Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa5d012f by security tracker role at 2022-06-20T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2022-34167
+ RESERVED
+CVE-2022-34166
+ RESERVED
+CVE-2022-34165
+ RESERVED
+CVE-2022-34164
+ RESERVED
+CVE-2022-34163
+ RESERVED
+CVE-2022-34162
+ RESERVED
+CVE-2022-34161
+ RESERVED
+CVE-2022-34160
+ RESERVED
+CVE-2022-34159
+ RESERVED
+CVE-2022-34158
+ RESERVED
+CVE-2022-2143
+ RESERVED
+CVE-2022-2142
+ RESERVED
+CVE-2022-2141
+ RESERVED
+CVE-2022-2140
+ RESERVED
+CVE-2022-2139
+ RESERVED
+CVE-2022-2138
+ RESERVED
+CVE-2022-2137
+ RESERVED
+CVE-2022-2136
+ RESERVED
+CVE-2022-2135
+ RESERVED
+CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree
prior to 0. ...)
+ TODO: check
+CVE-2022-2133
+ RESERVED
+CVE-2022-2132
+ RESERVED
+CVE-2022-2131
+ RESERVED
+CVE-2022-2130 (Cross-site Scripting (XSS) - Reflected in GitHub repository
microweber ...)
+ TODO: check
CVE-2022-XXXX [vlc issues fixed in 3.0.13]
- vlc 3.0.16-1
[buster] - vlc 3.0.17.4-0+deb10u1
@@ -392,11 +440,12 @@ CVE-2022-2129 (Out-of-bounds Write in GitHub repository
vim/vim prior to 8.2. ..
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
NOTE:
https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d
(v8.2.5126)
-CVE-2022-2128
- RESERVED
+CVE-2022-2128 (Unrestricted Upload of File with Dangerous Type in GitHub
repository p ...)
+ TODO: check
CVE-2022-2127
RESERVED
CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
+ {DLA-3053-1}
- vim <unfixed>
NOTE: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
NOTE:
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
(v8.2.5123)
@@ -406,6 +455,7 @@ CVE-2022-2125 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
NOTE:
https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f
(v8.2.5122)
CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
NOTE: https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42
NOTE:
https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f
(v8.2.5120)
@@ -695,8 +745,8 @@ CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j
hotpatch package before
NOT-FOR-US: Specific to Amazon AWS Apache Log4j hotpatch package
CVE-2022-33914
RESERVED
-CVE-2022-33913
- RESERVED
+CVE-2022-33913 (In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and
22.04.2, fil ...)
+ TODO: check
CVE-2022-33912 (A permission issue affects users that deployed the shipped
version of ...)
NOT-FOR-US: Check MK as packaged by upstream
CVE-2022-33911
@@ -2708,8 +2758,8 @@ CVE-2022-32985
RESERVED
CVE-2022-32984
RESERVED
-CVE-2022-32983
- RESERVED
+CVE-2022-32983 (Knot Resolver through 5.5.1 may allow DNS cache poisoning when
there i ...)
+ TODO: check
CVE-2022-32982
RESERVED
CVE-2022-32981 (An issue was discovered in the Linux kernel through 5.18.3 on
powerpc ...)
@@ -4648,8 +4698,8 @@ CVE-2022-32206
RESERVED
CVE-2022-32205
RESERVED
-CVE-2022-31734
- RESERVED
+CVE-2022-31734 (** Unsupported When Assigned ** Cisco Catalyst 2940 Series
Switches pr ...)
+ TODO: check
CVE-2022-1976
RESERVED
- linux 5.18.5-1
@@ -4697,6 +4747,7 @@ CVE-2022-1970
CVE-2022-1969 (The Mobile browser color select plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: Mobile browser color select plugin for WordPress
CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -5579,8 +5630,8 @@ CVE-2022-31801
RESERVED
CVE-2022-31800
RESERVED
-CVE-2022-1945
- RESERVED
+CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress
plugin be ...)
+ TODO: check
CVE-2022-1944 (When the feature is configured, improper authorization in the
Interact ...)
[experimental] - gitlab 14.9.5+ds1-1
- gitlab <unfixed>
@@ -5604,8 +5655,8 @@ CVE-2022-1941
CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration
in Git ...)
- gitlab <not-affected> (Vulnerable code introduced later)
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
-CVE-2022-1939
- RESERVED
+CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not
properly vali ...)
