[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 6 21:10:35 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
16d145c3 by security tracker role at 2022-09-06T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2022-40137
+ RESERVED
+CVE-2022-40136
+ RESERVED
+CVE-2022-40135
+ RESERVED
+CVE-2022-40134
+ RESERVED
+CVE-2022-40127
+ RESERVED
+CVE-2022-38972
+ RESERVED
+CVE-2022-3142
+ RESERVED
+CVE-2022-3141
+ RESERVED
+CVE-2022-3140
+ RESERVED
+CVE-2022-3139
+ RESERVED
+CVE-2022-3138
+ RESERVED
+CVE-2022-3137
+ RESERVED
+CVE-2022-3136
+ RESERVED
CVE-2022-40126
RESERVED
CVE-2022-40125
@@ -26,14 +52,14 @@ CVE-2022-40114
RESERVED
CVE-2022-40113
RESERVED
-CVE-2022-40112
- RESERVED
-CVE-2022-40111
- RESERVED
-CVE-2022-40110
- RESERVED
-CVE-2022-40109
- RESERVED
+CVE-2022-40112 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...)
+ TODO: check
+CVE-2022-40111 (In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the sha ...)
+ TODO: check
+CVE-2022-40110 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...)
+ TODO: check
+CVE-2022-40109 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...)
+ TODO: check
CVE-2022-40108
RESERVED
CVE-2022-40107
@@ -3009,8 +3035,8 @@ CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for
NOTE: https://git.kernel.org/linus/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 (6.0-rc3)
CVE-2022-3027
RESERVED
-CVE-2022-3026
- RESERVED
+CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...)
+ TODO: check
CVE-2022-3025
RESERVED
CVE-2022-3024
@@ -3079,6 +3105,7 @@ CVE-2022-3011
CVE-2022-38785
REJECTED
CVE-2022-38784 (Poppler prior to and including 22.08.0 contains an integer overflow in ...)
+ {DSA-5224-1}
- poppler <unfixed> (bug #1018971)
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52 (poppler-22.09.0)
NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf
@@ -3551,20 +3578,20 @@ CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246. ..
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
NOTE: https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246)
-CVE-2022-2945
- RESERVED
+CVE-2022-2945 (The WordPress Infinite Scroll – Ajax Load More plugin for WordPr ...)
+ TODO: check
CVE-2022-2944
RESERVED
-CVE-2022-2943
- RESERVED
+CVE-2022-2943 (The WordPress Infinite Scroll – Ajax Load More plugin for Wordpr ...)
+ TODO: check
CVE-2022-2942
RESERVED
-CVE-2022-2941
- RESERVED
+CVE-2022-2941 (The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site ...)
+ TODO: check
CVE-2022-2940
RESERVED
-CVE-2022-2939
- RESERVED
+CVE-2022-2939 (The WP Cerber Security plugin for WordPress is vulnerable to security ...)
+ TODO: check
CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure Stal ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
@@ -3572,12 +3599,12 @@ CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure
NOTE: https://git.kernel.org/linus/a06247c6804f1a7c86a2e5398a4c1f1db1471848 (5.17-rc2)
CVE-2022-2937
RESERVED
-CVE-2022-2936
- RESERVED
-CVE-2022-2935
- RESERVED
-CVE-2022-2934
- RESERVED
+CVE-2022-2936 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2022-2934 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
+ TODO: check
CVE-2022-2933
RESERVED
CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...)
@@ -4079,8 +4106,8 @@ CVE-2022-2903
RESERVED
CVE-2022-2902
RESERVED
-CVE-2022-2901
- RESERVED
+CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...)
+ TODO: check
CVE-2022-2900
RESERVED
CVE-2022-38464
@@ -4707,7 +4734,7 @@ CVE-2022-38291
CVE-2022-38290
RESERVED
CVE-2022-38289
- RESERVED
+ REJECTED
CVE-2022-38288
RESERVED
CVE-2022-38287
@@ -5130,8 +5157,8 @@ CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could
NOT-FOR-US: JetBrains TeamCity
CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...)
NOT-FOR-US: Linksys
-CVE-2022-38131
- RESERVED
+CVE-2022-38131 (RStudio Connect is affected by an Open Redirect issue. The vulnerabili ...)
+ TODO: check
CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
NOT-FOR-US: Keysight Sensor Management Server
CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...)
