Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0f4d8b4 by security tracker role at 2022-05-16T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2022-30942
+ RESERVED
+CVE-2022-30941
+ RESERVED
+CVE-2022-30940
+ RESERVED
+CVE-2022-30939
+ RESERVED
+CVE-2022-30938
+ RESERVED
+CVE-2022-30937
+ RESERVED
+CVE-2022-30792
+ RESERVED
+CVE-2022-30791
+ RESERVED
+CVE-2022-30758
+ RESERVED
+CVE-2022-30757
+ RESERVED
+CVE-2022-30756
+ RESERVED
+CVE-2022-30755
+ RESERVED
+CVE-2022-30754
+ RESERVED
+CVE-2022-30753
+ RESERVED
+CVE-2022-30752
+ RESERVED
+CVE-2022-30751
+ RESERVED
+CVE-2022-30750
+ RESERVED
+CVE-2022-30749
+ RESERVED
+CVE-2022-30748
+ RESERVED
+CVE-2022-30747
+ RESERVED
+CVE-2022-30746
+ RESERVED
+CVE-2022-30745
+ RESERVED
+CVE-2022-30744
+ RESERVED
+CVE-2022-30743
+ RESERVED
+CVE-2022-30742
+ RESERVED
+CVE-2022-30741
+ RESERVED
+CVE-2022-30740
+ RESERVED
+CVE-2022-30739
+ RESERVED
+CVE-2022-30738
+ RESERVED
+CVE-2022-30737
+ RESERVED
+CVE-2022-30736
+ RESERVED
+CVE-2022-30735
+ RESERVED
+CVE-2022-30734
+ RESERVED
+CVE-2022-30733
+ RESERVED
+CVE-2022-30732
+ RESERVED
+CVE-2022-30731
+ RESERVED
+CVE-2022-30730
+ RESERVED
+CVE-2022-30729
+ RESERVED
+CVE-2022-30728
+ RESERVED
+CVE-2022-30727
+ RESERVED
+CVE-2022-30726
+ RESERVED
+CVE-2022-30725
+ RESERVED
+CVE-2022-30724
+ RESERVED
+CVE-2022-30723
+ RESERVED
+CVE-2022-30722
+ RESERVED
+CVE-2022-30721
+ RESERVED
+CVE-2022-30720
+ RESERVED
+CVE-2022-30719
+ RESERVED
+CVE-2022-30718
+ RESERVED
+CVE-2022-30717
+ RESERVED
+CVE-2022-30716
+ RESERVED
+CVE-2022-30715
+ RESERVED
+CVE-2022-30714
+ RESERVED
+CVE-2022-30713
+ RESERVED
+CVE-2022-30712
+ RESERVED
+CVE-2022-30711
+ RESERVED
+CVE-2022-30710
+ RESERVED
+CVE-2022-30709
+ RESERVED
+CVE-2022-29888
+ RESERVED
+CVE-2022-25932
+ RESERVED
+CVE-2022-1735
+ RESERVED
+CVE-2022-1734
+ RESERVED
+CVE-2022-1733
+ RESERVED
+CVE-2022-1732
+ RESERVED
+CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is
vulnerable to ...)
+ TODO: check
+CVE-2022-1730
+ RESERVED
+CVE-2022-1729
+ RESERVED
+CVE-2022-1728 (Allowing long password leads to denial of service in
polonel/trudesk i ...)
+ TODO: check
+CVE-2022-1727
+ RESERVED
+CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in
when expo ...)
+ TODO: check
+CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to
8.2.495 ...)
+ TODO: check
+CVE-2022-1724
+ RESERVED
+CVE-2022-1723
+ RESERVED
+CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub
repositor ...)
+ TODO: check
+CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository
jgraph/drawio ...)
+ TODO: check
+CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub
repository vim/v ...)
+ TODO: check
+CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository
polonel/t ...)
+ TODO: check
+CVE-2022-1718 (The trudesk application allows large characters to insert in
the input ...)
