[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 16 21:10:37 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e56c2557 by security tracker role at 2022-09-16T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-40754
+ RESERVED
+CVE-2022-40753
+ RESERVED
+CVE-2022-40752
+ RESERVED
+CVE-2022-40751
+ RESERVED
+CVE-2022-40750
+ RESERVED
+CVE-2022-40749
+ RESERVED
+CVE-2022-40748
+ RESERVED
+CVE-2022-40747
+ RESERVED
+CVE-2022-40746
+ RESERVED
+CVE-2022-40745
+ RESERVED
+CVE-2022-40744
+ RESERVED
+CVE-2022-40743
+ RESERVED
+CVE-2022-3233
+ RESERVED
+CVE-2022-3232
+ RESERVED
+CVE-2022-3231
+ RESERVED
CVE-2022-3230
RESERVED
CVE-2022-3229
@@ -16,12 +46,12 @@ CVE-2022-3227
RESERVED
CVE-2022-3226
RESERVED
-CVE-2022-3225
- RESERVED
+CVE-2022-3225 (Improper Access Control in GitHub repository budibase/budibase prior t ...)
+ TODO: check
CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse-url ...)
NOT-FOR-US: Node parse-url
-CVE-2022-3223
- RESERVED
+CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
+ TODO: check
CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...)
- gpac <unfixed>
NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/
@@ -192,8 +222,8 @@ CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and cla
NOT-FOR-US: Nintendo Game Boy Color
CVE-2022-3215
RESERVED
-CVE-2022-3214
- RESERVED
+CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
+ TODO: check
CVE-2022-3213
RESERVED
CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_request ...)
@@ -657,8 +687,8 @@ CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DE
NOTE: Introduced by the fix for CVE-2022-30976.
CVE-2022-3177
RESERVED
-CVE-2022-3176
- RESERVED
+CVE-2022-3176 (There exists a use-after-free in io_uring in the Linux kernel. Signalf ...)
+ TODO: check
CVE-2022-3175 (Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3174 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
@@ -993,8 +1023,8 @@ CVE-2022-40339
RESERVED
CVE-2022-40338
RESERVED
-CVE-2022-40337
- RESERVED
+CVE-2022-40337 (OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows ...)
+ TODO: check
CVE-2022-40336
RESERVED
CVE-2022-40335
@@ -1402,22 +1432,22 @@ CVE-2022-40158
RESERVED
CVE-2022-40157
RESERVED
-CVE-2022-40156
- RESERVED
-CVE-2022-40155
- RESERVED
-CVE-2022-40154
- RESERVED
-CVE-2022-40153
- RESERVED
-CVE-2022-40152
- RESERVED
-CVE-2022-40151
- RESERVED
-CVE-2022-40150
- RESERVED
-CVE-2022-40149
- RESERVED
+CVE-2022-40156 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
+ TODO: check
+CVE-2022-40155 (Those using Xstream to serialise XML data may be vulnerable to Denial ...)
+ TODO: check
+CVE-2022-40154 (Those using Xstream to serialise XML data may be vulnerable to Denial ...)
+ TODO: check
+CVE-2022-40153 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
+ TODO: check
+CVE-2022-40152 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
+ TODO: check
+CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...)
+ TODO: check
+CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
+ TODO: check
+CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...)
+ TODO: check
CVE-2022-40148
RESERVED
CVE-2022-40147
@@ -1465,8 +1495,8 @@ CVE-2022-38457 (A use-after-free(UAF) vulnerability was found in function 'vmw_c
TODO: check, specific to OpenAnolis?
CVE-2022-38096 (A NULL pointer dereference vulnerability was found in vmwgfx driver in ...)
TODO: check, specific to OpenAnolis?
-CVE-2022-36402
- RESERVED
+CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver in driver ...)
+ TODO: check
CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx ...)
TODO: check, specific to OpenAnolis?
CVE-2022-3147 (Mattermost version 7.0.x and earlier fails to sufficiently limit the i ...)
@@ -3839,8 +3869,8 @@ CVE-2022-39065
RESERVED
CVE-2022-39064
RESERVED
-CVE-2022-39063
- RESERVED
+CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...)
