[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 6 21:10:25 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ffba3f2 by security tracker role at 2022-05-06T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2022-30320
+ RESERVED
+CVE-2022-30319
+ RESERVED
+CVE-2022-30318
+ RESERVED
+CVE-2022-30317
+ RESERVED
+CVE-2022-30316
+ RESERVED
+CVE-2022-30315
+ RESERVED
+CVE-2022-30314
+ RESERVED
+CVE-2022-30313
+ RESERVED
+CVE-2022-30312
+ RESERVED
+CVE-2022-30311
+ RESERVED
+CVE-2022-30310
+ RESERVED
+CVE-2022-30309
+ RESERVED
+CVE-2022-30308
+ RESERVED
+CVE-2022-30307
+ RESERVED
+CVE-2022-30306
+ RESERVED
+CVE-2022-30305
+ RESERVED
+CVE-2022-30304
+ RESERVED
+CVE-2022-30303
+ RESERVED
+CVE-2022-30302
+ RESERVED
+CVE-2022-30301
+ RESERVED
+CVE-2022-30300
+ RESERVED
+CVE-2022-30299
+ RESERVED
+CVE-2022-30298
+ RESERVED
+CVE-2022-29509
+ RESERVED
+CVE-2022-29483
+ RESERVED
+CVE-2022-28702
+ RESERVED
+CVE-2022-1615
+ RESERVED
+CVE-2022-1614
+ RESERVED
+CVE-2022-1613
+ RESERVED
+CVE-2022-1612
+ RESERVED
+CVE-2022-1611
+ RESERVED
+CVE-2022-1610
+ RESERVED
+CVE-2022-1609
+ RESERVED
+CVE-2022-1608
+ RESERVED
+CVE-2022-1607
+ RESERVED
+CVE-2022-1606
+ RESERVED
+CVE-2022-1605
+ RESERVED
+CVE-2022-1604
+ RESERVED
+CVE-2022-1603
+ RESERVED
CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ...)
TODO: check
CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-fre ...)
@@ -2507,14 +2585,14 @@ CVE-2022-29425
RESERVED
CVE-2022-29424
RESERVED
-CVE-2022-29423
- RESERVED
-CVE-2022-29422
- RESERVED
-CVE-2022-29421
- RESERVED
-CVE-2022-29420
- RESERVED
+CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown & Clock plugin ...)
+ TODO: check
+CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) ...)
+ TODO: check
+CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Cou ...)
+ TODO: check
+CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) ...)
@@ -3736,16 +3814,16 @@ CVE-2022-28975
RESERVED
CVE-2022-28974
RESERVED
-CVE-2022-28973
- RESERVED
-CVE-2022-28972
- RESERVED
-CVE-2022-28971
- RESERVED
-CVE-2022-28970
- RESERVED
-CVE-2022-28969
- RESERVED
+CVE-2022-28973 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
+CVE-2022-28972 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
+CVE-2022-28971 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
+CVE-2022-28970 (Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via th ...)
+ TODO: check
+CVE-2022-28969 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+ TODO: check
CVE-2022-28968
RESERVED
CVE-2022-28967
@@ -4843,8 +4921,8 @@ CVE-2022-28547
RESERVED
CVE-2022-28546
RESERVED
-CVE-2022-28545
- RESERVED
+CVE-2022-28545 (FUDforum 3.1.1 is vulnerable to Stored XSS. ...)
+ TODO: check
CVE-2022-28544 (Path traversal vulnerability in unzip method of InstallAgentCommonHelp ...)
NOT-FOR-US: Samsung
CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 ...)
@@ -4919,8 +4997,8 @@ CVE-2022-28509
RESERVED
CVE-2022-28508 (An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...)
- mantis <removed>
-CVE-2022-28507
- RESERVED
+CVE-2022-28507 (Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 versio ...)
+ TODO: check
CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...)
- giflib <unfixed>
[bullseye] - giflib <no-dsa> (Minor issue)
@@ -5637,26 +5715,26 @@ CVE-2021-46744
RESERVED
CVE-2022-28280
RESERVED
-CVE-2022-28279
- RESERVED
-CVE-2022-28278
- RESERVED
-CVE-2022-28277
- RESERVED
-CVE-2022-28276
- RESERVED
-CVE-2022-28275
- RESERVED
-CVE-2022-28274
- RESERVED
-CVE-2022-28273
- RESERVED
-CVE-2022-28272
- RESERVED
-CVE-2022-28271
- RESERVED
-CVE-2022-28270
- RESERVED
+CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28278 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28277 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28276 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28275 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28274 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28273 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28272 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28271 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-28270 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...)
