[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 21 21:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e75036ef by security tracker role at 2022-09-21T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,66 +1,202 @@
-CVE-2022-41255
+CVE-2022-41310
+ RESERVED
+CVE-2022-41309
+ RESERVED
+CVE-2022-41308
+ RESERVED
+CVE-2022-41307
+ RESERVED
+CVE-2022-41306
+ RESERVED
+CVE-2022-41305
+ RESERVED
+CVE-2022-41304
+ RESERVED
+CVE-2022-41303
+ RESERVED
+CVE-2022-41302
+ RESERVED
+CVE-2022-41301
+ RESERVED
+CVE-2022-41300
+ RESERVED
+CVE-2022-41299
+ RESERVED
+CVE-2022-41298
+ RESERVED
+CVE-2022-41297
+ RESERVED
+CVE-2022-41296
+ RESERVED
+CVE-2022-41295
+ RESERVED
+CVE-2022-41294
+ RESERVED
+CVE-2022-41293
+ RESERVED
+CVE-2022-41292
+ RESERVED
+CVE-2022-41291
+ RESERVED
+CVE-2022-41290
+ RESERVED
+CVE-2022-41289
+ RESERVED
+CVE-2022-41288
+ RESERVED
+CVE-2022-41287
+ RESERVED
+CVE-2022-41286
+ RESERVED
+CVE-2022-41285
+ RESERVED
+CVE-2022-41284
+ RESERVED
+CVE-2022-41283
+ RESERVED
+CVE-2022-41282
+ RESERVED
+CVE-2022-41281
+ RESERVED
+CVE-2022-41280
+ RESERVED
+CVE-2022-41279
+ RESERVED
+CVE-2022-41278
+ RESERVED
+CVE-2022-41277
+ RESERVED
+CVE-2022-41276
+ RESERVED
+CVE-2022-41275
+ RESERVED
+CVE-2022-41274
+ RESERVED
+CVE-2022-41273
+ RESERVED
+CVE-2022-41272
+ RESERVED
+CVE-2022-41271
+ RESERVED
+CVE-2022-41270
+ RESERVED
+CVE-2022-41269
+ RESERVED
+CVE-2022-41268
+ RESERVED
+CVE-2022-41267
+ RESERVED
+CVE-2022-41266
+ RESERVED
+CVE-2022-41265
+ RESERVED
+CVE-2022-41264
+ RESERVED
+CVE-2022-41263
+ RESERVED
+CVE-2022-41262
+ RESERVED
+CVE-2022-41261
+ RESERVED
+CVE-2022-41260
+ RESERVED
+CVE-2022-41259
+ RESERVED
+CVE-2022-41258
+ RESERVED
+CVE-2022-41257
+ RESERVED
+CVE-2022-41256
+ RESERVED
+CVE-2022-41223
+ RESERVED
+CVE-2022-41221
+ RESERVED
+CVE-2022-40224
+ RESERVED
+CVE-2022-3263
+ RESERVED
+CVE-2022-3262
+ RESERVED
+CVE-2022-3261
+ RESERVED
+CVE-2022-3260
+ RESERVED
+CVE-2022-3259
+ RESERVED
+CVE-2022-3258
+ RESERVED
+CVE-2022-3257
+ RESERVED
+CVE-2022-3256
+ RESERVED
+CVE-2022-3255 (If an attacker can control a script that is executed in the victim's b ...)