@@ -5309,8 +5336,8 @@ CVE-2022-36428
RESERVED
CVE-2022-36427
RESERVED
-CVE-2022-36425
- RESERVED
+CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5 ...)
+ TODO: check
CVE-2022-36422
RESERVED
CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
@@ -5371,8 +5398,7 @@ CVE-2022-2737
RESERVED
CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
-CVE-2022-2735
- RESERVED
+CVE-2022-2735 (A vulnerability was found in the PCS project. This issue occurs due to ...)
- pcs 0.11.3-2 (bug #1018930)
NOTE: https://www.openwall.com/lists/oss-security/2022/09/01/4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116815
@@ -5797,16 +5823,16 @@ CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion failure
- imagemagick <not-affected> (Specific to IM7)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537
NOTE: https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49
-CVE-2022-2718
- RESERVED
-CVE-2022-2717
- RESERVED
-CVE-2022-2716
- RESERVED
+CVE-2022-2718 (The JoomSport – for Sports: Team & League, Football, Hockey ...)
+ TODO: check
+CVE-2022-2717 (The JoomSport – for Sports: Team & League, Football, Hockey ...)
+ TODO: check
+CVE-2022-2716 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
+ TODO: check
CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee Management S ...)
NOT-FOR-US: SourceCodester Employee Management System
-CVE-2022-2714
- RESERVED
+CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
+ TODO: check
CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
CVE-2022-2712
@@ -5857,16 +5883,16 @@ CVE-2022-37845
RESERVED
CVE-2022-37844
RESERVED
-CVE-2022-37843
- RESERVED
-CVE-2022-37842
- RESERVED
-CVE-2022-37841
- RESERVED
-CVE-2022-37840
- RESERVED
-CVE-2022-37839
- RESERVED
+CVE-2022-37843 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired ...)
+ TODO: check
+CVE-2022-37842 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat. ...)
+ TODO: check
+CVE-2022-37841 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded passwo ...)
+ TODO: check
+CVE-2022-37840 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downlo ...)
+ TODO: check
+CVE-2022-37839 (TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflo ...)
+ TODO: check
CVE-2022-37838
RESERVED
CVE-2022-37837
@@ -6677,8 +6703,8 @@ CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning Sys
NOT-FOR-US: SourceCodester Simple E-Learning System
CVE-2022-2696
RESERVED
-CVE-2022-2695
- RESERVED
+CVE-2022-2695 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
+ TODO: check
CVE-2022-2694 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2693 (A vulnerability has been found in SourceCodester Electronic Medical Re ...)
@@ -7085,8 +7111,8 @@ CVE-2022-37350
RESERVED
CVE-2022-37349
RESERVED
-CVE-2022-2633
- RESERVED
+CVE-2022-2633 (The All-in-One Video Gallery plugin for WordPress is vulnerable to arb ...)
+ TODO: check
CVE-2022-2632
RESERVED
CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prior to ...)
@@ -8576,12 +8602,12 @@ CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protec
NOT-FOR-US: WordPress plugin
CVE-2022-2543 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2542
- RESERVED
-CVE-2022-2541
- RESERVED
-CVE-2022-2540
- RESERVED
+CVE-2022-2542 (The uContext for Clickbank plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2022-2541 (The uContext for Amazon plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2022-2540 (The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does n ...)
@@ -8961,8 +8987,8 @@ CVE-2022-36586
RESERVED
CVE-2022-36585
RESERVED
-CVE-2022-36584
- RESERVED
+CVE-2022-36584 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser ...)
+ TODO: check
CVE-2022-36583 (DedeCMS V5.7.97 was discovered to contain multiple cross-site scriptin ...)
NOT-FOR-US: DedeCMS
CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...)
@@ -9417,12 +9443,12 @@ CVE-2022-2519 (There is a double free or corruption in rotateImage() at tiffcrop
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba
NOTE: Crash in CLI tool, no security impact
-CVE-2022-2518
- RESERVED
-CVE-2022-2517
- RESERVED
-CVE-2022-2516
- RESERVED
+CVE-2022-2518 (The Stockists Manager for Woocommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2022-2517 (The Beaver Builder – WordPress Page Builder for WordPress is vul ...)
+ TODO: check
+CVE-2022-2516 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...)
+ TODO: check
CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 allows ...)