+ TODO: check
CVE-2022-30936
RESERVED
CVE-2022-30935
@@ -304,7 +460,7 @@ CVE-2022-30783
RESERVED
CVE-2022-30782 (Openmoney API through 2020-06-29 uses the JavaScript
Math.random funct ...)
TODO: check
-CVE-2022-30781 (Gitea before 1.6.7 does not escape git fetch remote. ...)
+CVE-2022-30781 (Gitea before 1.16.7 does not escape git fetch remote. ...)
- gitea <removed>
CVE-2022-30780
RESERVED
@@ -312,10 +468,10 @@ CVE-2022-30779 (Laravel 9.1.8, when processing
attacker-controlled data for dese
TODO: check
CVE-2022-30778 (Laravel 9.1.8, when processing attacker-controlled data for
deserializ ...)
TODO: check
-CVE-2022-30777
- RESERVED
-CVE-2022-30776
- RESERVED
+CVE-2022-30777 (Parallels H-Sphere 3.6.2 allows XSS via the index_en.php from
paramete ...)
+ TODO: check
+CVE-2022-30776 (atmail 6.5.0 allows XSS via the index.php/admin/index/ error
parameter ...)
+ TODO: check
CVE-2022-30775 (xpdf 4.04 allocates excessive memory when presented with
crafted input ...)
TODO: check
CVE-2022-30774
@@ -368,12 +524,12 @@ CVE-2022-30699
RESERVED
CVE-2022-30698
RESERVED
-CVE-2022-30697
- RESERVED
-CVE-2022-30696
- RESERVED
-CVE-2022-30695
- RESERVED
+CVE-2022-30697 (Local privilege escalation due to insecure folder permissions.
The fol ...)
+ TODO: check
+CVE-2022-30696 (Local privilege escalation due to a DLL hijacking
vulnerability. The f ...)
+ TODO: check
+CVE-2022-30695 (Local privilege escalation due to excessive permissions
assigned to ch ...)
+ TODO: check
CVE-2022-30694
RESERVED
CVE-2022-30543
@@ -392,8 +548,8 @@ CVE-2022-1714 (Heap-based Buffer Overflow in GitHub
repository radareorg/radare2
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0
NOTE:
https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e
-CVE-2022-1713
- RESERVED
+CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to
18.0.4. An ...)
+ TODO: check
CVE-2022-1712
RESERVED
CVE-2022-1711
@@ -756,8 +912,7 @@ CVE-2022-30557 (Foxit PDF Reader and PDF Editor before
11.2.2 have a Type Confus
NOT-FOR-US: Foxit PDF Reader and PDF Editor
CVE-2022-1680
RESERVED
-CVE-2022-1679
- RESERVED
+CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel’s
Atheros wi ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125
NOTE: https://lore.kernel.org/lkml/[email protected]/t/
@@ -932,8 +1087,8 @@ CVE-2022-1643
RESERVED
CVE-2022-30524 (There is an invalid memory access in the TextLine class in
TextOutputD ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
-CVE-2022-30523
- RESERVED
+CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and
below i ...)
+ TODO: check
CVE-2022-30522
RESERVED
CVE-2022-1642
@@ -1397,6 +1552,7 @@ CVE-2022-1622 (LibTIFF master branch has an out-of-bounds
read in LZWDecode in l
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub
repository vim ...)
+ {DLA-3011-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -1414,6 +1570,7 @@ CVE-2022-1620 (NULL Pointer Dereference in function
vim_regexec_string at regexp
NOTE:
https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f
(v8.2.4901)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in
GitHub r ...)
+ {DLA-3011-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -1461,6 +1618,7 @@ CVE-2022-30322
CVE-2022-30321
RESERVED
CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim
prior to ...)
+ {DLA-3011-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -1550,12 +1708,10 @@ CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc
through 0.9.33.2 use predict
NOTE:
https://mailman.openadk.org/mailman3/hyperkitty/list/[email protected]/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/
NOTE: src:uclibc switched to the uClibc-ng source codebase with the
1.0.20-1 upload.
CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a
use-after-fre ...)
- RESERVED
- webkit2gtk 2.36.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.36.1-1
CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a
heap-based bu ...)
- RESERVED
- webkit2gtk 2.36.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.36.1-1
@@ -2026,26 +2182,25 @@ CVE-2022-1562
RESERVED
CVE-2022-1561
RESERVED
-CVE-2022-1560
- RESERVED
-CVE-2022-1559
- RESERVED
+CVE-2022-1560 (The Amministrazione Aperta WordPress plugin through 3.7.3 does
not val ...)
+ TODO: check
+CVE-2022-1559 (The Clipr WordPress plugin through 1.2.3 does not sanitise and
escape ...)
+ TODO: check
CVE-2022-1558
RESERVED
-CVE-2022-1557
- RESERVED
+CVE-2022-1557 (The ULeak Security & Monitoring WordPress plugin through
1.2.3 doe ...)
+ TODO: check
CVE-2022-1556
RESERVED
CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository
microweber/micro ...)
NOT-FOR-US: microweber
CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository
clinical-g ...)
NOT-FOR-US: clinical-genomics/scout
-CVE-2022-30126 [Regular Expression Denial of Service]
- RESERVED
+CVE-2022-30126 (In Apache Tika, a regular expression in our StandardsText
class, used ...)
- tika <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3
-CVE-2022-1553
- RESERVED
+CVE-2022-1553 (Leaking password protected articles content due to improper
access con ...)
+ TODO: check
CVE-2022-1552
RESERVED
{DSA-5136-1 DSA-5135-1}
@@ -2218,8 +2373,8 @@ CVE-2022-30057 (Shopwind <=v3.4.2 was discovered to
contain a stored cross-si
NOT-FOR-US: Shopwind
CVE-2022-30056
RESERVED
-CVE-2022-30055
- RESERVED
+CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow
vulnerability that ...)
+ TODO: check
CVE-2022-30054
RESERVED
CVE-2022-30053
@@ -2228,8 +2383,8 @@ CVE-2022-30052
RESERVED
CVE-2022-30051
RESERVED
-CVE-2022-30050
- RESERVED
+CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting
(XSS) via ...)
+ TODO: check
CVE-2022-30049 (A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows
attacker ...)
TODO: check
CVE-2022-30048 (Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection
vulnerab ...)
@@ -2302,12 +2457,12 @@ CVE-2022-30015
RESERVED
CVE-2022-30014
RESERVED
-CVE-2022-30013
- RESERVED
-CVE-2022-30012
- RESERVED
-CVE-2022-30011
- RESERVED
+CVE-2022-30013 (A stored cross-site scripting (XSS) vulnerability in the
upload functi ...)
+ TODO: check
+CVE-2022-30012 (In the POST request of the appointment.php page of HMS v.0,
there are ...)
+ TODO: check
+CVE-2022-30011 (In HMS 1.0 when requesting appointment.php through POST,
multiple para ...)
+ TODO: check
CVE-2022-30010
RESERVED
CVE-2022-30009
@@ -2747,8 +2902,8 @@ CVE-2022-1514 (Stored XSS via upload plugin functionality
in zip format in GitHu
NOT-FOR-US: facturascripts
CVE-2022-1513
RESERVED
-CVE-2022-1512
- RESERVED
+CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does
not sani ...)
+ TODO: check
CVE-2022-1511 (Improper Access Control in GitHub repository snipe/snipe-it
prior to 5 ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -3136,8 +3291,8 @@ CVE-2022-29789 (The HiAIserver has a vulnerability in
verifying the validity of
NOT-FOR-US: Huawei
CVE-2022-27174
RESERVED
-CVE-2022-1465
- RESERVED
+CVE-2022-1465 (The WPC Smart Wishlist for WooCommerce WordPress plugin before
2.9.9 d ...)
+ TODO: check
CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7.
As the ...)
NOT-FOR-US: Go Git Service
CVE-2022-1463 (The Booking Calendar plugin for WordPress is vulnerable to PHP
Object ...)