+ TODO: check
+CVE-2022-3254
+ RESERVED
+CVE-2022-41255 (Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unen ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41254
+CVE-2022-41254 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41253
+CVE-2022-41253 (A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41252
+CVE-2022-41252 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41251
+CVE-2022-41251 (A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41250
+CVE-2022-41250 (A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and ea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41249
+CVE-2022-41249 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpC ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41248
+CVE-2022-41248 (Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the B ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41247
+CVE-2022-41247 (Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41246
+CVE-2022-41246 (A missing permission check in Jenkins Worksoft Execution Manager Plugi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41245
+CVE-2022-41245 (A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41244
+CVE-2022-41244 (Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perfor ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41243
+CVE-2022-41243 (Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname v ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41242
+CVE-2022-41242 (A missing permission check in Jenkins extreme-feedback Plugin 1.7 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41241
+CVE-2022-41241 (Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41240
+CVE-2022-41240 (Jenkins Walti Plugin 1.0.1 and earlier does not escape the information ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41239
+CVE-2022-41239 (Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub us ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41238
+CVE-2022-41238 (A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41237
+CVE-2022-41237 (Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML p ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41236
+CVE-2022-41236 (A cross-site request forgery (CSRF) vulnerability in Jenkins Security ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41235
+CVE-2022-41235 (Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functiona ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41234
+CVE-2022-41234 (Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41233
+CVE-2022-41233 (Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifac ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41232
+CVE-2022-41232 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Pub ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41231
+CVE-2022-41231 (Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41230
+CVE-2022-41230 (Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a per ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41229
+CVE-2022-41229 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41228
+CVE-2022-41228 (A missing permission check in Jenkins NS-ND Integration Performance Pu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41227
+CVE-2022-41227 (A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Int ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41226
+CVE-2022-41226 (Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41225
+CVE-2022-41225 (Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-41224
+CVE-2022-41224 (Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips ...)
- jenkins <removed>
CVE-2022-41220 (** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Mar ...)
NOT-FOR-US: md2roff
@@ -225,7 +361,7 @@ CVE-2022-40983
RESERVED
CVE-2022-40693
RESERVED
-CVE-2022-41222 [mm/mremap: hold the rmap lock in write mode when moving page table entries]
+CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.140-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -246,12 +382,12 @@ CVE-2022-38066
RESERVED
CVE-2022-3253
RESERVED
-CVE-2022-3252
- RESERVED
-CVE-2022-3251
- RESERVED
-CVE-2022-3250
- RESERVED
+CVE-2022-3252 (Improper detection of complete HTTP body decompression SwiftNIO Extras ...)
+ TODO: check
+CVE-2022-3251 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
+ TODO: check
+CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
+ TODO: check
CVE-2022-3249
RESERVED
CVE-2022-3248
@@ -1075,8 +1211,7 @@ CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
- vim <unfixed>
NOTE: https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da/
NOTE: https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d (v9.0.0483)
-CVE-2022-40754
- RESERVED
+CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in t ...)
- airflow <itp> (bug #819700)
CVE-2022-40753
RESERVED
@@ -1253,8 +1388,8 @@ CVE-2022-40310
RESERVED
CVE-2022-40223
RESERVED
-CVE-2022-40219
- RESERVED
+CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Swit ...)
+ TODO: check
CVE-2022-40217
RESERVED
CVE-2022-40215
@@ -1285,8 +1420,8 @@ CVE-2022-38079
RESERVED
CVE-2022-38074
RESERVED
-CVE-2022-38073
- RESERVED
+CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...)
+ TODO: check
CVE-2022-36424
RESERVED
CVE-2022-36417
@@ -1505,8 +1640,8 @@ CVE-2022-40618
RESERVED
CVE-2022-40617
RESERVED
-CVE-2022-40616
- RESERVED
+CVE-2022-40616 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow ...)
+ TODO: check
CVE-2022-40615
RESERVED
CVE-2022-40614
@@ -1554,8 +1689,7 @@ CVE-2022-40606
RESERVED
CVE-2022-40605
RESERVED
-CVE-2022-40604
- RESERVED
+CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily ...)
- airflow <itp> (bug #819700)
CVE-2022-40603
RESERVED
@@ -2837,21 +2971,22 @@ CVE-2022-40032
RESERVED
CVE-2022-40031
RESERVED
-CVE-2022-40030
- RESERVED
-CVE-2022-40029
- RESERVED
-CVE-2022-40028
- RESERVED
-CVE-2022-40027
- RESERVED
-CVE-2022-40026
- RESERVED
+CVE-2022-40030 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
+ TODO: check
+CVE-2022-40029 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
+ TODO: check
+CVE-2022-40028 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
+ TODO: check
+CVE-2022-40027 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
+ TODO: check
+CVE-2022-40026 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...)
+ TODO: check
CVE-2022-40025
RESERVED
CVE-2022-40024
RESERVED
CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denia ...)
