Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca7042dd by security tracker role at 2022-05-04T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -264,8 +264,8 @@ CVE-2022-1550
RESERVED
CVE-2022-1549
RESERVED
-CVE-2022-1548
- RESERVED
+CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly
restric ...)
+ TODO: check
CVE-2022-1547
RESERVED
CVE-2022-1546
@@ -1027,8 +1027,8 @@ CVE-2022-29809
RESERVED
CVE-2022-1503 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: GetSimple CMS
-CVE-2022-1502
- RESERVED
+CVE-2022-1502 (Permissions were not properly verified in the API on projects
using ve ...)
+ TODO: check
CVE-2022-1501
RESERVED
{DSA-5125-1}
@@ -3819,34 +3819,34 @@ CVE-2022-28795 (A vulnerability within the Avira
Password Manager Browser Extens
NOT-FOR-US: Avira Password Manager Browser Extensions
CVE-2022-28794
RESERVED
-CVE-2022-28793
- RESERVED
-CVE-2022-28792
- RESERVED
-CVE-2022-28791
- RESERVED
-CVE-2022-28790
- RESERVED
-CVE-2022-28789
- RESERVED
-CVE-2022-28788
- RESERVED
-CVE-2022-28787
- RESERVED
-CVE-2022-28786
- RESERVED
-CVE-2022-28785
- RESERVED
-CVE-2022-28784
- RESERVED
-CVE-2022-28783
- RESERVED
-CVE-2022-28782
- RESERVED
-CVE-2022-28781
- RESERVED
-CVE-2022-28780
- RESERVED
+CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker,
improper ...)
+ TODO: check
+CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to
version ...)
+ TODO: check
+CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in
Galaxy Stor ...)
+ TODO: check
+CVE-2022-28790 (Improper authentication in Link to Windows Service prior to
version 2. ...)
+ TODO: check
+CVE-2022-28789 (Unprotected activities in Voice Note prior to version
21.3.51.11 allow ...)
+ TODO: check
+CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior
to SMR ...)
+ TODO: check
+CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior
to SMR ...)
+ TODO: check
+CVE-2022-28786 (Improper buffer size check logic in aviextractor library prior
to SMR ...)
+ TODO: check
+CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior
to SMR ...)
+ TODO: check
+CVE-2022-28784 (Path traversal vulnerability in Galaxy Themes prior to SMR
May-2022 Re ...)
+ TODO: check
+CVE-2022-28783 (Improper validation of removing package name in Galaxy Themes
prior to ...)
+ TODO: check
+CVE-2022-28782 (Improper access control vulnerability in Contents To Window
prior to S ...)
+ TODO: check
+CVE-2022-28781 (Improper input validation in Settings prior to SMR-May-2022
Release 1 ...)
+ TODO: check
+CVE-2022-28780 (Improper access control vulnerability in Weather prior to SMR
May-2022 ...)
+ TODO: check
CVE-2022-28779 (Uncontrolled search path element vulnerability in Samsung
Android USB ...)
NOT-FOR-US: Samsung
CVE-2022-28778 (Improper access control vulnerability in Samsung Security
Supporter pr ...)
@@ -6090,8 +6090,8 @@ CVE-2022-28057
RESERVED
CVE-2022-28056 (ShopXO v2.2.5 and below was discovered to contain a system
re-install ...)
NOT-FOR-US: ShopXO
-CVE-2022-28055
- RESERVED
+CVE-2022-28055 (Fusionpbx v4.4 and below contains a command injection
vulnerability vi ...)
+ TODO: check
CVE-2022-28054 (Improper sanitization of trigger action scripts in VanDyke
Software VS ...)
NOT-FOR-US: VanDyke Software VShell
CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file
upload vul ...)
@@ -7526,8 +7526,8 @@ CVE-2022-27472 (SQL injection vulnerability in Topics
Counting feature of Roothu
NOT-FOR-US: Roothub
CVE-2022-27471
RESERVED
-CVE-2022-27470
- RESERVED
+CVE-2022-27470 (SDL_ttf v2.0.18 and below was discovered to contain an
arbitrary memor ...)
+ TODO: check
CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute
Server- ...)
NOT-FOR-US: Monstaftp
CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file
upload w ...)
@@ -7653,8 +7653,8 @@ CVE-2022-27433
RESERVED
CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15
allows attack ...)
NOT-FOR-US: Pluck CMS
-CVE-2022-27431
- RESERVED
+CVE-2022-27431 (Wuzhicms v4.1.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
CVE-2022-27430
RESERVED
CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side
Request Forger ...)
@@ -7675,8 +7675,8 @@ CVE-2022-27422 (A reflected cross-site scripting (XSS)
vulnerability in Chamilo
NOT-FOR-US: Chamilo LMS
CVE-2022-27421 (Chamilo LMS v1.11.13 lacks validation on the user modification
form, a ...)
