[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 19 21:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13b56749 by security tracker role at 2022-09-19T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2022-41030
+ RESERVED
+CVE-2022-41029
+ RESERVED
+CVE-2022-41028
+ RESERVED
+CVE-2022-41027
+ RESERVED
+CVE-2022-41026
+ RESERVED
+CVE-2022-41025
+ RESERVED
+CVE-2022-41024
+ RESERVED
+CVE-2022-41023
+ RESERVED
+CVE-2022-41022
+ RESERVED
+CVE-2022-41021
+ RESERVED
+CVE-2022-41020
+ RESERVED
+CVE-2022-41019
+ RESERVED
+CVE-2022-41018
+ RESERVED
+CVE-2022-41017
+ RESERVED
+CVE-2022-41016
+ RESERVED
+CVE-2022-41015
+ RESERVED
+CVE-2022-41014
+ RESERVED
+CVE-2022-41013
+ RESERVED
+CVE-2022-41012
+ RESERVED
+CVE-2022-41011
+ RESERVED
+CVE-2022-41010
+ RESERVED
+CVE-2022-41009
+ RESERVED
+CVE-2022-41008
+ RESERVED
+CVE-2022-41007
+ RESERVED
+CVE-2022-41006
+ RESERVED
+CVE-2022-41005
+ RESERVED
+CVE-2022-41004
+ RESERVED
+CVE-2022-41003
+ RESERVED
+CVE-2022-41002
+ RESERVED
+CVE-2022-41001
+ RESERVED
+CVE-2022-41000
+ RESERVED
+CVE-2022-40999
+ RESERVED
+CVE-2022-40998
+ RESERVED
+CVE-2022-40997
+ RESERVED
+CVE-2022-40996
+ RESERVED
+CVE-2022-40995
+ RESERVED
+CVE-2022-40994
+ RESERVED
+CVE-2022-40993
+ RESERVED
+CVE-2022-40992
+ RESERVED
+CVE-2022-40991
+ RESERVED
+CVE-2022-40990
+ RESERVED
+CVE-2022-40989
+ RESERVED
+CVE-2022-40988
+ RESERVED
+CVE-2022-40987
+ RESERVED
+CVE-2022-40986
+ RESERVED
+CVE-2022-40985
+ RESERVED
+CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...)
+ TODO: check
+CVE-2022-40979
+ RESERVED
+CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...)
+ TODO: check
+CVE-2022-40977
+ RESERVED
+CVE-2022-40976
+ RESERVED
+CVE-2022-40969
+ RESERVED
+CVE-2022-40962
+ RESERVED
+CVE-2022-40961
+ RESERVED
+CVE-2022-40960
+ RESERVED
+CVE-2022-40959
+ RESERVED
+CVE-2022-40958
+ RESERVED
+CVE-2022-40957
+ RESERVED
+CVE-2022-40956
+ RESERVED
+CVE-2022-40955
+ RESERVED
+CVE-2022-40954
+ RESERVED
+CVE-2022-40701
+ RESERVED
+CVE-2022-40220
+ RESERVED
+CVE-2022-39045
+ RESERVED
+CVE-2022-38715
+ RESERVED
+CVE-2022-38459
+ RESERVED
+CVE-2022-38088
+ RESERVED
+CVE-2022-36279
+ RESERVED
+CVE-2022-3240
+ RESERVED
+CVE-2022-3239
+ RESERVED
+CVE-2022-3238
+ RESERVED
+CVE-2022-3237
+ RESERVED
CVE-2022-40953
RESERVED
CVE-2022-40952
@@ -280,22 +424,22 @@ CVE-2022-40814
RESERVED
CVE-2022-40813
RESERVED
-CVE-2022-40812
- RESERVED
-CVE-2022-40811
- RESERVED
-CVE-2022-40810
- RESERVED
-CVE-2022-40809
- RESERVED
-CVE-2022-40808
- RESERVED
-CVE-2022-40807
- RESERVED
-CVE-2022-40806
- RESERVED
-CVE-2022-40805
- RESERVED
+CVE-2022-40812 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40811 (The d8s-urls for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40810 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...)
+ TODO: check
+CVE-2022-40809 (The d8s-dicts for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40808 (The d8s-dates for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40807 (The d8s-domains for python, as distributed on PyPI, included a potenti ...)