+ TODO: check
CVE-2022-1938
RESERVED
CVE-2022-1937
@@ -5659,10 +5710,10 @@ CVE-2022-31796 (libjpeg 1.63 has a heap-based buffer
over-read in HierarchicalBi
NOTE: https://github.com/thorfdbg/libjpeg/issues/71
NOTE:
https://github.com/thorfdbg/libjpeg/commit/187035b9726710b4fe11d565c7808975c930895d
NOTE: Crash in CLI tool, no security impact
-CVE-2022-31795
- RESERVED
-CVE-2022-31794
- RESERVED
+CVE-2022-31795 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000
(Control ...)
+ TODO: check
+CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000
(Control ...)
+ TODO: check
CVE-2022-1933
RESERVED
CVE-2022-1932
@@ -5774,8 +5825,8 @@ CVE-2022-1917
RESERVED
CVE-2022-1916
RESERVED
-CVE-2022-1915
- RESERVED
+CVE-2022-1915 (The WP Zillow Review Slider WordPress plugin before 2.4 does
not escap ...)
+ TODO: check
CVE-2022-1914
RESERVED
CVE-2022-1913
@@ -5798,8 +5849,8 @@ CVE-2022-1907 (Buffer Over-read in GitHub repository
bfabiszewski/libmobi prior
NOTE:
https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba
(v0.11)
CVE-2022-1906
RESERVED
-CVE-2022-1905
- RESERVED
+CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not
properly ...)
+ TODO: check
CVE-2022-1904
RESERVED
CVE-2022-1903
@@ -5957,6 +6008,7 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository
radareorg/radare2 prior t
NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04
NOTE:
https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -5969,10 +6021,10 @@ CVE-2022-1897 (Out-of-bounds Write in GitHub repository
vim/vim prior to 8.2. ..
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
NOTE:
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a
(v8.2.5023)
-CVE-2022-1896
- RESERVED
-CVE-2022-1895
- RESERVED
+CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not
sanitise o ...)
+ TODO: check
+CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not
have CSRF ...)
+ TODO: check
CVE-2022-1894
RESERVED
CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo
Manage ...)
@@ -6266,8 +6318,8 @@ CVE-2022-1891
RESERVED
CVE-2022-1890
RESERVED
-CVE-2022-1889
- RESERVED
+CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape
and sanit ...)
+ TODO: check
CVE-2022-1888
RESERVED
CVE-2021-4231 (A vulnerability was found in Angular up to
11.0.4/11.1.0-next.2. It ha ...)
@@ -6498,6 +6550,7 @@ CVE-2022-1852 [KVM: x86: avoid calling x86 emulator
without a decoded instructio
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9
CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -7214,26 +7267,26 @@ CVE-2022-1834
CVE-2022-1833
RESERVED
NOT-FOR-US: Red Hat AMQ Broker
-CVE-2022-1832
- RESERVED
-CVE-2022-1831
- RESERVED
-CVE-2022-1830
- RESERVED
-CVE-2022-1829
- RESERVED
-CVE-2022-1828
- RESERVED
-CVE-2022-1827
- RESERVED
-CVE-2022-1826
- RESERVED
+CVE-2022-1832 (The CaPa Protect WordPress plugin through 0.5.8.2 does not have
CSRF c ...)
+ TODO: check
+CVE-2022-1831 (The WPlite WordPress plugin through 1.3.1 does not have CSRF
check in ...)
+ TODO: check
+CVE-2022-1830 (The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does
not ha ...)
+ TODO: check
+CVE-2022-1829 (The Inline Google Maps WordPress plugin through 5.11 does not
have CSR ...)
+ TODO: check
+CVE-2022-1828 (The PDF24 Articles To PDF WordPress plugin through 4.2.2 does
not have ...)
+ TODO: check
+CVE-2022-1827 (The PDF24 Article To PDF WordPress plugin through 4.2.2 does
not have ...)
+ TODO: check
+CVE-2022-1826 (The Cross-Linker WordPress plugin through 3.0.1.9 does not have
CSRF c ...)
+ TODO: check
CVE-2022-1825 (Cross-site Scripting (XSS) - Reflected in GitHub repository
collective ...)
NOT-FOR-US: collectiveaccess/providence
-CVE-2022-1824
- RESERVED
-CVE-2022-1823
- RESERVED
+CVE-2022-1824 (An uncontrolled search path vulnerability in McAfee Consumer
Product R ...)