NOT-FOR-US: Chamilo LMS
-CVE-2022-27420
- RESERVED
+CVE-2022-27420 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in
the functi ...)
- rtl-433 <unfixed> (bug #1009788)
[bullseye] - rtl-433 <not-affected> (Vulnerable code introduced later)
@@ -7704,8 +7704,8 @@ CVE-2022-27415
RESERVED
CVE-2022-27414
RESERVED
-CVE-2022-27413
- RESERVED
+CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
CVE-2022-27412
RESERVED
CVE-2022-27411
@@ -7933,8 +7933,8 @@ CVE-2022-27332 (An access control issue in Zammad v5.0.3
allows attackers to wri
- zammad <itp> (bug #841355)
CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts
administrative con ...)
- zammad <itp> (bug #841355)
-CVE-2022-27330
- RESERVED
+CVE-2022-27330 (A cross-site scripting (XSS) vulnerability in
/public/admin/index.php? ...)
+ TODO: check
CVE-2022-27329
RESERVED
CVE-2022-27328
@@ -7967,8 +7967,8 @@ CVE-2022-27315
RESERVED
CVE-2022-27314
RESERVED
-CVE-2022-27313
- RESERVED
+CVE-2022-27313 (An arbitrary file deletion vulnerability in Gitea v1.16.3
allows attac ...)
+ TODO: check
CVE-2022-27312
RESERVED
CVE-2022-27311 (Gibbon v3.4.4 and below allows attackers to execute a
Server-Side Requ ...)
@@ -14766,8 +14766,8 @@ CVE-2022-24903
RESERVED
CVE-2022-24902
RESERVED
-CVE-2022-24901
- RESERVED
+CVE-2022-24901 (Improper validation of the Apple certificate URL in the Apple
Game Cen ...)
+ TODO: check
CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to
light up as ...)
NOT-FOR-US: Piano LED Visualizer
CVE-2022-24899
@@ -30563,8 +30563,8 @@ CVE-2022-21745
RESERVED
CVE-2022-21744
RESERVED
-CVE-2022-21743
- RESERVED
+CVE-2022-21743 (In ion, there is a possible use after free due to an integer
overflow. ...)
+ TODO: check
CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on
Windows ha ...)
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2021-44229
@@ -32521,6 +32521,7 @@ CVE-2022-21498 (Vulnerability in the Java VM component
of Oracle Database Server
CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of
Oracle Fus ...)
NOT-FOR-US: Oracle
CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32564,6 +32565,7 @@ CVE-2022-21478 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
NOT-FOR-US: Oracle
CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32624,6 +32626,7 @@ CVE-2022-21451 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction
Hub produc ...)
NOT-FOR-US: Oracle
CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u322-ga-1
- openjdk-11 <unfixed>
- openjdk-17 17.0.3+7-1
@@ -32640,6 +32643,7 @@ CVE-2022-21444 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32661,6 +32665,7 @@ CVE-2022-21436 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -32681,6 +32686,7 @@ CVE-2022-21427 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-8.0 <unfixed>
- mysql-5.7 <removed>
CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5128-1}
- openjdk-8 8u332-ga-1
- openjdk-11 11.0.15+10-1
- openjdk-17 17.0.3+7-1
@@ -35780,18 +35786,18 @@ CVE-2021-43166
RESERVED
CVE-2021-43165
RESERVED
-CVE-2021-43164
- RESERVED
-CVE-2021-43163
- RESERVED
-CVE-2021-43162
- RESERVED
-CVE-2021-43161
- RESERVED
-CVE-2021-43160
- RESERVED
-CVE-2021-43159
- RESERVED
+CVE-2021-43164 (A Remote Code Execution (RCE) vulnerability exists in Ruijie
Networks ...)
+ TODO: check
+CVE-2021-43163 (A Remote Code Execution (RCE) vulnerability exists in Ruijie
Networks ...)
+ TODO: check
+CVE-2021-43162 (A Remote Code Execution (RCE) vulnerability exists in Ruijie
Networks ...)
+ TODO: check
+CVE-2021-43161 (A Remote Code Execution (RCE) vulnerability exists in Ruijie
Networks ...)
+ TODO: check
+CVE-2021-43160 (A Remote Code Execution (RCE) vulnerability exists in Ruijie
Networks ...)
+ TODO: check
+CVE-2021-43159 (A Remote Code Execution (RCE) vulnerability exists in Ruijie
Networks ...)
+ TODO: check
CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF
vulnerability ...)
NOT-FOR-US: ProjectWorlds Online Shopping System PHP
CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to
SQL inj ...)
