Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
673fc2da by security tracker role at 2022-05-23T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,459 @@
+CVE-2022-31470
+ RESERVED
+CVE-2022-31469
+ RESERVED
+CVE-2022-31468
+ RESERVED
+CVE-2022-31467 (Quick Heal Total Security before 12.1.1.27 allows DLL
hijacking during ...)
+ TODO: check
+CVE-2022-31466 (Quick Heal Total Security before 12.1.1.27 has a TOCTOU race
condition ...)
+ TODO: check
+CVE-2022-31465
+ RESERVED
+CVE-2022-31464
+ RESERVED
+CVE-2022-31463
+ RESERVED
+CVE-2022-31462
+ RESERVED
+CVE-2022-31461
+ RESERVED
+CVE-2022-31460
+ RESERVED
+CVE-2022-31459
+ RESERVED
+CVE-2022-31458
+ RESERVED
+CVE-2022-31457
+ RESERVED
+CVE-2022-31456
+ RESERVED
+CVE-2022-31455
+ RESERVED
+CVE-2022-31454
+ RESERVED
+CVE-2022-31453
+ RESERVED
+CVE-2022-31452
+ RESERVED
+CVE-2022-31451
+ RESERVED
+CVE-2022-31450
+ RESERVED
+CVE-2022-31449
+ RESERVED
+CVE-2022-31448
+ RESERVED
+CVE-2022-31447
+ RESERVED
+CVE-2022-31446
+ RESERVED
+CVE-2022-31445
+ RESERVED
+CVE-2022-31444
+ RESERVED
+CVE-2022-31443
+ RESERVED
+CVE-2022-31442
+ RESERVED
+CVE-2022-31441
+ RESERVED
+CVE-2022-31440
+ RESERVED
+CVE-2022-31439
+ RESERVED
+CVE-2022-31438
+ RESERVED
+CVE-2022-31437
+ RESERVED
+CVE-2022-31436
+ RESERVED
+CVE-2022-31435
+ RESERVED
+CVE-2022-31434
+ RESERVED
+CVE-2022-31433
+ RESERVED
+CVE-2022-31432
+ RESERVED
+CVE-2022-31431
+ RESERVED
+CVE-2022-31430
+ RESERVED
+CVE-2022-31429
+ RESERVED
+CVE-2022-31428
+ RESERVED
+CVE-2022-31427
+ RESERVED
+CVE-2022-31426
+ RESERVED
+CVE-2022-31425
+ RESERVED
+CVE-2022-31424
+ RESERVED
+CVE-2022-31423
+ RESERVED
+CVE-2022-31422
+ RESERVED
+CVE-2022-31421
+ RESERVED
+CVE-2022-31420
+ RESERVED
+CVE-2022-31419
+ RESERVED
+CVE-2022-31418
+ RESERVED
+CVE-2022-31417
+ RESERVED
+CVE-2022-31416
+ RESERVED
+CVE-2022-31415
+ RESERVED
+CVE-2022-31414
+ RESERVED
+CVE-2022-31413
+ RESERVED
+CVE-2022-31412
+ RESERVED
+CVE-2022-31411
+ RESERVED
+CVE-2022-31410
+ RESERVED
+CVE-2022-31409
+ RESERVED
+CVE-2022-31408
+ RESERVED
+CVE-2022-31407
+ RESERVED
+CVE-2022-31406
+ RESERVED
+CVE-2022-31405
+ RESERVED
+CVE-2022-31404
+ RESERVED
+CVE-2022-31403
+ RESERVED
+CVE-2022-31402
+ RESERVED
+CVE-2022-31401
+ RESERVED
+CVE-2022-31400
+ RESERVED
+CVE-2022-31399
+ RESERVED
+CVE-2022-31398
+ RESERVED
+CVE-2022-31397
+ RESERVED
+CVE-2022-31396
+ RESERVED
+CVE-2022-31395
+ RESERVED
+CVE-2022-31394
+ RESERVED
+CVE-2022-31393
+ RESERVED
+CVE-2022-31392
+ RESERVED
+CVE-2022-31391
+ RESERVED
+CVE-2022-31390
+ RESERVED
+CVE-2022-31389
+ RESERVED
+CVE-2022-31388
+ RESERVED
+CVE-2022-31387
+ RESERVED
+CVE-2022-31386
+ RESERVED
+CVE-2022-31385
+ RESERVED
+CVE-2022-31384
+ RESERVED
+CVE-2022-31383
+ RESERVED
+CVE-2022-31382
+ RESERVED
+CVE-2022-31381
+ RESERVED
