Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0df9630e by security tracker role at 2022-06-13T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,451 @@
+CVE-2022-33187
+ RESERVED
+CVE-2022-33186
+ RESERVED
+CVE-2022-33185
+ RESERVED
+CVE-2022-33184
+ RESERVED
+CVE-2022-33183
+ RESERVED
+CVE-2022-33182
+ RESERVED
+CVE-2022-33181
+ RESERVED
+CVE-2022-33180
+ RESERVED
+CVE-2022-33179
+ RESERVED
+CVE-2022-33178
+ RESERVED
+CVE-2022-33175 (Power Distribution Units running on Powertek firmware
(multiple brands ...)
+ TODO: check
+CVE-2022-33174 (Power Distribution Units running on Powertek firmware
(multiple brands ...)
+ TODO: check
+CVE-2022-33173
+ RESERVED
+CVE-2022-33172
+ RESERVED
+CVE-2022-33171
+ RESERVED
+CVE-2022-33170
+ RESERVED
+CVE-2022-33169
+ RESERVED
+CVE-2022-33168
+ RESERVED
+CVE-2022-33167
+ RESERVED
+CVE-2022-33166
+ RESERVED
+CVE-2022-33165
+ RESERVED
+CVE-2022-33164
+ RESERVED
+CVE-2022-33163
+ RESERVED
+CVE-2022-33162
+ RESERVED
+CVE-2022-33161
+ RESERVED
+CVE-2022-33160
+ RESERVED
+CVE-2022-33159
+ RESERVED
+CVE-2022-33158
+ RESERVED
+CVE-2022-33157
+ RESERVED
+CVE-2022-33156
+ RESERVED
+CVE-2022-33155
+ RESERVED
+CVE-2022-33154
+ RESERVED
+CVE-2022-33153
+ RESERVED
+CVE-2022-33152
+ RESERVED
+CVE-2022-33149
+ RESERVED
+CVE-2022-33148
+ RESERVED
+CVE-2022-33147
+ RESERVED
+CVE-2022-33140
+ RESERVED
+CVE-2022-33139
+ RESERVED
+CVE-2022-33138
+ RESERVED
+CVE-2022-33137
+ RESERVED
+CVE-2022-33136
+ RESERVED
+CVE-2022-33135
+ RESERVED
+CVE-2022-33134
+ RESERVED
+CVE-2022-33133
+ RESERVED
+CVE-2022-33132
+ RESERVED
+CVE-2022-33131
+ RESERVED
+CVE-2022-33130
+ RESERVED
+CVE-2022-33129
+ RESERVED
+CVE-2022-33128
+ RESERVED
+CVE-2022-33127
+ RESERVED
+CVE-2022-33126
+ RESERVED
+CVE-2022-33125
+ RESERVED
+CVE-2022-33124
+ RESERVED
+CVE-2022-33123
+ RESERVED
+CVE-2022-33122
+ RESERVED
+CVE-2022-33121
+ RESERVED
+CVE-2022-33120
+ RESERVED
+CVE-2022-33119
+ RESERVED
+CVE-2022-33118
+ RESERVED
+CVE-2022-33117
+ RESERVED
+CVE-2022-33116
+ RESERVED
+CVE-2022-33115
+ RESERVED
+CVE-2022-33114
+ RESERVED
+CVE-2022-33113
+ RESERVED
+CVE-2022-33112
+ RESERVED
+CVE-2022-33111
+ RESERVED
+CVE-2022-33110
+ RESERVED
+CVE-2022-33109
+ RESERVED
+CVE-2022-33108
+ RESERVED
+CVE-2022-33107
+ RESERVED
+CVE-2022-33106
+ RESERVED
+CVE-2022-33105
+ RESERVED
+CVE-2022-33104
+ RESERVED
+CVE-2022-33103
+ RESERVED
+CVE-2022-33102
+ RESERVED
+CVE-2022-33101
+ RESERVED
+CVE-2022-33100
+ RESERVED
+CVE-2022-33099
+ RESERVED
+CVE-2022-33098
+ RESERVED
+CVE-2022-33097
+ RESERVED
+CVE-2022-33096
+ RESERVED
+CVE-2022-33095
+ RESERVED
+CVE-2022-33094
+ RESERVED
+CVE-2022-33093
+ RESERVED
+CVE-2022-33092
+ RESERVED
+CVE-2022-33091
+ RESERVED
+CVE-2022-33090
+ RESERVED
+CVE-2022-33089
+ RESERVED
+CVE-2022-33088
+ RESERVED
+CVE-2022-33087
+ RESERVED
+CVE-2022-33086
+ RESERVED
+CVE-2022-33085
+ RESERVED
+CVE-2022-33084
+ RESERVED
+CVE-2022-33083
+ RESERVED
+CVE-2022-33082
+ RESERVED
+CVE-2022-33081
+ RESERVED
+CVE-2022-33080
+ RESERVED
+CVE-2022-33079
+ RESERVED
+CVE-2022-33078
+ RESERVED
+CVE-2022-33077
+ RESERVED
+CVE-2022-33076
+ RESERVED
+CVE-2022-33075
+ RESERVED
+CVE-2022-33074
+ RESERVED
+CVE-2022-33073
+ RESERVED
+CVE-2022-33072
+ RESERVED
+CVE-2022-33071
+ RESERVED
+CVE-2022-33070
+ RESERVED
+CVE-2022-33069
+ RESERVED
+CVE-2022-33068
+ RESERVED
+CVE-2022-33067
+ RESERVED
+CVE-2022-33066
+ RESERVED
+CVE-2022-33065
+ RESERVED
+CVE-2022-33064
+ RESERVED
+CVE-2022-33063
+ RESERVED
+CVE-2022-33062
+ RESERVED
+CVE-2022-33061
+ RESERVED
+CVE-2022-33060
+ RESERVED
+CVE-2022-33059
+ RESERVED
+CVE-2022-33058
+ RESERVED
+CVE-2022-33057
+ RESERVED
+CVE-2022-33056
+ RESERVED
+CVE-2022-33055
+ RESERVED
+CVE-2022-33054
+ RESERVED
+CVE-2022-33053
+ RESERVED
+CVE-2022-33052
+ RESERVED
+CVE-2022-33051
+ RESERVED
+CVE-2022-33050
+ RESERVED
+CVE-2022-33049
+ RESERVED
+CVE-2022-33048
+ RESERVED
+CVE-2022-33047
+ RESERVED
+CVE-2022-33046
+ RESERVED
+CVE-2022-33045
+ RESERVED
+CVE-2022-33044
