[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 18 21:10:37 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3035f313 by security tracker role at 2022-05-18T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,487 @@
+CVE-2022-31198
+ RESERVED
+CVE-2022-31197
+ RESERVED
+CVE-2022-31196
+ RESERVED
+CVE-2022-31195
+ RESERVED
+CVE-2022-31194
+ RESERVED
+CVE-2022-31193
+ RESERVED
+CVE-2022-31192
+ RESERVED
+CVE-2022-31191
+ RESERVED
+CVE-2022-31190
+ RESERVED
+CVE-2022-31189
+ RESERVED
+CVE-2022-31188
+ RESERVED
+CVE-2022-31187
+ RESERVED
+CVE-2022-31186
+ RESERVED
+CVE-2022-31185
+ RESERVED
+CVE-2022-31184
+ RESERVED
+CVE-2022-31183
+ RESERVED
+CVE-2022-31182
+ RESERVED
+CVE-2022-31181
+ RESERVED
+CVE-2022-31180
+ RESERVED
+CVE-2022-31179
+ RESERVED
+CVE-2022-31178
+ RESERVED
+CVE-2022-31177
+ RESERVED
+CVE-2022-31176
+ RESERVED
+CVE-2022-31175
+ RESERVED
+CVE-2022-31174
+ RESERVED
+CVE-2022-31173
+ RESERVED
+CVE-2022-31172
+ RESERVED
+CVE-2022-31171
+ RESERVED
+CVE-2022-31170
+ RESERVED
+CVE-2022-31169
+ RESERVED
+CVE-2022-31168
+ RESERVED
+CVE-2022-31167
+ RESERVED
+CVE-2022-31166
+ RESERVED
+CVE-2022-31165
+ RESERVED
+CVE-2022-31164
+ RESERVED
+CVE-2022-31163
+ RESERVED
+CVE-2022-31162
+ RESERVED
+CVE-2022-31161
+ RESERVED
+CVE-2022-31160
+ RESERVED
+CVE-2022-31159
+ RESERVED
+CVE-2022-31158
+ RESERVED
+CVE-2022-31157
+ RESERVED
+CVE-2022-31156
+ RESERVED
+CVE-2022-31155
+ RESERVED
+CVE-2022-31154
+ RESERVED
+CVE-2022-31153
+ RESERVED
+CVE-2022-31152
+ RESERVED
+CVE-2022-31151
+ RESERVED
+CVE-2022-31150
+ RESERVED
+CVE-2022-31149
+ RESERVED
+CVE-2022-31148
+ RESERVED
+CVE-2022-31147
+ RESERVED
+CVE-2022-31146
+ RESERVED
+CVE-2022-31145
+ RESERVED
+CVE-2022-31144
+ RESERVED
+CVE-2022-31143
+ RESERVED
+CVE-2022-31142
+ RESERVED
+CVE-2022-31141
+ RESERVED
+CVE-2022-31140
+ RESERVED
+CVE-2022-31139
+ RESERVED
+CVE-2022-31138
+ RESERVED
+CVE-2022-31137
+ RESERVED
+CVE-2022-31136
+ RESERVED
+CVE-2022-31135
+ RESERVED
+CVE-2022-31134
+ RESERVED
+CVE-2022-31133
+ RESERVED
+CVE-2022-31132
+ RESERVED
+CVE-2022-31131
+ RESERVED
+CVE-2022-31130
+ RESERVED
+CVE-2022-31129
+ RESERVED
+CVE-2022-31128
+ RESERVED
+CVE-2022-31127
+ RESERVED
+CVE-2022-31126
+ RESERVED
+CVE-2022-31125
+ RESERVED
+CVE-2022-31124
+ RESERVED
+CVE-2022-31123
+ RESERVED
+CVE-2022-31122
+ RESERVED
+CVE-2022-31121
+ RESERVED
+CVE-2022-31120
+ RESERVED
+CVE-2022-31119
+ RESERVED
+CVE-2022-31118
+ RESERVED
+CVE-2022-31117
+ RESERVED
+CVE-2022-31116
+ RESERVED
+CVE-2022-31115
+ RESERVED
+CVE-2022-31114
+ RESERVED
+CVE-2022-31113
+ RESERVED
+CVE-2022-31112
+ RESERVED
+CVE-2022-31111
+ RESERVED
+CVE-2022-31110
+ RESERVED
+CVE-2022-31109
+ RESERVED
+CVE-2022-31108
+ RESERVED
+CVE-2022-31107
+ RESERVED
+CVE-2022-31106
+ RESERVED
+CVE-2022-31105
+ RESERVED
+CVE-2022-31104
+ RESERVED
+CVE-2022-31103
+ RESERVED
+CVE-2022-31102
+ RESERVED
+CVE-2022-31101
+ RESERVED
+CVE-2022-31100
+ RESERVED
+CVE-2022-31099
+ RESERVED
+CVE-2022-31098
+ RESERVED
+CVE-2022-31097
+ RESERVED
+CVE-2022-31096
