[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 26 21:10:48 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e39db614 by security tracker role at 2022-09-26T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-41557
+ RESERVED
+CVE-2022-41556
+ RESERVED
+CVE-2022-40690
+ RESERVED
+CVE-2022-3322
+ RESERVED
+CVE-2022-3321
+ RESERVED
+CVE-2022-3320
+ RESERVED
+CVE-2022-3319
+ RESERVED
+CVE-2022-3318
+ RESERVED
+CVE-2022-3317
+ RESERVED
+CVE-2022-3316
+ RESERVED
+CVE-2022-3315
+ RESERVED
+CVE-2022-3314
+ RESERVED
+CVE-2022-3313
+ RESERVED
+CVE-2022-3312
+ RESERVED
+CVE-2022-3311
+ RESERVED
+CVE-2022-3310
+ RESERVED
+CVE-2022-3309
+ RESERVED
+CVE-2022-3308
+ RESERVED
+CVE-2022-3307
+ RESERVED
+CVE-2022-3306
+ RESERVED
+CVE-2022-3305
+ RESERVED
+CVE-2022-3304
+ RESERVED
+CVE-2022-3303
+ RESERVED
+CVE-2022-3302
+ RESERVED
+CVE-2022-3301 (Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdif ...)
+ TODO: check
+CVE-2022-3300
+ RESERVED
CVE-2022-41553
RESERVED
CVE-2022-41552
@@ -420,8 +472,8 @@ CVE-2022-41344
RESERVED
CVE-2022-40984
RESERVED
-CVE-2022-3299
- RESERVED
+CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been declare ...)
+ TODO: check
CVE-2022-3298
RESERVED
CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...)
@@ -444,8 +496,8 @@ CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to
- vim <unfixed>
NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077
NOTE: https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be (v9.0.0577)
-CVE-2022-3295
- RESERVED
+CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+ TODO: check
CVE-2022-3294
RESERVED
CVE-2022-3293
@@ -474,8 +526,8 @@ CVE-2022-41327
RESERVED
CVE-2022-3291
RESERVED
-CVE-2022-3290
- RESERVED
+CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
+ TODO: check
CVE-2022-3289
RESERVED
CVE-2022-3288
@@ -537,8 +589,8 @@ CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd
- rdiffweb <itp> (bug #969974)
CVE-2022-3273
RESERVED
-CVE-2022-3272
- RESERVED
+CVE-2022-3272 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
+ TODO: check
CVE-2022-3271
RESERVED
CVE-2022-3270
@@ -1312,7 +1364,7 @@ CVE-2022-40969
RESERVED
CVE-2022-40962
RESERVED
- {DSA-5237-1}
+ {DSA-5237-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -1325,7 +1377,7 @@ CVE-2022-40961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961
CVE-2022-40960
RESERVED
- {DSA-5237-1}
+ {DSA-5237-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -1334,7 +1386,7 @@ CVE-2022-40960
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960
CVE-2022-40959
RESERVED
- {DSA-5237-1}
+ {DSA-5237-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -1343,7 +1395,7 @@ CVE-2022-40959
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959
CVE-2022-40958
RESERVED
- {DSA-5237-1}
+ {DSA-5237-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -1352,7 +1404,7 @@ CVE-2022-40958
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958
CVE-2022-40957
RESERVED
- {DSA-5237-1}
+ {DSA-5237-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -1361,7 +1413,7 @@ CVE-2022-40957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957
CVE-2022-40956
RESERVED
- {DSA-5237-1}
+ {DSA-5237-1 DLA-3121-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -1447,16 +1499,16 @@ CVE-2022-40930
RESERVED
CVE-2022-40929
RESERVED
-CVE-2022-40928
- RESERVED
-CVE-2022-40927
- RESERVED
-CVE-2022-40926
- RESERVED
-CVE-2022-40925
- RESERVED
-CVE-2022-40924
- RESERVED
+CVE-2022-40928 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-40927 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-40926 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2022-40925 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...)
+ TODO: check
+CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...)
+ TODO: check
CVE-2022-40923
RESERVED
CVE-2022-40922
@@ -1733,10 +1785,10 @@ CVE-2022-40787
RESERVED
CVE-2022-40786
RESERVED
-CVE-2022-40785
- RESERVED
-CVE-2022-40784
- RESERVED
+CVE-2022-40785 (Unsanitized input when setting a locale file leads to shell injection ...)