+ RESERVED
+CVE-2022-33043
+ RESERVED
+CVE-2022-33042
+ RESERVED
+CVE-2022-33041
+ RESERVED
+CVE-2022-33040
+ RESERVED
+CVE-2022-33039
+ RESERVED
+CVE-2022-33038
+ RESERVED
+CVE-2022-33037
+ RESERVED
+CVE-2022-33036
+ RESERVED
+CVE-2022-33035
+ RESERVED
+CVE-2022-33034
+ RESERVED
+CVE-2022-33033
+ RESERVED
+CVE-2022-33032
+ RESERVED
+CVE-2022-33031
+ RESERVED
+CVE-2022-33030
+ RESERVED
+CVE-2022-33029
+ RESERVED
+CVE-2022-33028
+ RESERVED
+CVE-2022-33027
+ RESERVED
+CVE-2022-33026
+ RESERVED
+CVE-2022-33025
+ RESERVED
+CVE-2022-33024
+ RESERVED
+CVE-2022-33023
+ RESERVED
+CVE-2022-33022
+ RESERVED
+CVE-2022-33021
+ RESERVED
+CVE-2022-33020
+ RESERVED
+CVE-2022-33019
+ RESERVED
+CVE-2022-33018
+ RESERVED
+CVE-2022-33017
+ RESERVED
+CVE-2022-33016
+ RESERVED
+CVE-2022-33015
+ RESERVED
+CVE-2022-33014
+ RESERVED
+CVE-2022-33013
+ RESERVED
+CVE-2022-33012
+ RESERVED
+CVE-2022-33011
+ RESERVED
+CVE-2022-33010
+ RESERVED
+CVE-2022-33009
+ RESERVED
+CVE-2022-33008
+ RESERVED
+CVE-2022-33007
+ RESERVED
+CVE-2022-33006
+ RESERVED
+CVE-2022-33005
+ RESERVED
+CVE-2022-33004
+ RESERVED
+CVE-2022-33003
+ RESERVED
+CVE-2022-33002
+ RESERVED
+CVE-2022-33001
+ RESERVED
+CVE-2022-33000
+ RESERVED
+CVE-2022-32999
+ RESERVED
+CVE-2022-32998
+ RESERVED
+CVE-2022-32997
+ RESERVED
+CVE-2022-32996
+ RESERVED
+CVE-2022-32995
+ RESERVED
+CVE-2022-32994
+ RESERVED
+CVE-2022-32993
+ RESERVED
+CVE-2022-32992
+ RESERVED
+CVE-2022-32991
+ RESERVED
+CVE-2022-32990
+ RESERVED
+CVE-2022-32989
+ RESERVED
+CVE-2022-32988
+ RESERVED
+CVE-2022-32987
+ RESERVED
+CVE-2022-32986
+ RESERVED
+CVE-2022-32761
+ RESERVED
+CVE-2022-32760
+ RESERVED
+CVE-2022-32572
+ RESERVED
+CVE-2022-32282
+ RESERVED
+CVE-2022-30547
+ RESERVED
+CVE-2022-30534
+ RESERVED
+CVE-2022-29477
+ RESERVED
+CVE-2022-29475
+ RESERVED
+CVE-2022-28710
+ RESERVED
+CVE-2022-27805
+ RESERVED
+CVE-2022-2072
+ RESERVED
+CVE-2022-2071
+ RESERVED
+CVE-2022-2070
+ RESERVED
+CVE-2022-2069
+ RESERVED
+CVE-2022-2068
+ RESERVED
+CVE-2022-2067 (SQL Injection in GitHub repository francoisjacquet/rosariosis
prior to ...)
+ TODO: check
+CVE-2022-2066 (Cross-site Scripting (XSS) - Reflected in GitHub repository
neorazorx/ ...)
+ TODO: check
+CVE-2022-2065 (Cross-site Scripting (XSS) - Stored in GitHub repository
neorazorx/fac ...)
+ TODO: check
+CVE-2022-2064 (Insufficient Session Expiration in GitHub repository
nocodb/nocodb pri ...)
+ TODO: check
+CVE-2022-2063 (Improper Privilege Management in GitHub repository
nocodb/nocodb prior ...)
+ TODO: check
+CVE-2022-2062 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
+CVE-2022-2061 (Heap-based Buffer Overflow in GitHub repository hpjansson/chafa
prior ...)
+ TODO: check
+CVE-2022-2060 (Cross-site Scripting (XSS) - Stored in GitHub repository
dolibarr/doli ...)
+ TODO: check
+CVE-2022-2059
+ RESERVED
+CVE-2021-46820
+ RESERVED
+CVE-2020-36546
+ RESERVED
+CVE-2020-36545
+ RESERVED
+CVE-2017-20056
+ RESERVED
+CVE-2017-20055
+ RESERVED
+CVE-2017-20054
+ RESERVED
+CVE-2017-20053
+ RESERVED
+CVE-2017-20052
+ RESERVED
CVE-2022-2058
RESERVED
CVE-2022-2057
@@ -484,12 +932,12 @@ CVE-2022-2040
RESERVED
CVE-2021-46819
RESERVED
-CVE-2021-46818
- RESERVED
-CVE-2021-46817
- RESERVED
-CVE-2021-46816
- RESERVED
+CVE-2021-46818 (Adobe Media Encoder version 15.4 (and earlier) are affected by
a memor ...)
+ TODO: check
+CVE-2021-46817 (Adobe Media Encoder version 15.4 (and earlier) are affected by
a memor ...)
+ TODO: check
+CVE-2021-46816 (Adobe Premiere Pro version 15.4 (and earlier) are affected by
a memory ...)
+ TODO: check
CVE-2022-32769
RESERVED
CVE-2022-32768
@@ -530,12 +978,12 @@ CVE-2022-32743
RESERVED
CVE-2022-32742
RESERVED
-CVE-2022-32741
- RESERVED
-CVE-2022-32740
- RESERVED
-CVE-2022-32739
- RESERVED
+CVE-2022-32741 (Attacker is able to determine if the provided username exists
(and it' ...)
+ TODO: check
+CVE-2022-32740 (A reply to a forwarded email article by a 3rd party could
unintensiona ...)