+CVE-2022-31380
+ RESERVED
+CVE-2022-31379
+ RESERVED
+CVE-2022-31378
+ RESERVED
+CVE-2022-31377
+ RESERVED
+CVE-2022-31376
+ RESERVED
+CVE-2022-31375
+ RESERVED
+CVE-2022-31374
+ RESERVED
+CVE-2022-31373
+ RESERVED
+CVE-2022-31372
+ RESERVED
+CVE-2022-31371
+ RESERVED
+CVE-2022-31370
+ RESERVED
+CVE-2022-31369
+ RESERVED
+CVE-2022-31368
+ RESERVED
+CVE-2022-31367
+ RESERVED
+CVE-2022-31366
+ RESERVED
+CVE-2022-31365
+ RESERVED
+CVE-2022-31364
+ RESERVED
+CVE-2022-31363
+ RESERVED
+CVE-2022-31362
+ RESERVED
+CVE-2022-31361
+ RESERVED
+CVE-2022-31360
+ RESERVED
+CVE-2022-31359
+ RESERVED
+CVE-2022-31358
+ RESERVED
+CVE-2022-31357
+ RESERVED
+CVE-2022-31356
+ RESERVED
+CVE-2022-31355
+ RESERVED
+CVE-2022-31354
+ RESERVED
+CVE-2022-31353
+ RESERVED
+CVE-2022-31352
+ RESERVED
+CVE-2022-31351
+ RESERVED
+CVE-2022-31350
+ RESERVED
+CVE-2022-31349
+ RESERVED
+CVE-2022-31348
+ RESERVED
+CVE-2022-31347
+ RESERVED
+CVE-2022-31346
+ RESERVED
+CVE-2022-31345
+ RESERVED
+CVE-2022-31344
+ RESERVED
+CVE-2022-31343
+ RESERVED
+CVE-2022-31342
+ RESERVED
+CVE-2022-31341
+ RESERVED
+CVE-2022-31340
+ RESERVED
+CVE-2022-31339
+ RESERVED
+CVE-2022-31338
+ RESERVED
+CVE-2022-31337
+ RESERVED
+CVE-2022-31336
+ RESERVED
+CVE-2022-31335
+ RESERVED
+CVE-2022-31334
+ RESERVED
+CVE-2022-31333
+ RESERVED
+CVE-2022-31332
+ RESERVED
+CVE-2022-31331
+ RESERVED
+CVE-2022-31330
+ RESERVED
+CVE-2022-31329
+ RESERVED
+CVE-2022-31328
+ RESERVED
+CVE-2022-31327
+ RESERVED
+CVE-2022-31326
+ RESERVED
+CVE-2022-31325
+ RESERVED
+CVE-2022-31324
+ RESERVED
+CVE-2022-31323
+ RESERVED
+CVE-2022-31322
+ RESERVED
+CVE-2022-31321
+ RESERVED
+CVE-2022-31320
+ RESERVED
+CVE-2022-31319
+ RESERVED
+CVE-2022-31318
+ RESERVED
+CVE-2022-31317
+ RESERVED
+CVE-2022-31316
+ RESERVED
+CVE-2022-31315
+ RESERVED
+CVE-2022-31314
+ RESERVED
+CVE-2022-31313
+ RESERVED
+CVE-2022-31312
+ RESERVED
+CVE-2022-31311
+ RESERVED
+CVE-2022-31310
+ RESERVED
+CVE-2022-31309
+ RESERVED
+CVE-2022-31308
+ RESERVED
+CVE-2022-31307
+ RESERVED
+CVE-2022-31306
+ RESERVED
+CVE-2022-31305
+ RESERVED
+CVE-2022-31304
+ RESERVED
+CVE-2022-31303
+ RESERVED
+CVE-2022-31302
+ RESERVED
+CVE-2022-31301
+ RESERVED
+CVE-2022-31300
+ RESERVED
+CVE-2022-31299
+ RESERVED
+CVE-2022-31298
+ RESERVED
+CVE-2022-31297
+ RESERVED
+CVE-2022-31296
+ RESERVED
+CVE-2022-31295
+ RESERVED
+CVE-2022-31294
+ RESERVED
+CVE-2022-31293
+ RESERVED
+CVE-2022-31292
+ RESERVED
+CVE-2022-31291
+ RESERVED
+CVE-2022-31290
+ RESERVED
+CVE-2022-31289
+ RESERVED
+CVE-2022-31288
+ RESERVED
+CVE-2022-31287
+ RESERVED
+CVE-2022-31286
+ RESERVED
+CVE-2022-31285
+ RESERVED
+CVE-2022-31284
+ RESERVED
+CVE-2022-31283
+ RESERVED
+CVE-2022-31282
+ RESERVED
+CVE-2022-31281
+ RESERVED
+CVE-2022-31280
+ RESERVED
+CVE-2022-31279
+ RESERVED
