[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 31 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ccdfe186 by security tracker role at 2022-05-31T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2022-32158
+ RESERVED
+CVE-2022-32157
+ RESERVED
+CVE-2022-32156
+ RESERVED
+CVE-2022-32155
+ RESERVED
+CVE-2022-32154
+ RESERVED
+CVE-2022-32153
+ RESERVED
+CVE-2022-32152
+ RESERVED
+CVE-2022-32151
+ RESERVED
+CVE-2022-32150
+ RESERVED
+CVE-2022-32149
+ RESERVED
+CVE-2022-32148
+ RESERVED
+CVE-2022-32147
+ RESERVED
+CVE-2022-32146
+ RESERVED
+CVE-2022-32145
+ RESERVED
+CVE-2022-32144
+ RESERVED
+CVE-2022-32143
+ RESERVED
+CVE-2022-32142
+ RESERVED
+CVE-2022-32141
+ RESERVED
+CVE-2022-32140
+ RESERVED
+CVE-2022-32139
+ RESERVED
+CVE-2022-32138
+ RESERVED
+CVE-2022-32137
+ RESERVED
+CVE-2022-32136
+ RESERVED
+CVE-2022-30997
+ RESERVED
+CVE-2022-29519
+ RESERVED
+CVE-2022-1962
+ RESERVED
+CVE-2022-1961
+ RESERVED
+CVE-2022-1960
+ RESERVED
+CVE-2022-1959
+ RESERVED
+CVE-2022-1958
+ RESERVED
+CVE-2022-1957
+ RESERVED
+CVE-2022-1956
+ RESERVED
+CVE-2022-1955
+ RESERVED
+CVE-2022-1954
+ RESERVED
+CVE-2022-1953
+ RESERVED
+CVE-2022-1952
+ RESERVED
+CVE-2022-1951
+ RESERVED
+CVE-2022-1950
+ RESERVED
+CVE-2022-1949
+ RESERVED
CVE-2022-32135
RESERVED
CVE-2022-32134
@@ -688,8 +766,8 @@ CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse]
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
-CVE-2022-1942
- RESERVED
+CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1941
RESERVED
CVE-2022-1940
@@ -769,8 +847,8 @@ CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
NOTE: https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777
NOTE: https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1926
- RESERVED
+CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...)
+ TODO: check
CVE-2022-31793
RESERVED
CVE-2022-31792
@@ -1780,8 +1858,8 @@ CVE-2022-31502
RESERVED
CVE-2022-31501
RESERVED
-CVE-2022-31500
- RESERVED
+CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer sets im ...)
+ TODO: check
CVE-2022-31499
RESERVED
CVE-2022-31498
@@ -2100,14 +2178,14 @@ CVE-2022-31340
RESERVED
CVE-2022-31339
RESERVED
-CVE-2022-31338
- RESERVED
-CVE-2022-31337
- RESERVED
-CVE-2022-31336
- RESERVED
-CVE-2022-31335
- RESERVED
+CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...)
+ TODO: check
+CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...)
+ TODO: check
+CVE-2022-31336 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...)
+ TODO: check
+CVE-2022-31335 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...)
+ TODO: check
CVE-2022-31334
RESERVED
CVE-2022-31333
@@ -2118,12 +2196,12 @@ CVE-2022-31331
RESERVED
CVE-2022-31330
RESERVED
-CVE-2022-31329
- RESERVED
-CVE-2022-31328
- RESERVED
-CVE-2022-31327
- RESERVED
+CVE-2022-31329 (Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2022-31328 (Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering ...)
+ TODO: check
+CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection ...)
+ TODO: check
CVE-2022-31326
RESERVED
CVE-2022-31325
@@ -2879,8 +2957,8 @@ CVE-2022-31004 (CVEProject/cve-services is an open source project used to operat
NOT-FOR-US: CVEProject/cve-services
CVE-2022-31003
RESERVED
-CVE-2022-31002
- RESERVED
+CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
+ TODO: check
CVE-2022-31001
RESERVED
CVE-2022-31000
@@ -3021,8 +3099,8 @@ CVE-2022-1771 (Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.
NOTE: Crash in CLI tool, no security impact
CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...)
NOT-FOR-US: bvsatyaram/random_password_generator
-CVE-2022-30973
- RESERVED
+CVE-2022-30973 (We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the ...)
+ TODO: check
CVE-2022-1770 (Improper Privilege Management in GitHub repository polonel/trudesk pri ...)
NOT-FOR-US: Trudesk
CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. ...)
