected> (Vulnerable code introduced later; affects only 21.08.x)
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
NOTE: https://github.com/SchedMD/slurm/commit/351669e7db3b5bc84b5791dc3626d683b8abe18e (slurm-21-08-8-1)
-CVE-2022-29501
- RESERVED
+CVE-2022-29501 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...)
- slurm-wlm <unfixed> (bug #1010633)
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
NOTE: https://github.com/SchedMD/slurm/commit/ef62acfd2a566afc5187c554e908e4aa975211a1 (slurm-21-08-8-1)
NOTE: https://github.com/SchedMD/slurm/commit/863c763c241db46039c27c4b7438ef5d33defb12 (slurm-20-11-9-1)
-CVE-2022-29500
- RESERVED
+CVE-2022-29500 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...)
- slurm-wlm <unfixed> (bug #1010634)
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
@@ -2279,16 +2299,16 @@ CVE-2022-29498 (Blazer before 2.6.0 allows SQL Injection. In certain circumstanc
NOT-FOR-US: Blazer
CVE-2022-29497
RESERVED
-CVE-2022-29491
- RESERVED
-CVE-2022-29480
- RESERVED
-CVE-2022-29479
- RESERVED
-CVE-2022-29474
- RESERVED
-CVE-2022-29473
- RESERVED
+CVE-2022-29491 (On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 1 ...)
+ TODO: check
+CVE-2022-29480 (On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1 ...)
+ TODO: check
+CVE-2022-29479 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...)
+ TODO: check
+CVE-2022-29474 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-29473 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...)
+ TODO: check
CVE-2022-29464 (Certain WSO2 products allow unrestricted file upload with resultant re ...)
NOT-FOR-US: WSO2
CVE-2022-29463
@@ -2311,80 +2331,80 @@ CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and
NOTE: https://invisible-island.net/ncurses/NEWS.html#t20220416
CVE-2022-29457 (Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Ex ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-29263
- RESERVED
-CVE-2022-28859
- RESERVED
-CVE-2022-28716
- RESERVED
-CVE-2022-28714
- RESERVED
-CVE-2022-28708
- RESERVED
-CVE-2022-28707
- RESERVED
-CVE-2022-28706
- RESERVED
-CVE-2022-28705
- RESERVED
-CVE-2022-28701
- RESERVED
-CVE-2022-28695
- RESERVED
-CVE-2022-28691
- RESERVED
-CVE-2022-27880
- RESERVED
-CVE-2022-27878
- RESERVED
-CVE-2022-27875
- RESERVED
-CVE-2022-27806
- RESERVED
-CVE-2022-27662
- RESERVED
-CVE-2022-27659
- RESERVED
-CVE-2022-27636
- RESERVED
-CVE-2022-27634
- RESERVED
-CVE-2022-27495
- RESERVED
-CVE-2022-27230
- RESERVED
-CVE-2022-27189
- RESERVED
-CVE-2022-27182
- RESERVED
-CVE-2022-27181
- RESERVED
-CVE-2022-26890
- RESERVED
-CVE-2022-26835
- RESERVED
-CVE-2022-26517
- RESERVED
-CVE-2022-26415
- RESERVED
-CVE-2022-26372
- RESERVED
-CVE-2022-26370
- RESERVED
-CVE-2022-26340
- RESERVED
-CVE-2022-26130
- RESERVED
-CVE-2022-26071
- RESERVED
-CVE-2022-25990
- RESERVED
-CVE-2022-25946
- RESERVED
-CVE-2022-1389
- RESERVED
-CVE-2022-1388
- RESERVED
+CVE-2022-29263 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
+ TODO: check
+CVE-2022-28859 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions pri ...)
+ TODO: check
+CVE-2022-28716 (On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. ...)
+ TODO: check
+CVE-2022-28714 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
+ TODO: check
+CVE-2022-28708 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions pri ...)
+ TODO: check
+CVE-2022-28707 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-28706 (On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-28705 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-28701 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profil ...)
+ TODO: check
+CVE-2022-28695 (On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
+ TODO: check
+CVE-2022-28691 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-27880 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...)
+ TODO: check
+CVE-2022-27878 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...)
+ TODO: check
+CVE-2022-27875 (On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking ...)
+ TODO: check
+CVE-2022-27806 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...)