+ TODO: check
+CVE-2022-1823 (Improper privilege management vulnerability in McAfee Consumer
Product ...)
+ TODO: check
CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable
to Refle ...)
NOT-FOR-US: Zephyr Project Manager plugin for WordPress
CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -7244,8 +7297,8 @@ CVE-2022-1820 (The Keep Backup Daily plugin for WordPress
is vulnerable to Refle
NOT-FOR-US: Keep Backup Daily plugin for WordPress
CVE-2022-1819 (A vulnerability, which was classified as problematic, was found
in Stu ...)
NOT-FOR-US: Student Information System
-CVE-2022-1818
- RESERVED
+CVE-2022-1818 (The Multi-page Toolkit WordPress plugin through 2.6 does not
have CSRF ...)
+ TODO: check
CVE-2022-1817 (A vulnerability, which was classified as problematic, was found
in Bad ...)
NOT-FOR-US: Badminton Center Management System
CVE-2022-1816 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -7401,8 +7454,8 @@ CVE-2022-31217 (Vulnerabilities in the Drive Composer
allow a low privileged att
NOT-FOR-US: Drive Composer
CVE-2022-31216 (Vulnerabilities in the Drive Composer allow a low privileged
attacker ...)
NOT-FOR-US: Drive Composer
-CVE-2022-1801
- RESERVED
+CVE-2022-1801 (The Very Simple Contact Form WordPress plugin before 11.6
exposes the ...)
+ TODO: check
CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin
before 1.3.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1799
@@ -8328,6 +8381,7 @@ CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local
address in GitHub repo
CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository
jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub
repository vim/v ...)
+ {DLA-3053-1}
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -8757,8 +8811,8 @@ CVE-2022-30759
RESERVED
CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows
remote ...)
- webmin <removed>
-CVE-2022-1717
- RESERVED
+CVE-2022-1717 (The Custom Share Buttons with Floating Sidebar WordPress plugin
before ...)
+ TODO: check
CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access
to the ...)
NOT-FOR-US: Keep My Notes
CVE-2022-30703 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to
an expo ...)
@@ -9472,8 +9526,8 @@ CVE-2022-1632
NOT-FOR-US: OpenShift
CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub
reposi ...)
NOT-FOR-US: microweber
-CVE-2022-1630
- RESERVED
+CVE-2022-1630 (The WP-EMail WordPress plugin before 2.69.0 does not protect
its log d ...)
+ TODO: check
CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub
repository vim/ ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee
@@ -10008,16 +10062,16 @@ CVE-2022-28702 (Incorrect Default Permissions
vulnerability in ABB e-Design allo
NOT-FOR-US: ABB e-Design
CVE-2022-1615
RESERVED
-CVE-2022-1614
- RESERVED
+CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting
a visi ...)
+ TODO: check
CVE-2022-1613
RESERVED
CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not
protect i ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1610
- RESERVED
+CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not
have CSR ...)
+ TODO: check
CVE-2022-1609
RESERVED
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does
not hav ...)
@@ -10030,8 +10084,8 @@ CVE-2022-1605 (The Email Users WordPress plugin through
4.8.8 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1603
- RESERVED
+CVE-2022-1603 (The Mail Subscribe List WordPress plugin before 2.1.4 does not
have CS ...)
+ TODO: check
CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use
predictable D ...)
- uclibc <unfixed> (unimportant)
NOTE:
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
@@ -11583,8 +11637,8 @@ CVE-2022-1473 (The OPENSSL_LH_flush() function, which
empties a hash table, cont
- openssl <not-affected> (Only affects OpenSSL 3.0)
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
(openssl-3.0.3)
-CVE-2022-1472
- RESERVED
+CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does
not pro ...)
+ TODO: check
CVE-2022-1471
RESERVED
CVE-2022-1470
@@ -12468,12 +12522,14 @@ CVE-2022-29502 (SchedMD Slurm 21.08.x through 20.11.x
has Incorrect Access Contr
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
NOTE:
https://github.com/SchedMD/slurm/commit/351669e7db3b5bc84b5791dc3626d683b8abe18e
(slurm-21-08-8-1)
CVE-2022-29501 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access
Control tha ...)
+ {DSA-5166-1}
- slurm-wlm 21.08.8.2-1 (bug #1010633)
- slurm-llnl <removed>
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
NOTE:
https://github.com/SchedMD/slurm/commit/ef62acfd2a566afc5187c554e908e4aa975211a1
(slurm-21-08-8-1)
NOTE:
https://github.com/SchedMD/slurm/commit/863c763c241db46039c27c4b7438ef5d33defb12
(slurm-20-11-9-1)
CVE-2022-29500 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access
Control tha ...)