+ TODO: check
CVE-2022-39062
RESERVED
CVE-2022-39061
@@ -4090,54 +4120,54 @@ CVE-2022-39012
RESERVED
CVE-2022-39011
RESERVED
-CVE-2022-39010
- RESERVED
-CVE-2022-39009
- RESERVED
-CVE-2022-39008
- RESERVED
-CVE-2022-39007
- RESERVED
-CVE-2022-39006
- RESERVED
-CVE-2022-39005
- RESERVED
-CVE-2022-39004
- RESERVED
-CVE-2022-39003
- RESERVED
-CVE-2022-39002
- RESERVED
-CVE-2022-39001
- RESERVED
-CVE-2022-39000
- RESERVED
-CVE-2022-38999
- RESERVED
+CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...)
+ TODO: check
+CVE-2022-39009 (The WLAN module has a vulnerability in permission verification. Succes ...)
+ TODO: check
+CVE-2022-39008 (The NFC module has bundle serialization/deserialization vulnerabilitie ...)
+ TODO: check
+CVE-2022-39007 (The location module has a vulnerability of bypassing permission verifi ...)
+ TODO: check
+CVE-2022-39006 (The MPTCP module has the race condition vulnerability. Successful expl ...)
+ TODO: check
+CVE-2022-39005 (The MPTCP module has the memory leak vulnerability. Successful exploit ...)
+ TODO: check
+CVE-2022-39004 (The MPTCP module has the memory leak vulnerability. Successful exploit ...)
+ TODO: check
+CVE-2022-39003 (Buffer overflow vulnerability in the video framework. Successful explo ...)
+ TODO: check
+CVE-2022-39002 (Double free vulnerability in the storage module. Successful exploitati ...)
+ TODO: check
+CVE-2022-39001 (The number identification module has a path traversal vulnerability. S ...)
+ TODO: check
+CVE-2022-39000 (The iAware module has a vulnerability in managing malicious apps.Succe ...)
+ TODO: check
+CVE-2022-38999 (The AOD module has the improper update of reference count vulnerabilit ...)
+ TODO: check
CVE-2022-38998
RESERVED
-CVE-2022-38997
- RESERVED
-CVE-2022-38996
- RESERVED
-CVE-2022-38995
- RESERVED
-CVE-2022-38994
- RESERVED
-CVE-2022-38993
- RESERVED
-CVE-2022-38992
- RESERVED
-CVE-2022-38991
- RESERVED
-CVE-2022-38990
- RESERVED
-CVE-2022-38989
- RESERVED
-CVE-2022-38988
- RESERVED
-CVE-2022-38987
- RESERVED
+CVE-2022-38997 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38996 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38995 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38994 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38993 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38992 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38991 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38990 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38989 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38988 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38987 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
CVE-2022-38986
RESERVED
CVE-2022-38985
@@ -4152,10 +4182,10 @@ CVE-2022-38981
RESERVED
CVE-2022-38980
RESERVED
-CVE-2022-38979
- RESERVED
-CVE-2022-38978
- RESERVED
+CVE-2022-38979 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-38978 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
CVE-2022-38977
RESERVED
CVE-2022-38970
@@ -4342,10 +4372,10 @@ CVE-2022-38880
RESERVED
CVE-2022-38879
RESERVED
-CVE-2022-38878
- RESERVED
-CVE-2022-38877
- RESERVED
+CVE-2022-38878 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
+ TODO: check
+CVE-2022-38877 (Garage Management System v1.0 is vulnerable to Arbitrary code executio ...)
+ TODO: check
CVE-2022-38876
RESERVED
CVE-2022-38875
@@ -4435,14 +4465,14 @@ CVE-2022-38848
RESERVED
CVE-2022-38847
RESERVED
-CVE-2022-38846
- RESERVED
-CVE-2022-38845
- RESERVED
-CVE-2022-38844
- RESERVED
-CVE-2022-38843
- RESERVED
+CVE-2022-38846 (EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing th ...)
+ TODO: check
+CVE-2022-38845 (Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote ...)
+ TODO: check
+CVE-2022-38844 (CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authen ...)
+ TODO: check
+CVE-2022-38843 (EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowi ...)