+ TODO: check
+CVE-2022-27662 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...)
+ TODO: check
+CVE-2022-27659 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
+ TODO: check
+CVE-2022-27634 (On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1 ...)
+ TODO: check
+CVE-2022-27495 (On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plan ...)
+ TODO: check
+CVE-2022-27230 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...)
+ TODO: check
+CVE-2022-27189 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-27182 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-27181 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...)
+ TODO: check
+CVE-2022-26890 (On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1. ...)
+ TODO: check
+CVE-2022-26835 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-26517 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...)
+ TODO: check
+CVE-2022-26415 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-26372 (On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior ...)
+ TODO: check
+CVE-2022-26370 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-26340 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-26130 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-26071 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
+CVE-2022-25990 (On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may ...)
+ TODO: check
+CVE-2022-25946 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...)
+ TODO: check
+CVE-2022-1389 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...)
+ TODO: check
+CVE-2022-1388 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...)
+ TODO: check
CVE-2022-29456
RESERVED
CVE-2022-29455
@@ -2643,10 +2663,10 @@ CVE-2022-29342
RESERVED
CVE-2022-29341
RESERVED
-CVE-2022-29340
- RESERVED
-CVE-2022-29339
- RESERVED
+CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vul ...)
+ TODO: check
+CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...)
+ TODO: check
CVE-2022-29338
RESERVED
CVE-2022-29337
@@ -3849,8 +3869,7 @@ CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub reposi
NOT-FOR-US: Trudesk
CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace. It ...)
- furnace <itp> (bug #1008592)
-CVE-2022-28890
- RESERVED
+CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...)
- apache-jena <undetermined>
NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1
TODO: check, possibly not affected as according to upstrema 4.2.x and 4.3.x doe not allow external entities, double check
@@ -4658,8 +4677,8 @@ CVE-2022-28608
RESERVED
CVE-2022-28607
RESERVED
-CVE-2022-28606
- RESERVED
+CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou Huoyin Inform ...)
+ TODO: check
CVE-2022-28605
RESERVED
CVE-2022-28604
@@ -4702,26 +4721,26 @@ CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows attacker to execute javas
NOT-FOR-US: Hoosk
CVE-2022-28585 (EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php ...)
NOT-FOR-US: EmpireCMS
-CVE-2022-28584
- RESERVED
-CVE-2022-28583
- RESERVED
-CVE-2022-28582
- RESERVED
-CVE-2022-28581
- RESERVED
-CVE-2022-28580
- RESERVED
-CVE-2022-28579
- RESERVED
-CVE-2022-28578
- RESERVED
-CVE-2022-28577
- RESERVED
+CVE-2022-28584 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
+CVE-2022-28583 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
+CVE-2022-28582 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
+CVE-2022-28581 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
+CVE-2022-28580 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
+CVE-2022-28579 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
+CVE-2022-28578 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
+CVE-2022-28577 (It is found that there is a command injection vulnerability in the del ...)
+ TODO: check
CVE-2022-28576
RESERVED
-CVE-2022-28575
- RESERVED
+CVE-2022-28575 (It is found that there is a command injection vulnerability in the set ...)
+ TODO: check
CVE-2022-28574
RESERVED
CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injectio ...)
@@ -4804,14 +4823,14 @@ CVE-2022-28535
RESERVED
CVE-2022-28534
RESERVED
-CVE-2022-28533
- RESERVED
+CVE-2022-28533 (Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Inj ...)
+ TODO: check
CVE-2022-28532
RESERVED
CVE-2022-28531
RESERVED
-CVE-2022-28530
- RESERVED
+CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnera ...)
+ TODO: check
CVE-2022-28529
RESERVED
CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...)
@@ -4935,8 +4954,8 @@ CVE-2022-28473
RESERVED
CVE-2022-28472
RESERVED
-CVE-2022-28471
- RESERVED
+CVE-2022-28471 (In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c con ...)
+ TODO: check
CVE-2022-28470
RESERVED
CVE-2022-28469
@@ -4953,10 +4972,10 @@ CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS)
NOT-FOR-US: Apifox
CVE-2022-28463
RESERVED
-CVE-2022-28462
- RESERVED
-CVE-2022-28461
- RESERVED
+CVE-2022-28462 (novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. ...)