+ TODO: check
+CVE-2022-40806 (The d8s-uuids for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40805 (The d8s-urls for python 0.1.0, as distributed on PyPI, included a pote ...)
+ TODO: check
CVE-2022-40804
RESERVED
CVE-2022-40803
@@ -517,14 +661,14 @@ CVE-2022-40717
RESERVED
CVE-2022-40716
RESERVED
-CVE-2022-40715
- RESERVED
-CVE-2022-40714
- RESERVED
-CVE-2022-40713
- RESERVED
-CVE-2022-40712
- RESERVED
+CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...)
+ TODO: check
+CVE-2022-40714 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...)
+ TODO: check
+CVE-2022-40713 (An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path ...)
+ TODO: check
+CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...)
+ TODO: check
CVE-2022-40711
RESERVED
CVE-2022-40710
@@ -537,8 +681,8 @@ CVE-2022-40707
RESERVED
CVE-2022-3219
RESERVED
-CVE-2022-3218
- RESERVED
+CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...)
+ TODO: check
CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...)
TODO: check
CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...)
@@ -635,8 +779,8 @@ CVE-2022-3215
RESERVED
CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...)
NOT-FOR-US: Delta
-CVE-2022-3213
- RESERVED
+CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...)
+ TODO: check
CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_request ...)
NOT-FOR-US: axum_core rust crate
CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -846,8 +990,8 @@ CVE-2022-40610
RESERVED
CVE-2022-40609
RESERVED
-CVE-2022-40608
- RESERVED
+CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File System ...)
+ TODO: check
CVE-2022-40607
RESERVED
CVE-2022-3192
@@ -1173,8 +1317,8 @@ CVE-2022-40470
RESERVED
CVE-2022-40469
RESERVED
-CVE-2022-40468
- RESERVED
+CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP request lin ...)
+ TODO: check
CVE-2022-40467
RESERVED
CVE-2022-40466
@@ -1245,24 +1389,24 @@ CVE-2022-40434
RESERVED
CVE-2022-40433
RESERVED
-CVE-2022-40432
- RESERVED
-CVE-2022-40431
- RESERVED
-CVE-2022-40430
- RESERVED
-CVE-2022-40429
- RESERVED
-CVE-2022-40428
- RESERVED
-CVE-2022-40427
- RESERVED
-CVE-2022-40426
- RESERVED
-CVE-2022-40425
- RESERVED
-CVE-2022-40424
- RESERVED
+CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a potenti ...)
+ TODO: check
+CVE-2022-40431 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40430 (The d8s-utility for python, as distributed on PyPI, included a potenti ...)
+ TODO: check
+CVE-2022-40429 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...)
+ TODO: check
+CVE-2022-40428 (The d8s-mpeg for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40427 (The d8s-domains for python, as distributed on PyPI, included a potenti ...)
+ TODO: check
+CVE-2022-40426 (The d8s-asns for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40425 (The d8s-html for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-40424 (The d8s-urls for python, as distributed on PyPI, included a potential ...)
+ TODO: check
CVE-2022-40423
RESERVED
CVE-2022-40422
@@ -1674,8 +1818,8 @@ CVE-2022-40236
RESERVED
CVE-2022-40235
RESERVED
-CVE-2022-40234
- RESERVED
+CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1 ...)
+ TODO: check
CVE-2022-40233
RESERVED
CVE-2022-40232
@@ -1887,18 +2031,18 @@ CVE-2022-3149
RESERVED
CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-40144
- RESERVED
-CVE-2022-40143
- RESERVED
-CVE-2022-40142
- RESERVED
-CVE-2022-40141
- RESERVED
-CVE-2022-40140
- RESERVED
-CVE-2022-40139
- RESERVED
+CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a ...)
+ TODO: check
+CVE-2022-40143 (A link following local privilege escalation vulnerability in Trend Mic ...)
+ TODO: check
+CVE-2022-40142 (A security link following local privilege escalation vulnerability in ...)
+ TODO: check
+CVE-2022-40141 (A vulnerability in Trend Micro Apex One and Apex One as a Service coul ...)
+ TODO: check
+CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One and A ...)
+ TODO: check
+CVE-2022-40139 (Improper validation of some components used by the rollback mechanism ...)
+ TODO: check
CVE-2022-40138
RESERVED
CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...)
@@ -1944,10 +2088,10 @@ CVE-2022-40127
RESERVED
CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...)