+ RESERVED
+CVE-2022-31095
+ RESERVED
+CVE-2022-31094
+ RESERVED
+CVE-2022-31093
+ RESERVED
+CVE-2022-31092
+ RESERVED
+CVE-2022-31091
+ RESERVED
+CVE-2022-31090
+ RESERVED
+CVE-2022-31089
+ RESERVED
+CVE-2022-31088
+ RESERVED
+CVE-2022-31087
+ RESERVED
+CVE-2022-31086
+ RESERVED
+CVE-2022-31085
+ RESERVED
+CVE-2022-31084
+ RESERVED
+CVE-2022-31083
+ RESERVED
+CVE-2022-31082
+ RESERVED
+CVE-2022-31081
+ RESERVED
+CVE-2022-31080
+ RESERVED
+CVE-2022-31079
+ RESERVED
+CVE-2022-31078
+ RESERVED
+CVE-2022-31077
+ RESERVED
+CVE-2022-31076
+ RESERVED
+CVE-2022-31075
+ RESERVED
+CVE-2022-31074
+ RESERVED
+CVE-2022-31073
+ RESERVED
+CVE-2022-31072
+ RESERVED
+CVE-2022-31071
+ RESERVED
+CVE-2022-31070
+ RESERVED
+CVE-2022-31069
+ RESERVED
+CVE-2022-31068
+ RESERVED
+CVE-2022-31067
+ RESERVED
+CVE-2022-31066
+ RESERVED
+CVE-2022-31065
+ RESERVED
+CVE-2022-31064
+ RESERVED
+CVE-2022-31063
+ RESERVED
+CVE-2022-31062
+ RESERVED
+CVE-2022-31061
+ RESERVED
+CVE-2022-31060
+ RESERVED
+CVE-2022-31059
+ RESERVED
+CVE-2022-31058
+ RESERVED
+CVE-2022-31057
+ RESERVED
+CVE-2022-31056
+ RESERVED
+CVE-2022-31055
+ RESERVED
+CVE-2022-31054
+ RESERVED
+CVE-2022-31053
+ RESERVED
+CVE-2022-31052
+ RESERVED
+CVE-2022-31051
+ RESERVED
+CVE-2022-31050
+ RESERVED
+CVE-2022-31049
+ RESERVED
+CVE-2022-31048
+ RESERVED
+CVE-2022-31047
+ RESERVED
+CVE-2022-31046
+ RESERVED
+CVE-2022-31045
+ RESERVED
+CVE-2022-31044
+ RESERVED
+CVE-2022-31043
+ RESERVED
+CVE-2022-31042
+ RESERVED
+CVE-2022-31041
+ RESERVED
+CVE-2022-31040
+ RESERVED
+CVE-2022-31039
+ RESERVED
+CVE-2022-31038
+ RESERVED
+CVE-2022-31037
+ RESERVED
+CVE-2022-31036
+ RESERVED
+CVE-2022-31035
+ RESERVED
+CVE-2022-31034
+ RESERVED
+CVE-2022-31033
+ RESERVED
+CVE-2022-31032
+ RESERVED
+CVE-2022-31031
+ RESERVED
+CVE-2022-31030
+ RESERVED
+CVE-2022-31029
+ RESERVED
+CVE-2022-31028
+ RESERVED
+CVE-2022-31027
+ RESERVED
+CVE-2022-31026
+ RESERVED
+CVE-2022-31025
+ RESERVED
+CVE-2022-31024
+ RESERVED
+CVE-2022-31023
+ RESERVED
+CVE-2022-31022
+ RESERVED
+CVE-2022-31021
+ RESERVED
+CVE-2022-31020
+ RESERVED
+CVE-2022-31019
+ RESERVED
+CVE-2022-31018
+ RESERVED
+CVE-2022-31017
+ RESERVED
+CVE-2022-31016
+ RESERVED
+CVE-2022-31015
+ RESERVED
+CVE-2022-31014
+ RESERVED
+CVE-2022-31013
+ RESERVED
+CVE-2022-31012
+ RESERVED
+CVE-2022-31011
+ RESERVED
+CVE-2022-31010
+ RESERVED
+CVE-2022-31009
+ RESERVED
+CVE-2022-31008
+ RESERVED
+CVE-2022-31007
+ RESERVED
+CVE-2022-31006
+ RESERVED
+CVE-2022-31005
+ RESERVED
+CVE-2022-31004
+ RESERVED
+CVE-2022-31003
+ RESERVED
+CVE-2022-31002
+ RESERVED
+CVE-2022-31001
+ RESERVED
+CVE-2022-31000
+ RESERVED
+CVE-2022-30999
+ RESERVED
+CVE-2022-30996
+ RESERVED
+CVE-2022-30995
+ RESERVED
+CVE-2022-30994
+ RESERVED
+CVE-2022-30993
+ RESERVED
+CVE-2022-30992
+ RESERVED
+CVE-2022-30991
+ RESERVED
+CVE-2022-30990
+ RESERVED
+CVE-2022-30989
+ RESERVED
+CVE-2022-30988
+ RESERVED
+CVE-2022-30987
+ RESERVED
+CVE-2022-30986
+ RESERVED
+CVE-2022-30985
+ RESERVED
+CVE-2022-30984
+ RESERVED
+CVE-2022-30983
+ RESERVED