+CVE-2022-31278
+ RESERVED
+CVE-2022-31277
+ RESERVED
+CVE-2022-31276
+ RESERVED
+CVE-2022-31275
+ RESERVED
+CVE-2022-31274
+ RESERVED
+CVE-2022-31273
+ RESERVED
+CVE-2022-31272
+ RESERVED
+CVE-2022-31271
+ RESERVED
+CVE-2022-31270
+ RESERVED
+CVE-2022-30540
+ RESERVED
+CVE-2022-29488
+ RESERVED
+CVE-2022-28690
+ RESERVED
+CVE-2022-27184
+ RESERVED
+CVE-2022-1836
+ RESERVED
+CVE-2022-1835
+ RESERVED
+CVE-2022-1834
+ RESERVED
+CVE-2022-1833
+ RESERVED
+CVE-2022-1832
+ RESERVED
+CVE-2022-1831
+ RESERVED
+CVE-2022-1830
+ RESERVED
+CVE-2022-1829
+ RESERVED
+CVE-2022-1828
+ RESERVED
+CVE-2022-1827
+ RESERVED
+CVE-2022-1826
+ RESERVED
+CVE-2022-1825 (Cross-site Scripting (XSS) - Reflected in GitHub repository
collective ...)
+ TODO: check
+CVE-2022-1824
+ RESERVED
+CVE-2022-1823
+ RESERVED
+CVE-2022-1822
+ RESERVED
+CVE-2022-1821
+ RESERVED
+CVE-2022-1820
+ RESERVED
+CVE-2022-1819
+ RESERVED
+CVE-2022-1818
+ RESERVED
+CVE-2022-1817 (A vulnerability, which was classified as problematic, was found
in Bad ...)
+ TODO: check
+CVE-2022-1816 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2022-1815
+ RESERVED
+CVE-2022-1814
+ RESERVED
CVE-2022-30549
RESERVED
CVE-2022-29524
@@ -8,10 +464,10 @@ CVE-2022-1813 (OS Command Injection in GitHub repository
yogeshojha/rengine prio
NOT-FOR-US: yogeshojha/rengine
CVE-2022-1812
RESERVED
-CVE-2022-1811
- RESERVED
-CVE-2022-1810
- RESERVED
+CVE-2022-1811 (Unrestricted Upload of File with Dangerous Type in GitHub
repository p ...)
+ TODO: check
+CVE-2022-1810 (Improper Access Control in GitHub repository publify/publify
prior to ...)
+ TODO: check
CVE-2022-31269
RESERVED
CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to
reading we ...)
@@ -2701,7 +3157,8 @@ CVE-2022-30261
RESERVED
CVE-2022-30260
RESERVED
-CVE-2022-1588 (Cross-site Scripting (XSS) in GitHub repository contao/contao
prior to ...)
+CVE-2022-1588
+ REJECTED
NOT-FOR-US: Contao
CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2
librar ...)
- pcre2 10.40-1
@@ -3069,8 +3526,8 @@ CVE-2022-1560 (The Amministrazione Aperta WordPress
plugin through 3.7.3 does no
NOT-FOR-US: WordPress plugin
CVE-2022-1559 (The Clipr WordPress plugin through 1.2.3 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1558
- RESERVED
+CVE-2022-1558 (The Curtain WordPress plugin through 1.0.2 does not sanitise
and escap ...)
+ TODO: check
CVE-2022-1557 (The ULeak Security & Monitoring WordPress plugin through
1.2.3 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1556
@@ -3134,8 +3591,8 @@ CVE-2022-1549
RESERVED
CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly
restric ...)
NOT-FOR-US: Mattermost Playbooks plugin
-CVE-2022-1547
- RESERVED
+CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does
not sanit ...)