@@ -3496,10 +3651,10 @@ CVE-2022-29625
RESERVED
CVE-2022-29624
RESERVED
-CVE-2022-29623
- RESERVED
-CVE-2022-29622
- RESERVED
+CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload
module of Co ...)
+ TODO: check
+CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4
allows att ...)
+ TODO: check
CVE-2022-29621
RESERVED
CVE-2022-29620
@@ -3544,8 +3699,8 @@ CVE-2022-29601
RESERVED
CVE-2022-29600
RESERVED
-CVE-2022-1455
- RESERVED
+CVE-2022-1455 (The Call Now Button WordPress plugin before 1.1.2 does not
escape a pa ...)
+ TODO: check
CVE-2022-1454
RESERVED
CVE-2022-1453 (The RSVPMaker plugin for WordPress is vulnerable to
unauthenticated SQ ...)
@@ -3638,10 +3793,10 @@ CVE-2022-1437 (Heap-based Buffer Overflow in GitHub
repository radareorg/radare2
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038
NOTE:
https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136
-CVE-2022-1436
- RESERVED
-CVE-2022-1435
- RESERVED
+CVE-2022-1436 (The WPCargo Track & Trace WordPress plugin before 6.9.5
does not s ...)
+ TODO: check
+CVE-2022-1435 (The WPCargo Track & Trace WordPress plugin before 6.9.5
does not s ...)
+ TODO: check
CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite
incorrectly ...)
[experimental] - openssl 3.0.3-1
- openssl <not-affected> (Only affects OpenSSL 3.0)
@@ -3714,8 +3869,8 @@ CVE-2022-29560
RESERVED
CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions
starting ...)
TODO: check
-CVE-2022-1425
- RESERVED
+CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a
compani ...)
+ TODO: check
CVE-2022-1424
RESERVED
CVE-2022-1423
@@ -3810,8 +3965,8 @@ CVE-2022-1419
- linux 5.5.13-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/21/1
NOTE: Fixed by:
https://git.kernel.org/linus/4b848f20eda5974020f043ca14bacf7a7e634fc8 (5.6-rc2)
-CVE-2022-1418
- RESERVED
+CVE-2022-1418 (The Social Stickers WordPress plugin through 2.2.9 does not
have CSRF ...)
+ TODO: check
CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a
world-writable ...)
NOT-FOR-US: Amazon AWS amazon-ssm-agent
CVE-2022-29526
@@ -3844,12 +3999,12 @@ CVE-2022-1411 (Unrestructed file upload in GitHub
repository yetiforcecompany/ye
NOT-FOR-US: yetiforcecrm
CVE-2022-1410
RESERVED
-CVE-2022-1409
- RESERVED
-CVE-2022-1408
- RESERVED
-CVE-2022-1407
- RESERVED
+CVE-2022-1409 (The VikBooking Hotel Booking Engine & PMS WordPress plugin
before ...)
+ TODO: check
+CVE-2022-1408 (The VikBooking Hotel Booking Engine & PMS WordPress plugin
before ...)
+ TODO: check
+CVE-2022-1407 (The VikBooking Hotel Booking Engine & PMS WordPress plugin
before ...)
+ TODO: check
CVE-2022-29510
RESERVED
CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for
Windows ...)
@@ -3892,8 +4047,8 @@ CVE-2022-1400
RESERVED
CVE-2022-1399
RESERVED
-CVE-2022-1398
- RESERVED
+CVE-2022-1398 (The External Media without Import WordPress plugin through
1.1.2 does ...)
+ TODO: check
CVE-2022-1397 (API Privilege Escalation in GitHub repository
alextselegidis/easyappoi ...)
NOT-FOR-US: alextselegidis/easyappointments
CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise
and escap ...)
@@ -3902,8 +4057,8 @@ CVE-2022-1395
RESERVED
CVE-2022-1394
RESERVED
-CVE-2022-1393
- RESERVED
+CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle
field an ...)