+ TODO: check
CVE-2022-38842
RESERVED
CVE-2022-38841
@@ -4461,28 +4491,28 @@ CVE-2022-38835
RESERVED
CVE-2022-38834
RESERVED
-CVE-2022-38833
- RESERVED
-CVE-2022-38832
- RESERVED
-CVE-2022-38831
- RESERVED
-CVE-2022-38830
- RESERVED
-CVE-2022-38829
- RESERVED
-CVE-2022-38828
- RESERVED
-CVE-2022-38827
- RESERVED
-CVE-2022-38826
- RESERVED
+CVE-2022-38833 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
+ TODO: check
+CVE-2022-38832 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
+ TODO: check
+CVE-2022-38831 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
+ TODO: check
+CVE-2022-38830 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
+ TODO: check
+CVE-2022-38829 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...)
+ TODO: check
+CVE-2022-38828 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection ...)
+ TODO: check
+CVE-2022-38827 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow vi ...)
+ TODO: check
+CVE-2022-38826 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary c ...)
+ TODO: check
CVE-2022-38825
RESERVED
CVE-2022-38824
RESERVED
-CVE-2022-38823
- RESERVED
+CVE-2022-38823 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password ...)
+ TODO: check
CVE-2022-38822
RESERVED
CVE-2022-38821
@@ -4511,8 +4541,8 @@ CVE-2022-38810
RESERVED
CVE-2022-38809
RESERVED
-CVE-2022-38808
- RESERVED
+CVE-2022-38808 (ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportE ...)
+ TODO: check
CVE-2022-38807
RESERVED
CVE-2022-38806
@@ -4591,8 +4621,8 @@ CVE-2022-3021
RESERVED
CVE-2022-3020
RESERVED
-CVE-2021-46836
- RESERVED
+CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...)
+ TODO: check
CVE-2022-3019 (The forgot password token basically just makes us capable of taking ov ...)
NOT-FOR-US: ToolJet
CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...)
@@ -4912,10 +4942,10 @@ CVE-2022-2975
RESERVED
CVE-2022-2974
RESERVED
-CVE-2020-36601
- RESERVED
-CVE-2020-36600
- RESERVED
+CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Successful ex ...)
+ TODO: check
+CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption module. Suc ...)
+ TODO: check
CVE-2022-38714
RESERVED
CVE-2022-38713
@@ -5228,8 +5258,8 @@ CVE-2022-38623
RESERVED
CVE-2022-38622
RESERVED
-CVE-2022-38621
- RESERVED
+CVE-2022-38621 (Doufox v0.0.4 was discovered to contain a remote code execution (RCE) ...)
+ TODO: check
CVE-2022-38620
RESERVED
CVE-2022-38619
@@ -5626,10 +5656,10 @@ CVE-2022-2915 (A Heap-based Buffer Overflow vulnerability in the SonicWall SMA10
NOT-FOR-US: SonicWall
CVE-2022-2914
RESERVED
-CVE-2022-2913
- RESERVED
-CVE-2022-2912
- RESERVED
+CVE-2022-2913 (The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't che ...)
+ TODO: check
+CVE-2022-2912 (The Craw Data WordPress plugin through 1.0.0 does not implement nonce ...)
+ TODO: check
CVE-2022-2911
RESERVED
CVE-2022-2910
@@ -5711,24 +5741,24 @@ CVE-2022-38436
RESERVED
CVE-2022-38435
RESERVED
-CVE-2022-38434
- RESERVED
-CVE-2022-38433
- RESERVED
-CVE-2022-38432
- RESERVED
-CVE-2022-38431
- RESERVED
-CVE-2022-38430
- RESERVED
-CVE-2022-38429
- RESERVED
-CVE-2022-38428
- RESERVED
-CVE-2022-38427
- RESERVED
-CVE-2022-38426
- RESERVED
+CVE-2022-38434 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38433 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38432 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38431 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38430 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38429 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38428 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38427 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
+CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
CVE-2022-38425
RESERVED
CVE-2022-38424
@@ -5745,40 +5775,40 @@ CVE-2022-38419
RESERVED
CVE-2022-38418
RESERVED
-CVE-2022-38417
- RESERVED
-CVE-2022-38416
- RESERVED
-CVE-2022-38415
- RESERVED
-CVE-2022-38414
- RESERVED
-CVE-2022-38413
- RESERVED
-CVE-2022-38412
- RESERVED
-CVE-2022-38411
- RESERVED
-CVE-2022-38410
- RESERVED
-CVE-2022-38409
- RESERVED
-CVE-2022-38408
- RESERVED
-CVE-2022-38407
- RESERVED
-CVE-2022-38406
- RESERVED
-CVE-2022-38405
- RESERVED
-CVE-2022-38404
- RESERVED
-CVE-2022-38403
- RESERVED
-CVE-2022-38402
- RESERVED
-CVE-2022-38401
- RESERVED
+CVE-2022-38417 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-38416 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-38415 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-38414 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-38413 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-38412 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...)