+CVE-2022-30982
+ RESERVED
+CVE-2022-30981
+ RESERVED
+CVE-2022-30980
+ RESERVED
+CVE-2022-30979
+ RESERVED
+CVE-2022-30978
+ RESERVED
+CVE-2022-30977
+ RESERVED
+CVE-2022-29496
+ RESERVED
+CVE-2022-1796
+ RESERVED
+CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...)
+ TODO: check
+CVE-2022-1794
+ RESERVED
+CVE-2022-1793
+ RESERVED
+CVE-2022-1792
+ RESERVED
+CVE-2022-1791
+ RESERVED
+CVE-2022-1790
+ RESERVED
+CVE-2022-1789
+ RESERVED
+CVE-2022-1788
+ RESERVED
+CVE-2022-1787
+ RESERVED
+CVE-2022-1786
+ RESERVED
+CVE-2022-1785
+ RESERVED
+CVE-2022-1784
+ RESERVED
+CVE-2022-1783
+ RESERVED
+CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...)
+ TODO: check
+CVE-2022-1781
+ RESERVED
+CVE-2022-1780
+ RESERVED
+CVE-2022-1779
+ RESERVED
+CVE-2022-1778
+ RESERVED
+CVE-2022-1777
+ RESERVED
+CVE-2022-1776
+ RESERVED
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
- gpac <unfixed>
NOTE: https://github.com/gpac/gpac/issues/2179
@@ -24,15 +508,15 @@ CVE-2022-30973
RESERVED
CVE-2022-1770
RESERVED
-CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
+CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c
NOTE: https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4 (v8.2.4974)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1768
RESERVED
-CVE-2022-1767
- RESERVED
+CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...)
+ TODO: check
CVE-2022-1766
RESERVED
CVE-2022-1765
@@ -279,17 +763,16 @@ CVE-2022-1736
NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user
NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2)
TODO: check, if we want to threat this as unimportant severity issue
-CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9
NOTE: https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 (v8.2.4969)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1734
- RESERVED
+CVE-2022-1734 (A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in driver ...)
- linux <unfixed> (unimportant)
NOTE: https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6)
NOTE: Support for Marvell NFC devices (CONFIG_NFC_MRVL) not enabled
-CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a
NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968)
@@ -304,8 +787,8 @@ CVE-2022-1729
RESERVED
CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...)
NOT-FOR-US: Trudesk
-CVE-2022-1727
- RESERVED
+CVE-2022-1727 (Improper Input Validation in GitHub repository jgraph/drawio prior to ...)
+ TODO: check
CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in when expo ...)
TODO: check
CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ...)
@@ -1014,16 +1497,16 @@ CVE-2022-XXXX [RUSTSEC-2022-0019]
CVE-2022-XXXX [RUSTSEC-2022-0020]
- rust-crossbeam <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0020.html
-CVE-2022-30600
- RESERVED
-CVE-2022-30599
- RESERVED
-CVE-2022-30598
- RESERVED
-CVE-2022-30597
- RESERVED
-CVE-2022-30596
- RESERVED
+CVE-2022-30600 (A flaw was found in moodle where logic used to count failed login atte ...)