+ TODO: check
+CVE-2022-28461 (mingyuefusu Library Management System all versions as of 03-27-2022 is ...)
+ TODO: check
CVE-2022-28460
RESERVED
CVE-2022-28459
@@ -6203,8 +6222,8 @@ CVE-2022-28122
RESERVED
CVE-2022-28121
RESERVED
-CVE-2022-28120
- RESERVED
+CVE-2022-28120 (Beijing Runnier Network Technology Co., Ltd Open virtual simulation ex ...)
+ TODO: check
CVE-2022-28119
RESERVED
CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code via a c ...)
@@ -6286,10 +6305,10 @@ CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack ove
NOT-FOR-US: Tenda
CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the component ...)
TODO: check
-CVE-2022-28080
- RESERVED
-CVE-2022-28079
- RESERVED
+CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-28078
RESERVED
CVE-2022-28077
@@ -7520,8 +7539,8 @@ CVE-2022-27590
RESERVED
CVE-2022-27589
RESERVED
-CVE-2022-27588
- RESERVED
+CVE-2022-27588 (We have already fixed this vulnerability in the following versions of ...)
+ TODO: check
CVE-2022-27587
RESERVED
CVE-2022-27586
@@ -7955,8 +7974,8 @@ CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a SQL
NOT-FOR-US: Hospital Management System
CVE-2022-27412
RESERVED
-CVE-2022-27411
- RESERVED
+CVE-2022-27411 (TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a comman ...)
+ TODO: check
CVE-2022-27410
RESERVED
CVE-2022-27409
@@ -8120,10 +8139,10 @@ CVE-2022-27362
RESERVED
CVE-2022-27361
RESERVED
-CVE-2022-27360
- RESERVED
-CVE-2022-27359
- RESERVED
+CVE-2022-27360 (SpringBlade v3.2.0 and below was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2022-27359 (Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointe ...)
+ TODO: check
CVE-2022-27358
RESERVED
CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary file uploa ...)
@@ -8166,8 +8185,8 @@ CVE-2022-27339
RESERVED
CVE-2022-27338
RESERVED
-CVE-2022-27337
- RESERVED
+CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...)
+ TODO: check
CVE-2022-27336 (Seacms v11.6 was discovered to contain a remote code execution (RCE) v ...)
NOT-FOR-US: Seacms
CVE-2022-27335
@@ -10869,10 +10888,10 @@ CVE-2022-26378
RESERVED
CVE-2022-26377
RESERVED
-CVE-2022-26073
- RESERVED
-CVE-2022-25989
- RESERVED
+CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so DemuxCmdIn ...)
+ TODO: check
+CVE-2022-25989 (An authentication bypass vulnerability exists in the libxm_av.so getpe ...)
+ TODO: check
CVE-2022-0844
RESERVED
CVE-2022-0843
@@ -13759,6 +13778,7 @@ CVE-2022-0670
RESERVED
CVE-2022-0669
RESERVED
+ {DSA-5130-1}
- dpdk 20.11.5-1
[buster] - dpdk <not-affected> (Vulnerable code introduced later)
[stretch] - dpdk <not-affected> (Vulnerable code introduced later)
@@ -23869,10 +23889,10 @@ CVE-2022-22436 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site
NOT-FOR-US: IBM
CVE-2022-22435 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...)
NOT-FOR-US: IBM
-CVE-2022-22434
- RESERVED
-CVE-2022-22433
- RESERVED
+CVE-2022-22434 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...)
+ TODO: check
+CVE-2022-22433 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to Exte ...)
+ TODO: check
CVE-2022-22432
RESERVED
CVE-2022-22431
@@ -23907,8 +23927,8 @@ CVE-2022-22417
RESERVED
CVE-2022-22416
RESERVED
-CVE-2022-22415
- RESERVED
+CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 21.0.1 ...)
+ TODO: check
CVE-2022-22414
RESERVED
CVE-2022-22413
@@ -25395,8 +25415,8 @@ CVE-2021-45785
RESERVED
CVE-2021-45784
RESERVED
-CVE-2021-45783
- RESERVED
+CVE-2021-45783 (Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory ...)
