Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1317d53e by security tracker role at 2022-06-09T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2022-32769
+ RESERVED
+CVE-2022-32768
+ RESERVED
+CVE-2022-32759
+ RESERVED
+CVE-2022-32758
+ RESERVED
+CVE-2022-32757
+ RESERVED
+CVE-2022-32756
+ RESERVED
+CVE-2022-32755
+ RESERVED
+CVE-2022-32754
+ RESERVED
+CVE-2022-32753
+ RESERVED
+CVE-2022-32752
+ RESERVED
+CVE-2022-32751
+ RESERVED
+CVE-2022-32750
+ RESERVED
+CVE-2022-32749
+ RESERVED
+CVE-2022-32748
+ RESERVED
+CVE-2022-32747
+ RESERVED
+CVE-2022-32746
+ RESERVED
+CVE-2022-32745
+ RESERVED
+CVE-2022-32744
+ RESERVED
+CVE-2022-32743
+ RESERVED
+CVE-2022-32742
+ RESERVED
+CVE-2022-32741
+ RESERVED
+CVE-2022-32740
+ RESERVED
+CVE-2022-32739
+ RESERVED
+CVE-2022-32573
+ RESERVED
+CVE-2022-30605
+ RESERVED
+CVE-2022-29886
+ RESERVED
+CVE-2022-29517
+ RESERVED
+CVE-2022-29511
+ RESERVED
+CVE-2022-29468
+ RESERVED
+CVE-2022-28703
+ RESERVED
+CVE-2022-27498
+ RESERVED
+CVE-2022-2039
+ RESERVED
+CVE-2022-2038
+ RESERVED
+CVE-2022-2037 (Excessive Attack Surface in GitHub repository tooljet/tooljet
prior to ...)
+ TODO: check
CVE-2022-32738
RESERVED
CVE-2022-32737
@@ -380,8 +448,8 @@ CVE-2022-28612
RESERVED
CVE-2022-25649
RESERVED
-CVE-2022-2035
- RESERVED
+CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in
the pla ...)
+ TODO: check
CVE-2022-2034
RESERVED
CVE-2022-2033
@@ -662,8 +730,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository
vim/vim prior to 8.2. ..
NOTE:
https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5
(v8.2.5063)
CVE-2022-1999
RESERVED
-CVE-2022-1998 [fanotify: Fix stale file descriptor in copy_event_to_user()]
- RESERVED
+CVE-2022-1998 (A use after free in the Linux kernel File System notify
functionality ...)
- linux 5.16.7-1
[bullseye] - linux 5.10.103-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1059,18 +1126,18 @@ CVE-2017-20018
RESERVED
CVE-2016-15002 (A vulnerability, which was classified as critical, was found
in MONyog ...)
NOT-FOR-US: MONyog Ultimate
-CVE-2019-25070
- RESERVED
-CVE-2019-25069
- RESERVED
-CVE-2019-25068
- RESERVED
-CVE-2019-25067
- RESERVED
-CVE-2019-25066
- RESERVED
-CVE-2019-25065
- RESERVED
+CVE-2019-25070 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
WolfCMS u ...)
+ TODO: check
+CVE-2019-25069 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2019-25068 (A vulnerability classified as critical was found in Axios
Italia Axios ...)
+ TODO: check
+CVE-2019-25067 (A vulnerability, which was classified as critical, was found
in Podman ...)
+ TODO: check
+CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified
as crit ...)
+ TODO: check
+CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been
rated as ...)
+ TODO: check
CVE-2018-25044
RESERVED
CVE-2018-25043
@@ -1127,8 +1194,8 @@ CVE-2020-36530 (A vulnerability classified as critical
was found in SevOne Netwo
NOT-FOR-US: SevOne Network Management System
CVE-2020-36529 (A vulnerability classified as critical has been found in
SevOne Networ ...)
NOT-FOR-US: SevOne Network Management System
-CVE-2019-25064
- RESERVED
+CVE-2019-25064 (A vulnerability was found in CoreHR Core Portal up to 27.0.7.
It has b ...)
+ TODO: check
CVE-2019-25063 (A vulnerability was found in Sricam IP CCTV Camera. It has
been classi ...)
NOT-FOR-US: Sricam IP CCTV Camera
CVE-2019-25062 (A vulnerability was found in Sricam IP CCTV Camera and
classified as c ...)
@@ -1176,8 +1243,8 @@ CVE-2022-32274
RESERVED
CVE-2022-32273 (As a result of an observable discrepancy in returned messages,
OPSWAT ...)
TODO: check
-CVE-2022-32272
- RESERVED
+CVE-2022-32272 (OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect
access co ...)
+ TODO: check
CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote
Arbitrary Code ...)
NOT-FOR-US: Real Player
CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import()
allows do ...)
@@ -2188,14 +2255,14 @@ CVE-2022-31832
RESERVED
CVE-2022-31831
RESERVED
-CVE-2022-31830
- RESERVED
+CVE-2022-31830 (Kity Minder v1.3.5 was discovered to contain a Server-Side
Request For ...)
+ TODO: check
CVE-2022-31829
RESERVED
CVE-2022-31828
RESERVED
-CVE-2022-31827
- RESERVED
+CVE-2022-31827 (MonstaFTP v2.10.3 was discovered to contain a Server-Side
Request Forg ...)
+ TODO: check
CVE-2022-31826
RESERVED
CVE-2022-31825
@@ -3610,22 +3677,22 @@ CVE-2022-31395
RESERVED
CVE-2022-31394
RESERVED
-CVE-2022-31393
- RESERVED
+CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side
Request Forger ...)