NOT-FOR-US: Movable Type plugin
-CVE-2022-3142
- RESERVED
-CVE-2022-3141
- RESERVED
+CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise ...)
+ TODO: check
+CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...)
+ TODO: check
CVE-2022-3140
RESERVED
CVE-2022-3139
@@ -2058,26 +2202,26 @@ CVE-2022-40078
RESERVED
CVE-2022-40077
RESERVED
-CVE-2022-40076
- RESERVED
-CVE-2022-40075
- RESERVED
-CVE-2022-40074
- RESERVED
-CVE-2022-40073
- RESERVED
-CVE-2022-40072
- RESERVED
-CVE-2022-40071
- RESERVED
-CVE-2022-40070
- RESERVED
-CVE-2022-40069
- RESERVED
-CVE-2022-40068
- RESERVED
-CVE-2022-40067
- RESERVED
+CVE-2022-40076 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...)
+ TODO: check
+CVE-2022-40075 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
+ TODO: check
+CVE-2022-40074 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
+ TODO: check
+CVE-2022-40073 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
+ TODO: check
+CVE-2022-40072 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
+ TODO: check
+CVE-2022-40071 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
+ TODO: check
+CVE-2022-40070 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/http ...)
+ TODO: check
+CVE-2022-40069 (]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/ht ...)
+ TODO: check
+CVE-2022-40068 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...)
+ TODO: check
+CVE-2022-40067 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...)
+ TODO: check
CVE-2022-40066
RESERVED
CVE-2022-40065
@@ -4522,8 +4666,8 @@ CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. ..
- vim <unfixed> (bug #1019590)
NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322)
-CVE-2022-3036
- RESERVED
+CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 does n ...)
+ TODO: check
CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-3034
@@ -4776,22 +4920,22 @@ CVE-2022-38889
RESERVED
CVE-2022-38888
RESERVED
-CVE-2022-38887
- RESERVED
-CVE-2022-38886
- RESERVED
-CVE-2022-38885
- RESERVED
-CVE-2022-38884
- RESERVED
-CVE-2022-38883
- RESERVED
-CVE-2022-38882
- RESERVED
-CVE-2022-38881
- RESERVED
-CVE-2022-38880
- RESERVED
+CVE-2022-38887 (The d8s-python for python, as distributed on PyPI, included a potentia ...)
+ TODO: check
+CVE-2022-38886 (The d8s-xml for python, as distributed on PyPI, included a potential c ...)
+ TODO: check
+CVE-2022-38885 (The d8s-netstrings for python, as distributed on PyPI, included a pote ...)
+ TODO: check
+CVE-2022-38884 (The d8s-grammars for python, as distributed on PyPI, included a potent ...)
+ TODO: check
+CVE-2022-38883 (The d8s-math for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-38882 (The d8s-json for python, as distributed on PyPI, included a potential ...)
+ TODO: check
+CVE-2022-38881 (The d8s-archives for python, as distributed on PyPI, included a potent ...)
+ TODO: check
+CVE-2022-38880 (The d8s-urls for python, as distributed on PyPI, included a potential ...)
+ TODO: check
CVE-2022-38879
RESERVED
CVE-2022-38878 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...)
@@ -5039,8 +5183,8 @@ CVE-2022-3023
RESERVED
CVE-2022-3022
REJECTED
-CVE-2022-3021
- RESERVED
+CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...)
+ TODO: check
CVE-2022-3020
RESERVED
CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...)
@@ -5169,8 +5313,8 @@ CVE-2022-38766
RESERVED
CVE-2022-38765
RESERVED
-CVE-2022-38764
- RESERVED
+CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...)
+ TODO: check
CVE-2022-38763
RESERVED
CVE-2022-38762
@@ -5445,8 +5589,8 @@ CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/
NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1)
-CVE-2022-2958
- RESERVED
+CVE-2022-2958 (The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and esca ...)
+ TODO: check
CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...)
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...)
@@ -5686,10 +5830,10 @@ CVE-2022-38620
RESERVED
CVE-2022-38619
RESERVED
-CVE-2022-38618
- RESERVED
-CVE-2022-38617
- RESERVED
+CVE-2022-38618 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2022-38617 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
+ TODO: check
CVE-2022-38616 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...)
NOT-FOR-US: SmartVista
CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...)