{DSA-5186-1}
- djangorestframework 3.10.2-1
@@ -9467,14 +9493,14 @@ CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scr
NOT-FOR-US: WordPress plugin
CVE-2022-34868 (Authenticated Arbitrary Settings Update vulnerability in YooMoney 
 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34867
- RESERVED
+CVE-2022-34867 (Unauthenticated Sensitive Information Disclosure vulnerability in WP L ...)
+ TODO: check
CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34658 (Multiple Authenticated (contributor+) Persistent Cross-Site Scripting ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34656
- RESERVED
+CVE-2022-34656 (Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpd ...)
+ TODO: check
CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34344
@@ -9491,8 +9517,8 @@ CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite &#
NOT-FOR-US: MailerLite
CVE-2022-33142 (Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in W ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2515
- RESERVED
+CVE-2022-2515 (The Simple Banner plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...)
- fava <unfixed> (bug #1016971)
[bullseye] - fava <no-dsa> (Minor issue)
@@ -9805,8 +9831,8 @@ CVE-2022-2475
RESERVED
CVE-2022-2474
RESERVED
-CVE-2022-2473
- RESERVED
+CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
CVE-2022-2472
RESERVED
CVE-2022-2471
@@ -9875,10 +9901,10 @@ CVE-2022-2464 (Rockwell Automation ISaGRAF Workbench software versions 6.0 throu
NOT-FOR-US: Rockwell Automation
CVE-2022-2463 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...)
NOT-FOR-US: Rockwell Automation
-CVE-2022-2462
- RESERVED
-CVE-2022-2461
- RESERVED
+CVE-2022-2462 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
+ TODO: check
CVE-2022-36277
RESERVED
CVE-2022-36276
@@ -10805,34 +10831,34 @@ CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin fo
NOT-FOR-US: WordPress plugin
CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Si ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2442
- RESERVED
+CVE-2022-2442 (The Migration, Backup, Staging – WPvivid plugin for WordPress is ...)
+ TODO: check
CVE-2022-2441
RESERVED
CVE-2022-2440
RESERVED
CVE-2022-2439
RESERVED
-CVE-2022-2438
- RESERVED
+CVE-2022-2438 (The Broken Link Checker plugin for WordPress is vulnerable to deserial ...)
+ TODO: check
CVE-2022-2437 (The Feed Them Social – for Twitter feed, Youtube and more plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2436
- RESERVED
+CVE-2022-2436 (The Download Manager plugin for WordPress is vulnerable to deserializa ...)
+ TODO: check
CVE-2022-2435 (The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Re ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2434
- RESERVED
-CVE-2022-2433
- RESERVED
-CVE-2022-2432
- RESERVED
-CVE-2022-2431
- RESERVED
-CVE-2022-2430
- RESERVED
-CVE-2022-2429
- RESERVED
+CVE-2022-2434 (The String Locator plugin for WordPress is vulnerable to deserializati ...)
+ TODO: check
+CVE-2022-2433 (The WordPress Infinite Scroll – Ajax Load More plugin for WordPr ...)
+ TODO: check
+CVE-2022-2432 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2022-2431 (The Download Manager plugin for WordPress is vulnerable to arbitrary f ...)
+ TODO: check
+CVE-2022-2430 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2022-2429 (The Ultimate SMS Notifications for WooCommerce plugin for WordPress is ...)
+ TODO: check
CVE-2022-2428
RESERVED
[experimental] - gitlab 15.2.3+ds1-1
@@ -10946,8 +10972,8 @@ CVE-2022-35849
RESERVED
CVE-2022-35848
RESERVED
-CVE-2022-35847
- RESERVED
+CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...)
+ TODO: check
CVE-2022-35846
RESERVED
CVE-2022-35845
@@ -11158,8 +11184,8 @@ CVE-2022-35743
RESERVED
CVE-2022-35742
RESERVED
-CVE-2022-2402
- RESERVED
+CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user logged into ...)
+ TODO: check
CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost version ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf/domp ...)
@@ -13429,10 +13455,10 @@ CVE-2022-34885
RESERVED
CVE-2022-34884
RESERVED
-CVE-2022-34883
- RESERVED
-CVE-2022-34882
- RESERVED
+CVE-2022-34883 (OS Command Injection vulnerability in Hitachi RAID Manager Storage Rep ...)
+ TODO: check
+CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in Hitachi ...)
+ TODO: check
CVE-2022-34881
RESERVED
CVE-2022-34880
@@ -13507,8 +13533,8 @@ CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob
NOT-FOR-US: WordPress plugin
CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-33177
- RESERVED
+CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins ...)