+ {DLA-3116-1}
- mako 1.2.2+ds1-1
[bullseye] - mako <no-dsa> (Minor issue)
NOTE: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (rel_1_2_2)
@@ -4918,8 +5053,7 @@ CVE-2022-3082
RESERVED
CVE-2022-3081
RESERVED
-CVE-2022-3080 [BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly]
- RESERVED
+CVE-2022-3080 (By sending specific queries to the resolver, an attacker can cause nam ...)
- bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-3080
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/b9e2f3333d0d29deb3ef932aa7aeb28086f153bd (v9_18_7)
@@ -5029,8 +5163,8 @@ CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipul
NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2022-3069
RESERVED
-CVE-2022-3068
- RESERVED
+CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...)
+ TODO: check
CVE-2022-39048
RESERVED
CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...)
@@ -5397,8 +5531,8 @@ CVE-2022-38930
RESERVED
CVE-2022-38929
RESERVED
-CVE-2022-38928
- RESERVED
+CVE-2022-38928 (XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2 ...)
+ TODO: check
CVE-2022-38927
RESERVED
CVE-2022-38926
@@ -5842,6 +5976,7 @@ CVE-2022-3010
CVE-2022-3009
RESERVED
CVE-2022-3008 (The tinygltf library uses the C library function wordexp() to perform ...)
+ {DSA-5232-1}
- tinygltf 2.5.0+dfsg-5 (bug #1019357)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053
NOTE: https://github.com/syoyo/tinygltf/issues/368
@@ -6816,8 +6951,7 @@ CVE-2022-2907
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-2906 [Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs]
- RESERVED
+CVE-2022-2906 (An attacker can leverage this flaw to gradually erode available memory ...)
- bind9 1:9.18.7-1
[bullseye] - bind9 <not-affected> (Vulnerable code introduced later)
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
@@ -7019,8 +7153,8 @@ CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ..
- vim 2:9.0.0229-1
NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa
NOTE: https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 (v9.0.0225)
-CVE-2022-2888
- RESERVED
+CVE-2022-2888 (If an attacker comes into the possession of a victim's OctoPrint sessi ...)
+ TODO: check
CVE-2022-2887 (The WP Server Health Stats WordPress plugin before 1.7.0 does not esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...)
@@ -7041,8 +7175,7 @@ CVE-2022-2883
RESERVED
CVE-2022-2882
RESERVED
-CVE-2022-2881 [Buffer overread in statistics channel code]
- RESERVED
+CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either ...)
- bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-2881
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/13333db69f9b9710a98c86f44276e01e95420fa0 (v9_18_7)
@@ -7076,8 +7209,8 @@ CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048
NOTE: https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/
-CVE-2022-2872
- RESERVED
+CVE-2022-2872 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
+ TODO: check
CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notr ...)
NOT-FOR-US: NotrinosERP
CVE-2022-38391
@@ -7326,7 +7459,7 @@ CVE-2022-38353
RESERVED
CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...)
NOT-FOR-US: ThinkPHP
-CVE-2022-38351 (A vulnerability in Suprema Bio Star 2 v2.8.16 allows attackers to esca ...)
+CVE-2022-38351 (A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows att ...)
NOT-FOR-US: Suprema Bio Star
CVE-2022-38350
RESERVED
@@ -7721,14 +7854,12 @@ CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider
NOT-FOR-US: JetBrains Ktor
CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Downloa ...)
NOT-FOR-US: JetBrains Ktor
-CVE-2022-38178 [Memory leaks in EdDSA DNSSEC verification code]
- RESERVED
+CVE-2022-38178 (By spoofing the target resolver with responses that have a malformed E ...)
- bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-38178
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec (v9_18_7)
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d (v9_16_33)
-CVE-2022-38177 [Memory leak in ECDSA DNSSEC verification code]
- RESERVED
+CVE-2022-38177 (By spoofing the target resolver with responses that have a malformed E ...)
- bind9 1:9.17.20-1
NOTE: https://kb.isc.org/docs/cve-2022-38177
NOTE: Fixed by (while refactoring): https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17 (v9_17_20)
@@ -7759,8 +7890,7 @@ CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Student Information System
CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2022-2795 [Processing large delegations may severely degrade resolver performance]
- RESERVED
+CVE-2022-2795 (By flooding the target resolver with queries exploiting this flaw an a ...)