@@ -5771,10 +5915,10 @@ CVE-2022-38579
RESERVED
CVE-2022-38578
RESERVED
-CVE-2022-38577
- RESERVED
-CVE-2022-38576
- RESERVED
+CVE-2022-38577 (ProcessMaker before v3.5.4 was discovered to contain insecure permissi ...)
+ TODO: check
+CVE-2022-38576 (Interview Management System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-38575
RESERVED
CVE-2022-38574
@@ -6181,8 +6325,8 @@ CVE-2022-38427 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and ea
NOT-FOR-US: Adobe
CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
NOT-FOR-US: Adobe
-CVE-2022-38425
- RESERVED
+CVE-2022-38425 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
CVE-2022-38424
RESERVED
CVE-2022-38423
@@ -6534,8 +6678,8 @@ CVE-2022-2842 (A vulnerability classified as critical has been found in SourceCo
NOT-FOR-US: SourceCodester Gym Management System
CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...)
NOT-FOR-US: CrowdStrike Falcon
-CVE-2022-2840
- RESERVED
+CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...)
+ TODO: check
CVE-2022-2839
RESERVED
CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...)
@@ -6628,8 +6772,8 @@ CVE-2022-38343
RESERVED
CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...)
NOT-FOR-US: Safe Software FME Server
-CVE-2022-38341
- RESERVED
+CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ server- ...)
+ TODO: check
CVE-2022-38340
RESERVED
CVE-2022-38339
@@ -6644,8 +6788,8 @@ CVE-2022-38335
RESERVED
CVE-2022-38334 (XPDF v4.04 was discovered to contain a stack overflow via the function ...)
TODO: check
-CVE-2022-38333
- RESERVED
+CVE-2022-38333 (Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to co ...)
+ TODO: check
CVE-2022-38332
RESERVED
CVE-2022-38331
@@ -7257,10 +7401,10 @@ CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita
NOT-FOR-US: Kareadita/Kavita
CVE-2022-2755
RESERVED
-CVE-2022-2754
- RESERVED
-CVE-2022-2753
- RESERVED
+CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
+ TODO: check
+CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...)
+ TODO: check
CVE-2022-2752
RESERVED
CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
@@ -7868,10 +8012,10 @@ CVE-2022-2712
RESERVED
CVE-2022-2711
RESERVED
-CVE-2022-2710
- RESERVED
-CVE-2022-2709
- RESERVED
+CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...)
+ TODO: check
+CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...)
+ TODO: check
CVE-2022-37863
RESERVED
CVE-2022-37862
@@ -8203,6 +8347,7 @@ CVE-2022-37707
RESERVED
CVE-2022-37706
RESERVED
+ {DLA-3115-1}
- e17 0.25.4-1
NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
NOTE: https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141
@@ -8217,8 +8362,8 @@ CVE-2022-37702
RESERVED
CVE-2022-37701
RESERVED
-CVE-2022-37700
- RESERVED
+CVE-2022-37700 (Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obt ...)
+ TODO: check
CVE-2022-37699
RESERVED
CVE-2022-37698
@@ -9167,10 +9312,10 @@ CVE-2022-2627
RESERVED
CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...)
NOT-FOR-US: Hestia Control Panel
-CVE-2022-37348
- RESERVED
-CVE-2022-37347
- RESERVED
+CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
+ TODO: check
+CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
+ TODO: check
CVE-2022-37341
RESERVED
CVE-2022-37340
@@ -9559,8 +9704,8 @@ CVE-2022-37205
RESERVED
CVE-2022-37204
RESERVED
-CVE-2022-37203
- RESERVED
+CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...)
+ TODO: check
CVE-2022-37202
RESERVED
CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...)
@@ -10098,8 +10243,8 @@ CVE-2022-2569 (The affected device stores sensitive information in cleartext, wh
NOT-FOR-US: ARC Informatique
CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
-CVE-2022-2567
- RESERVED
+CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanitise a ...)
+ TODO: check
CVE-2022-2566
RESERVED
- ffmpeg 7:5.1.1-1
@@ -12817,8 +12962,8 @@ CVE-2022-35916 (OpenZeppelin Contracts is a library for secure smart contract de
NOT-FOR-US: OpenZeppelin
CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
-CVE-2022-35914
- RESERVED
+CVE-2022-35914 (/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for ...)
+ TODO: check
CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a ...)