+ TODO: check
CVE-2022-32970
RESERVED
CVE-2022-32776
@@ -13874,8 +13900,8 @@ CVE-2022-34744
RESERVED
CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0 user may be able to modify param ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2022-2233
- RESERVED
+CVE-2022-2233 (The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
CVE-2022-2232
RESERVED
CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
@@ -20226,8 +20252,8 @@ CVE-2022-32266
RESERVED
CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...)
NOT-FOR-US: qDecoder
-CVE-2022-32264
- RESERVED
+CVE-2022-32264 (** UNSUPPORTED WHEN ASSIGNED ** sys/netinet/tcp_timer.h in FreeBSD bef ...)
+ TODO: check
CVE-2022-32263 (Pexip Infinity before 28.1 allows remote attackers to trigger a softwa ...)
NOT-FOR-US: Pexip Infinity
CVE-2022-32262 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -21284,8 +21310,8 @@ CVE-2022-31862
RESERVED
CVE-2022-31861
RESERVED
-CVE-2022-31860
- RESERVED
+CVE-2022-31860 (An issue was discovered in OpenRemote through 1.0.4 allows attackers t ...)
+ TODO: check
CVE-2022-31859
RESERVED
CVE-2022-31858
@@ -21531,8 +21557,8 @@ CVE-2022-31792
RESERVED
CVE-2022-31791
RESERVED
-CVE-2022-31790
- RESERVED
+CVE-2022-31790 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...)
+ TODO: check
CVE-2022-31789
RESERVED
CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...)
@@ -23844,8 +23870,8 @@ CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP uti
NOTE: Fix only documents a shortcoming
CVE-2022-31021
RESERVED
-CVE-2022-31020
- RESERVED
+CVE-2022-31020 (Indy Node is the server portion of a distributed ledger purpose-built ...)
+ TODO: check
CVE-2022-31019 (Vapor is a server-side Swift HTTP web framework. When using automatic ...)
NOT-FOR-US: Vapor
CVE-2022-31018 (Play Framework is a web framework for Java and Scala. A denial of serv ...)
@@ -25142,8 +25168,8 @@ CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/or
NOT-FOR-US: organizr
CVE-2022-1698 (Allowing long password leads to denial of service in GitHub repository ...)
NOT-FOR-US: organizr
-CVE-2022-1697
- RESERVED
+CVE-2022-1697 (Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed th ...)
+ TODO: check
CVE-2022-1696
RESERVED
CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...)
@@ -25568,8 +25594,8 @@ CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository
NOTE: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee
NOTE: https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd (v8.2.4925)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1628
- RESERVED
+CVE-2022-1628 (The Simple SEO plugin for WordPress is vulnerable to attribute-based s ...)
+ TODO: check
CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF check i ...)
@@ -26090,8 +26116,8 @@ CVE-2022-30300
RESERVED
CVE-2022-30299
RESERVED
-CVE-2022-30298
- RESERVED
+CVE-2022-30298 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
+ TODO: check
CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edi ...)
NOT-FOR-US: T&D Data Server
CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
@@ -27713,7 +27739,7 @@ CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an in
NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-29805 (A Java Deserialization vulnerability in the Fishbowl Server in Fishbow ...)
NOT-FOR-US: Fishbowl Inventory
-CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid, absolute paths ...)
+CVE-2022-29804 (In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x bef ...)
- golang-1.18 <not-affected> (Only affects Go on Windows)
- golang-1.17 <not-affected> (Only affects Go on Windows)
- golang-1.15 <not-affected> (Only affects Go on Windows)
@@ -29822,16 +29848,16 @@ CVE-2022-1316 (ZeroTierOne for windows local privilege escalation because of inc
NOT-FOR-US: ZeroTierOne
CVE-2022-29063 (The Solr plugin of Apache OFBiz is configured by default to automatica ...)
NOT-FOR-US: Apache OFBiz
-CVE-2022-29062
- RESERVED
+CVE-2022-29062 (Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet ...)
+ TODO: check
CVE-2022-29061
RESERVED
CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...)
NOT-FOR-US: Fortinet
CVE-2022-29059
RESERVED
-CVE-2022-29058
- RESERVED
+CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used in an OS ...)
+ TODO: check
CVE-2022-29057 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: Fortinet
CVE-2022-29056
@@ -29840,8 +29866,8 @@ CVE-2022-29055
RESERVED
CVE-2022-29054
RESERVED
-CVE-2022-29053
- RESERVED
+CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...)