+ TODO: check
CVE-2022-1546
RESERVED
CVE-2022-30114
@@ -3336,14 +3793,14 @@ CVE-2022-30019
RESERVED
CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has
Insufficiently Prote ...)
NOT-FOR-US: Mobotix Control Center (MxCC)
-CVE-2022-30017
- RESERVED
-CVE-2022-30016
- RESERVED
+CVE-2022-30017 (Rescue Dispatch Management System 1.0 suffers from Stored XSS,
leading ...)
+ TODO: check
+CVE-2022-30016 (Rescue Dispatch Management System 1.0 is vulnerable to
Incorrect Acces ...)
+ TODO: check
CVE-2022-30015
RESERVED
-CVE-2022-30014
- RESERVED
+CVE-2022-30014 (Lumidek Associates Simple Food Website 1.0 is vulnerable to
Cross Site ...)
+ TODO: check
CVE-2022-30013 (A stored cross-site scripting (XSS) vulnerability in the
upload functi ...)
NOT-FOR-US: totaljs CMS
CVE-2022-30012 (In the POST request of the appointment.php page of HMS v.0,
there are ...)
@@ -4617,8 +5074,8 @@ CVE-2019-25059 (Artifex Ghostscript through 9.26
mishandles .completefont. NOTE:
- ghostscript 9.27~dfsg-1
NOTE: Fixed by:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0
NOTE: Issue exists because of an incomplete fix for CVE-2019-3839
-CVE-2022-29599
- RESERVED
+CVE-2022-29599 (In Apache Maven maven-shared-utils prior to version 3.3.3, the
Command ...)
+ TODO: check
CVE-2022-1450
RESERVED
CVE-2022-1449
@@ -6094,8 +6551,8 @@ CVE-2022-1322
RESERVED
CVE-2022-1321
RESERVED
-CVE-2022-1320
- RESERVED
+CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not
properly san ...)
+ TODO: check
CVE-2022-29081 (Zoho ManageEngine Access Manager Plus before 4302, Password
Manager Pr ...)
NOT-FOR-US: ZOHO ManageEngine
CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js
allows c ...)
@@ -6300,8 +6757,8 @@ CVE-2022-1300 (Multiple Version of TRUMPF TruTops
products expose a service func
NOT-FOR-US: TRUMPF TruTops
CVE-2022-1299
RESERVED
-CVE-2022-1298
- RESERVED
+CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and
escape Ta ...)
+ TODO: check
CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in
GitHub repo ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac
@@ -6372,10 +6829,10 @@ CVE-2022-29007 (Multiple SQL injection vulnerabilities
via the username and pass
NOT-FOR-US: Dairy Farm Shop Management System
CVE-2022-29006 (Multiple SQL injection vulnerabilities via the username and
password p ...)
NOT-FOR-US: Directory Management System
-CVE-2022-29005
- RESERVED
-CVE-2022-29004
- RESERVED
+CVE-2022-29005 (Multiple cross-site scripting (XSS) vulnerabilities in the
component / ...)
+ TODO: check
+CVE-2022-29004 (Diary Management System v1.0 was discovered to contain a
cross-site sc ...)
+ TODO: check
CVE-2022-29003
RESERVED
CVE-2022-29002
@@ -6386,10 +6843,10 @@ CVE-2022-29000
RESERVED
CVE-2022-28999
RESERVED
-CVE-2022-28998
- RESERVED
-CVE-2022-28997
- RESERVED
+CVE-2022-28998 (Xlight FTP v3.9.3.2 was discovered to contain a stack-based
buffer ove ...)
+ TODO: check
+CVE-2022-28997 (CSZCMS v1.3.0 allows attackers to execute a Server-Side
Request Forger ...)
+ TODO: check
CVE-2022-28996
RESERVED
CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code
execution (RCE) ...)
@@ -6511,8 +6968,8 @@ CVE-2022-28946 (An issue in the component ast/parser.go
of Open Policy Agent v0.
NOT-FOR-US: Open Policy Agent
CVE-2022-28945
RESERVED
-CVE-2022-28944
- RESERVED
+CVE-2022-28944 (Certain EMCO Software products are affected by: CWE-494:
Download of C ...)
+ TODO: check
CVE-2022-28943
RESERVED
CVE-2022-28942
@@ -6535,8 +6992,8 @@ CVE-2022-28934
RESERVED
CVE-2022-28933
RESERVED
-CVE-2022-28932
- RESERVED
+CVE-2022-28932 (D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to
contain insecu ...)