@@ -3540,72 +3618,72 @@ CVE-2022-30838 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL
NOT-FOR-US: Covid-19 Travel Pass Management System
CVE-2022-30837 (Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting ...)
NOT-FOR-US: Toll-tax-management-system
-CVE-2022-30836
- RESERVED
-CVE-2022-30835
- RESERVED
-CVE-2022-30834
- RESERVED
-CVE-2022-30833
- RESERVED
-CVE-2022-30832
- RESERVED
-CVE-2022-30831
- RESERVED
-CVE-2022-30830
- RESERVED
-CVE-2022-30829
- RESERVED
-CVE-2022-30828
- RESERVED
-CVE-2022-30827
- RESERVED
-CVE-2022-30826
- RESERVED
-CVE-2022-30825
- RESERVED
+CVE-2022-30836 (Wedding Management System v1.0 is vulnerable to SQL Injection. via Wed ...)
+ TODO: check
+CVE-2022-30835 (Wedding Management System v1.0 is vulnerable to SQL Injection. via /We ...)
+ TODO: check
+CVE-2022-30834 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...)
+ TODO: check
+CVE-2022-30833 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...)
+ TODO: check
+CVE-2022-30832 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...)
+ TODO: check
+CVE-2022-30831 (Wedding Management System v1.0 is vulnerable to SQL Injection via Wedd ...)
+ TODO: check
+CVE-2022-30830 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...)
+ TODO: check
+CVE-2022-30829 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...)
+ TODO: check
+CVE-2022-30828 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...)
+ TODO: check
+CVE-2022-30827 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...)
+ TODO: check
+CVE-2022-30826 (Wedding Management System v1.0 is vulnerable to SQL Injection via admi ...)
+ TODO: check
+CVE-2022-30825 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...)
+ TODO: check
CVE-2022-30824
RESERVED
-CVE-2022-30823
- RESERVED
-CVE-2022-30822
- RESERVED
-CVE-2022-30821
- RESERVED
-CVE-2022-30820
- RESERVED
-CVE-2022-30819
- RESERVED
-CVE-2022-30818
- RESERVED
-CVE-2022-30817
- RESERVED
-CVE-2022-30816
- RESERVED
-CVE-2022-30815
- RESERVED
-CVE-2022-30814
- RESERVED
-CVE-2022-30813
- RESERVED
+CVE-2022-30823 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...)
+ TODO: check
+CVE-2022-30822 (In Wedding Management System v1.0, there is an arbitrary file upload v ...)
+ TODO: check
+CVE-2022-30821 (In Wedding Management System v1.0, the editing function of the "Servic ...)
+ TODO: check
+CVE-2022-30820 (In Wedding Management v1.0, there is an arbitrary file upload vulnerab ...)
+ TODO: check
+CVE-2022-30819 (In Wedding Management System v1.0, there is an arbitrary file upload v ...)
+ TODO: check
+CVE-2022-30818 (Wedding Management System v1.0 is vulnerable to SQL injection via /Wed ...)
+ TODO: check
+CVE-2022-30817 (Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection vi ...)
+ TODO: check
+CVE-2022-30816 (elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.p ...)
+ TODO: check
+CVE-2022-30815 (elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.ph ...)
+ TODO: check
+CVE-2022-30814 (elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.p ...)
+ TODO: check
+CVE-2022-30813 (elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. ...)
+ TODO: check
CVE-2022-30812
RESERVED
CVE-2022-30811
RESERVED
-CVE-2022-30810
- RESERVED
-CVE-2022-30809
- RESERVED
-CVE-2022-30808
- RESERVED
+CVE-2022-30810 (elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. ...)
+ TODO: check
+CVE-2022-30809 (elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php? ...)
+ TODO: check
+CVE-2022-30808 (elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/man ...)
+ TODO: check
CVE-2022-30807
RESERVED
CVE-2022-30806
RESERVED
CVE-2022-30805
RESERVED
-CVE-2022-30804
- RESERVED
+CVE-2022-30804 (elitecms v1.01 is vulnerable to Delete any file via /admin/delete_imag ...)
+ TODO: check
CVE-2022-30803
RESERVED
CVE-2022-30802
@@ -3614,18 +3692,18 @@ CVE-2022-30801
RESERVED
CVE-2022-30800
RESERVED
-CVE-2022-30799
- RESERVED
-CVE-2022-30798
- RESERVED
-CVE-2022-30797
- RESERVED
+CVE-2022-30799 (Online Ordering System v1.0 by oretnom23 has SQL injection via store/o ...)
+ TODO: check
+CVE-2022-30798 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-30797 (Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection ...)