+ TODO: check
CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not
validate t ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1391 (The Cab fare calculator WordPress plugin through 1.0.3 does not
valida ...)
@@ -4153,8 +4308,8 @@ CVE-2022-27632
RESERVED
CVE-2022-1387
RESERVED
-CVE-2022-1386
- RESERVED
+CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the
Avada th ...)
+ TODO: check
CVE-2022-29405
RESERVED
CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate
pending emai ...)
@@ -4276,14 +4431,14 @@ CVE-2022-29356
RESERVED
CVE-2022-29355
RESERVED
-CVE-2022-29354
- RESERVED
-CVE-2022-29353
- RESERVED
+CVE-2022-29354 (An arbitrary file upload vulnerability in the file upload
module of Ke ...)
+ TODO: check
+CVE-2022-29353 (An arbitrary file upload vulnerability in the file upload
module of Gr ...)
+ TODO: check
CVE-2022-29352
RESERVED
-CVE-2022-29351
- RESERVED
+CVE-2022-29351 (An arbitrary file upload vulnerability in the file upload
module of Ti ...)
+ TODO: check
CVE-2022-29350
RESERVED
CVE-2022-29349
@@ -4552,8 +4707,8 @@ CVE-2022-1350 (A vulnerability classified as problematic
was found in GhostPCL 9
NOTE: https://bugs.ghostscript.com/attachment.cgi?id=22323
NOTE: Issue is in GhostPCL sourcewise shipped in src:ghostscript
NOTE: Upstream report is as per 2022-04-15 not yet public
-CVE-2022-1349
- RESERVED
+CVE-2022-1349 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a
compani ...)
+ TODO: check
CVE-2022-1348
RESERVED
CVE-2022-1347 (Stored XSS in the "Username" & "Email" input fields leads
to accou ...)
@@ -4804,8 +4959,8 @@ CVE-2022-1336
RESERVED
CVE-2022-1335
RESERVED
-CVE-2022-1334
- RESERVED
+CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not
validate, s ...)
+ TODO: check
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to
properly chec ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2015-20107 (In Python (aka CPython) through 3.10.4, the mailcap module
does not ad ...)
@@ -5265,8 +5420,8 @@ CVE-2022-29019
RESERVED
CVE-2022-29018
RESERVED
-CVE-2022-29017
- RESERVED
+CVE-2022-29017 (Bento4 v1.6.0.0 was discovered to contain a segmentation fault
via the ...)
+ TODO: check
CVE-2022-29016
RESERVED
CVE-2022-29015
@@ -6063,12 +6218,12 @@ CVE-2022-1269 (The Fast Flow WordPress plugin before
1.2.11 does not sanitise an
NOT-FOR-US: WordPress plugin
CVE-2022-1268
RESERVED
-CVE-2022-1267
- RESERVED
+CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not
sanitise ...)
+ TODO: check
CVE-2022-1266
RESERVED
-CVE-2022-1265
- RESERVED
+CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not
sanitize ...)
+ TODO: check
CVE-2022-1264
RESERVED
CVE-2022-1262 (A command injection vulnerability in the protest binary allows
an atta ...)
@@ -6322,10 +6477,10 @@ CVE-2022-1219 (SQL injection in
RecyclebinController.php in GitHub repository pi
NOT-FOR-US: pimcore
CVE-2022-1218
RESERVED
-CVE-2022-1217
- RESERVED
-CVE-2022-1216
- RESERVED
+CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through
1.1 does ...)
+ TODO: check
+CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does
not sanit ...)
+ TODO: check
CVE-2022-1215
RESERVED
- libinput 1.20.1-1
@@ -7402,8 +7557,8 @@ CVE-2022-1184
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205
CVE-2022-1183
RESERVED
-CVE-2022-1182
- RESERVED
+CVE-2022-1182 (The Visual Slide Box Builder WordPress plugin through 3.2.9
does not s ...)
+ TODO: check
CVE-2022-1181 (Stored Cross Site Scripting in GitHub repository
openemr/openemr prior ...)