+ TODO: check
+CVE-2022-38411 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...)
+ TODO: check
+CVE-2022-38410 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
+ TODO: check
+CVE-2022-38409 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
+ TODO: check
+CVE-2022-38408 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
+ TODO: check
+CVE-2022-38407 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
+ TODO: check
+CVE-2022-38406 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
+ TODO: check
+CVE-2022-38405 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
+ TODO: check
+CVE-2022-38404 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
+ TODO: check
+CVE-2022-38403 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
+ TODO: check
+CVE-2022-38402 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
+ TODO: check
+CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...)
+ TODO: check
CVE-2022-38102
RESERVED
CVE-2022-38090
@@ -5855,8 +5885,8 @@ CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ..
NOTE: https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 (v9.0.0225)
CVE-2022-2888
RESERVED
-CVE-2022-2887
- RESERVED
+CVE-2022-2887 (The WP Server Health Stats WordPress plugin before 1.7.0 does not esca ...)
+ TODO: check
CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...)
NOTE: Additional misreport for laravel, likely to be rejected
CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
@@ -5883,8 +5913,8 @@ CVE-2022-2879
RESERVED
CVE-2022-2878
RESERVED
-CVE-2022-2877
- RESERVED
+CVE-2022-2877 (The Titan Anti-spam & Security WordPress plugin before 7.3.1 does ...)
+ TODO: check
CVE-2022-2876 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester
CVE-2022-39047 (Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vu ...)
@@ -5963,8 +5993,8 @@ CVE-2022-2865
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
CVE-2022-2864
RESERVED
-CVE-2022-2863
- RESERVED
+CVE-2022-2863 (The Migration, Backup, Staging WordPress plugin before 0.9.76 does not ...)
+ TODO: check
CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. ...)
- vim 2:9.0.0229-1
NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
@@ -6573,10 +6603,10 @@ CVE-2022-2801 (A vulnerability, which was classified as critical, was found in S
NOT-FOR-US: SourceCodester Automated Beer Parlour Billing System
CVE-2022-2800 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Gym Management System
-CVE-2022-2799
- RESERVED
-CVE-2022-2798
- RESERVED
+CVE-2022-2799 (The Affiliates Manager WordPress plugin before 2.9.14 does not sanitis ...)
+ TODO: check
+CVE-2022-2798 (The Affiliates Manager WordPress plugin before 2.9.14 does not validat ...)
+ TODO: check
CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodester Stu ...)
NOT-FOR-US: SourceCodester Student Information System
CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -6969,8 +6999,8 @@ CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7
NOT-FOR-US: Red Hat specific release error
CVE-2022-2738 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...)
NOT-FOR-US: Red Hat specific release error
-CVE-2022-2737
- RESERVED
+CVE-2022-2737 (The WP STAGING WordPress plugin before 2.9.18 does not sanitise and es ...)
+ TODO: check
CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
CVE-2022-2735 (A vulnerability was found in the PCS project. This issue occurs due to ...)
@@ -7602,8 +7632,8 @@ CVE-2022-37777 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3
NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers
CVE-2022-37776
RESERVED
-CVE-2022-37775
- RESERVED
+CVE-2022-37775 (Genesys PureConnect Interaction Web Tools Chat Service (up to at least ...)
+ TODO: check
CVE-2022-37774
RESERVED
CVE-2022-37773
@@ -8387,8 +8417,8 @@ CVE-2022-2671 (A vulnerability was found in SourceCodester Garage Management Sys
NOT-FOR-US: SourceCodester
CVE-2022-2670
RESERVED
-CVE-2022-2669
- RESERVED
+CVE-2022-2669 (The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitis ...)
+ TODO: check
CVE-2022-2668 (An issue was discovered in Keycloak that allows arbitrary Javascript t ...)
NOT-FOR-US: Keycloak
CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...)
@@ -8521,10 +8551,10 @@ CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress pl
NOT-FOR-US: WordPress plugin
CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Multi Language Hotel Management Software
-CVE-2022-2655
- RESERVED
-CVE-2022-2654
- RESERVED
+CVE-2022-2655 (The Classified Listing Pro WordPress plugin before 2.0.20 does not esc ...)