+ TODO: check
CVE-2021-45782
REJECTED
CVE-2021-45781
@@ -31405,20 +31425,20 @@ CVE-2021-44059
RESERVED
CVE-2021-44058
RESERVED
-CVE-2021-44057
- RESERVED
-CVE-2021-44056
- RESERVED
-CVE-2021-44055
- RESERVED
-CVE-2021-44054
- RESERVED
-CVE-2021-44053
- RESERVED
-CVE-2021-44052
- RESERVED
-CVE-2021-44051
- RESERVED
+CVE-2021-44057 (An improper authentication vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2021-44056 (An improper authentication vulnerability has been reported to affect Q ...)
+ TODO: check
+CVE-2021-44055 (An missing authorization vulnerability has been reported to affect QNA ...)
+ TODO: check
+CVE-2021-44054 (An open redirect vulnerability has been reported to affect QNAP device ...)
+ TODO: check
+CVE-2021-44053 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ TODO: check
+CVE-2021-44052 (An improper link resolution before file access ('Link Following') vuln ...)
+ TODO: check
+CVE-2021-44051 (A command injection vulnerability has been reported to affect QNAP NAS ...)
+ TODO: check
CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
NOT-FOR-US: CA Network Flow Analysis (NFA)
CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...)
@@ -32773,7 +32793,7 @@ CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server
CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...)
NOT-FOR-US: Oracle
CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5128-1}
+ {DSA-5131-1 DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32817,7 +32837,7 @@ CVE-2022-21478 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
NOT-FOR-US: Oracle
CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5128-1}
+ {DSA-5131-1 DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1 (bug #1010597)
- openjdk-17 17.0.3+7-1
@@ -32878,7 +32898,7 @@ CVE-2022-21451 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub produc ...)
NOT-FOR-US: Oracle
CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5128-1}
+ {DSA-5131-1 DSA-5128-1}
- openjdk-8 8u322-ga-1
- openjdk-11 <unfixed>
- openjdk-17 17.0.3+7-1
@@ -32895,7 +32915,7 @@ CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5128-1}
+ {DSA-5131-1 DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32917,7 +32937,7 @@ CVE-2022-21436 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5128-1}
+ {DSA-5131-1 DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32938,7 +32958,7 @@ CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5128-1}
+ {DSA-5131-1 DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -33954,8 +33974,8 @@ CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server
NOT-FOR-US: OSIsoft
CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...)
NOT-FOR-US: Philips
-CVE-2021-43547
- RESERVED
+CVE-2021-43547 (TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible ...)
+ TODO: check
CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
{DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
- firefox 95.0-1
@@ -39576,8 +39596,8 @@ CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware No
NOT-FOR-US: PaquitoSoftware Notimoo
CVE-2021-42243
RESERVED
-CVE-2021-42242
- RESERVED
+CVE-2021-42242 (A command execution vulnerability exists in jfinal_cms 5.0.1 via com.j ...)
+ TODO: check
CVE-2021-42241
RESERVED
CVE-2021-42240
@@ -39694,8 +39714,8 @@ CVE-2021-42185 (wdja v2.1 is affected by a SQL injection vulnerability in the fo
TODO: check
CVE-2021-42184
RESERVED
-CVE-2021-42183
- RESERVED
+CVE-2021-42183 (MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index. ...)
+ TODO: check
CVE-2021-42182
RESERVED
CVE-2021-42181
@@ -40764,6 +40784,7 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach
NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
CVE-2021-3839
RESERVED
+ {DSA-5130-1}
- dpdk 20.11.5-1
[buster] - dpdk <not-affected> (Vulnerable code introduced later)
[stretch] - dpdk <not-affected> (Vulnerable code introduced later)
@@ -40884,8 +40905,8 @@ CVE-2021-41741
RESERVED
CVE-2021-41740
RESERVED
-CVE-2021-41739
- RESERVED
+CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica Proxy 4. ...)
+ TODO: check
CVE-2021-41738
RESERVED
CVE-2021-41737
@@ -47655,8 +47676,8 @@ CVE-2021-39022 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves use
NOT-FOR-US: IBM
CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
NOT-FOR-US: IBM
-CVE-2021-39020
- RESERVED
+CVE-2021-39020 (IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive ...)
+ TODO: check
CVE-2021-39019
RESERVED
CVE-2021-39018
@@ -48355,8 +48376,8 @@ CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...)
NOT-FOR-US: SoftVibe SARABAN for INFOMA
CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...)