NOT-FOR-US: OpenEMR
CVE-2022-1180 (Reflected Cross Site Scripting in GitHub repository
openemr/openemr pr ...)
@@ -7616,6 +7771,7 @@ CVE-2022-1156 (The Books & Papers WordPress plugin
through 0.20210223 does n
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in
GitHub r ...)
- snipe-it <itp> (bug #1005172)
CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim
prior to 8 ...)
+ {DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -8331,8 +8487,8 @@ CVE-2022-1105 (An improper access control vulnerability
in GitLab CE/EE affectin
- gitlab <unfixed>
CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1103
- RESERVED
+CVE-2022-1103 (The Advanced Uploader WordPress plugin through 4.2 allows any
authenti ...)
+ TODO: check
CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance
Management System ...)
NOT-FOR-US: Microfinance Management System
CVE-2022-27926 (A reflected cross-site scripting (XSS) vulnerability in the
/public/la ...)
@@ -8504,8 +8660,8 @@ CVE-2022-1091 (The sanitisation step of the Safe SVG
WordPress plugin before 1.9
NOT-FOR-US: WordPress plugin
CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does
not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1089
- RESERVED
+CVE-2022-1089 (The Bulk Edit and Create User Profiles WordPress plugin before
1.5.14 ...)
+ TODO: check
CVE-2022-1088 (The Page Security & Membership WordPress plugin through
1.5.15 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1087 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -8605,8 +8761,8 @@ CVE-2022-1064 (SQL injection through marking blog
comments on bulk as spam in Gi
NOT-FOR-US: forkcms
CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1062
- RESERVED
+CVE-2022-1062 (The th23 Social WordPress plugin through 1.2.0 does not
sanitise and e ...)
+ TODO: check
CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository
radareorg/ra ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7
@@ -9126,8 +9282,8 @@ CVE-2022-1052 (Heap Buffer Overflow in
iterate_chained_fixups in GitHub reposito
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7
NOTE:
https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4
-CVE-2022-1051
- RESERVED
+CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a
compani ...)
+ TODO: check
CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's
paravirtual RD ...)
- qemu <unfixed>
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -10158,11 +10314,13 @@ CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO
server 2.x before 2.6.2 has a
[buster] - glewlwyd <no-dsa> (Minor issue)
NOTE:
https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a
(v2.6.2)
CVE-2022-29869 (cifs-utils through 6.14, with verbose logging, can cause an
informatio ...)
+ {DLA-3009-1}
- cifs-utils 2:6.14-1.1 (bug #1010818)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15026
NOTE: https://github.com/piastry/cifs-utils/pull/7
NOTE:
https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379
(cifs-utils-6.15)
CVE-2022-27239 (In cifs-utils through 6.14, a stack-based buffer overflow when
parsing ...)
+ {DLA-3009-1}
- cifs-utils 2:6.14-1.1 (bug #1010818)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15025
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216
@@ -12145,8 +12303,8 @@ CVE-2022-0875
RESERVED
CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0873
- RESERVED
+CVE-2022-0873 (The Gmedia Photo Gallery WordPress plugin before 1.20.0 does
not sanit ...)
+ TODO: check
CVE-2022-26532
RESERVED
CVE-2022-26531
@@ -12289,8 +12447,8 @@ CVE-2022-26478
RESERVED
CVE-2022-26477
RESERVED
-CVE-2022-0867
- RESERVED
+CVE-2022-0867 (The Pricing Table WordPress plugin before 3.6.1 fails to
properly sani ...)
+ TODO: check
CVE-2022-0866 (This is a concurrency issue that can result in the wrong caller
princi ...)
- wildfly <itp> (bug #752018)
CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers
to cau ...)
@@ -15883,8 +16041,7 @@ CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and
earlier does not configure
NOT-FOR-US: Jenkins Chef Sinatra Plugin
CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and
earlier use ...)