+ TODO: check
+CVE-2022-30599 (A flaw was found in moodle where an SQL injection risk was identified ...)
+ TODO: check
+CVE-2022-30598 (A flaw was found in moodle where global search results could include a ...)
+ TODO: check
+CVE-2022-30597 (A flaw was found in moodle where the description user field was not hi ...)
+ TODO: check
+CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk alloca ...)
+ TODO: check
CVE-2022-30595
RESERVED
CVE-2022-30593
@@ -2449,8 +2932,8 @@ CVE-2022-30113
RESERVED
CVE-2022-30112
RESERVED
-CVE-2022-30111
- RESERVED
+CVE-2022-30111 (Due to the use of an insecure algorithm for rolling codes in MCK Smart ...)
+ TODO: check
CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which is enable ...)
TODO: check
CVE-2022-30109
@@ -2461,8 +2944,8 @@ CVE-2022-30107
RESERVED
CVE-2022-30106
RESERVED
-CVE-2022-30105
- RESERVED
+CVE-2022-30105 (In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden ...)
+ TODO: check
CVE-2022-30104
RESERVED
CVE-2022-30103
@@ -2544,8 +3027,8 @@ CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Thro
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09 (gimp-2-10)
CVE-2022-30066
RESERVED
-CVE-2022-30065
- RESERVED
+CVE-2022-30065 (A use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ...)
+ TODO: check
CVE-2022-30064
RESERVED
CVE-2022-30063 (ftcms <=2.1 was discovered to be vulnerable to code execution attac ...)
@@ -2802,7 +3285,7 @@ CVE-2022-29952
RESERVED
CVE-2022-29951
RESERVED
-CVE-2022-29950 (Experian Hunter 1.16 allows remote authenticated users to modify assum ...)
+CVE-2022-29950 (** DISPUTED ** Experian Hunter 1.16 allows remote authenticated users ...)
NOT-FOR-US: Experian Hunter
CVE-2022-29949
RESERVED
@@ -3030,8 +3513,8 @@ CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions
NOT-FOR-US: Siemens
CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
NOT-FOR-US: Siemens
-CVE-2022-29518
- RESERVED
+CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...)
+ TODO: check
CVE-2022-29513
RESERVED
CVE-2022-29484
@@ -3194,8 +3677,8 @@ CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in b
- libxml2 2.9.14+dfsg-1 (bug #1010526)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master)
-CVE-2022-29516
- RESERVED
+CVE-2022-29516 (The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 35 ...)
+ TODO: check
CVE-2022-29823
RESERVED
CVE-2022-29822
@@ -3797,24 +4280,24 @@ CVE-2022-29648
RESERVED
CVE-2022-29647
RESERVED
-CVE-2022-29646
- RESERVED
-CVE-2022-29645
- RESERVED
-CVE-2022-29644
- RESERVED
-CVE-2022-29643
- RESERVED
-CVE-2022-29642
- RESERVED
-CVE-2022-29641
- RESERVED
-CVE-2022-29640
- RESERVED
-CVE-2022-29639
- RESERVED
-CVE-2022-29638
- RESERVED
+CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...)
+ TODO: check
+CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
+CVE-2022-29644 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
+CVE-2022-29643 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
+CVE-2022-29642 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
+CVE-2022-29641 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
+CVE-2022-29640 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
+CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
+CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
+ TODO: check
CVE-2022-29637
RESERVED
CVE-2022-29636
@@ -3999,12 +4482,12 @@ CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorre
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3)
CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...)
TODO: check
-CVE-2022-1432
- RESERVED
+CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/oc ...)
+ TODO: check
CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...)
TODO: check
-CVE-2022-1430
- RESERVED
+CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...)
+ TODO: check
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2022-1428 (An issue has been discovered in GitLab affecting all versions before 1 ...)
@@ -4417,8 +4900,8 @@ CVE-2022-29447
RESERVED
CVE-2022-29446
RESERVED
-CVE-2022-29445
- RESERVED
+CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...)
+ TODO: check
CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29443
@@ -4497,10 +4980,10 @@ CVE-2022-29407
RESERVED
CVE-2022-29406
RESERVED
-CVE-2022-28717
- RESERVED
-CVE-2022-27632
- RESERVED
+CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...)
+ TODO: check
+CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...)
+ TODO: check
CVE-2022-1387
RESERVED
CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...)