NOT-FOR-US: UCWeb UC
-CVE-2021-38693
- RESERVED
+CVE-2021-38693 (A path traversal vulnerability has been reported to affect QNAP device ...)
+ TODO: check
CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
NOT-FOR-US: QNAP
CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
@@ -48941,8 +48962,8 @@ CVE-2021-38489
RESERVED
CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38487
- RESERVED
+CVE-2021-38487 (RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1. ...)
+ TODO: check
CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
NOT-FOR-US: InHand Networks IR615 Router
CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...)
@@ -49021,56 +49042,56 @@ CVE-2021-38449 (Some API functions permit by-design writing or copying data into
NOT-FOR-US: AUVESY
CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...)
NOT-FOR-US: Trane
-CVE-2021-38447
- RESERVED
+CVE-2021-38447 (OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker s ...)
+ TODO: check
CVE-2021-38446
RESERVED
-CVE-2021-38445
- RESERVED
+CVE-2021-38445 (OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter ...)
+ TODO: check
CVE-2021-38444
RESERVED
-CVE-2021-38443
- RESERVED
+CVE-2021-38443 (Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ...)
+ TODO: check
CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
NOT-FOR-US: FATEK Automation
-CVE-2021-38441
- RESERVED
+CVE-2021-38441 (Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ...)
+ TODO: check
CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...)
NOT-FOR-US: FATEK Automation
-CVE-2021-38439
- RESERVED
+CVE-2021-38439 (All versions of GurumDDS are vulnerable to heap-based buffer overflow, ...)
+ TODO: check
CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...)
NOT-FOR-US: FATEK Automation
CVE-2021-38437
RESERVED
CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
NOT-FOR-US: FATEK Automation
-CVE-2021-38435
- RESERVED
+CVE-2021-38435 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6 ...)
+ TODO: check
CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
NOT-FOR-US: FATEK Automation
-CVE-2021-38433
- RESERVED
+CVE-2021-38433 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6 ...)
+ TODO: check
CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...)
NOT-FOR-US: FATEK Automation Communication Server
CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...)
NOT-FOR-US: Advantech
CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...)
NOT-FOR-US: FATEK Automation
-CVE-2021-38429
- RESERVED
+CVE-2021-38429 (OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker s ...)
+ TODO: check
CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38427
- RESERVED
+CVE-2021-38427 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to ...)
+ TODO: check
CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
NOT-FOR-US: FATEK Automation
-CVE-2021-38425
- RESERVED
+CVE-2021-38425 (eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to e ...)
+ TODO: check
CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...)
NOT-FOR-US: Delta Electronics DIALink
-CVE-2021-38423
- RESERVED
+CVE-2021-38423 (All versions of GurumDDS improperly calculate the size to be used when ...)
+ TODO: check
CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...)
NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
@@ -71951,6 +71972,7 @@ CVE-2021-29456 (Authelia is an open-source authentication and authorization serv
CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)
NOT-FOR-US: Grassroot Platform
CVE-2021-29454 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ {DLA-2995-1}
- smarty4 <unfixed> (bug #1010375)
- smarty3 <unfixed>
NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m
@@ -82551,10 +82573,10 @@ CVE-2021-25270 (A local attacker could execute arbitrary code with administrator
NOT-FOR-US: HitmanPro
CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...)
NOT-FOR-US: Sophos
-CVE-2021-25268
- RESERVED
-CVE-2021-25267
- RESERVED
+CVE-2021-25268 (Multiple XSS vulnerabilities in Webadmin allow for privilege escalatio ...)
+ TODO: check
+CVE-2021-25267 (Multiple XSS vulnerabilities in Webadmin allow for privilege escalatio ...)
+ TODO: check
CVE-2021-25266 (An insecure data storage vulnerability allows a physical attacker with ...)
NOT-FOR-US: Sophos Authenticator for Android
CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
@@ -92849,6 +92871,7 @@ CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network appli
NOTE: https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
NOTE: Is a followup to: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
CVE-2021-21408 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ {DLA-2995-1}
- smarty4 <unfixed> (bug #1010375)
- smarty3 <unfixed>
NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da1bcb5c093894dc4e98f22fc145a3a0368c840
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9da1bcb5c093894dc4e98f22fc145a3a0368c840
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220505/039c3cbb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list