+ {DSA-5166-1}
- slurm-wlm 21.08.8.2-1 (bug #1010634)
- slurm-llnl <removed>
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html
@@ -14708,8 +14764,8 @@ CVE-2022-1268 (The Donate Extra WordPress plugin
through 2.02 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1266
- RESERVED
+CVE-2022-1266 (The Post Grid, Slider & Carousel Ultimate WordPress plugin
before ...)
+ TODO: check
CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not
sanitize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1264
@@ -19766,6 +19822,7 @@ CVE-2022-0945 (Stored XSS viva axd and cshtml file
upload in star7th/showdoc in
CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in
GitHub ...)
NOT-FOR-US: sqlpad
CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository
vim/vim ...)
+ {DLA-3053-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -23088,8 +23145,8 @@ CVE-2022-25774
RESERVED
CVE-2022-25773
RESERVED
-CVE-2022-25772
- RESERVED
+CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking
compone ...)
+ TODO: check
CVE-2022-25771
RESERVED
CVE-2022-25770
@@ -24361,8 +24418,8 @@ CVE-2022-0665 (Path Traversal in GitHub repository
pimcore/pimcore prior to 10.3
NOT-FOR-US: pimcore
CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go
github.com/gravitl/netmaker ...)
NOT-FOR-US: Go github.com/gravitl/netmaker
-CVE-2022-0663
- RESERVED
+CVE-2022-0663 (The Print, PDF, Email by PrintFriendly WordPress plugin before
5.2.3 d ...)
+ TODO: check
CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not
properly s ...)
@@ -24605,7 +24662,7 @@ CVE-2022-0628 (The Mega Menu WordPress plugin before
3.0.8 does not sanitize and
NOT-FOR-US: WordPress plugin
CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0626 (The Advanced Admin Search WordPress plugin through 1.1.2 does
not sani ...)
+CVE-2022-0626 (The Advanced Admin Search WordPress plugin before 1.1.6 does
not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not
sanitize ...)
NOT-FOR-US: WordPress plugin
@@ -28080,6 +28137,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub
repository radareorg/radare2 p
CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to
8.2. ...)
+ {DLA-3053-1}
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -28472,7 +28530,7 @@ CVE-2022-0390 (Improper access control in Gitlab CE/EE
versions 12.7 to 14.5.4,
- gitlab <unfixed>
CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin
through ...)
+CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4217 [Null pointer dereference in Unicode strings code]
RESERVED
@@ -34590,8 +34648,8 @@ CVE-2022-22416
RESERVED
CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation
21.0.1 ...)
NOT-FOR-US: IBM
-CVE-2022-22414
- RESERVED
+CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user
to obta ...)
+ TODO: check
CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is
vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-22412
@@ -34782,10 +34840,10 @@ CVE-2022-22320 (IBM QRadar SIEM 7.3 and 7.4 is
vulnerable to cross-site scriptin
NOT-FOR-US: IBM
CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register
user on t ...)
NOT-FOR-US: IBM
-CVE-2022-22318
- RESERVED
-CVE-2022-22317
- RESERVED
+CVE-2022-22318 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not
invalidat ...)
+ TODO: check
+CVE-2022-22317 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not
invalidat ...)
+ TODO: check
CVE-2022-22316 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an
authenticated and a ...)
NOT-FOR-US: IBM
CVE-2022-22315 (IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an
authenticated user w ...)
@@ -47241,6 +47299,7 @@ CVE-2021-3905 [External triggered memory leak in Open
vSwitch while processing f
CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During
Web Page ...)
NOT-FOR-US: Grav CMS
CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-3053-1}
- vim 2:8.2.3565-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -51883,10 +51942,10 @@ CVE-2021-41685
RESERVED
CVE-2021-41684
RESERVED
-CVE-2021-41683
- RESERVED
-CVE-2021-41682
- RESERVED
+CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in
ecma_get_lex_env_ty ...)
+ TODO: check
+CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940
in ecma_c ...)