+ TODO: check
+CVE-2022-32739 (When Secure::DisableBanner system configuration has been
disabled and ...)
+ TODO: check
CVE-2022-32573
RESERVED
CVE-2022-30605
@@ -1256,16 +1704,16 @@ CVE-2022-1995
RESERVED
CVE-2022-1994
RESERVED
-CVE-2017-20045
- RESERVED
-CVE-2017-20044
- RESERVED
-CVE-2017-20043
- RESERVED
-CVE-2017-20042
- RESERVED
-CVE-2017-20041
- RESERVED
+CVE-2017-20045 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It
has been d ...)
+ TODO: check
+CVE-2017-20044 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It
has been c ...)
+ TODO: check
+CVE-2017-20043 (A vulnerability was found in Navetti PricePoint 4.6.0.0 and
classified ...)
+ TODO: check
+CVE-2017-20042 (A vulnerability has been found in Navetti PricePoint 4.6.0.0
and class ...)
+ TODO: check
+CVE-2017-20041 (A vulnerability was found in Ucweb UC Browser 11.2.5.932. It
has been ...)
+ TODO: check
CVE-2022-32452
RESERVED
CVE-2022-32451
@@ -1852,8 +2300,8 @@ CVE-2022-29926
RESERVED
CVE-2022-29512
RESERVED
-CVE-2022-1985
- RESERVED
+CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to
reflected C ...)
+ TODO: check
CVE-2022-1984
RESERVED
CVE-2022-1983
@@ -1962,8 +2410,8 @@ CVE-2022-1971
CVE-2022-1970
RESERVED
NOT-FOR-US: Keycloak
-CVE-2022-1969
- RESERVED
+CVE-2022-1969 (The Mobile browser color select plugin for WordPress is
vulnerable to ...)
+ TODO: check
CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
@@ -2138,8 +2586,8 @@ CVE-2022-29519
RESERVED
CVE-2022-1962
RESERVED
-CVE-2022-1961
- RESERVED
+CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is
vulnerable to ...)
+ TODO: check
CVE-2022-1960
RESERVED
CVE-2022-1959
@@ -3039,8 +3487,8 @@ CVE-2022-1919
RESERVED
- firefox 101.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-1919
-CVE-2022-1918
- RESERVED
+CVE-2022-1918 (The ToolBar to Share plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
CVE-2022-1917
RESERVED
CVE-2022-1916
@@ -3077,32 +3525,32 @@ CVE-2022-1903
RESERVED
CVE-2020-36528 (A vulnerability, which was classified as critical, was found
in Platin ...)
NOT-FOR-US: Platinum Mobile
-CVE-2022-31763
- RESERVED
-CVE-2022-31762
- RESERVED
-CVE-2022-31761
- RESERVED
-CVE-2022-31760
- RESERVED
-CVE-2022-31759
- RESERVED
-CVE-2022-31758
- RESERVED
-CVE-2022-31757
- RESERVED
-CVE-2022-31756
- RESERVED
-CVE-2022-31755
- RESERVED
-CVE-2022-31754
- RESERVED
-CVE-2022-31753
- RESERVED
-CVE-2022-31752
- RESERVED
-CVE-2022-31751
- RESERVED
+CVE-2022-31763 (The kernel module has the null pointer and out-of-bounds array
vulnera ...)
+ TODO: check
+CVE-2022-31762 (The AMS module has a vulnerability in input validation.
Successful exp ...)
+ TODO: check
+CVE-2022-31761 (Configuration defects in the secure OS module. Successful
exploitation ...)
+ TODO: check
+CVE-2022-31760 (Dialog boxes can still be displayed even if the screen is
locked in ca ...)
+ TODO: check
+CVE-2022-31759 (AppLink has a vulnerability of accessing uninitialized
pointers. Succe ...)
+ TODO: check
+CVE-2022-31758 (The kernel module has the race condition vulnerability.
Successful exp ...)
+ TODO: check
+CVE-2022-31757 (The setting module has a vulnerability of improper use of
APIs. Succes ...)
+ TODO: check
+CVE-2022-31756 (The fingerprint sensor module has design defects. Successful
exploitat ...)
+ TODO: check
+CVE-2022-31755 (The communication module has a vulnerability of improper
permission pr ...)
+ TODO: check
+CVE-2022-31754 (Logical defects in code implementation in some products.
Successful ex ...)
+ TODO: check
+CVE-2022-31753 (The voice wakeup module has a vulnerability of using
externally-contro ...)
+ TODO: check
+CVE-2022-31752 (Missing authorization vulnerability in the system components.
Successf ...)
+ TODO: check
+CVE-2022-31751 (The kernel emcom module has multi-thread contention.
Successful exploi ...)
+ TODO: check
CVE-2022-31750
RESERVED
CVE-2022-1902
@@ -3110,18 +3558,18 @@ CVE-2022-1902
NOT-FOR-US: StackRox Kubernetes Security Platform
CVE-2022-1901
RESERVED
-CVE-2022-1900
- RESERVED
-CVE-2021-46815
- RESERVED
-CVE-2021-46814
- RESERVED
-CVE-2021-46813
- RESERVED
-CVE-2021-46812
- RESERVED
-CVE-2021-46811
- RESERVED
+CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2021-46815 (Configuration defects in the secure OS module. Successful
exploitation ...)
+ TODO: check
+CVE-2021-46814 (The video framework has an out-of-bounds memory read/write
vulnerabili ...)
+ TODO: check
+CVE-2021-46813 (Vulnerability of residual files not being deleted after an
update in t ...)
+ TODO: check
+CVE-2021-46812 (The Device Manager has a vulnerability in multi-device
interaction. Su ...)
+ TODO: check
+CVE-2021-46811 (HwSEServiceAPP has a vulnerability in permission management.
Successfu ...)
+ TODO: check
CVE-2020-36527 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Atlassian
CVE-2020-36526 (A vulnerability classified as problematic was found in
Countdown Timer ...)
@@ -4203,12 +4651,12 @@ CVE-2022-31402 (ITOP v3.0.1 was discovered to contain a
cross-site scripting (XS
NOT-FOR-US: ITOP
CVE-2022-31401
RESERVED
-CVE-2022-31400
- RESERVED
+CVE-2022-31400 (A cross-site scripting (XSS) vulnerability in
/staff/setup/email-addre ...)