+ TODO: check
CVE-2022-28269
RESERVED
CVE-2022-28268
@@ -5964,12 +6042,12 @@ CVE-2022-28167
RESERVED
CVE-2022-28166
RESERVED
-CVE-2022-28165
- RESERVED
-CVE-2022-28164
- RESERVED
-CVE-2022-28163
- RESERVED
+CVE-2022-28165 (A vulnerability in the role-based access control (RBAC) functionality ...)
+ TODO: check
+CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symme ...)
+ TODO: check
+CVE-2022-28163 (In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints asso ...)
+ TODO: check
CVE-2022-28162
RESERVED
CVE-2022-28161
@@ -6516,8 +6594,8 @@ CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a S
NOT-FOR-US: Attendance and Payroll System
CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...)
NOT-FOR-US: Attendance and Payroll System
-CVE-2022-28005
- RESERVED
+CVE-2022-28005 (An issue was discovered in the 3CX Phone System Management Console pri ...)
+ TODO: check
CVE-2022-28004
RESERVED
CVE-2022-28003
@@ -6747,8 +6825,8 @@ CVE-2022-27911
RESERVED
CVE-2022-27910
RESERVED
-CVE-2022-27909
- RESERVED
+CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can ch ...)
+ TODO: check
CVE-2022-27908 (Zoho ManageEngine OpManager before 125588 (and before 125603) is vulne ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. ...)
@@ -7105,10 +7183,10 @@ CVE-2022-27786
RESERVED
CVE-2022-27785
RESERVED
-CVE-2022-27784
- RESERVED
-CVE-2022-27783
- RESERVED
+CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
+ TODO: check
+CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
+ TODO: check
CVE-2022-27660
RESERVED
CVE-2022-27633
@@ -7461,8 +7539,7 @@ CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter tha
NOTE: https://git.kernel.org/linus/04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (5.17-rc3)
CVE-2022-1054 (The RSVP and Event Management Plugin WordPress plugin before 2.7.8 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1053
- RESERVED
+CVE-2022-1053 (Keylime does not enforce that the agent registrar data is the same whe ...)
NOT-FOR-US: Keylime
CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...)
- radare2 <unfixed>
@@ -7772,18 +7849,18 @@ CVE-2022-27233
RESERVED
CVE-2022-27229
RESERVED
-CVE-2022-27183
- RESERVED
+CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...)
+ TODO: check
CVE-2022-27180
RESERVED
-CVE-2022-26889
- RESERVED
+CVE-2022-26889 (The lack of sanitization in a relative url path in a search parameter ...)
+ TODO: check
CVE-2022-26888
RESERVED
CVE-2022-26840
RESERVED
-CVE-2022-26070
- RESERVED
+CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application ...)
+ TODO: check
CVE-2022-26024
RESERVED
CVE-2022-26017
@@ -15286,8 +15363,8 @@ CVE-2022-24825 (Smokescreen is a simple HTTP proxy that fogs over naughty URLs.
NOT-FOR-US: Smokescreen
CVE-2022-24824 (Discourse is an open source platform for community discussion. In affe ...)
NOT-FOR-US: Discourse
-CVE-2022-24823
- RESERVED
+CVE-2022-24823 (Netty is an open-source, asynchronous event-driven network application ...)
+ TODO: check
CVE-2022-24822 (Podium is a library for building micro frontends. @podium/layout is a ...)
NOT-FOR-US: Podium#
CVE-2022-24821 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -17693,8 +17770,8 @@ CVE-2022-24107
RESERVED
CVE-2022-24106
RESERVED
-CVE-2022-24105
- RESERVED
+CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
+ TODO: check
CVE-2022-24104
RESERVED
CVE-2022-24103
@@ -17705,10 +17782,10 @@ CVE-2022-24101
RESERVED
CVE-2022-24100
RESERVED
-CVE-2022-24099
- RESERVED
-CVE-2022-24098
- RESERVED
+CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
+ TODO: check
+CVE-2022-24098 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
+ TODO: check
CVE-2022-24097 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
NOT-FOR-US: Adobe
CVE-2022-24096 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
@@ -19205,8 +19282,8 @@ CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber
NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719
NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2)
NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master)
-CVE-2022-23802
- RESERVED
+CVE-2022-23802 (Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The ...)