+ TODO: check
CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-29051 (Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and ...)
@@ -30325,10 +30351,10 @@ CVE-2022-28887
RESERVED
CVE-2022-28886
RESERVED
-CVE-2022-28885
- RESERVED
-CVE-2022-28884
- RESERVED
+CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...)
+ TODO: check
+CVE-2022-28884 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...)
+ TODO: check
CVE-2022-28883 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure &am ...)
NOT-FOR-US: F-Secure & WithSecure products
CVE-2022-28882 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure &am ...)
@@ -30874,7 +30900,7 @@ CVE-2022-1262 (A command injection vulnerability in the protest binary allows an
CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...)
NOT-FOR-US: MatrikonOPC
CVE-2022-1260
- RESERVED
+ REJECTED
CVE-2022-1259 (A flaw was found in Undertow. A potential security issue in flow contr ...)
- undertow <not-affected> (Incomplete fix not released to any suite)
CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) ...)
@@ -32595,7 +32621,7 @@ CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier do
NOT-FOR-US: Jenkins plugin
CVE-2022-28132
RESERVED
-CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...)
+CVE-2022-28131 (In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before ...)
- golang-1.18 1.18.4-1
- golang-1.15 <removed>
- golang-1.11 <removed>
@@ -33935,8 +33961,8 @@ CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformatio
NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
CVE-2022-27665
RESERVED
-CVE-2022-27664
- RESERVED
+CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ...)
+ TODO: check
CVE-2022-27663
RESERVED
CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...)
@@ -34350,8 +34376,8 @@ CVE-2022-1038
RESERVED
CVE-2022-27492
RESERVED
-CVE-2022-27491
- RESERVED
+CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...)
+ TODO: check
CVE-2022-27490
RESERVED
CVE-2022-27489
@@ -34793,6 +34819,7 @@ CVE-2022-27339
CVE-2022-27338
RESERVED
CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...)
+ {DSA-5224-1}
- poppler 22.08.0-2 (bug #1010695)
[buster] - poppler <no-dsa> (Minor issue)
[stretch] - poppler <postponed> (Minor issue)
@@ -37269,54 +37296,54 @@ CVE-2022-26472
RESERVED
CVE-2022-26471
RESERVED
-CVE-2022-26470
- RESERVED
-CVE-2022-26469
- RESERVED
-CVE-2022-26468
- RESERVED
-CVE-2022-26467
- RESERVED
-CVE-2022-26466
- RESERVED
-CVE-2022-26465
- RESERVED
-CVE-2022-26464
- RESERVED
-CVE-2022-26463
- RESERVED
-CVE-2022-26462
- RESERVED
-CVE-2022-26461
- RESERVED
-CVE-2022-26460
- RESERVED
-CVE-2022-26459
- RESERVED
-CVE-2022-26458
- RESERVED
-CVE-2022-26457
- RESERVED
-CVE-2022-26456
- RESERVED
-CVE-2022-26455
- RESERVED
-CVE-2022-26454
- RESERVED
-CVE-2022-26453
- RESERVED
+CVE-2022-26470 (In aie, there is a possible out of bounds write due to an incorrect bo ...)
+ TODO: check
+CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due to fragme ...)
+ TODO: check
+CVE-2022-26468 (In preloader (usb), there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2022-26467 (In rpmb, there is a possible out of bounds write due to an incorrect b ...)
+ TODO: check
+CVE-2022-26466 (In audio ipi, there is a possible out of bounds write due to an intege ...)
+ TODO: check
+CVE-2022-26465 (In audio ipi, there is a possible out of bounds write due to an incorr ...)
+ TODO: check
+CVE-2022-26464 (In vow, there is a possible out of bounds write due to an incorrect bo ...)
+ TODO: check
+CVE-2022-26463 (In vow, there is a possible out of bounds read due to an incorrect bou ...)
+ TODO: check
+CVE-2022-26462 (In vow, there is a possible out of bounds read due to an incorrect bou ...)
+ TODO: check
+CVE-2022-26461 (In vow, there is a possible undefined behavior due to an API misuse. T ...)
+ TODO: check
+CVE-2022-26460 (In vow, there is a possible out of bounds write due to an incorrect bo ...)
+ TODO: check
+CVE-2022-26459 (In vow, there is a possible out of bounds read due to an integer overf ...)