+ TODO: check
+CVE-2022-40784 (Unlimited strcpy on user input when setting a locale file leads to sta ...)
+ TODO: check
CVE-2022-40783
RESERVED
CVE-2022-40782
@@ -2155,8 +2207,7 @@ CVE-2022-3206
RESERVED
CVE-2022-3205 (An XSS exists in automation controller UI where the project name is su ...)
NOT-FOR-US: Red Hat Ansible Automation Controller
-CVE-2022-3204
- RESERVED
+CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...)
- unbound 1.16.3-1
[bullseye] - unbound <no-dsa> (Minor issue)
[buster] - unbound <no-dsa> (Minor issue)
@@ -2169,38 +2220,31 @@ CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Jo
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1)
-CVE-2022-3201
- RESERVED
+CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in Google Chrom ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3200
- RESERVED
+CVE-2022-3200 (Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195 ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3199
- RESERVED
+CVE-2022-3199 (Use after free in Frames in Google Chrome prior to 105.0.5195.125 allo ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3198
- RESERVED
+CVE-2022-3198 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3197
- RESERVED
+CVE-2022-3197 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3196
- RESERVED
+CVE-2022-3196 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3195
- RESERVED
+CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.5195.12 ...)
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -2547,12 +2591,12 @@ CVE-2022-40487
RESERVED
CVE-2022-40486
RESERVED
-CVE-2022-40485
- RESERVED
-CVE-2022-40484
- RESERVED
-CVE-2022-40483
- RESERVED
+CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
+CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
+CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
CVE-2022-40482
RESERVED
CVE-2022-40481
@@ -2714,12 +2758,12 @@ CVE-2022-40406
RESERVED
CVE-2022-40405
RESERVED
-CVE-2022-40404
- RESERVED
-CVE-2022-40403
- RESERVED
-CVE-2022-40402
- RESERVED
+CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
+CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
+CVE-2022-40402 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...)
+ TODO: check
CVE-2022-40401
RESERVED
CVE-2022-40400
@@ -3552,10 +3596,10 @@ CVE-2022-40046
RESERVED
CVE-2022-40045
RESERVED
-CVE-2022-40044
- RESERVED
-CVE-2022-40043
- RESERVED
+CVE-2022-40044 (Centreon v20.10.18 was discovered to contain a cross-site scripting (X ...)
+ TODO: check
+CVE-2022-40043 (Centreon v20.10.18 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
CVE-2022-40042
RESERVED
CVE-2022-40041
@@ -3728,8 +3772,8 @@ CVE-2022-39961
RESERVED
CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not ...)
NOT-FOR-US: Atlassian
-CVE-2022-3135
- RESERVED
+CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise a ...)
+ TODO: check
CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ...)
- vim <unfixed> (bug #1019590)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -4094,8 +4138,8 @@ CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configur
NOT-FOR-US: OpenHarmony
CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...)
NOT-FOR-US: SourceCodester Clinics Patient Management System
-CVE-2022-3119
- RESERVED
+CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 does not ...)
+ TODO: check
CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...)
NOT-FOR-US: Sourcecodehero ERP System Project
CVE-2022-39808
@@ -4146,8 +4190,8 @@ CVE-2022-3105
RESERVED
CVE-2022-3104
RESERVED
-CVE-2022-3103
- RESERVED
+CVE-2022-3103 (off-by-one in io_uring module. ...)
+ TODO: check
CVE-2022-3102
RESERVED
CVE-2022-3101
@@ -5261,12 +5305,12 @@ CVE-2022-39247
RESERVED
CVE-2022-39246
RESERVED
-CVE-2022-39245
- RESERVED
+CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
+ TODO: check
CVE-2022-39244
RESERVED
-CVE-2022-39243
- RESERVED
+CVE-2022-39243 (NuProcess is an external process execution implementation for Java. In ...)
+ TODO: check
CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...)
TODO: check
CVE-2022-39241
@@ -5313,8 +5357,8 @@ CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraf
NOT-FOR-US: McWebserver
CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...)