NOT-FOR-US: Jenkins Pipeline: Multibranch Plugin
-CVE-2022-25169 [BPGParser Memory Usage DoS]
- RESERVED
+CVE-2022-25169 (The BPG parser in versions of Apache Tika before 1.28.2 and
2.4.0 may ...)
- tika <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/4
CVE-2022-25168
@@ -16548,8 +16705,8 @@ CVE-2022-24977 (ImpressCMS before 1.4.2 allows
unauthenticated remote code execu
NOT-FOR-US: ImpressCMS
CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior
to 5.3 ...)
- snipe-it <itp> (bug #1005172)
-CVE-2022-0578
- RESERVED
+CVE-2022-0578 (Code Injection in GitHub repository publify/publify prior to
9.2.8. ...)
+ TODO: check
CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction
with InspI ...)
- atheme-services 7.2.12-1
[bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via
point release)
@@ -16567,11 +16724,12 @@ CVE-2022-0576 (Cross-site Scripting (XSS) - Generic
in Packagist librenms/libren
NOT-FOR-US: LibreNMS
CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist
librenms/librenms pri ...)
NOT-FOR-US: LibreNMS
-CVE-2022-0574
- RESERVED
-CVE-2022-0573
- RESERVED
+CVE-2022-0574 (Improper Access Control in GitHub repository publify/publify
prior to ...)
+ TODO: check
+CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to
Insecure ...)
+ TODO: check
CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
+ {DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -18725,6 +18883,7 @@ CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR
(DSGVO) & ePrivacy Coo
CVE-2022-0444
RESERVED
CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -19264,6 +19423,7 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before
10.6.2 allows an application
CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to
16.0. ...)
- dolibarr <removed>
CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -20303,6 +20463,7 @@ CVE-2022-23865 (Nyron 1.0 is affected by a SQL
injection vulnerability through N
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior
to 0.6 ...)
NOT-FOR-US: calibre-web
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub
repository ...)
+ {DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -22483,6 +22644,7 @@ CVE-2022-0263 (Unrestricted Upload of File with
Dangerous Type in Packagist pimc
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist
pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
+ {DLA-3011-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -38352,7 +38514,7 @@ CVE-2021-42968
CVE-2021-42967 (Unrestricted file upload in
/novel-admin/src/main/java/com/java2nb/com ...)
NOT-FOR-US: Novel-plus
CVE-2021-42966
- RESERVED
+ REJECTED
CVE-2021-42965
RESERVED
CVE-2021-42964
@@ -38504,8 +38666,8 @@ CVE-2021-42899
RESERVED
CVE-2021-42898
RESERVED
-CVE-2021-42897
- RESERVED
+CVE-2021-42897 (A remote command execution (RCE) vulnerability was found in
FeMiner wm ...)
+ TODO: check
CVE-2021-42896
RESERVED
CVE-2021-42895
@@ -38558,8 +38720,8 @@ CVE-2021-42872
RESERVED
CVE-2021-42871
RESERVED
-CVE-2021-42870
- RESERVED
+CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when
processing ...)
+ TODO: check
CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista
Patient ...)
NOT-FOR-US: Chikista Patient Management Software
CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista
Patient ...)
@@ -42159,7 +42321,7 @@ CVE-2021-41929 (Cross Site Scripting (XSS) in
Sourcecodester The Electric Billin
CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing
Website ...)
NOT-FOR-US: Sourcecodester
CVE-2021-41927
- RESERVED
+ REJECTED
CVE-2021-41926
RESERVED
CVE-2021-41925
@@ -63402,8 +63564,8 @@ CVE-2021-33320 (The Flags module in Liferay Portal
7.3.1 and earlier, and Lifera
NOT-FOR-US: Liferay
CVE-2021-33319
RESERVED
-CVE-2021-33318
- RESERVED
+CVE-2021-33318 (An Input Validation Vulnerability exists in Joel Christner
.NET C# pac ...)
+ TODO: check
CVE-2021-33317 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version
2.0.2.S0 suf ...)