+ TODO: check
+CVE-2022-26458 (In vow, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2022-26457 (In vow, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2022-26456 (In vow, there is a possible information disclosure due to a symbolic l ...)
+ TODO: check
+CVE-2022-26455 (In gz, there is a possible memory corruption due to incorrect error ha ...)
+ TODO: check
+CVE-2022-26454 (In teei, there is a possible memory corruption due to an integer overf ...)
+ TODO: check
+CVE-2022-26453 (In teei, there is a possible memory corruption due to a use after free ...)
+ TODO: check
CVE-2022-26452
RESERVED
-CVE-2022-26451
- RESERVED
-CVE-2022-26450
- RESERVED
-CVE-2022-26449
- RESERVED
-CVE-2022-26448
- RESERVED
-CVE-2022-26447
- RESERVED
+CVE-2022-26451 (In ged, there is a possible use after free due to improper locking. Th ...)
+ TODO: check
+CVE-2022-26450 (In apusys, there is a possible use after free due to a race condition. ...)
+ TODO: check
+CVE-2022-26449 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2022-26448 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2022-26447 (In BT firmware, there is a possible out of bounds write due to a missi ...)
+ TODO: check
CVE-2022-26446
RESERVED
CVE-2022-26445 (In wifi driver, there is a possible out of bounds write due to a missi ...)
@@ -37581,7 +37608,7 @@ CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so Demu
CVE-2022-25989 (An authentication bypass vulnerability exists in the libxm_av.so getpe ...)
NOT-FOR-US: Anker Eufy Homebase
CVE-2022-0844
- RESERVED
+ REJECTED
CVE-2022-0843
RESERVED
- firefox 98.0-1
@@ -38443,8 +38470,8 @@ CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL
NOT-FOR-US: Fortiguard FortiNAC
CVE-2022-26115
RESERVED
-CVE-2022-26114
- RESERVED
+CVE-2022-26114 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...)
NOT-FOR-US: Fortinet
CVE-2022-26112
@@ -40495,8 +40522,7 @@ CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger st
NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All versions). The a ...)
NOT-FOR-US: Siemens
-CVE-2022-25310
- RESERVED
+CVE-2022-25310 (A segmentation fault (SEGV) flaw was found in the Fribidi package and ...)
{DLA-2974-1}
- fribidi 1.0.8-2.1 (bug #1008793)
[bullseye] - fribidi 1.0.8-2+deb11u1
@@ -40504,8 +40530,7 @@ CVE-2022-25310
NOTE: https://github.com/fribidi/fribidi/issues/183
NOTE: https://github.com/fribidi/fribidi/pull/186
NOTE: https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f
-CVE-2022-25309
- RESERVED
+CVE-2022-25309 (A heap-based buffer overflow flaw was found in the Fribidi package and ...)
{DLA-2974-1}
- fribidi 1.0.8-2.1 (bug #1008793)
[bullseye] - fribidi 1.0.8-2+deb11u1
@@ -40513,8 +40538,7 @@ CVE-2022-25309
NOTE: https://github.com/fribidi/fribidi/issues/182
NOTE: https://github.com/fribidi/fribidi/pull/185
NOTE: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
-CVE-2022-25308
- RESERVED
+CVE-2022-25308 (A stack-based buffer overflow flaw was found in the Fribidi package. T ...)
{DLA-2974-1}
- fribidi 1.0.8-2.1 (bug #1008793)
[bullseye] - fribidi 1.0.8-2+deb11u1
@@ -46351,34 +46375,34 @@ CVE-2022-23693
RESERVED
CVE-2022-23692
RESERVED
-CVE-2022-23691
- RESERVED
-CVE-2022-23690
- RESERVED
-CVE-2022-23689
- RESERVED
-CVE-2022-23688
- RESERVED
-CVE-2022-23687
- RESERVED
-CVE-2022-23686
- RESERVED
+CVE-2022-23691 (A vulnerability exists in certain AOS-CX switch models which could all ...)
+ TODO: check
+CVE-2022-23690 (A vulnerability in the web-based management interface of AOS-CX could ...)
+ TODO: check
+CVE-2022-23689 (Multiple vulnerabilities exist in the processing of packet data by the ...)
+ TODO: check
+CVE-2022-23688 (Multiple vulnerabilities exist in the processing of packet data by the ...)
+ TODO: check
+CVE-2022-23687 (Multiple vulnerabilities exist in the processing of packet data by the ...)
+ TODO: check
+CVE-2022-23686 (Multiple vulnerabilities exist in the processing of packet data by the ...)