+ TODO: check
+CVE-2022-2654 (The Classima WordPress theme before 2.1.11 and some of its required pl ...)
+ TODO: check
CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...)
NOT-FOR-US: plankanban/planka
CVE-2022-2652 (Depending on the way the format strings in the card label are crafted ...)
@@ -8601,8 +8631,8 @@ CVE-2022-2637
RESERVED
CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
NOT-FOR-US: Hestia Control Panel
-CVE-2022-2635
- RESERVED
+CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...)
+ TODO: check
CVE-2022-37393 (Zimbra's sudo configuration permits the zimbra user to execute the zms ...)
NOT-FOR-US: Zimbra
CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...)
@@ -9012,12 +9042,12 @@ CVE-2022-37252
RESERVED
CVE-2022-37251
RESERVED
-CVE-2022-37250
- RESERVED
+CVE-2022-37250 (Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /a ...)
+ TODO: check
CVE-2022-37249
RESERVED
-CVE-2022-37248
- RESERVED
+CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/ ...)
+ TODO: check
CVE-2022-37247
RESERVED
CVE-2022-37246
@@ -9583,8 +9613,8 @@ CVE-2022-2577 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester
CVE-2022-2576 (In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS r ...)
NOT-FOR-US: Eclipse Californium
-CVE-2022-2575
- RESERVED
+CVE-2022-2575 (The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6. ...)
+ TODO: check
CVE-2022-2574
RESERVED
CVE-2022-2573
@@ -11658,7 +11688,7 @@ CVE-2022-36203 (Doctor's Appointment System 1.0 is vulnerable to Cross Site Scri
NOT-FOR-US: Doctor's Appointment System
CVE-2022-36202 (Doctor's Appointment System1.0 is vulnerable to Incorrect Access Contr ...)
NOT-FOR-US: Doctor's Appointment System
-CVE-2022-36201 (Doctor's Appointment System 1.0 is vulnerable to SQL Injection via boo ...)
+CVE-2022-36201 (Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via ...)
NOT-FOR-US: Doctor's Appointment System
CVE-2022-36200 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submi ...)
NOT-FOR-US: FiberHome VDSL2 Modem
@@ -12885,8 +12915,8 @@ CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive paramete
NOT-FOR-US: Puppet Bolt
CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...)
NOT-FOR-US: Oxygen XML WebHelp
-CVE-2022-35713
- RESERVED
+CVE-2022-35713 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
+ TODO: check
CVE-2022-35712
RESERVED
CVE-2022-35711
@@ -12983,8 +13013,8 @@ CVE-2022-35666 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005
NOT-FOR-US: Adobe
CVE-2022-35665 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...)
NOT-FOR-US: Adobe
-CVE-2022-35664
- RESERVED
+CVE-2022-35664 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
CVE-2022-35663
RESERVED
CVE-2022-35662
@@ -13745,8 +13775,8 @@ CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutraliz
NOT-FOR-US: microweber
CVE-2022-2352
RESERVED
-CVE-2022-2351
- RESERVED
+CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...)
+ TODO: check
CVE-2022-2350
RESERVED
CVE-2022-2349
@@ -14279,12 +14309,12 @@ CVE-2022-35197
RESERVED
CVE-2022-35196
RESERVED
-CVE-2022-35195
- RESERVED
+CVE-2022-35195 (TestLink 1.9.20 Raijin was discovered to contain a broken access contr ...)
+ TODO: check
CVE-2022-35194
RESERVED
-CVE-2022-35193
- RESERVED
+CVE-2022-35193 (TestLink v1.9.20 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
CVE-2022-35192 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...)
NOT-FOR-US: D-Link
CVE-2022-35191 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...)
@@ -16929,8 +16959,8 @@ CVE-2022-34220 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005
NOT-FOR-US: Adobe
CVE-2022-34219 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
-CVE-2022-34218
- RESERVED
+CVE-2022-34218 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
CVE-2022-34217 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34216 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
@@ -22453,6 +22483,7 @@ CVE-2022-32093 (Hospital Management System v1.0 was discovered to contain a SQL
CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...)