NOT-FOR-US: TRENDnet
CVE-2021-33316 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version
2.0.2.S0 suf ...)
@@ -64176,16 +64338,16 @@ CVE-2021-33026 (The Flask-Caching extension through
1.10.1 for Flask relies on P
- flask-caching <unfixed> (unimportant; bug #988916)
NOTE: https://github.com/sh4nks/flask-caching/pull/209
NOTE: Negligible security impact
-CVE-2021-33025
- RESERVED
+CVE-2021-33025 (xArrow SCADA versions 7.2 and prior permits unvalidated
registry keys ...)
+ TODO: check
CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or
stores authe ...)
NOT-FOR-US: Philips Vue PACS
CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to
a heap-b ...)
NOT-FOR-US: Advantech WebAccess
CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits
sensitive or se ...)
NOT-FOR-US: Philips Vue PACS
-CVE-2021-33021
- RESERVED
+CVE-2021-33021 (xArrow SCADA versions 7.2 and prior is vulnerable to
cross-site script ...)
+ TODO: check
CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a
cryptographic key ...)
NOT-FOR-US: Philips Vue PACS
CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta
Electronics DOPSo ...)
@@ -64224,8 +64386,8 @@ CVE-2021-33003 (Delta Electronics DIAEnergie Version
1.7.5 and prior may allow a
NOT-FOR-US: Delta Electronics
CVE-2021-33002 (Opening a maliciously crafted project file may cause an
out-of-bounds ...)
NOT-FOR-US: WebAccess HMI Designer
-CVE-2021-33001
- RESERVED
+CVE-2021-33001 (xArrow SCADA versions 7.2 and prior is vulnerable to
cross-site script ...)
+ TODO: check
CVE-2021-33000 (Parsing a maliciously crafted project file may cause a
heap-based buff ...)
NOT-FOR-US: WebAccess HMI Designer
CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink
server while ...)
@@ -78759,16 +78921,16 @@ CVE-2021-27448 (A miscommunication in the file system
allows adversaries with ac
NOT-FOR-US: GE
CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command
injection, ...)
NOT-FOR-US: Mesa Labs
-CVE-2021-27446
- RESERVED
+CVE-2021-27446 (The Weintek cMT product line is vulnerable to code injection,
which ma ...)
+ TODO: check
CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file
permissio ...)
NOT-FOR-US: Mesa Labs
-CVE-2021-27444
- RESERVED
+CVE-2021-27444 (The Weintek cMT product line is vulnerable to various improper
access ...)
+ TODO: check
CVE-2021-27443
RESERVED
-CVE-2021-27442
- RESERVED
+CVE-2021-27442 (The Weintek cMT product line is vulnerable to a cross-site
scripting v ...)
+ TODO: check
CVE-2021-27441
RESERVED
CVE-2021-27440 (The software contains a hard-coded password it uses for its
own inboun ...)
@@ -84822,8 +84984,8 @@ CVE-2021-25121
RESERVED
CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before
6.2.7 do no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25119
- RESERVED
+CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files
and automa ...)
+ TODO: check
CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full
internal ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25117
@@ -88971,12 +89133,12 @@ CVE-2021-23269
RESERVED
CVE-2021-23268
RESERVED
-CVE-2021-23267
- RESERVED
-CVE-2021-23266
- RESERVED
-CVE-2021-23265
- RESERVED
+CVE-2021-23267 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
+ TODO: check
+CVE-2021-23266 (An anonymous user can craft a URL with text that ends up in
the log vi ...)
+ TODO: check
+CVE-2021-23265 (A logged-in and authenticated user with a Reviewer Role may
lock a con ...)
+ TODO: check
CVE-2021-23264 (Installations, where crafter-search is not protected, allow
unauthenti ...)
NOT-FOR-US: Crafter CMS
CVE-2021-23263 (Unauthenticated remote attackers can read textual content via
FreeMark ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f4d8b4416247fbafe81a8a36338a968a6927bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f4d8b4416247fbafe81a8a36338a968a6927bc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