+ TODO: check
CVE-2022-30796
RESERVED
-CVE-2022-30795
- RESERVED
-CVE-2022-30794
- RESERVED
+CVE-2022-30795 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2022-30794 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...)
+ TODO: check
CVE-2022-30793
RESERVED
CVE-2022-30790
@@ -4277,8 +4355,7 @@ CVE-2022-1654
RESERVED
CVE-2022-1653
RESERVED
-CVE-2022-1652
- RESERVED
+CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary code on ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/05/10/1
CVE-2022-1651
@@ -4910,10 +4987,10 @@ CVE-2022-30298
RESERVED
CVE-2022-29509
RESERVED
-CVE-2022-29483
- RESERVED
-CVE-2022-28702
- RESERVED
+CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
+ TODO: check
+CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
+ TODO: check
CVE-2022-1615
RESERVED
CVE-2022-1614
@@ -5662,8 +5739,8 @@ CVE-2022-30036
RESERVED
CVE-2022-30035
RESERVED
-CVE-2022-30034
- RESERVED
+CVE-2022-30034 (Flower, a web UI for the Celery Python RPC framework, all versions as ...)
+ TODO: check
CVE-2022-30033 (Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the fu ...)
NOT-FOR-US: Tenda
CVE-2022-30032
@@ -6554,8 +6631,7 @@ CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As
NOT-FOR-US: Go Git Service
CVE-2022-1463 (The Booking Calendar plugin for WordPress is vulnerable to PHP Object ...)
NOT-FOR-US: Booking Calendar plugin for WordPress
-CVE-2022-1462
- RESERVED
+CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernel’s TeleT ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2078466
NOTE: https://www.openwall.com/lists/oss-security/2022/05/27/2
@@ -6707,8 +6783,8 @@ CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cros
NOT-FOR-US: Survey Sparrow Enterprise Survey Software
CVE-2022-29726
RESERVED
-CVE-2022-29725
- RESERVED
+CVE-2022-29725 (An arbitrary file upload in the image upload component of wityCMS v0.6 ...)
+ TODO: check
CVE-2022-29724
RESERVED
CVE-2022-29723
@@ -6733,10 +6809,10 @@ CVE-2022-29714
RESERVED
CVE-2022-29713
RESERVED
-CVE-2022-29712
- RESERVED
-CVE-2022-29711
- RESERVED
+CVE-2022-29712 (LibreNMS v22.3.0 was discovered to contain multiple command injection ...)
+ TODO: check
+CVE-2022-29711 (LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
CVE-2022-29710 (A cross-site scripting (XSS) vulnerability in uploadConfirm.php of Lim ...)
- limesurvey <itp> (bug #472802)
CVE-2022-29709
@@ -7230,8 +7306,7 @@ CVE-2022-29529 (An issue was discovered in MISP before 2.4.158. There is stored
NOT-FOR-US: MISP
CVE-2022-29528 (An issue was discovered in MISP before 2.4.158. PHAR deserialization c ...)
NOT-FOR-US: MISP
-CVE-2022-1419
- RESERVED
+CVE-2022-1419 (The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_ ...)
- linux 5.5.13-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/21/1
NOTE: Fixed by: https://git.kernel.org/linus/4b848f20eda5974020f043ca14bacf7a7e634fc8 (5.6-rc2)
@@ -8010,8 +8085,8 @@ CVE-2022-29260
RESERVED
CVE-2022-29259
RESERVED
-CVE-2022-29258
- RESERVED
+CVE-2022-29258 (XWiki Platform Filter UI provides a generic user interface to convert ...)
+ TODO: check
CVE-2022-29257
RESERVED
CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...)
@@ -8037,12 +8112,12 @@ CVE-2022-29247
RESERVED
CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...)
NOT-FOR-US: Microsoft
-CVE-2022-29245
- RESERVED
+CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 ...)
+ TODO: check
CVE-2022-29244
RESERVED
-CVE-2022-29243
- RESERVED
+CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
+ TODO: check
CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST crypto a ...)
- libengine-gost-openssl1.1 <unfixed>
NOTE: https://github.com/gost-engine/engine/security/advisories/GHSA-2rmw-8wpg-vgw5
@@ -8100,8 +8175,8 @@ CVE-2022-29221 (Smarty is a template engine for PHP, facilitating the separation
NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
NOTE: https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1)
NOTE: https://github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45)
-CVE-2022-29220
- RESERVED
+CVE-2022-29220 (github-action-merge-dependabot is an action that automatically approve ...)