NOT-FOR-US: D-Link
CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in in __in ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -22465,11 +22496,13 @@ CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26410
CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
+ {DLA-3114-1}
- mariadb-10.6 <unfixed>
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26419
CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -22482,17 +22515,20 @@ CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation
NOTE: https://jira.mariadb.org/browse/MDEV-26412
NOTE: Fixed in: 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26407
NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26427
CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation faul ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -26546,38 +26582,38 @@ CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privile
NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9
CVE-2022-30687 (Trend Micro Maximum Security 2022 is vulnerable to a link following vu ...)
NOT-FOR-US: Trend Micro
-CVE-2022-30686
- RESERVED
-CVE-2022-30685
- RESERVED
-CVE-2022-30684
- RESERVED
-CVE-2022-30683
- RESERVED
-CVE-2022-30682
- RESERVED
-CVE-2022-30681
- RESERVED
-CVE-2022-30680
- RESERVED
+CVE-2022-30686 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30685 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30684 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30683 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30682 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30681 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30680 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
CVE-2022-30679
RESERVED
-CVE-2022-30678
- RESERVED
-CVE-2022-30677
- RESERVED
-CVE-2022-30676
- RESERVED
-CVE-2022-30675
- RESERVED
-CVE-2022-30674
- RESERVED
-CVE-2022-30673
- RESERVED
-CVE-2022-30672
- RESERVED
-CVE-2022-30671
- RESERVED
+CVE-2022-30678 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30677 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2022-30676 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-30675 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-30674 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-30673 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-30672 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-30671 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
CVE-2022-30670 (RoboHelp Server earlier versions than RHS 11 Update 3 are affected by ...)
NOT-FOR-US: RoboHelp Server
CVE-2022-30669 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
@@ -31676,17 +31712,17 @@ CVE-2022-29025
RESERVED
CVE-2022-29024
RESERVED
-CVE-2022-29023 (A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and bel ...)
+CVE-2022-29023 (A buffer overflow vulnerability exists in the razermouse driver of Ope ...)
- openrazer 3.3.0+dfsg-1 (unimportant)
NOTE: https://github.com/openrazer/openrazer/pull/1790
NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0)
NOTE: Negligible security impact
-CVE-2022-29022 (A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and ...)
+CVE-2022-29022 (A buffer overflow vulnerability exists in the razeraccessory driver of ...)
- openrazer 3.3.0+dfsg-1 (unimportant)
NOTE: https://github.com/openrazer/openrazer/pull/1790
NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0)
NOTE: Negligible security impact
-CVE-2022-29021 (A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below ...)
+CVE-2022-29021 (A buffer overflow vulnerability exists in the razerkbd driver of OpenR ...)
- openrazer 3.3.0+dfsg-1 (unimportant)
NOTE: https://github.com/openrazer/openrazer/pull/1790
NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0)
@@ -32062,18 +32098,18 @@ CVE-2022-28860 (An authentication downgrade in the server in Citilog 8.0 allows
NOT-FOR-US: Citilog
CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...)
NOT-FOR-US: Go Git Service
-CVE-2022-28857
- RESERVED
-CVE-2022-28856
- RESERVED
-CVE-2022-28855
- RESERVED
-CVE-2022-28854
- RESERVED
-CVE-2022-28853
- RESERVED
-CVE-2022-28852
- RESERVED
+CVE-2022-28857 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-28856 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-28855 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-28854 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
+CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...)
+ TODO: check
CVE-2022-28851
RESERVED
CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...)
@@ -33681,8 +33717,8 @@ CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in d
[buster] - linux 4.19.232-1
[stretch] - linux 4.9.303-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056381
-CVE-2022-1194
- RESERVED
+CVE-2022-1194 (The Mobile Events Manager WordPress plugin before 1.4.8 does not prope ...)
+ TODO: check
CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...)
- gitlab <unfixed>
CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...)