+ TODO: check
CVE-2022-23801 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS a ...)
NOT-FOR-US: Joomla!
CVE-2022-23800 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate con ...)
@@ -20552,7 +20629,8 @@ CVE-2021-46382 (Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC
NOT-FOR-US: Netgear
CVE-2021-46381 (Local File Inclusion due to path traversal in D-Link DAP-1620 leads to ...)
NOT-FOR-US: D-Link
-CVE-2021-46380 (Chained Cross Site Request Forgery (CSRF) with Reflected Cross Site Sc ...)
+CVE-2021-46380
+ REJECTED
NOT-FOR-US: WAGO
CVE-2021-46379 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...)
NOT-FOR-US: D-Link
@@ -21233,8 +21311,8 @@ CVE-2021-23150 (Authenticated (admin or higher user role) Stored Cross-Site Scri
NOT-FOR-US: WordPress plugin
CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
NOT-FOR-US: Apache Traffic Control
-CVE-2022-23205
- RESERVED
+CVE-2022-23205 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...)
+ TODO: check
CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...)
NOT-FOR-US: Adobe
CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...)
@@ -27904,8 +27982,8 @@ CVE-2022-21936
RESERVED
CVE-2022-21935
RESERVED
-CVE-2022-21934
- RESERVED
+CVE-2022-21934 (Under certain circumstances an authenticated user could lock other use ...)
+ TODO: check
CVE-2021-45104 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...)
- condor <not-affected> (Vulnerable code introduced later)
NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0002
@@ -34657,18 +34735,18 @@ CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Contro
- slurm-wlm <not-affected> (Affects only 21.08 series; vulnerable code introduced later)
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
NOTE: https://www.schedmd.com/news.php?id=256
-CVE-2021-42743
- RESERVED
+CVE-2021-42743 (A misconfiguration in the node default path allows for local privilege ...)
+ TODO: check
CVE-2021-3926
RESERVED
CVE-2021-3925
RESERVED
-CVE-2021-33845
- RESERVED
-CVE-2021-31559
- RESERVED
-CVE-2021-26253
- RESERVED
+CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames via the ...)
+ TODO: check
+CVE-2021-31559 (A crafted request bypasses S2S TCP Token authentication writing arbitr ...)
+ TODO: check
+CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's implementation of DUO ...)
+ TODO: check
CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-43335
@@ -47740,16 +47818,16 @@ CVE-2021-39029
RESERVED
CVE-2021-39028
RESERVED
-CVE-2021-39027
- RESERVED
+CVE-2021-39027 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structur ...)
+ TODO: check
CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
NOT-FOR-US: IBM
CVE-2021-39025 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose ...)
NOT-FOR-US: IBM
CVE-2021-39024
RESERVED
-CVE-2021-39023
- RESERVED
+CVE-2021-39023 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remot ...)
+ TODO: check
CVE-2021-39022 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-prov ...)
NOT-FOR-US: IBM
CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
@@ -53048,8 +53126,8 @@ CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Refle
NOT-FOR-US: WordPress plugin
CVE-2021-36913
RESERVED
-CVE-2021-36912
- RESERVED
+CVE-2021-36912 (Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News ...)
+ TODO: check
CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36910 (Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in W ...)
@@ -76326,26 +76404,26 @@ CVE-2021-27769
RESERVED
CVE-2021-27768
RESERVED
-CVE-2021-27767
- RESERVED
-CVE-2021-27766
- RESERVED
-CVE-2021-27765
- RESERVED
-CVE-2021-27764
- RESERVED
+CVE-2021-27767 (The BigFix Console installer is created with InstallShield, which was ...)
+ TODO: check
+CVE-2021-27766 (The BigFix Client installer is created with InstallShield, which was a ...)
+ TODO: check
+CVE-2021-27765 (The BigFix Server API installer is created with InstallShield, which w ...)
+ TODO: check
+CVE-2021-27764 (Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Sec ...)
+ TODO: check
CVE-2021-27763
RESERVED
-CVE-2021-27762
- RESERVED
-CVE-2021-27761
- RESERVED
-CVE-2021-27760
- RESERVED
-CVE-2021-27759
- RESERVED
-CVE-2021-27758
- RESERVED
+CVE-2021-27762 (Misconfigured security-related HTTP headers: Several security-related ...)