+ TODO: check
CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum Consensus spec ...)
NOT-FOR-US: chainsafe/lodestar
CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...)
@@ -15861,8 +15936,7 @@ CVE-2022-26493
RESERVED
CVE-2022-26492
RESERVED
-CVE-2022-26491 [MITM attack possible on non-DNSSEC XMPP connections]
- RESERVED
+CVE-2022-26491 (An issue was discovered in Pidgin before 2.14.9. A remote attacker who ...)
- pidgin 2.14.9-1
NOTE: https://pidgin.im/about/security/advisories/cve-2022-26491/
NOTE: https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc
@@ -20692,6 +20766,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3036-1}
- asterisk <unfixed>
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -20699,6 +20774,7 @@ CVE-2022-24793 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3036-1}
- asterisk <unfixed>
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -20822,6 +20898,7 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-3036-1}
- asterisk <unfixed>
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -26998,8 +27075,8 @@ CVE-2022-23084
RESERVED
CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...)
NOT-FOR-US: NetMaster
-CVE-2022-23082
- RESERVED
+CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path trave ...)
+ TODO: check
CVE-2022-23081
RESERVED
CVE-2022-23080
@@ -27254,7 +27331,7 @@ CVE-2022-22980
RESERVED
CVE-2022-22979
RESERVED
-CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.5.7 and older unsupported vers ...)
+CVE-2022-22978 (In Spring Security versions 5.5.6 and 5.6.3 and older unsupported vers ...)
TODO: check
CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...)
TODO: check
@@ -29485,8 +29562,8 @@ CVE-2022-22363
RESERVED
CVE-2022-22362
RESERVED
-CVE-2022-22361
- RESERVED
+CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20 ...)
+ TODO: check
CVE-2022-22360
RESERVED
CVE-2022-22359
@@ -45234,18 +45311,18 @@ CVE-2021-42202
RESERVED
CVE-2021-42201
RESERVED
-CVE-2021-42200
- RESERVED
-CVE-2021-42199
- RESERVED
-CVE-2021-42198
- RESERVED
-CVE-2021-42197
- RESERVED
-CVE-2021-42196
- RESERVED
-CVE-2021-42195
- RESERVED
+CVE-2021-42200 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
+ TODO: check
+CVE-2021-42199 (An issue was discovered in swftools through 20201222. A heap buffer ov ...)
+ TODO: check
+CVE-2021-42198 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
+ TODO: check
+CVE-2021-42197 (An issue was discovered in swftools through 20201222 through a memory ...)
+ TODO: check
+CVE-2021-42196 (An issue was discovered in swftools through 20201222. A NULL pointer d ...)
+ TODO: check
+CVE-2021-42195 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...)
+ TODO: check
CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V1.5.4- ...)
NOT-FOR-US: Eyoucms
CVE-2021-42193
@@ -56372,7 +56449,7 @@ CVE-2021-3677 (A flaw was found in postgresql. A purpose-crafted query can read
[buster] - postgresql-11 11.13-0+deb10u1
NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/
CVE-2021-3676
- RESERVED
+ REJECTED
CVE-2021-3675
RESERVED
CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...)
@@ -67609,8 +67686,8 @@ CVE-2021-33188
RESERVED
CVE-2021-33187
RESERVED
-CVE-2021-3555
- RESERVED
+CVE-2021-3555 (A Buffer Overflow vulnerability in the RSTP server component of Eufy I ...)
+ TODO: check
CVE-2021-33186 (SerenityOS in test-crypto.cpp contains a stack buffer overflow which c ...)
NOT-FOR-US: SerenityOS
CVE-2021-33185 (SerenityOS contains a buffer overflow in the set_range test in TestBit ...)
@@ -111667,8 +111744,8 @@ CVE-2020-28248 (An integer overflow in the PngImg::InitStorage_() function of pn
NOT-FOR-US: png-img
CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...)
NOT-FOR-US: Node lettre
-CVE-2020-28246
- RESERVED
+CVE-2020-28246 (A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0. ...)
+ TODO: check
CVE-2020-28245
RESERVED
CVE-2020-28244
@@ -234639,6 +234716,7 @@ CVE-2019-2203 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible
CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
NOT-FOR-US: Android media framework
CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...)
+ {DLA-3037-1}
- libjpeg-turbo 1:2.0.5-1 (low)
[buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccdfe186bc853aa2da6a729c0be47da0405fd23d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccdfe186bc853aa2da6a729c0be47da0405fd23d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220531/b6462e30/attachment.htm>
More information about the debian-security-tracker-commits
mailing list