@@ -5736,14 +6219,14 @@ CVE-2022-28960
RESERVED
CVE-2022-28959
RESERVED
-CVE-2022-28958
- RESERVED
+CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote code execut ...)
+ TODO: check
CVE-2022-28957
RESERVED
-CVE-2022-28956
- RESERVED
-CVE-2022-28955
- RESERVED
+CVE-2022-28956 (An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows ...)
+ TODO: check
+CVE-2022-28955 (An access control issue in D-Link DIR816L_FW206b01 allows unauthentica ...)
+ TODO: check
CVE-2022-28954
RESERVED
CVE-2022-28953
@@ -5804,14 +6287,14 @@ CVE-2022-28926
RESERVED
CVE-2022-28925
RESERVED
-CVE-2022-28924
- RESERVED
+CVE-2022-28924 (An information disclosure vulnerability in UniverSIS-Students before v ...)
+ TODO: check
CVE-2022-28923
RESERVED
CVE-2022-28922
RESERVED
-CVE-2022-28921
- RESERVED
+CVE-2022-28921 (A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEn ...)
+ TODO: check
CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting ...)
NOT-FOR-US: Baidu Tieba
CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...)
@@ -5820,8 +6303,8 @@ CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain
NOTE: https://github.com/splitbrain/dokuwiki/commit/d3233986baa7dfe44490b805ae2e4296fad59401
CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...)
NOT-FOR-US: GreenCMS
-CVE-2022-28917
- RESERVED
+CVE-2022-28917 (Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2022-28916
RESERVED
CVE-2022-28915 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injec ...)
@@ -8693,8 +9176,8 @@ CVE-2022-27949
RESERVED
CVE-2022-27948 (** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attacke ...)
NOT-FOR-US: Tesla
-CVE-2022-1110
- RESERVED
+CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...)
+ TODO: check
CVE-2022-1109
RESERVED
CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...)
@@ -12244,8 +12727,8 @@ CVE-2022-0885
RESERVED
CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0883
- RESERVED
+CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths Security ...)
+ TODO: check
CVE-2022-0882 (A bug exists where an attacker can read the kernel log through exposed ...)
NOT-FOR-US: Google fuchsia
CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...)
@@ -15106,8 +15589,8 @@ CVE-2022-25619 (Improper Neutralization of Special Elements used in a Command ('
NOT-FOR-US: Profelis IT Consultancy SambaBox
CVE-2022-25618 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-25617
- RESERVED
+CVE-2022-25617 (Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets pl ...)
+ TODO: check
CVE-2022-25616
RESERVED
CVE-2022-25615 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom ...)
@@ -16439,10 +16922,10 @@ CVE-2022-25164
RESERVED
CVE-2022-25163
RESERVED
-CVE-2022-25162
- RESERVED
-CVE-2022-25161
- RESERVED
+CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...)
+ TODO: check
+CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...)
+ TODO: check
CVE-2022-25160 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...)
NOT-FOR-US: Mitsubishi
CVE-2022-25159 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...)
@@ -23782,10 +24265,10 @@ CVE-2022-23070
RESERVED
CVE-2022-23069
RESERVED
-CVE-2022-23068
- RESERVED
-CVE-2022-23067
- RESERVED
+CVE-2022-23068 (ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection wh ...)
+ TODO: check
+CVE-2022-23067 (ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via ...)
+ TODO: check
CVE-2022-23066 (In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Ca ...)
NOT-FOR-US: Solana rBPF
CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS ...)
@@ -24836,14 +25319,14 @@ CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An at
NOT-FOR-US: Charactell - FormStorm Enterprise
CVE-2022-22788
RESERVED
-CVE-2022-22787
- RESERVED
-CVE-2022-22786
- RESERVED
-CVE-2022-22785
- RESERVED
-CVE-2022-22784
- RESERVED
+CVE-2022-22787 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...)
+ TODO: check
+CVE-2022-22786 (The Zoom Client for Meetings for Windows before version 5.10.0 and Zoo ...)
+ TODO: check
+CVE-2022-22785 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...)
+ TODO: check
+CVE-2022-22784 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...)
+ TODO: check
CVE-2022-22783 (A vulnerability in Zoom On-Premise Meeting Connector Controller versio ...)
NOT-FOR-US: Zoom
CVE-2022-22782 (The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom ...)
@@ -24854,12 +25337,12 @@ CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible
NOT-FOR-US: Zoom
CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
NOT-FOR-US: Keybase on MacOS & Windows
-CVE-2022-22778
- RESERVED
-CVE-2022-22777
- RESERVED
-CVE-2022-22776
- RESERVED
+CVE-2022-22778 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...)