@@ -38891,62 +38897,62 @@ CVE-2021-42330 (The “Teacher Edit”
function of ShinHer StudyOnline S
NOT-FOR-US: ShinHer StudyOnline System
CVE-2021-42329 (The “List_Add” function of message board of
ShinHer StudyO ...)
NOT-FOR-US: ShinHer StudyOnline System
-CVE-2022-20111
- RESERVED
-CVE-2022-20110
- RESERVED
-CVE-2022-20109
- RESERVED
-CVE-2022-20108
- RESERVED
-CVE-2022-20107
- RESERVED
-CVE-2022-20106
- RESERVED
-CVE-2022-20105
- RESERVED
-CVE-2022-20104
- RESERVED
-CVE-2022-20103
- RESERVED
-CVE-2022-20102
- RESERVED
-CVE-2022-20101
- RESERVED
-CVE-2022-20100
- RESERVED
-CVE-2022-20099
- RESERVED
-CVE-2022-20098
- RESERVED
-CVE-2022-20097
- RESERVED
-CVE-2022-20096
- RESERVED
-CVE-2022-20095
- RESERVED
-CVE-2022-20094
- RESERVED
-CVE-2022-20093
- RESERVED
-CVE-2022-20092
- RESERVED
-CVE-2022-20091
- RESERVED
-CVE-2022-20090
- RESERVED
-CVE-2022-20089
- RESERVED
-CVE-2022-20088
- RESERVED
-CVE-2022-20087
- RESERVED
+CVE-2022-20111 (In ion, there is a possible use after free due to incorrect
error hand ...)
+ TODO: check
+CVE-2022-20110 (In ion, there is a possible use after free due to a race
condition. Th ...)
+ TODO: check
+CVE-2022-20109 (In ion, there is a possible use after free due to improper
update of r ...)
+ TODO: check
+CVE-2022-20108 (In voice service, there is a possible out of bounds write due
to a sta ...)
+ TODO: check
+CVE-2022-20107 (In subtitle service, there is a possible application crash due
to an i ...)
+ TODO: check
+CVE-2022-20106 (In MM service, there is a possible out of bounds write due to
a heap-b ...)
+ TODO: check
+CVE-2022-20105 (In MM service, there is a possible out of bounds write due to
a stack- ...)
+ TODO: check
+CVE-2022-20104 (In aee daemon, there is a possible information disclosure due
to impro ...)
+ TODO: check
+CVE-2022-20103 (In aee daemon, there is a possible information disclosure due
to symbo ...)
+ TODO: check
+CVE-2022-20102 (In aee daemon, there is a possible information disclosure due
to a mis ...)
+ TODO: check
+CVE-2022-20101 (In aee daemon, there is a possible information disclosure due
to a pat ...)
+ TODO: check
+CVE-2022-20100 (In aee daemon, there is a possible information disclosure due
to a mis ...)
+ TODO: check
+CVE-2022-20099 (In aee daemon, there is a possible out of bounds write due to
improper ...)
+ TODO: check
+CVE-2022-20098 (In aee daemon, there is a possible information disclosure due
to a mis ...)
+ TODO: check
+CVE-2022-20097 (In aee daemon, there is a possible information disclosure due
to a rac ...)
+ TODO: check
+CVE-2022-20096 (In camera, there is a possible information disclosure due to
uninitial ...)
+ TODO: check
+CVE-2022-20095 (In imgsensor, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2022-20094 (In imgsensor, there is a possible out of bounds write due to
an incorr ...)
+ TODO: check
+CVE-2022-20093 (In telephony, there is a possible way to disable receiving SMS
message ...)
+ TODO: check
+CVE-2022-20092 (In alac decoder, there is a possible out of bounds read due to
a missi ...)
+ TODO: check
+CVE-2022-20091 (In aee driver, there is a possible use after free due to a
race condit ...)
+ TODO: check
+CVE-2022-20090 (In aee driver, there is a possible use after free due to a
race condit ...)
+ TODO: check
+CVE-2022-20089 (In aee driver, there is a possible memory corruption due to
active deb ...)
+ TODO: check
+CVE-2022-20088 (In aee driver, there is a possible reference count mistake due
to inco ...)
+ TODO: check
+CVE-2022-20087 (In ccu, there is a possible out of bounds write due to a
missing bound ...)
+ TODO: check
CVE-2022-20086
RESERVED
-CVE-2022-20085
- RESERVED
-CVE-2022-20084
- RESERVED
+CVE-2022-20085 (In netdiag, there is a possible symbolic link following due to
an impr ...)
+ TODO: check
+CVE-2022-20084 (In telephony, there is a possible way to disable receiving
emergency b ...)