+ TODO: check
CVE-2022-31399
RESERVED
-CVE-2022-31398
- RESERVED
+CVE-2022-31398 (A cross-site scripting (XSS) vulnerability in
/staff/tools/custom-fiel ...)
+ TODO: check
CVE-2022-31397
RESERVED
CVE-2022-31396
@@ -4508,14 +4956,14 @@ CVE-2022-1824
RESERVED
CVE-2022-1823
RESERVED
-CVE-2022-1822
- RESERVED
+CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
-CVE-2022-1820
- RESERVED
+CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
CVE-2022-1819 (A vulnerability, which was classified as problematic, was found
in Stu ...)
NOT-FOR-US: Student Information System
CVE-2022-1818
@@ -4526,8 +4974,8 @@ CVE-2022-1816 (A vulnerability, which was classified as
problematic, has been fo
NOT-FOR-US: Zoo Management System
CVE-2022-1815 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1814
- RESERVED
+CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not
sanitise an ...)
+ TODO: check
CVE-2022-30549
RESERVED
CVE-2022-29524
@@ -4677,8 +5125,8 @@ CVE-2022-31216
RESERVED
CVE-2022-1801
RESERVED
-CVE-2022-1800
- RESERVED
+CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin
before 1.3.5 ...)
+ TODO: check
CVE-2022-1799
RESERVED
CVE-2022-1798
@@ -5010,8 +5458,8 @@ CVE-2022-31057
RESERVED
CVE-2022-31056
RESERVED
-CVE-2022-31055
- RESERVED
+CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag
(CTF) c ...)
+ TODO: check
CVE-2022-31054
RESERVED
CVE-2022-31053
@@ -5042,10 +5490,10 @@ CVE-2022-31042 (Guzzle is an open source PHP HTTP
client. In affected versions t
- guzzle <unfixed>
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
NOTE:
https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
(7.4.4)
-CVE-2022-31041
- RESERVED
-CVE-2022-31040
- RESERVED
+CVE-2022-31041 (Open Forms is an application for creating and publishing smart
forms. ...)
+ TODO: check
+CVE-2022-31040 (Open Forms is an application for creating and publishing smart
forms. ...)
+ TODO: check
CVE-2022-31039
RESERVED
CVE-2022-31038 (Gogs is an open source self-hosted Git service. In versions of
gogs pr ...)
@@ -5205,22 +5653,22 @@ CVE-2022-1795 (Use After Free in GitHub repository
gpac/gpac prior to v2.1.0-DEV
NOTE:
https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514
CVE-2022-1794
RESERVED
-CVE-2022-1793
- RESERVED
-CVE-2022-1792
- RESERVED
-CVE-2022-1791
- RESERVED
-CVE-2022-1790
- RESERVED
+CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF
check ...)
+ TODO: check
+CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not
have CSRF ...)
+ TODO: check
+CVE-2022-1791 (The One Click Plugin Updater WordPress plugin through 2.4.14
does not ...)
+ TODO: check
+CVE-2022-1790 (The New User Email Set Up WordPress plugin through 0.5.2 does
not have ...)
+ TODO: check
CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in
a call ...)
{DSA-5161-1}
- linux 5.17.11-1
NOTE:
https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76
-CVE-2022-1788
- RESERVED
-CVE-2022-1787
- RESERVED
+CVE-2022-1788 (Due to missing checks the Change Uploaded File Permissions
WordPress p ...)
+ TODO: check
+CVE-2022-1787 (The Sideblog WordPress plugin through 6.0 does not have CSRF
check in ...)
+ TODO: check
CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s
io_uring s ...)
{DSA-5161-1}
- linux 5.14.6-1
@@ -5242,16 +5690,16 @@ CVE-2022-1783 (An issue has been discovered in GitLab
CE/EE affecting all versio
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository
erudika/para ...)
NOT-FOR-US: erudika/para
-CVE-2022-1781
- RESERVED
-CVE-2022-1780
- RESERVED
-CVE-2022-1779
- RESERVED
+CVE-2022-1781 (The postTabs WordPress plugin through 2.10.6 does not have CSRF
check ...)
+ TODO: check
+CVE-2022-1780 (The LaTeX for WordPress plugin through 3.4.10 does not have
CSRF check ...)
+ TODO: check
+CVE-2022-1779 (The Auto Delete Posts WordPress plugin through 1.3.0 does not
have CSR ...)
+ TODO: check
CVE-2022-1778
RESERVED
-CVE-2022-1777
- RESERVED
+CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have
authorisation c ...)
+ TODO: check
CVE-2022-1776
RESERVED
CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed
gf_utf8_wcsl ...)
@@ -5275,10 +5723,10 @@ CVE-2022-1775 (Weak Password Requirements in GitHub
repository polonel/trudesk p
NOT-FOR-US: Trudesk
CVE-2022-1774 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1773
- RESERVED
-CVE-2022-1772
- RESERVED
+CVE-2022-1773 (The WP Athletics WordPress plugin through 1.1.7 does not
sanitise and ...)
+ TODO: check
+CVE-2022-1772 (The Google Places Reviews WordPress plugin before 2.0.0 does
not prope ...)
+ TODO: check
CVE-2022-1771 (Uncontrolled Recursion in GitHub repository vim/vim prior to
8.2.4975. ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb
@@ -5297,32 +5745,32 @@ CVE-2022-1769 (Buffer Over-read in GitHub repository
vim/vim prior to 8.2.4974.
NOTE: https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c
NOTE:
https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4
(v8.2.4974)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1768
- RESERVED
+CVE-2022-1768 (The RSVPMaker plugin for WordPress is vulnerable to
unauthenticated SQ ...)
+ TODO: check
CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository
jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1766
RESERVED
-CVE-2022-1765
- RESERVED
-CVE-2022-1764
- RESERVED
-CVE-2022-1763
- RESERVED
-CVE-2022-1762
- RESERVED
-CVE-2022-1761
- RESERVED
+CVE-2022-1765 (The Hot Linked Image Cacher WordPress plugin through 1.16 is
vulnerabl ...)
+ TODO: check
+CVE-2022-1764 (The WP-chgFontSize WordPress plugin through 1.8 does not have
CSRF che ...)
+ TODO: check
+CVE-2022-1763 (Due to missing checks the Static Page eXtended WordPress plugin
throug ...)