NOT-FOR-US: SFTPGo
-CVE-2022-39219
- RESERVED
+CVE-2022-39219 (Bifrost is a middleware package which can synchronize MySQL/MariaDB bi ...)
+ TODO: check
CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute at Edge platform provides the ...)
NOT-FOR-US: Fastly
CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...)
@@ -5368,8 +5412,8 @@ CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ..
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360)
-CVE-2022-3098
- RESERVED
+CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...)
+ TODO: check
CVE-2022-3097
RESERVED
CVE-2022-3096
@@ -5682,15 +5726,14 @@ CVE-2022-3077 (A buffer overflow vulnerability was found in the Linux kernel Int
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2123309
NOTE: https://git.kernel.org/linus/690b2549b19563ec5ad53e5c82f6a944d910086e (5.19-rc1)
-CVE-2022-3076
- RESERVED
-CVE-2022-3075
- RESERVED
+CVE-2022-3076 (The CM Download Manager WordPress plugin before 2.8.6 allows high priv ...)
+ TODO: check
+CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 105.0.5 ...)
{DSA-5225-1}
- chromium 105.0.5195.102-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3074
- RESERVED
+CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...)
+ TODO: check
CVE-2022-3073
RESERVED
CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
@@ -5704,10 +5747,9 @@ CVE-2022-39079
RESERVED
CVE-2022-39078
RESERVED
-CVE-2022-3070
- RESERVED
-CVE-2022-3071
- RESERVED
+CVE-2022-3070 (The Generate PDF WordPress plugin before 3.6 does not sanitise and esc ...)
+ TODO: check
+CVE-2022-3071 (Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prio ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -5772,8 +5814,8 @@ CVE-2022-39050 (An attacker who is logged into OTRS as an admin user may manipul
CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipulate th ...)
NOT-FOR-US: OTRS
NOTE: Could possibly affect Znuny, we'll let their security team figure it out
-CVE-2022-3069
- RESERVED
+CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and esca ...)
+ TODO: check
CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...)
- octoprint <itp> (bug #718591)
CVE-2022-39048
@@ -5794,8 +5836,8 @@ CVE-2022-3064
RESERVED
CVE-2022-3063
REJECTED
-CVE-2022-3062
- RESERVED
+CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...)
+ TODO: check
CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...)
- linux 5.18.2-1
NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
@@ -5861,108 +5903,87 @@ CVE-2022-3060
RESERVED
CVE-2022-3059
RESERVED
-CVE-2022-3058
- RESERVED
+CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3057
- RESERVED
+CVE-2022-3057 (Inappropriate implementation in iframe Sandbox in Google Chrome prior ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3056
- RESERVED
+CVE-2022-3056 (Insufficient policy enforcement in Content Security Policy in Google C ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3055
- RESERVED
+CVE-2022-3055 (Use after free in Passwords in Google Chrome prior to 105.0.5195.52 al ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3054
- RESERVED
+CVE-2022-3054 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3053
- RESERVED
+CVE-2022-3053 (Inappropriate implementation in Pointer Lock in Google Chrome on Mac p ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3052
- RESERVED
+CVE-2022-3052 (Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3051
- RESERVED
+CVE-2022-3051 (Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacro ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3050
- RESERVED
+CVE-2022-3050 (Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 1 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3049
- RESERVED
+CVE-2022-3049 (Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros pr ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3048
- RESERVED
+CVE-2022-3048 (Inappropriate implementation in Chrome OS lockscreen in Google Chrome ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3047
- RESERVED
+CVE-2022-3047 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3046
- RESERVED
+CVE-2022-3046 (Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3045
- RESERVED
+CVE-2022-3045 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3044
- RESERVED
+CVE-2022-3044 (Inappropriate implementation in Site Isolation in Google Chrome prior ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3043
- RESERVED
+CVE-2022-3043 (Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS p ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3042
- RESERVED
+CVE-2022-3042 (Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105. ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3041
- RESERVED
+CVE-2022-3041 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3040
- RESERVED
+CVE-2022-3040 (Use after free in Layout in Google Chrome prior to 105.0.5195.52 allow ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3039
- RESERVED
+CVE-2022-3039 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3038
- RESERVED
+CVE-2022-3038 (Use after free in Network Service in Google Chrome prior to 105.0.5195 ...)
{DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -6058,8 +6079,8 @@ CVE-2022-38978 (The secure OS module has configuration defects. Successful explo
NOT-FOR-US: Huawei
CVE-2022-38977
RESERVED
-CVE-2022-38970
- RESERVED
+CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...)
+ TODO: check
CVE-2022-38969
RESERVED
CVE-2022-38968
@@ -6486,10 +6507,10 @@ CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the SSID
NOT-FOR-US: CMS8000 device
CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...)
NOT-FOR-US: WP Users Exporter plugin for WordPress
-CVE-2022-3025
- RESERVED
-CVE-2022-3024
- RESERVED
+CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not h ...)
+ TODO: check
+CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...)
+ TODO: check
CVE-2022-3023
RESERVED
CVE-2022-3022
@@ -6651,8 +6672,7 @@ CVE-2022-38753
RESERVED
CVE-2022-2999
RESERVED
-CVE-2022-2998
- RESERVED
+CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -6721,8 +6741,8 @@ CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman c
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445
CVE-2022-2988
RESERVED
-CVE-2022-2987
- RESERVED
+CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...)
+ TODO: check
CVE-2022-2986
RESERVED
- moodle <removed>
@@ -7086,8 +7106,8 @@ CVE-2022-2928
RESERVED
CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...)
NOT-FOR-US: NotrinosERP
-CVE-2022-2926
- RESERVED
+CVE-2022-2926 (The Download Manager WordPress plugin before 3.2.55 does not validate ...)
+ TODO: check
CVE-2022-38647
RESERVED
CVE-2022-38646
@@ -7279,8 +7299,8 @@ CVE-2022-38555 (Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_ge
NOT-FOR-US: Linksys
CVE-2022-38554
RESERVED
-CVE-2022-38553
- RESERVED
+CVE-2022-38553 (Academy Learning Management System before v5.9.1 was discovered to con ...)
+ TODO: check
CVE-2022-38552
RESERVED
CVE-2022-38551
@@ -7583,8 +7603,8 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's
NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1
CVE-2022-2904
RESERVED
-CVE-2022-2903
- RESERVED
+CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...)
+ TODO: check
CVE-2022-2902
RESERVED
CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...)
@@ -7896,53 +7916,43 @@ CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. ..
- vim 2:9.0.0229-1
NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
NOTE: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (v9.0.0221)
-CVE-2022-2861
- RESERVED
+CVE-2022-2861 (Inappropriate implementation in Extensions API in Google Chrome prior ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2860
- RESERVED
+CVE-2022-2860 (Insufficient policy enforcement in Cookies in Google Chrome prior to 1 ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2859
- RESERVED
+CVE-2022-2859 (Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112 ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2858
- RESERVED
+CVE-2022-2858 (Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.10 ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2857
- RESERVED
+CVE-2022-2857 (Use after free in Blink in Google Chrome prior to 104.0.5112.101 allow ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2856
- RESERVED
+CVE-2022-2856 (Insufficient validation of untrusted input in Intents in Google Chrome ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2855
- RESERVED
+CVE-2022-2855 (Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allow ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2854
- RESERVED
+CVE-2022-2854 (Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2853
- RESERVED
+CVE-2022-2853 (Heap buffer overflow in Downloads in Google Chrome on Android prior to ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-2852
- RESERVED
+CVE-2022-2852 (Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allow ...)
{DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -13704,10 +13714,10 @@ CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vul
NOT-FOR-US: Orange Station
CVE-2022-36160
RESERVED
-CVE-2022-36159
- RESERVED
-CVE-2022-36158
- RESERVED
+CVE-2022-36159 (Contec FXA3200 version 1.13 and under were discovered to contain a har ...)
+ TODO: check
+CVE-2022-36158 (Contec FXA3200 version 1.13.00 and under suffers from Insecure Permiss ...)
+ TODO: check
CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...)
NOT-FOR-US: XXL-JOB
CVE-2022-36156
@@ -14514,10 +14524,10 @@ CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape
NOT-FOR-US: WordPress plugin
CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-2405
- RESERVED
-CVE-2022-2404
- RESERVED
+CVE-2022-2405 (The WP Popup Builder WordPress plugin through 1.2.8 does not have auth ...)