+ TODO: check
CVE-2021-41681
RESERVED
CVE-2021-41680
@@ -93987,8 +94046,8 @@ CVE-2021-25122 (When responding to new h2c connection
requests, Apache Tomcat ve
NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1
NOTE:
https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1
(9.0.43)
NOTE:
https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa
(8.5.63)
-CVE-2021-25121
- RESERVED
+CVE-2021-25121 (The Rating by BestWebSoft WordPress plugin through 1.5 does
not valida ...)
+ TODO: check
CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before
6.2.7 do no ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files
and automa ...)
@@ -94021,8 +94080,8 @@ CVE-2021-25106 (The Privacy Policy Generator, Terms
& Conditions Generator W
NOT-FOR-US: WordPress plugin
CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape
some of ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25104
- RESERVED
+CVE-2021-25104 (The Ocean Extra WordPress plugin before 1.9.5 does not escape
generate ...)
+ TODO: check
CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin
before 2.9.7 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25102 (The All In One WP Security & Firewall WordPress plugin
before 4.4. ...)
@@ -94053,8 +94112,8 @@ CVE-2021-25090 (The Portfolio Gallery, Product Catalog
WordPress plugin before 2
NOT-FOR-US: WordPress plugin
CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin
before 1.16.6 ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25088
- RESERVED
+CVE-2021-25088 (The XML Sitemaps WordPress plugin before 4.1.3 does not
sanitise and e ...)
+ TODO: check
CVE-2021-25087 (The Download Manager WordPress plugin before 3.2.35 does not
have any ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25086 (The Advanced Page Visit Counter WordPress plugin before 6.1.2
does not ...)
@@ -94315,7 +94374,7 @@ CVE-2021-24959 (The WP Email Users WordPress plugin
through 1.7.6 does not escap
NOT-FOR-US: WordPress plugin
CVE-2021-24958 (The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24957 (The Advanced Page Visit Counter WordPress plugin through 5.0.8
does no ...)
+CVE-2021-24957 (The Advanced Page Visit Counter WordPress plugin before 6.1.6
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler
WordPress plug ...)
NOT-FOR-US: WordPress plugin
@@ -162428,7 +162487,7 @@ CVE-2020-10233 (In version 4.8.0 and earlier of The
Sleuth Kit (TSK), there is a
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829
NOTE: Crash in CLI tool, no security impact
CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is
a stack ...)
- {DLA-2137-1}
+ {DLA-3054-1 DLA-2137-1}
- sleuthkit 4.9.0+dfsg-2 (low; bug #953976)
[buster] - sleuthkit 4.6.5-1+deb10u1
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
@@ -218327,6 +218386,7 @@ CVE-2019-1010067
CVE-2019-1010066 (Lawrence Livermore National Laboratory msr-safe v1.1.0 is
affected by: ...)
NOT-FOR-US: Lawrence Livermore National Laboratory msr-safe
CVE-2019-1010065 (The Sleuth Kit 4.6.0 and earlier is affected by: Integer
Overflow. The ...)
+ {DLA-3054-1}
- sleuthkit 4.6.1-1 (unimportant)
NOTE:
https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b
(4.6.1)
NOTE: Negligible security impact
@@ -245553,7 +245613,7 @@ CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before
2.6.2 allows Remote Code E
CVE-2018-19498 (The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket
Server has XS ...)
NOT-FOR-US: Atlassian plugin
CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in
tsk/fs/hfs. ...)
- {DLA-1610-1}
+ {DLA-3054-1 DLA-1610-1}
- sleuthkit 4.6.5-1 (low; bug #914796)
NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
NOTE:
https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d
@@ -310743,6 +310803,7 @@ CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and
1.10.0 are vulnerable to XSS. ..
CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magento2, when used
with a thi ...)
NOT-FOR-US: Fastly CDN module for Magento2
CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat
image in t ...)
+ {DLA-3054-1}
- sleuthkit 4.4.2-3 (unimportant; bug #873724)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/906
NOTE: Negligible security impact
@@ -310762,10 +310823,12 @@ CVE-2017-13757 (The Binary File Descriptor (BFD)
library (aka libbfd), as distri
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22018
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a
CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image
triggers i ...)
+ {DLA-3054-1}
- sleuthkit 4.4.2-3 (unimportant; bug #873725)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/914
NOTE: Negligible security impact
CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660
image trigge ...)
+ {DLA-3054-1}
- sleuthkit 4.4.2-3 (unimportant; bug #873726)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/913
NOTE: Negligible security impact
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa5d012f5a4e075d3c8c00f95a022ff7ab6284f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa5d012f5a4e075d3c8c00f95a022ff7ab6284f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