@@ -36121,6 +36157,7 @@ CVE-2022-27460
CVE-2022-27459
RESERVED
CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -36133,6 +36170,7 @@ CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an us
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28098
CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -36149,6 +36187,7 @@ CVE-2022-27454
CVE-2022-27453
RESERVED
CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -36163,18 +36202,21 @@ CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segme
CVE-2022-27450
RESERVED
CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28089
CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and below via 'n ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28095
CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-after-f ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -36187,6 +36229,7 @@ CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segme
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28082
CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -36343,12 +36386,14 @@ CVE-2022-27389
CVE-2022-27388
RESERVED
CVE-2022-27387 (MariaDB Server v10.7 and below was discovered to contain a global buff ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26422
CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -36361,12 +36406,14 @@ CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tabl
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26415
CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracker of M ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26047
CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-after- ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -36379,36 +36426,42 @@ CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segme
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26402
CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v10.6 a ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26061
CVE-2022-27380 (An issue in the component my_decimal::operator= of MariaDB Server v10. ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26280
CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of MariaD ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26353
CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB Server ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26423
CVE-2022-27377 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26281
CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an use-afte ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
- mariadb-10.3 <removed>
@@ -45614,6 +45667,7 @@ CVE-2022-0436 (Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
NOTE: https://github.com/gruntjs/grunt/pull/1740
NOTE: https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
+ {DLA-3114-1}
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 <no-dsa> (Minor issue, will be fixed in next point release)
@@ -61843,6 +61897,7 @@ CVE-2022-21429 (Vulnerability in the Oracle Communications Billing and Revenue M
CVE-2022-21428 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
NOT-FOR-US: Oracle
CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ {DLA-3114-1}
- mysql-8.0 8.0.29-1
- mysql-5.7 <removed>
CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
@@ -65568,14 +65623,12 @@ CVE-2021-42951 (A Remote Code Execution (RCE) vulnerability exists in Algorithmi
NOT-FOR-US: Algorithmia MSOL
CVE-2021-42950 (Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all ...)
NOT-FOR-US: Zepl
-CVE-2021-42949
- RESERVED
+CVE-2021-42949 (The component controlla_login function in HotelDruid Hotel Management ...)
- hoteldruid 3.0.4-1
[bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
[stretch] - hoteldruid <no-dsa> (Minor issue)
-CVE-2021-42948
- RESERVED
+CVE-2021-42948 (HotelDruid Hotel Management Software v3.0.3 and below was discovered t ...)
- hoteldruid 3.0.4-1
[bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
@@ -66442,8 +66495,8 @@ CVE-2021-42599
RESERVED
CVE-2021-42598
RESERVED
-CVE-2021-42597
- RESERVED
+CVE-2021-42597 (A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester St ...)
+ TODO: check
CVE-2021-42596
RESERVED
CVE-2021-42595
@@ -69990,8 +70043,8 @@ CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. Th
- zeek <unfixed> (unimportant)
NOTE: https://github.com/zeek/zeek/issues/1798
NOTE: Disputed validitity of the security issue
-CVE-2021-41731
- RESERVED
+CVE-2021-41731 (Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News ...)
+ TODO: check
CVE-2021-41730
RESERVED
CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)
@@ -74293,7 +74346,7 @@ CVE-2021-40055 (There is a man-in-the-middle attack vulnerability during system
NOT-FOR-US: Huawei
CVE-2021-40054 (There is an integer underflow vulnerability in the atcmdserver module. ...)
NOT-FOR-US: Huawei
-CVE-2021-40053 (There is a permission control vulnerability in the Nearby module. Succ ...)
+CVE-2021-40053 (There is a permission control vulnerability in the Nearby module.Succe ...)
NOT-FOR-US: Huawei
CVE-2021-40052 (There is an incorrect buffer size calculation vulnerability in the vid ...)
NOT-FOR-US: Huawei
@@ -74351,22 +74404,22 @@ CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD m
NOT-FOR-US: Huawei
CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...)
NOT-FOR-US: Huawei
-CVE-2021-40024
- RESERVED
-CVE-2021-40023
- RESERVED
+CVE-2021-40024 (Implementation of the WLAN module interfaces has the information discl ...)
+ TODO: check
+CVE-2021-40023 (Configuration defects in the secure OS module. Successful exploitation ...)
+ TODO: check
CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
NOT-FOR-US: Huawei
CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
NOT-FOR-US: Huawei
CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...)
NOT-FOR-US: Huawei
-CVE-2021-40019
- RESERVED
+CVE-2021-40019 (Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Succ ...)
+ TODO: check
CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
NOT-FOR-US: Huawei
-CVE-2021-40017
- RESERVED
+CVE-2021-40017 (The HW_KEYMASTER module lacks the validity check of the key format. Su ...)
+ TODO: check
CVE-2021-40016 (Improper permission control vulnerability in the Bluetooth module.Succ ...)
NOT-FOR-US: Huawei
CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e56c25572cb50dd436d500cf9de8ee3c131b8c51
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e56c25572cb50dd436d500cf9de8ee3c131b8c51
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/3b437d4c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list