+ TODO: check
+CVE-2022-2404 (The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise ...)
+ TODO: check
CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The ...)
NOT-FOR-US: OpenShift
CVE-2022-35863
@@ -15646,7 +15656,7 @@ CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes g
NOT-FOR-US: WordPress plugin
CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account accessible via db/ ...)
+CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account. A threat actor co ...)
NOT-FOR-US: Penta Security Systems Inc WAPPLES
CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...)
NOT-FOR-US: Digital Guardian Agent
@@ -15700,8 +15710,8 @@ CVE-2022-35402
RESERVED
CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutralization ...)
NOT-FOR-US: microweber
-CVE-2022-2352
- RESERVED
+CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not ...)
+ TODO: check
CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2350
@@ -27832,8 +27842,8 @@ CVE-2022-1757 (The pagebar WordPress plugin before 2.70 does not have CSRF check
NOT-FOR-US: WordPress plugin
CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1755
- RESERVED
+CVE-2022-1755 (The SVG Support WordPress plugin before 2.5 does not properly handle S ...)
+ TODO: check
CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not configure its ...)
@@ -29868,8 +29878,8 @@ CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable rando
NOTE: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (samba-4.17.0rc1)
CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1613
- RESERVED
+CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 prioritizes g ...)
+ TODO: check
CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...)
@@ -30701,8 +30711,8 @@ CVE-2022-30005
RESERVED
CVE-2022-30004
RESERVED
-CVE-2022-30003
- RESERVED
+CVE-2022-30003 (Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Sit ...)
+ TODO: check
CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
NOT-FOR-US: Sourcecodester Insurance Management System
CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...)
@@ -34470,10 +34480,10 @@ CVE-2022-28724
RESERVED
CVE-2022-28723
RESERVED
-CVE-2022-28722
- RESERVED
-CVE-2022-28721
- RESERVED
+CVE-2022-28722 (Certain HP Print Products are potentially vulnerable to Buffer Overflo ...)
+ TODO: check
+CVE-2022-28721 (Certain HP Print Products are potentially vulnerable to Remote Code Ex ...)
+ TODO: check
CVE-2022-28720
RESERVED
CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...)
@@ -57514,8 +57524,7 @@ CVE-2022-22060
RESERVED
CVE-2022-22059 (Memory corruption due to out of bound read while parsing a video file ...)
NOT-FOR-US: Snapdragon
-CVE-2022-22058
- RESERVED
+CVE-2022-22058 (Memory corruption due to use after free issue in kernel while processi ...)
NOT-FOR-US: Qualcomm
CVE-2022-22057 (Use after free in graphics fence due to a race condition while closing ...)
NOT-FOR-US: Snapdragon
@@ -72806,8 +72815,8 @@ CVE-2021-41439
REJECTED
CVE-2021-41438
REJECTED
-CVE-2021-41437
- RESERVED
+CVE-2021-41437 (An HTTP response splitting attack in web application in ASUS RT-AX88U ...)
+ TODO: check
CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...)
NOT-FOR-US: ASUS
CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...)
@@ -107031,8 +107040,8 @@ CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.
- centreon-web <itp> (bug #913903)
CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
- centreon-web <itp> (bug #913903)
-CVE-2021-28052
- RESERVED
+CVE-2021-28052 (A tenant administrator Hitachi Content Platform (HCP) may modify the c ...)
+ TODO: check
CVE-2021-28051
RESERVED
CVE-2021-28050
@@ -114934,8 +114943,8 @@ CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Fo
NOT-FOR-US: WordPress plugin
CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24890
- RESERVED
+CVE-2021-24890 (The Scripts Organizer WordPress plugin before 3.0 does not have capabi ...)
+ TODO: check
CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
@@ -115408,7 +115417,7 @@ CVE-2021-24655 (The WP User Manager WordPress plugin before 2.6.3 does not ensur
NOT-FOR-US: WordPress plugin
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
+CVE-2021-24653 (The Cookie Bar WordPress plugin before 1.8.9 doesn't properly sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39db614a808c0ba670f31757f35c434df8aa797
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e39db614a808c0ba670f31757f35c434df8aa797
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220926/3373a1ce/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list