NOT-FOR-US: Samourai Wallet Stonewallx2
CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...)
@@ -13346,28 +13491,28 @@ CVE-2022-35711
RESERVED
CVE-2022-35710
RESERVED
-CVE-2022-35709
- RESERVED
-CVE-2022-35708
- RESERVED
-CVE-2022-35707
- RESERVED
-CVE-2022-35706
- RESERVED
-CVE-2022-35705
- RESERVED
-CVE-2022-35704
- RESERVED
-CVE-2022-35703
- RESERVED
-CVE-2022-35702
- RESERVED
-CVE-2022-35701
- RESERVED
-CVE-2022-35700
- RESERVED
-CVE-2022-35699
- RESERVED
+CVE-2022-35709 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35708 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35707 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35706 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35705 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35704 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35703 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35702 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35701 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35700 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
+CVE-2022-35699 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...)
+ TODO: check
CVE-2022-35698
RESERVED
CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and earlier) ...)
@@ -15510,8 +15655,8 @@ CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Ene
NOT-FOR-US: Hitachi
CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...)
NOT-FOR-US: OpenVPN Access Server
-CVE-2022-34893
- RESERVED
+CVE-2022-34893 (Trend Micro Security 2022 (consumer) has a link following vulnerabilit ...)
+ TODO: check
CVE-2022-34892 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels
CVE-2022-34891 (This vulnerability allows local attackers to escalate privileges on af ...)
@@ -20695,9 +20840,10 @@ CVE-2022-32892
RESERVED
CVE-2022-32891
RESERVED
+ {DSA-5211-1 DSA-5210-1 DLA-3073-1}
- webkit2gtk 2.36.6-1
- wpewebkit 2.36.6-1
- NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
+ NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2022-32890
RESERVED
CVE-2022-32889
@@ -20710,7 +20856,7 @@ CVE-2022-32886
RESERVED
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
- NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
+ NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2022-32885
RESERVED
CVE-2022-32884
@@ -26893,7 +27039,7 @@ CVE-2022-30772
RESERVED
CVE-2022-30771
RESERVED
-CVE-2022-30770 (Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8 ...)
+CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and ...)
NOT-FOR-US: Terminalfour
CVE-2022-30769
RESERVED
@@ -28315,8 +28461,8 @@ CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 do
NOT-FOR-US: WordPress plugin
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...)
NOT-FOR-US: clinical-genomics/scout
-CVE-2022-1591
- RESERVED
+CVE-2022-1591 (The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does n ...)
+ TODO: check
CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...)
NOT-FOR-US: Bludit
CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...)
@@ -28487,8 +28633,8 @@ CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin befor
NOT-FOR-US: WordPress plugin
CVE-2022-1581
RESERVED
-CVE-2022-1580
- RESERVED
+CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...)
+ TODO: check
CVE-2022-1579
RESERVED
CVE-2022-1578
@@ -29406,8 +29552,8 @@ CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and es
NOT-FOR-US: WordPress plugin
CVE-2021-4227
RESERVED
-CVE-2022-29908
- RESERVED
+CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 ...)
+ TODO: check
CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...)
NOT-FOR-US: MediaWiki Nimbus skin
CVE-2022-29906 (The admin API module in the QuizGame extension for MediaWiki through 1 ...)
@@ -35534,7 +35680,7 @@ CVE-2022-1096 (Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allow
- chromium 99.0.4844.84-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1095 (The Mihdan: No External Links WordPress plugin through 4.8.0 does not ...)
+CVE-2022-1095 (The Mihdan: No External Links WordPress plugin before 5.0.2 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
@@ -92436,7 +92582,7 @@ CVE-2021-32912
RESERVED
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
- NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
+ NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2021-32911
RESERVED
CVE-2021-32910
@@ -112842,7 +112988,7 @@ CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7
NOT-FOR-US: WordPress plugin
CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files and automa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full internal ...)
+CVE-2021-25118 (The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) disclos ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25117
RESERVED
@@ -113074,7 +113220,7 @@ CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP fil
NOT-FOR-US: WordPress plugin
CVE-2021-25003 (The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25002 (The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any au ...)
+CVE-2021-25002 (The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any aut ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13b567497d99ea6e91c387cf5bd9ad0a6eab04f5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13b567497d99ea6e91c387cf5bd9ad0a6eab04f5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220919/db3f7883/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list