+ TODO: check
CVE-2022-31392
RESERVED
CVE-2022-31391
RESERVED
-CVE-2022-31390
- RESERVED
+CVE-2022-31390 (Jizhicms v2.2.5 was discovered to contain a Server-Side
Request Forger ...)
+ TODO: check
CVE-2022-31389
RESERVED
CVE-2022-31388
RESERVED
CVE-2022-31387
RESERVED
-CVE-2022-31386
- RESERVED
+CVE-2022-31386 (A Server-Side Request Forgery (SSRF) in the getFileBinary
function of ...)
+ TODO: check
CVE-2022-31385
RESERVED
CVE-2022-31384
@@ -4078,8 +4145,7 @@ CVE-2022-1798
RESERVED
CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is
temporarily turn ...)
NOT-FOR-US: Goverlan
-CVE-2022-31214 [local root exploit reachable via --join logic]
- RESERVED
+CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c
in Fireja ...)
- firejail 0.9.68-4 (bug #1012510)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10
NOTE:
https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50
@@ -5390,8 +5456,8 @@ CVE-2022-30762
RESERVED
CVE-2022-30761
RESERVED
-CVE-2022-30760
- RESERVED
+CVE-2022-30760 (An Insecure Direct Object Reference (IDOR) issue in fn2Web in
ihb eG F ...)
+ TODO: check
CVE-2022-30759
RESERVED
CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows
remote ...)
@@ -6709,7 +6775,7 @@ CVE-2022-1590 (A vulnerability was found in Bludit
3.13.1. It has been declared
NOT-FOR-US: Bludit
CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does
not prope ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-30292 (thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain
sq_reserv ...)
+CVE-2022-30292 (Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2
due to lac ...)
- squirrel3 <unfixed>
[bullseye] - squirrel3 <no-dsa> (Minor issue)
[buster] - squirrel3 <no-dsa> (Minor issue)
@@ -18051,20 +18117,17 @@ CVE-2022-0836 (The SEMA API WordPress plugin before
4.02 does not properly sanit
NOT-FOR-US: WordPress plugin
CVE-2022-26365
RESERVED
-CVE-2022-26364
- RESERVED
+CVE-2022-26364 (x86 pv: Insufficient care with non-coherent mappings T[his CNA
informa ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-402.html
-CVE-2022-26363
- RESERVED
+CVE-2022-26363 (x86 pv: Insufficient care with non-coherent mappings T[his CNA
informa ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-402.html
-CVE-2022-26362 [x86 pv: Race condition in typeref acquisition]
- RESERVED
+CVE-2022-26362 (x86 pv: Race condition in typeref acquisition Xen maintains a
type ref ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
@@ -28592,8 +28655,8 @@ CVE-2022-23140
RESERVED
CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control
vulnerabil ...)
NOT-FOR-US: ZTE ZXMP M721
-CVE-2022-23138
- RESERVED
+CVE-2022-23138 (ZTE's MF297D product has cryptographic issues vulnerability.
Due to th ...)
+ TODO: check
CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The
attacker c ...)
NOT-FOR-US: ZXCDN
CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway
product. An at ...)
@@ -38190,6 +38253,7 @@ CVE-2021-4024 (A flaw was found in podman. The `podman
machine` function (used t
NOTE: Fixed by:
https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48
(main)
NOTE: Fixed by:
https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a
(v3.4.3)
CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can
get a CSR ...)
+ {DLA-3049-1}
- mailman <removed>
[buster] - mailman 1:2.1.29-1+deb10u4
NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
@@ -41947,6 +42011,7 @@ CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows
XSS via the Group Name o
CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices
does not r ...)
NOT-FOR-US: Datalogic
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the
Cgi/admindb.py ad ...)
+ {DLA-3049-1}
- mailman <removed> (bug #1000367)
[buster] - mailman 1:2.1.29-1+deb10u3
NOTE:
https://mail.python.org/archives/list/[email protected]/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
@@ -41954,6 +42019,7 @@ CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF
token for the Cgi/admindb
NOTE:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1876 (2.1.36)
NOTE: Regression fix:
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1878 (2.1.37)
CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the
Cgi/options.py user ...)
+ {DLA-3049-1}
- mailman <removed> (bug #1000367)
[buster] - mailman 1:2.1.29-1+deb10u3
NOTE:
https://mail.python.org/archives/list/[email protected]/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
@@ -50285,8 +50351,8 @@ CVE-2021-40963
RESERVED
CVE-2021-40962
RESERVED
-CVE-2021-40961
- RESERVED
+CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected by SQL injection in
modules/Ne ...)
+ TODO: check
CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal
vulnerabil ...)
NOT-FOR-US: Galera WebTemplate
CVE-2021-40959
@@ -51005,8 +51071,8 @@ CVE-2021-40670 (SQL Injection vulnerability exists in
Wuzhi CMS 4.1.0 via the ke
NOT-FOR-US: Wuzhi CMS
CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the
keywords ...)
NOT-FOR-US: Wuzhi CMS
-CVE-2021-40668
- RESERVED
+CVE-2021-40668 (The Android application HTTP File Server (Version 1.4.1) by
'slowscrip ...)
+ TODO: check
CVE-2021-40667
RESERVED
CVE-2021-40666
@@ -51127,8 +51193,8 @@ CVE-2021-40612 (An issue was discovered in Opmantek
Open-AudIT after 3.5.0. With
NOT-FOR-US: Opmantek Open-AudIT
CVE-2021-40611
RESERVED
-CVE-2021-40610
- RESERVED
+CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro
background m ...)
+ TODO: check
CVE-2021-40609
RESERVED
CVE-2021-40608
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1317d53e93197e84f3320af1c448b9a1b9e525ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1317d53e93197e84f3320af1c448b9a1b9e525ba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