+ TODO: check
+CVE-2022-1762 (The iQ Block Country WordPress plugin through 1.2.13 does not
properly ...)
+ TODO: check
+CVE-2022-1761 (The Peter’s Collaboration E-mails WordPress plugin
through 2.2.0 ...)
+ TODO: check
CVE-2022-1760
RESERVED
-CVE-2022-1759
- RESERVED
-CVE-2022-1758
- RESERVED
+CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not
have CS ...)
+ TODO: check
+CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1
does not ...)
+ TODO: check
CVE-2022-1757
RESERVED
-CVE-2022-1756
- RESERVED
+CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize
and esc ...)
+ TODO: check
CVE-2022-1755
RESERVED
CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Storable ...)
@@ -5389,10 +5837,10 @@ CVE-2022-1752 (Unrestricted Upload of File with
Dangerous Type in GitHub reposit
NOT-FOR-US: Trudesk
CVE-2022-1751
RESERVED
-CVE-2022-1750
- RESERVED
-CVE-2022-1749
- RESERVED
+CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to
Cross-Site Requ ...)
+ TODO: check
CVE-2022-1748
RESERVED
CVE-2022-1747
@@ -5590,8 +6038,8 @@ CVE-2022-1725 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 8.
NOTE: https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c
NOTE:
https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c
(v8.2.4959)
NOTE: Negligible security impact; crash in CLI tool
-CVE-2022-1724
- RESERVED
+CVE-2022-1724 (The Simple Membership WordPress plugin before 4.1.1 does not
properly ...)
+ TODO: check
CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository
jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub
repositor ...)
@@ -6073,14 +6521,14 @@ CVE-2022-1712 (The LiveSync for WordPress plugin
through 1.0 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository
jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1710
- RESERVED
+CVE-2022-1710 (The Appointment Hour Booking WordPress plugin before 1.3.56
does not s ...)
+ TODO: check
CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1708 (A vulnerability was found in CRI-O that causes memory or disk
space ex ...)
- cri-o <itp> (bug #979702)
-CVE-2022-1707
- RESERVED
+CVE-2022-1707 (The Google Tag Manager for WordPress plugin for WordPress is
vulnerabl ...)
+ TODO: check
CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs
are acces ...)
- ignition <unfixed>
NOTE: https://github.com/coreos/ignition/issues/1300
@@ -6332,8 +6780,8 @@ CVE-2022-1696
RESERVED
CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1
does not p ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1694
- RESERVED
+CVE-2022-1694 (The Useful Banner Manager WordPress plugin through 1.6.1 does
not perf ...)
+ TODO: check
CVE-2022-1693
RESERVED
CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before
1.0.68 does ...)
@@ -6612,14 +7060,14 @@ CVE-2022-1661 (The affected products are vulnerable to
directory traversal, whic
NOT-FOR-US: Keysight N6854A and N6841A
CVE-2022-1660 (The affected products are vulnerable of untrusted data due to
deserial ...)
NOT-FOR-US: Keysight N6854A and N6841A
-CVE-2022-1659
- RESERVED
-CVE-2022-1658
- RESERVED
-CVE-2022-1657
- RESERVED
-CVE-2022-1656
- RESERVED
+CVE-2022-1659 (Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin
register ...)
+ TODO: check
+CVE-2022-1658 (Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow
arbitrar ...)
+ TODO: check
+CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX
(<= ...)
+ TODO: check
+CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow
any logge ...)
+ TODO: check
CVE-2022-1655
RESERVED
- horizon <unfixed>
@@ -6627,8 +7075,8 @@ CVE-2022-1655
[buster] - horizon <no-dsa> (Minor issue)
[stretch] - horizon <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2075681
-CVE-2022-1654
- RESERVED
+CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7
allow ...)
+ TODO: check
CVE-2022-1653
RESERVED
CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary
code on ...)
@@ -6754,8 +7202,8 @@ CVE-2022-1626
RESERVED
CVE-2022-1625
RESERVED
-CVE-2022-1624
- RESERVED
+CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does
not have ...)
+ TODO: check
CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based
Buffer Overfl ...)
NOT-FOR-US: D-Link
CVE-2022-30520
@@ -7239,14 +7687,14 @@ CVE-2022-30313
RESERVED
CVE-2022-30312
RESERVED
-CVE-2022-30311
- RESERVED
-CVE-2022-30310
- RESERVED
-CVE-2022-30309
- RESERVED
-CVE-2022-30308
- RESERVED
+CVE-2022-30311 (In Festo Controller CECC-X-M1 product family in multiple
versions, the ...)
+ TODO: check
+CVE-2022-30310 (In Festo Controller CECC-X-M1 product family in multiple
versions, the ...)
+ TODO: check
+CVE-2022-30309 (In Festo Controller CECC-X-M1 product family in multiple
versions, the ...)
+ TODO: check
+CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple
versions, the ...)
+ TODO: check
CVE-2022-30307
RESERVED
CVE-2022-30306
@@ -7279,24 +7727,24 @@ CVE-2022-1614
RESERVED
CVE-2022-1613
RESERVED
-CVE-2022-1612
- RESERVED
+CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not
have CSRF ...)
+ TODO: check
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not
protect i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1610
RESERVED
CVE-2022-1609
RESERVED
-CVE-2022-1608
- RESERVED
+CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does
not hav ...)
+ TODO: check
CVE-2022-1607
RESERVED
CVE-2022-1606
RESERVED
-CVE-2022-1605
- RESERVED
-CVE-2022-1604
- RESERVED
+CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have
CSRF chec ...)
+ TODO: check
+CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise
and esc ...)
+ TODO: check
CVE-2022-1603
RESERVED
CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use
predictable D ...)
@@ -7304,7 +7752,8 @@ CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc
through 0.9.33.2 use predict
NOTE:
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
NOTE:
https://mailman.openadk.org/mailman3/hyperkitty/list/[email protected]/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/
NOTE: src:uclibc switched to the uClibc-ng source codebase with the
1.0.20-1 upload.
-CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a
use-after-fre ...)
+CVE-2022-30294
+ REJECTED
{DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -7330,10 +7779,10 @@ CVE-2022-1597 (The WPQA Builder WordPress plugin before
5.4, used as a companion
NOT-FOR-US: WordPress plugin
CVE-2022-1596
RESERVED
-CVE-2022-1595
- RESERVED
-CVE-2022-1594
- RESERVED
+CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks
the secr ...)