+ TODO: check
CVE-2022-28931
RESERVED
CVE-2022-28930 (ERP-Pro v3.7.5 was discovered to contain a SQL injection
vulnerability ...)
@@ -6679,8 +7136,8 @@ CVE-2022-28876
RESERVED
CVE-2022-28875
RESERVED
-CVE-2022-28874
- RESERVED
+CVE-2022-28874 (Multiple Denial-of-Service vulnerabilities was discovered in
the F-Sec ...)
+ TODO: check
CVE-2022-28873 (A vulnerability affecting F-Secure SAFE browser was
discovered. An att ...)
NOT-FOR-US: F-Secure
CVE-2022-28872 (A vulnerability affecting F-Secure SAFE browser was
discovered. A mali ...)
@@ -7161,8 +7618,8 @@ CVE-2022-1270
RESERVED
CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1268
- RESERVED
+CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not
sanitise and e ...)
+ TODO: check
CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1266
@@ -7415,14 +7872,14 @@ CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac
prior to 2.1.0-DEV. ...)
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d
NOTE:
https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1
-CVE-2022-1221
- RESERVED
+CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3
does not s ...)
+ TODO: check
CVE-2022-1220
RESERVED
CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository
pimcore ...)
NOT-FOR-US: pimcore
-CVE-2022-1218
- RESERVED
+CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not
sanitise an ...)
+ TODO: check
CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through
1.1 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does
not sanit ...)
@@ -8289,8 +8746,8 @@ CVE-2022-1194
RESERVED
CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to
14.7.7, ...)
- gitlab <unfixed>
-CVE-2022-1192
- RESERVED
+CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not
saniti ...)
+ TODO: check
CVE-2021-46779
RESERVED
CVE-2021-46778
@@ -9677,8 +10134,8 @@ CVE-2022-1095
RESERVED
CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1093
- RESERVED
+CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise
or esc ...)
+ TODO: check
CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have
authorisation a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before
1.9.10 c ...)
@@ -11393,8 +11850,8 @@ CVE-2022-1015 (A flaw was found in the Linux kernel in
linux/net/netfilter/nf_ta
NOTE: Introduced by:
https://git.kernel.org/linus/49499c3e6e18b7677a63316f3ff54a16533dc28f (4.1-rc1)
NOTE: Exploitable after:
https://git.kernel.org/linus/345023b0db315648ccc3c1a36aee88304a8b4d91 (5.12-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/6e1acfa387b9ff82cfc7db8cc3b6959221a95851
-CVE-2022-1014
- RESERVED
+CVE-2022-1014 (The WP Contacts Manager WordPress plugin through 2.2.4 fails to
proper ...)
+ TODO: check
CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to
properl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1012
@@ -12744,8 +13201,8 @@ CVE-2022-0902
RESERVED
CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do
not sa ...)
NOT-FOR-US: WordPress plugins
-CVE-2022-0900
- RESERVED
+CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in
DivvyDrive's "aci ...)
+ TODO: check
CVE-2022-0899
RESERVED
CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise
and esca ...)
@@ -14527,8 +14984,8 @@ CVE-2022-0783 (The Multiple Shipping Address
Woocommerce WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise
and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0781
- RESERVED
+CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not
sanitise and ...)
+ TODO: check
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to
disable th ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0779
@@ -21530,8 +21987,8 @@ CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in
Packagist pimcore/pimcore
NOT-FOR-US: pimcore
CVE-2022-0347 (The LoginPress | Custom Login Page Customizer WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0346
- RESERVED
+CVE-2022-0346 (The XML Sitemap Generator for Google WordPress plugin before
2.0.4 doe ...)
+ TODO: check
CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin
before 1.8. ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -40543,10 +41000,10 @@ CVE-2021-42588
RESERVED
CVE-2021-42587
RESERVED
-CVE-2021-42586
- RESERVED
-CVE-2021-42585
- RESERVED
+CVE-2021-42586 (A heap buffer overflow was discovered in copy_bytes in
decode_r2007.c ...)
+ TODO: check
+CVE-2021-42585 (A heap buffer overflow was discovered in copy_compressed_bytes
in deco ...)
+ TODO: check
CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in
Convos-Chat before ...)
NOT-FOR-US: Convos-Chat
CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max
Mazurov Maddy ...)