+ TODO: check
CVE-2022-23685
RESERVED
-CVE-2022-23684
- RESERVED
-CVE-2022-23683
- RESERVED
-CVE-2022-23682
- RESERVED
-CVE-2022-23681
- RESERVED
-CVE-2022-23680
- RESERVED
-CVE-2022-23679
- RESERVED
-CVE-2022-23678
- RESERVED
+CVE-2022-23684 (A vulnerability in the web-based management interface of AOS-CX could ...)
+ TODO: check
+CVE-2022-23683 (Authenticated command injection vulnerabilities exist in the AOS-CX Ne ...)
+ TODO: check
+CVE-2022-23682 (Multiple vulnerabilities exist in the AOS-CX command line interface th ...)
+ TODO: check
+CVE-2022-23681 (Multiple vulnerabilities exist in the AOS-CX command line interface th ...)
+ TODO: check
+CVE-2022-23680 (AOS-CX lacks Anti-CSRF protections in place for state-changing operati ...)
+ TODO: check
+CVE-2022-23679 (AOS-CX lacks Anti-CSRF protections in place for state-changing operati ...)
+ TODO: check
+CVE-2022-23678 (A vulnerability in the Aruba Virtual Intranet Access (VIA) client for ...)
+ TODO: check
CVE-2022-23677 (A remote execution of arbitrary code vulnerability was discovered in A ...)
NOT-FOR-US: Aruba
CVE-2022-23676 (A remote execution of arbitrary code vulnerability was discovered in A ...)
@@ -46910,8 +46934,7 @@ CVE-2022-23452 (An authorization flaw was found in openstack-barbican, where any
[stretch] - barbican <no-dsa> (Minor issue)
NOTE: https://storyboard.openstack.org/#!/story/2009297
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090
-CVE-2022-23451
- RESERVED
+CVE-2022-23451 (An authorization flaw was found in openstack-barbican. The default pol ...)
- barbican 1:14.0.0~rc1-2
[bullseye] - barbican <no-dsa> (Minor issue)
[buster] - barbican <no-dsa> (Minor issue)
@@ -61141,8 +61164,7 @@ CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malic
[buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
NOTE: https://www.samba.org/samba/security/CVE-2021-43566.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13979
-CVE-2021-43565 [x/crypto/ssh: empty plaintext packet causes panic]
- RESERVED
+CVE-2021-43565 (The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of g ...)
- golang-go.crypto 1:0.0~git20211202.5770296-1
[stretch] - golang-go.crypto <postponed> (Limited support in stretch)
NOTE: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
@@ -63490,16 +63512,16 @@ CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2021-43081 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
-CVE-2021-43080
- RESERVED
+CVE-2021-43080 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
CVE-2021-43079
RESERVED
CVE-2021-43078
RESERVED
CVE-2021-43077 (A improper neutralization of special elements used in an sql command ( ...)
NOT-FOR-US: FortiGuard
-CVE-2021-43076
- RESERVED
+CVE-2021-43076 (An improper privilege management vulnerability [CWE-269] in FortiADC v ...)
+ TODO: check
CVE-2021-43075 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-43074
@@ -65457,7 +65479,8 @@ CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vuln
NOT-FOR-US: Android
CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...)
NOT-FOR-US: Android
-CVE-2022-20359 (In various methods of NotificationManagerService.java, there is a poss ...)
+CVE-2022-20359
+ REJECTED
TODO: check - not listed in linked bulletin
CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible ...)
NOT-FOR-US: Android
@@ -74270,11 +74293,11 @@ CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cr
CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39326
- RESERVED
+ REJECTED
CVE-2021-39325 (The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39324
- RESERVED
+ REJECTED
CVE-2021-39323
RESERVED
CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the ...)
@@ -80623,8 +80646,8 @@ CVE-2021-36831
RESERVED
CVE-2021-36830
RESERVED
-CVE-2021-36829
- RESERVED
+CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36827 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...)
@@ -183178,7 +183201,7 @@ CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susc
CVE-2020-8587 (OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to ...)
NOT-FOR-US: NetApp
CVE-2020-8586
- RESERVED
+ REJECTED
CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5 may dis ...)
NOT-FOR-US: OnCommand Unified Manager Core Package
CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16d145c36472a821f60c984cbff306609a1b4d1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16d145c36472a821f60c984cbff306609a1b4d1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/04c19913/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list