+ TODO: check
+CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does
not have ...)
+ TODO: check
CVE-2022-1593
RESERVED
CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository
clinical-gen ...)
@@ -7852,8 +8301,8 @@ CVE-2022-1551
RESERVED
CVE-2022-1550
REJECTED
-CVE-2022-1549
- RESERVED
+CVE-2022-1549 (The WP Athletics WordPress plugin through 1.1.7 does not
sanitize para ...)
+ TODO: check
CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly
restric ...)
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does
not sanit ...)
@@ -8382,8 +8831,8 @@ CVE-2022-1533 (Buffer Over-read in GitHub repository
bfabiszewski/libmobi prior
- libmobi 0.11+dfsg-1 (bug #1011971)
NOTE: https://huntr.dev/bounties/cb574ce1-fbf7-42ea-9e6a-91e17adecdc3
NOTE:
https://github.com/bfabiszewski/libmobi/commit/eafc415bc6067e72577f70d6dd5acbf057ce6e6f
(v0.11)
-CVE-2022-1532
- RESERVED
+CVE-2022-1532 (Themify WordPress plugin before 1.3.8 does not sanitise and
escape the ...)
+ TODO: check
CVE-2022-1531 (SQL injection vulnerability in ARAX-UI Synonym Lookup
functionality in ...)
NOT-FOR-US: RTX
CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository
livehelperchat/livehel ...)
@@ -8837,7 +9286,7 @@ CVE-2022-1477
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1476 (The All-in-One WP Migration plugin for WordPress is vulnerable
to arbi ...)
NOT-FOR-US: All-in-One WP Migration plugin for WordPress
-CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg 5.0.1 and
in pre ...)
+CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg versions
before ...)
{DSA-5124-1}
- ffmpeg 7:4.4.2-1
[buster] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -9646,8 +10095,8 @@ CVE-2022-1414
RESERVED
CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions
starting ...)
TODO: check
-CVE-2022-1412
- RESERVED
+CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email
in a pub ...)
+ TODO: check
CVE-2022-1411 (Unrestructed file upload in GitHub repository
yetiforcecompany/yetifor ...)
NOT-FOR-US: yetiforcecrm
CVE-2022-1410
@@ -9855,8 +10304,8 @@ CVE-2022-1388 (On F5 BIG-IP 16.1.x versions prior to
16.1.2.2, 15.1.x versions p
NOT-FOR-US: F5 BIG-IP
CVE-2022-29456
RESERVED
-CVE-2022-29455
- RESERVED
+CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability
in Elemen ...)
+ TODO: check
CVE-2022-29454
RESERVED
CVE-2022-29453
@@ -10426,8 +10875,8 @@ CVE-2022-29246 (Azure RTOS USBX is a USB host, device,
and on-the-go (OTG) embed
NOT-FOR-US: Microsoft
CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions
2020.0.0 ...)
NOT-FOR-US: SSH.NET
-CVE-2022-29244
- RESERVED
+CVE-2022-29244 (npm pack ignores root-level .gitignore and .npmignore file
exclusion d ...)
+ TODO: check
CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
- nextcloud-server <itp> (bug #941708)
CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST
crypto a ...)
@@ -10660,10 +11109,10 @@ CVE-2022-1338 (The Easily Generate Rest API Url
WordPress plugin through 1.0.0 d
NOT-FOR-US: WordPress plugin
CVE-2022-1337 (The image proxy component in Mattermost version 6.4.1 and
earlier allo ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-1336
- RESERVED
-CVE-2022-1335
- RESERVED
+CVE-2022-1336 (The Carousel CK WordPress plugin through 1.1.0 does not
sanitize and e ...)
+ TODO: check
+CVE-2022-1335 (The Slideshow CK WordPress plugin before 1.4.10 does not
sanitize and ...)
+ TODO: check
CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not
validate, s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to
properly chec ...)
@@ -12685,7 +13134,7 @@ CVE-2022-28399
RESERVED
CVE-2022-28398
RESERVED
-CVE-2022-28397 (An arbitrary file upload vulnerability in the file upload
module of Gh ...)
+CVE-2022-28397 (** DISPUTED ** An arbitrary file upload vulnerability in the
file uplo ...)
NOT-FOR-US: Ghost CMS
CVE-2022-28396 (Apostrophe v3.16.1 was discovered to contain a remote code
execution ( ...)
NOT-FOR-US: Apostrophe CMS
@@ -12863,8 +13312,8 @@ CVE-2022-28342
RESERVED
CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to open
redirec ...)
NOT-FOR-US: Ultimate Member plugin for WordPress
-CVE-2022-1208
- RESERVED
+CVE-2022-1208 (The Ultimate Member plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior
to 5.6 ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb
@@ -12913,8 +13362,8 @@ CVE-2022-1204
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
CVE-2022-1203 (The Content Mask WordPress plugin before 1.8.4.1 does not have
authori ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1202
- RESERVED
+CVE-2022-1202 (The WP-CRM WordPress plugin through 1.2.1 does not validate and
saniti ...)
+ TODO: check
CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub
repositor ...)
- mruby <unfixed>
[bullseye] - mruby <no-dsa> (Minor issue)
@@ -13375,8 +13824,8 @@ CVE-2022-28219 (Zoho ManageEngine ADAudit Plus before
7060 is vulnerable to an u
NOT-FOR-US: Zoho ManageEngine
CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1
through ...)
NOT-FOR-US: CipherMail Webmail Messenger
-CVE-2022-28217
- RESERVED
+CVE-2022-28217 (Some part of SAP NetWeaver (EP Web Page Composer) does not
sufficientl ...)
+ TODO: check
CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI
Workspace) - ve ...)
NOT-FOR-US: SAP
CVE-2022-28215 (SAP NetWeaver ABAP Server and ABAP Platform - versions 740,
750, 787, ...)
@@ -14006,7 +14455,8 @@ CVE-2022-28068
RESERVED
CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic
v5.55.13 allows ...)
NOT-FOR-US: Sandboxie Classic
-CVE-2022-28066 (Libarchive v3.6.0 was discovered to contain a read memory
access vulne ...)