@@ -42669,8 +43126,8 @@ CVE-2021-42235 (SQL injection in osTicket before 1.14.8
and 1.15.4 login and pas
NOT-FOR-US: osTicket
CVE-2021-42234
RESERVED
-CVE-2021-42233
- RESERVED
+CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to
stored cros ...)
+ TODO: check
CVE-2021-42232
RESERVED
CVE-2021-42231
@@ -43404,7 +43861,7 @@ CVE-2021-41947 (A SQL injection vulnerability exists in
Subrion CMS v4.2.1 in th
NOT-FOR-US: Subrion CMS
CVE-2021-41946 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site
scripting ...)
NOT-FOR-US: FiberHome VDSL2 Modem
-CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper
input valida ...)
+CVE-2021-41945 (Encode OSS httpx < 0.23.0 is affected by improper input
validation ...)
- httpx <unfixed> (bug #1010336)
NOTE: https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
NOTE: https://github.com/encode/httpx/discussions/1831
@@ -44038,8 +44495,8 @@ CVE-2021-41715 (libsixel 1.10.0 is vulnerable to Use
after free in libsixel/src/
NOTE:
https://github.com/libsixel/libsixel/commit/d299d67c532a5133a57aade5c35ff8e612c73dd8
(1.10.1)
NOTE: https://github.com/libsixel/libsixel/pull/28
NOTE: https://github.com/libsixel/libsixel/issues/27
-CVE-2021-41714
- RESERVED
+CVE-2021-41714 (In Tipask < 3.5.9, path parameters entered by the user are
not vali ...)
+ TODO: check
CVE-2021-41713
RESERVED
CVE-2021-41712
@@ -65660,8 +66117,8 @@ CVE-2021-32943 (The affected product is vulnerable to a
stack-based buffer overf
NOT-FOR-US: WebAccess/SCADA
CVE-2021-32942 (The vulnerability could expose cleartext credentials from
AVEVA InTouc ...)
NOT-FOR-US: AVEVA InTouch Runtime
-CVE-2021-32941
- RESERVED
+CVE-2021-32941 (Annke N48PBB (Network Video Recorder) products of version
3.4.106 buil ...)
+ TODO: check
CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering
procedur ...)
NOT-FOR-US: Open Design Alliance
CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is
vulnerable t ...)
@@ -65672,8 +66129,8 @@ CVE-2021-32937 (An attacker can gain knowledge of a
session temporary working fo
NOT-FOR-US: Auvesy-MDT
CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering
procedu ...)
NOT-FOR-US: Open Design Alliance
-CVE-2021-32935
- RESERVED
+CVE-2021-32935 (The affected Cognex product, the In-Sight OPC Server versions
v5.7.4 ( ...)
+ TODO: check
CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions
before 3.1.5 ...)
NOT-FOR-US: ThroughTek P2P SDK
CVE-2021-32933 (An attacker could leverage an API to pass along a malicious
file that ...)
@@ -126989,7 +127446,7 @@ CVE-2020-20904
CVE-2020-20903
RESERVED
CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in
long_term_filter ...)
- {DSA-4722-1}
+ {DSA-4722-1 DLA-3010-1}
- ffmpeg 7:4.2.2-1
NOTE: https://trac.ffmpeg.org/ticket/8176
NOTE:
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd
(4.3)
@@ -228913,7 +229370,7 @@ CVE-2018-20197 (There is a stack-based buffer
underflow in the third instance of
NOTE: very similar to CVE-2018-20194, same fix:
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20196 (There is a stack-based buffer overflow in the third instance
of the ca ...)
- {DSA-5109-1 DLA-1899-1}
+ {DSA-5109-1 DSA-4522-1 DLA-1899-1}
- faad2 2.8.8-3.1 (low)
NOTE: https://github.com/knik0/faad2/issues/19
NOTE:
https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
@@ -288650,7 +289107,7 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when
generating an HTTP Digest a
- apache2 2.4.33-1
NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a
use-after-fre ...)
- {DSA-4814-1}
+ {DSA-4814-1 DLA-2498-1}
- xerces-c 3.2.3+debian-2 (bug #947431)
[jessie] - xerces-c <postponed> (slow upstream interest, proper fix
likely to break ABI compatibility)
NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673fc2da79c9ab2ee9048ba6c248d77a0534d1f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/673fc2da79c9ab2ee9048ba6c248d77a0534d1f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