- bind9 1:9.18.7-1
NOTE: https://kb.isc.org/docs/cve-2022-2795
NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/e2014ba9e3b4236b0384ba17abfb2c9a155412f6 (v9_18_7)
@@ -8101,18 +8231,18 @@ CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) v
NOT-FOR-US: WordPress plugin
CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36390
- RESERVED
+CVE-2022-36390 (Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulne ...)
+ TODO: check
CVE-2022-36387 (Broken Access Control vulnerability in Alessio Caiazza's About Me plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36383
- RESERVED
+CVE-2022-36383 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...)
+ TODO: check
CVE-2022-36376 (Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36365
- RESERVED
+CVE-2022-36365 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...)
+ TODO: check
CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin &l ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
@@ -8933,7 +9063,7 @@ CVE-2022-37707
RESERVED
CVE-2022-37706
RESERVED
- {DLA-3115-1}
+ {DSA-5233-1 DLA-3115-1}
- e17 0.25.4-1
NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
NOTE: https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141
@@ -10206,8 +10336,8 @@ CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) vi
NOT-FOR-US: Craft CMS
CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) ...)
NOT-FOR-US: Craft CMS
-CVE-2022-37246
- RESERVED
+CVE-2022-37246 (Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the fil ...)
+ TODO: check
CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...)
NOT-FOR-US: MDaemon
CVE-2022-37244 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...)
@@ -10679,10 +10809,10 @@ CVE-2022-37029
RESERVED
CVE-2022-37028
RESERVED
-CVE-2022-37027
- RESERVED
-CVE-2022-37026
- RESERVED
+CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject a ...)
+ TODO: check
+CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...)
+ TODO: check
CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...)
NOT-FOR-US: McAfee
CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
@@ -12236,8 +12366,8 @@ CVE-2022-36407
RESERVED
CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36386
- RESERVED
+CVE-2022-36386 (Authenticated Arbitrary Code Execution vulnerability in Soflyy Import ...)
+ TODO: check
CVE-2022-36379 (Cross-Site Request Forgery (CSRF) leading to plugin settings update in ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36378 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -14323,8 +14453,8 @@ CVE-2022-35623 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability c
NOT-FOR-US: Nordic nRF5 SDK for Mesh
CVE-2022-35622
RESERVED
-CVE-2022-35621
- RESERVED
+CVE-2022-35621 (Access control vulnerability in Evoh NFT EvohClaimable contract with s ...)
+ TODO: check
CVE-2022-35620 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...)
NOT-FOR-US: D-LINK
CVE-2022-35619 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...)
@@ -15399,8 +15529,8 @@ CVE-2022-2317 (The Simple Membership WordPress plugin before 4.1.3 allows user t
NOT-FOR-US: WordPress plugin
CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Server ...)
NOT-FOR-US: Devolutions Server
-CVE-2022-2315
- RESERVED
+CVE-2022-2315 (Database Software Accreditation Tracking/Presentation Module product b ...)
+ TODO: check
CVE-2022-2314 (The VR Calendar WordPress plugin through 2.2.2 lets any user execute a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...)
@@ -16398,8 +16528,8 @@ CVE-2022-2267 (The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has a
NOT-FOR-US: WordPress plugin
CVE-2022-2266
RESERVED
-CVE-2022-2265
- RESERVED
+CVE-2022-2265 (The Identity and Directory Management System developed by Çekino ...)
+ TODO: check
CVE-2022-2264 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c/
@@ -24836,8 +24966,8 @@ CVE-2022-31681
RESERVED
CVE-2022-31680
RESERVED
-CVE-2022-31679
- RESERVED
+CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed by Spri ...)
+ TODO: check
CVE-2022-31678
RESERVED
CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the Pinnipe ...)
@@ -28132,10 +28262,10 @@ CVE-2022-30580 (Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go
NOTE: https://go.dev/issue/52574
CVE-2022-30579 (The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...)
TODO: check
-CVE-2022-30578
- RESERVED
-CVE-2022-30577
- RESERVED
+CVE-2022-30578 (The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons co ...)