+CVE-2022-28066
+ REJECTED
- libarchive <unfixed> (bug #1010696)
[bullseye] - libarchive <no-dsa> (Minor issue)
[buster] - libarchive <not-affected> (Vulnerable code introduced later)
@@ -15642,7 +16092,8 @@ CVE-2022-27429 (Jizhicms v1.9.5 was discovered to
contain a Server-Side Request
NOT-FOR-US: Jizhicms
CVE-2022-27428 (A stored cross-site scripting (XSS) vulnerability in
/index.php/album/ ...)
NOT-FOR-US: GalleryCMS
-CVE-2022-27427 (A zero-code remote code injection vulnerability via
configuration.php ...)
+CVE-2022-27427
+ REJECTED
NOT-FOR-US: Chamilo LMS
CVE-2022-27426 (A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13
allows at ...)
NOT-FOR-US: Chamilo LMS
@@ -16681,7 +17132,7 @@ CVE-2022-27141
RESERVED
CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload
module of Ex ...)
NOT-FOR-US: Express FileUpload
-CVE-2022-27139 (An arbitrary file upload vulnerability in the file upload
module of Gh ...)
+CVE-2022-27139 (** DISPUTED ** An arbitrary file upload vulnerability in the
file uplo ...)
NOT-FOR-US: Ghost CMS
CVE-2022-27138
RESERVED
@@ -17859,8 +18310,8 @@ CVE-2022-0887 (The Easy Social Icons WordPress plugin
before 3.1.4 does not sani
NOT-FOR-US: WordPress plugin
CVE-2022-0886
REJECTED
-CVE-2022-0885
- RESERVED
+CVE-2022-0885 (The Member Hero WordPress plugin through 1.0.9 lacks
authorization che ...)
+ TODO: check
CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths
Security ...)
@@ -18504,8 +18955,8 @@ CVE-2022-21224
RESERVED
CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before
1.22.9 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0863
- RESERVED
+CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not
properly vali ...)
+ TODO: check
CVE-2022-0862 (A lack of password change protection vulnerability in a
depreciated AP ...)
NOT-FOR-US: McAfee
CVE-2022-0861 (A XML Extended entity vulnerability in McAfee Enterprise
ePolicy Orche ...)
@@ -18789,8 +19240,8 @@ CVE-2022-0829 (Improper Authorization in GitHub
repository webmin/webmin prior t
- webmin <removed>
CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.39 uses the
uniqid ph ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0827
- RESERVED
+CVE-2022-0827 (The Bestbooks WordPress plugin through 2.6.3 does not sanitise
and esc ...)
+ TODO: check
CVE-2022-0826 (The WP Video Gallery WordPress plugin through 1.7.1 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper
authori ...)
@@ -19398,8 +19849,8 @@ CVE-2022-0788 (The WP Fundraising Donation and
Crowdfunding Platform WordPress p
NOT-FOR-US: WordPress plugin
CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin
before 5.1 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0786
- RESERVED
+CVE-2022-0786 (The KiviCare WordPress plugin before 2.3.9 does not sanitise
and escap ...)
+ TODO: check
CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does
not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does
not sani ...)
@@ -20167,8 +20618,8 @@ CVE-2022-0747 (The Infographic Maker WordPress plugin
before 4.3.8 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr
prior to ...)
- dolibarr <removed>
-CVE-2022-0745
- RESERVED
+CVE-2022-0745 (The Like Button Rating WordPress plugin before 2.6.45 allows
any logge ...)
+ TODO: check
CVE-2022-0744
RESERVED
CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time
window, ...)
@@ -21855,8 +22306,8 @@ CVE-2022-0628 (The Mega Menu WordPress plugin before
3.0.8 does not sanitize and
NOT-FOR-US: WordPress plugin
CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0626
- RESERVED
+CVE-2022-0626 (The Advanced Admin Search WordPress plugin through 1.1.2 does
not sani ...)
+ TODO: check
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not
sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0624
@@ -22460,7 +22911,8 @@ CVE-2022-25031 (Remote Desktop Commander Suite Agent
before v4.8 contains an unq
NOT-FOR-US: Remote Desktop Commander Suite Agent
CVE-2022-25030
RESERVED
-CVE-2022-25029 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
+CVE-2022-25029
+ REJECTED
NOT-FOR-US: Home Owners Collection Management System
CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered
to contai ...)
NOT-FOR-US: Home Owners Collection Management System
@@ -25565,8 +26017,8 @@ CVE-2022-24079
RESERVED
CVE-2022-24078
RESERVED
-CVE-2022-24077
- RESERVED
+CVE-2022-24077 (Naver Cloud Explorer Beta allows the attacker to execute
arbitrary cod ...)
+ TODO: check
CVE-2022-24076
RESERVED
CVE-2022-24075 (Whale browser before 3.12.129.18 allowed extensions to replace
JavaScr ...)
@@ -29136,8 +29588,8 @@ CVE-2022-0217 [Unauthenticated Remote Denial of Service
Attack in the WebSocket
NOTE: Regression fix: https://hg.prosody.im/trunk/rev/e5e0ab93d7f4
CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0209
- RESERVED
+CVE-2022-0209 (The Mitsol Social Post Feed plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0207
@@ -29183,12 +29635,12 @@ CVE-2022-23171
RESERVED
CVE-2022-23170
RESERVED
-CVE-2022-23169
- RESERVED
-CVE-2022-23168
- RESERVED
-CVE-2022-23167
- RESERVED
+CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable
parameter is "ag ...)
+ TODO: check
+CVE-2022-23168 (The attacker could get access to the database. The SQL
injection is in ...)
+ TODO: check
+CVE-2022-23167 (Attacker crafts a GET request to: /mobile/downloadfile.aspx?
Filename ...)
+ TODO: check
CVE-2022-23166 (Sysaid – Sysaid Local File Inclusion (LFI) – An
unauthenti ...)
NOT-FOR-US: SysAid
CVE-2022-23165 (Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting
(XSS) - Th ...)
@@ -30879,11 +31331,11 @@ CVE-2022-0144 (shelljs is vulnerable to Improper
Privilege Management ...)
NOTE:
https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c
(v0.8.5)
CVE-2022-0143
RESERVED
-CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.6 is
vulnerable to ...)
+CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.8 is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not
enforce ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.6 does not
perform ...)
+CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.8 does not
perform ...)
NOT-FOR-US: WordPress plugin
CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x
before 1.36 ...)