+ TODO: check
CVE-2022-20083
RESERVED
CVE-2022-20082
@@ -54333,7 +54339,7 @@ CVE-2021-36205 (Under certain circumstances the session
token is not cleared on
NOT-FOR-US: Johnson Controls
CVE-2021-36204
RESERVED
-CVE-2021-36203 (A vulnerability in all versions of SCT/SCT Pro prior to
version 14.2.2 ...)
+CVE-2021-36203 (The affected product may allow an attacker to identify and
forge reque ...)
NOT-FOR-US: Johnson Controls
CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson
Controls M ...)
NOT-FOR-US: Johnson Controls Metasys
@@ -76601,52 +76607,52 @@ CVE-2021-27441
RESERVED
CVE-2021-27440 (The software contains a hard-coded password it uses for its
own inboun ...)
NOT-FOR-US: GE
-CVE-2021-27439
- RESERVED
+CVE-2021-27439 (TencentOS-tiny version 3.1.0 is vulnerable to integer
wrap-around in f ...)
+ TODO: check
CVE-2021-27438 (The software contains a hard-coded password it uses for its
own inboun ...)
NOT-FOR-US: GE
CVE-2021-27437 (The affected product allows attackers to obtain sensitive
information ...)
NOT-FOR-US: WISE-PaaS
CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to
cross-site scr ...)
NOT-FOR-US: WebAccess/SCADA
-CVE-2021-27435
- RESERVED
+CVE-2021-27435 (ARM mbed product Version 6.3.0 is vulnerable to integer
wrap-around in ...)
+ TODO: check
CVE-2021-27434 (Products with Unified Automation .NET based OPC UA
Client/Server SDK B ...)
NOT-FOR-US: Unified Automation .NET
-CVE-2021-27433
- RESERVED
+CVE-2021-27433 (ARM mbed-ualloc memory library version 1.3.0 is vulnerable to
integer ...)
+ TODO: check
CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48
and OPC U ...)
NOT-FOR-US: OPC Foundation UA .NET
-CVE-2021-27431
- RESERVED
+CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to
integer wrap ...)
+ TODO: check
CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included
unused ha ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27429
RESERVED
CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports
upgrading f ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27427
- RESERVED
+CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around
in its ...)
+ TODO: check
CVE-2021-27426 (GE UR IED firmware versions prior to version 8.1x with
“Basic ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27425
- RESERVED
+CVE-2021-27425 (Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer
wrap-aro ...)
+ TODO: check
CVE-2021-27424 (GE UR firmware versions prior to version 8.1x shares MODBUS
memory map ...)
NOT-FOR-US: General Electric Universal Relays
CVE-2021-27423
RESERVED
CVE-2021-27422 (GE UR firmware versions prior to version 8.1x web server
interface is ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27421
- RESERVED
+CVE-2021-27421 (NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to
integer o ...)
+ TODO: check
CVE-2021-27420 (GE UR firmware versions prior to version 8.1x web server task
does not ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27419
- RESERVED
+CVE-2021-27419 (uClibc-ng versions prior to 1.0.37 are vulnerable to integer
wrap-arou ...)
+ TODO: check
CVE-2021-27418 (GE UR firmware versions prior to version 8.1x supports web
interface w ...)
NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27417
- RESERVED
+CVE-2021-27417 (eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are
vulnerable t ...)
+ TODO: check
CVE-2021-27416 (An attacker could exploit this vulnerability in Hitachi ABB
Power Grid ...)
NOT-FOR-US: Hitachi ABB Power Grids Ellipse Enterprise Asset Management
(EAM)
CVE-2021-27415
@@ -76657,8 +76663,8 @@ CVE-2021-27413 (Omron CX-One Versions 4.60 and prior,
including CX-Server Versio
NOT-FOR-US: Omron CX-One
CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are
vulnerable ...)
NOT-FOR-US: Delta Electronics
-CVE-2021-27411
- RESERVED
+CVE-2021-27411 (Micrium OS Versions 5.10.1 and prior are vulnerable to integer
wrap-ar ...)
+ TODO: check
CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write,
which ma ...)
NOT-FOR-US: Welch Allyn
CVE-2021-27409
@@ -88232,8 +88238,8 @@ CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4)
is configured by default
NOT-FOR-US: Cscape
CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and
later, ...)
NOT-FOR-US: Rockwell Automation
-CVE-2021-22680
- RESERVED
+CVE-2021-22680 (NXP MQX Versions 5.1 and prior are vulnerable to integer
overflow in m ...)
+ TODO: check
CVE-2021-22679 (The affected product is vulnerable to an integer overflow
while proces ...)
NOT-FOR-US: SimpleLink
CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper
validation of use ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7042dda049cedc9cbf11cf012595f9b4b3b55a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca7042dda049cedc9cbf11cf012595f9b4b3b55a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