+ TODO: check
+CVE-2022-30577 (The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a ...)
+ TODO: check
CVE-2022-30576 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...)
NOT-FOR-US: TIBCO
CVE-2022-30575 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...)
@@ -30624,15 +30754,13 @@ CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerab
NOT-FOR-US: Red Hat Single Sign-On / Keycloak
CVE-2022-29801 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
NOT-FOR-US: Siemens
-CVE-2022-29800
- RESERVED
+CVE-2022-29800 (A time-of-check-time-of-use (TOCTOU) race condition vulnerability was ...)
- networkd-dispatcher <unfixed> (unimportant; bug #1010303)
NOTE: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe
NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133
NOTE: No security impact in Debian, see #1010303
-CVE-2022-29799
- RESERVED
+CVE-2022-29799 (A vulnerability was found in networkd-dispatcher. This flaw exists bec ...)
- networkd-dispatcher <unfixed> (unimportant; bug #1010303)
NOTE: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe
@@ -46326,8 +46454,8 @@ CVE-2022-0496 (A vulnerbiility was found in Openscad, where a DXF-format drawing
- openscad 2021.01-4 (unimportant; bug #1005641)
NOTE: https://github.com/openscad/openscad/issues/4037
NOTE: Crash in CLI tool, no security impact
-CVE-2022-0495
- RESERVED
+CVE-2022-0495 (The library automation system product KOHA developed by Parantez Tekno ...)
+ TODO: check
CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...)
{DSA-5173-1 DSA-5161-1 DLA-3065-1}
- linux 5.16.14-1
@@ -48108,16 +48236,16 @@ CVE-2022-23954 (Potential vulnerabilities have been identified in the BIOS for s
NOT-FOR-US: HP
CVE-2022-23953 (Potential vulnerabilities have been identified in the BIOS for some HP ...)
NOT-FOR-US: HP
-CVE-2022-23952
- RESERVED
-CVE-2022-23951
- RESERVED
-CVE-2022-23950
- RESERVED
-CVE-2022-23949
- RESERVED
-CVE-2022-23948
- RESERVED
+CVE-2022-23952 (In Keylime before 6.3.0, current keylime installer installs the keylim ...)
+ TODO: check
+CVE-2022-23951 (In Keylime before 6.3.0, quote responses from the agent can contain po ...)
+ TODO: check
+CVE-2022-23950 (In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path fo ...)
+ TODO: check
+CVE-2022-23949 (In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue ag ...)
+ TODO: check
+CVE-2022-23948 (A flaw was found in Keylime before 6.3.0. The logic in the Keylime age ...)
+ TODO: check
CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476
@@ -64835,8 +64963,8 @@ CVE-2021-43312
RESERVED
CVE-2021-43311
RESERVED
-CVE-2021-43310
- RESERVED
+CVE-2021-43310 (A vulnerability in Keylime before 6.3.0 allows an attacker to craft a ...)
+ TODO: check
CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
NOT-FOR-US: Node uri-template-lite
CVE-2021-43308 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)
@@ -89588,6 +89716,7 @@ CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affec
CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
NOT-FOR-US: QNAP
CVE-2022-20001 (fish is a command line shell. fish version 3.1.0 through version 3.3.1 ...)
+ {DSA-5234-1}
- fish 3.4.0+ds-1
[buster] - fish <not-affected> (Vulnerable code introduced later)
[stretch] - fish <not-affected> (Vulnerable code introduced later)
@@ -249779,8 +249908,8 @@ CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also kn
NOT-FOR-US: Computing For Good's Basic Laboratory Information System
CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from ...)
NOT-FOR-US: Rapid7 Metasploit Pro
-CVE-2019-5641
- RESERVED
+CVE-2019-5641 (Rapid7 InsightVM suffers from an information exposure issue whereby, w ...)
+ TODO: check
CVE-2019-5640 (Rapid7 Nexpose versions prior to 6.6.114 suffer from an information ex ...)
NOT-FOR-US: Rapid7 Nexpose
CVE-2019-5639
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e75036ef051e053dafba74702ec27655ae8d4b0a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e75036ef051e053dafba74702ec27655ae8d4b0a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220921/7a5e1bcc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list