+ TODO: check
+CVE-2021-27761 (Weak web transport security (Weak TLS): An attacker may be able to dec ...)
+ TODO: check
+CVE-2021-27760 (An issue was discovered in the Sametime chat feature in the Notes 11.0 ...)
+ TODO: check
+CVE-2021-27759 (This vulnerability arises because the application allows the user to p ...)
+ TODO: check
+CVE-2021-27758 (There is a security vulnerability in login form related to Cross-site ...)
+ TODO: check
CVE-2021-27757 (" Insecure password storage issue.The application stores sensitive inf ...)
NOT-FOR-US: HCL
CVE-2021-27756 ("TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2. ...)
@@ -76358,8 +76436,8 @@ CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...)
NOT-FOR-US: HCL
CVE-2021-27752
RESERVED
-CVE-2021-27751
- RESERVED
+CVE-2021-27751 (HCL Commerce is affected by an Insufficient Session Expiration vulnera ...)
+ TODO: check
CVE-2021-27750
RESERVED
CVE-2021-27749
@@ -127445,18 +127523,18 @@ CVE-2020-19219
RESERVED
CVE-2020-19218
RESERVED
-CVE-2020-19217
- RESERVED
-CVE-2020-19216
- RESERVED
-CVE-2020-19215
- RESERVED
+CVE-2020-19217 (SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9. ...)
+ TODO: check
+CVE-2020-19216 (SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, v ...)
+ TODO: check
+CVE-2020-19215 (SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, v ...)
+ TODO: check
CVE-2020-19214
RESERVED
-CVE-2020-19213
- RESERVED
-CVE-2020-19212
- RESERVED
+CVE-2020-19213 (SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the ...)
+ TODO: check
+CVE-2020-19212 (SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, ...)
+ TODO: check
CVE-2020-19211
RESERVED
CVE-2020-19210
@@ -134776,6 +134854,7 @@ CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Inco
CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authentic ...)
NOT-FOR-US: Go Git Service
CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
+ {DLA-2996-1}
- mruby 2.1.2-1 (bug #972051)
[buster] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/5042
@@ -199991,8 +200070,8 @@ CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4
NOT-FOR-US: Wind River VxWorks
CVE-2019-12255 (Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 ...)
NOT-FOR-US: Wind River VxWorks
-CVE-2019-12254
- RESERVED
+CVE-2019-12254 (In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected ...)
+ TODO: check
CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...)
NOT-FOR-US: my little forum
CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the low ...)
@@ -248961,6 +249040,7 @@ CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the
NOTE: https://github.com/Exiv2/exiv2/issues/382
NOTE: Issue in example code of Exiv2
CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 ...)
+ {DLA-2996-1}
- mruby 2.0.0-1 (low; bug #903985)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/4062
@@ -254303,6 +254383,7 @@ CVE-2018-12251
CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.p ...)
NOT-FOR-US: Elite CMS
CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
+ {DLA-2996-1}
- mruby 1.4.1+20180622+git640fca32-1 (bug #901652)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3
@@ -255695,6 +255776,7 @@ CVE-2018-11745
CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control. ...)
NOT-FOR-US: Cloudera
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_cop ...)
+ {DLA-2996-1}
- mruby 1.4.1+20180622+git640fca32-1 (bug #900845)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
@@ -260140,6 +260222,7 @@ CVE-2018-10193 (LogMeIn LastPass through 4.15.0 allows remote attackers to cause
CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege escalation vul ...)
NOT-FOR-US: IPVanish for macOS
CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer overflow ex ...)
+ {DLA-2996-1}
- mruby 1.4.0+20180418+git54905e98-1 (bug #896020)
[jessie] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/3995
@@ -312460,6 +312543,7 @@ CVE-2017-9529 (XnView Classic for Windows Version 2.40 allows remote attackers t
CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote atta ...)
NOT-FOR-US: IrfanView
CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows ...)
+ {DLA-2996-1}
[experimental] - mruby 1.2.0+20170601+git51e0e690-1
- mruby 1.3.0-1 (low; bug #865778)
[jessie] - mruby <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ffba3f22e487b0ad660d46a747a608392bd8774
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ffba3f22e487b0ad660d46a747a608392bd8774
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220506/8a1f154e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list