+ TODO: check
+CVE-2022-22777 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...)
+ TODO: check
+CVE-2022-22776 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...)
+ TODO: check
CVE-2022-22775 (The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Ente ...)
TODO: check
CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO Software Inc ...)
@@ -33909,8 +34392,8 @@ CVE-2021-3971 (A potential vulnerability by a driver used during older manufactu
NOT-FOR-US: Lenovo
CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...)
NOT-FOR-US: Lenovo
-CVE-2021-3969
- RESERVED
+CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMC ...)
+ TODO: check
CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3995-1 (bug #1001900)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -36011,8 +36494,8 @@ CVE-2021-43584
RESERVED
CVE-2021-43583
RESERVED
-CVE-2021-3956
- RESERVED
+CVE-2021-3956 (A read-only authentication bypass vulnerability was reported in the Th ...)
+ TODO: check
CVE-2021-3955
RESERVED
CVE-2021-3954
@@ -37024,8 +37507,8 @@ CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of Man
- mantis <removed>
CVE-2021-3923
RESERVED
-CVE-2021-3922
- RESERVED
+CVE-2021-3922 (A race condition vulnerability was reported in IMController, a softwar ...)
+ TODO: check
CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
- linux 5.14.16-1
[bullseye] - linux 5.10.84-1
@@ -39040,16 +39523,16 @@ CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ..
NOT-FOR-US: firefly-iii
CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: firefly-iii
-CVE-2021-42852
- RESERVED
-CVE-2021-42851
- RESERVED
-CVE-2021-42850
- RESERVED
-CVE-2021-42849
- RESERVED
-CVE-2021-42848
- RESERVED
+CVE-2021-42852 (A command injection vulnerability was reported in some Lenovo Personal ...)
+ TODO: check
+CVE-2021-42851 (A vulnerability was reported in some Lenovo Personal Cloud Storage dev ...)
+ TODO: check
+CVE-2021-42850 (A weak default administrator password for the web interface and serial ...)
+ TODO: check
+CVE-2021-42849 (A weak default password for the serial port was reported in some Lenov ...)
+ TODO: check
+CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...)
+ TODO: check
CVE-2021-3899
RESERVED
CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...)
@@ -39456,16 +39939,16 @@ CVE-2021-42706 (This vulnerability could allow an attacker to disclose informati
NOT-FOR-US: Advantech
CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...)
NOT-FOR-US: PLC Editor
-CVE-2021-42704
- RESERVED
+CVE-2021-42704 (Inkscape version 0.19 is vulnerable to an out-of-bounds write, which m ...)
+ TODO: check
CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
NOT-FOR-US: Advantech
-CVE-2021-42702
- RESERVED
+CVE-2021-42702 (Inkscape version 0.19 can access an uninitialized pointer, which may a ...)
+ TODO: check
CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
NOT-FOR-US: AzeoTech
-CVE-2021-42700
- RESERVED
+CVE-2021-42700 (Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow ...)
+ TODO: check
CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...)
NOT-FOR-US: AzeoTech
CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...)
@@ -42551,8 +43034,8 @@ CVE-2021-41948 (A cross-site scripting (XSS) vulnerability exists in the "contac
NOT-FOR-US: Subrion CMS plugin
CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
NOT-FOR-US: Subrion CMS
-CVE-2021-41946
- RESERVED
+CVE-2021-41946 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting ...)
+ TODO: check
CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input valida ...)
- httpx <unfixed> (bug #1010336)
NOTE: https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
@@ -78979,8 +79462,8 @@ CVE-2021-27550 (Polaris Office v9.102.66 is affected by a divide-by-zero error i
NOT-FOR-US: Polaris Office
CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...)
NOT-FOR-US: Genymotion Desktop
-CVE-2021-27548
- RESERVED
+CVE-2021-27548 (There is a Null Pointer Dereference vulnerability in the XFAScanner::s ...)
+ TODO: check
CVE-2021-27547
RESERVED
CVE-2021-27546
@@ -157528,6 +158011,7 @@ CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory
CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...)
- envoyproxy <itp> (bug #987544)
CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
+ {DLA-3014-1}
- envoyproxy <itp> (bug #987544)
CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...)
NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3035f3139cbd57e0a7e1bd278807638d292886f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3035f3139cbd57e0a7e1bd278807638d292886f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220518/d0547278/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list