NOT-FOR-US: MediaWiki extension CheckUser
@@ -33284,7 +33736,7 @@ CVE-2021-45811
RESERVED
CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by
incorre ...)
NOT-FOR-US: GlobalProtect-openconnect
-CVE-2021-45809 (Multiple versions of GlobalProtect-openconnect are affected by
incorre ...)
+CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected
by inco ...)
NOT-FOR-US: GlobalProtect-openconnect
CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default.
With the ...)
NOT-FOR-US: jpress
@@ -37614,44 +38066,52 @@ CVE-2021-44579
RESERVED
CVE-2021-44578
RESERVED
-CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv
through 13 ...)
+CVE-2021-44577
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/428
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through
13 Dec 2 ...)
+CVE-2021-44576
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/426
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv
through 1 ...)
+CVE-2021-44575
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/427
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv
through 13 De ...)
+CVE-2021-44574
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/429
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv
through 13 ...)
+CVE-2021-44573
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/430
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
CVE-2021-44572
RESERVED
-CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv
through 13 D ...)
+CVE-2021-44571
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/421
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv
through 1 ...)
+CVE-2021-44570
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/424
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
NOTE: Issue is fixed in the testcase; negligible security impact
-CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in
the solve ...)
+CVE-2021-44569
+ REJECTED
- libsolv 0.7.17-1 (unimportant)
NOTE: https://github.com/openSUSE/libsolv/issues/423
NOTE:
https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec
(0.7.17)
@@ -39234,7 +39694,8 @@ CVE-2021-44105
RESERVED
CVE-2021-44104
RESERVED
-CVE-2021-44103 (Vertical Privilege Escalation in KONGA 0.14.9 allows attackers
to high ...)
+CVE-2021-44103
+ REJECTED
NOT-FOR-US: KONGA
CVE-2021-44102
RESERVED
@@ -49180,8 +49641,8 @@ CVE-2021-41665
RESERVED
CVE-2021-41664
RESERVED
-CVE-2021-41663
- RESERVED
+CVE-2021-41663 (A cross-site scripting (XSS) vulnerability exists in Mini CMS
V1.11. T ...)
+ TODO: check
CVE-2021-41662
RESERVED
CVE-2021-41661
@@ -49686,11 +50147,11 @@ CVE-2021-41456 (There is a stack buffer overflow in
MP4Box v1.0.1 at src/filters
CVE-2021-41455
RESERVED
CVE-2021-41454
- RESERVED
+ REJECTED
CVE-2021-41453
- RESERVED
+ REJECTED
CVE-2021-41452
- RESERVED
+ REJECTED
CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web
interface in TP ...)
NOT-FOR-US: TP-Link
CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before
v1_211117 al ...)
@@ -49698,11 +50159,11 @@ CVE-2021-41450 (An HTTP request smuggling attack in
TP-Link AX10v1 before v1_211
CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35,
RAX38, and ...)
NOT-FOR-US: Netgear
CVE-2021-41448
- RESERVED
+ REJECTED
CVE-2021-41447
- RESERVED
+ REJECTED
CVE-2021-41446
- RESERVED
+ REJECTED
CVE-2021-41445 (A reflected cross-site-scripting attack in web application of
D-Link D ...)
NOT-FOR-US: D-Link
CVE-2021-41444
@@ -49716,9 +50177,9 @@ CVE-2021-41441 (A DoS attack in the web application of
D-Link DIR-X1860 before v
CVE-2021-41440
RESERVED
CVE-2021-41439
- RESERVED
+ REJECTED
CVE-2021-41438
- RESERVED
+ REJECTED
CVE-2021-41437
RESERVED
CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG
Rapture GT-AX ...)
@@ -51060,8 +51521,8 @@ CVE-2021-40904 (The web management console of CheckMK
Raw Edition (versions 1.5.
- check-mk <removed>
CVE-2021-40903
RESERVED
-CVE-2021-40902
- RESERVED
+CVE-2021-40902 (flatCore-CMS version 2.0.8 is affected by Cross Site Scripting
(XSS) i ...)
+ TODO: check
CVE-2021-40901
RESERVED
CVE-2021-40900
@@ -51793,8 +52254,8 @@ CVE-2021-40606
RESERVED
CVE-2021-40605
RESERVED
-CVE-2021-40604
- RESERVED
+CVE-2021-40604 (A Server-Side Request Forgery (SSRF) vulnerability in IPS
Community Su ...)
+ TODO: check
CVE-2021-40603
RESERVED
CVE-2021-40602
@@ -53301,8 +53762,8 @@ CVE-2021-40038 (There is a Double free vulnerability in
the AOD module in smartp
NOT-FOR-US: Huawei
CVE-2021-40037 (There is a Vulnerability of accessing resources using an
incompatible ...)
NOT-FOR-US: Huawei
-CVE-2021-40036
- RESERVED
+CVE-2021-40036 (The bone voice ID TA has a memory overwrite vulnerability.
Successful ...)
+ TODO: check
CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary
error with ...)
NOT-FOR-US: Huawei
CVE-2021-40034
@@ -60003,8 +60464,8 @@ CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through
0.11.9 allows remote attac
[buster] - prosody <no-dsa> (Minor issue)
[stretch] - prosody <not-affected> (Vulnerable code not present)
NOTE: https://prosody.im/security/advisory_20210722/
-CVE-2021-37404
- RESERVED
+CVE-2021-37404 (There is a potential heap buffer overflow in Apache Hadoop
libhdfs nat ...)
+ TODO: check
CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive
Authent ...)
NOT-FOR-US: firefly-iii
CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be
vulnerable to ...)
@@ -91247,8 +91708,8 @@ CVE-2021-25118 (The Yoast SEO WordPress plugin before
17.3 discloses the full in
NOT-FOR-US: WordPress plugin
CVE-2021-25117
RESERVED
-CVE-2021-25116
- RESERVED
+CVE-2021-25116 (The Enqueue Anything WordPress plugin through 1.0.1 does not
have auth ...)
+ TODO: check
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does
not escape ...)
@@ -91307,7 +91768,7 @@ CVE-2021-25088
RESERVED
CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not
have any ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin through 5.0.8
does no ...)
+CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin before 6.1.2
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0df9630ea7ed94c28c8c43880bf27a5ee66b221d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0df9630ea7ed94c28c8c43880bf27a5ee66b221d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
