Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0524878a by security tracker role at 2022-07-27T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850
allows ...)
+ TODO: check
+CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14.
xfrm_expa ...)
+ TODO: check
+CVE-2022-36878
+ RESERVED
+CVE-2022-36877
+ RESERVED
+CVE-2022-36876
+ RESERVED
+CVE-2022-36875
+ RESERVED
+CVE-2022-36874
+ RESERVED
+CVE-2022-36873
+ RESERVED
+CVE-2022-36872
+ RESERVED
+CVE-2022-36871
+ RESERVED
+CVE-2022-36870
+ RESERVED
+CVE-2022-36869
+ RESERVED
+CVE-2022-36868
+ RESERVED
+CVE-2022-36867
+ RESERVED
+CVE-2022-36866
+ RESERVED
+CVE-2022-36865
+ RESERVED
+CVE-2022-36864
+ RESERVED
+CVE-2022-36863
+ RESERVED
+CVE-2022-36862
+ RESERVED
+CVE-2022-36861
+ RESERVED
+CVE-2022-36860
+ RESERVED
+CVE-2022-36859
+ RESERVED
+CVE-2022-36858
+ RESERVED
+CVE-2022-36857
+ RESERVED
+CVE-2022-36856
+ RESERVED
+CVE-2022-36855
+ RESERVED
+CVE-2022-36854
+ RESERVED
+CVE-2022-36853
+ RESERVED
+CVE-2022-36852
+ RESERVED
+CVE-2022-36851
+ RESERVED
+CVE-2022-36850
+ RESERVED
+CVE-2022-36849
+ RESERVED
+CVE-2022-36848
+ RESERVED
+CVE-2022-36847
+ RESERVED
+CVE-2022-36846
+ RESERVED
+CVE-2022-36845
+ RESERVED
+CVE-2022-36844
+ RESERVED
+CVE-2022-36843
+ RESERVED
+CVE-2022-36842
+ RESERVED
+CVE-2022-36841
+ RESERVED
+CVE-2022-36840
+ RESERVED
+CVE-2022-36839
+ RESERVED
+CVE-2022-36838
+ RESERVED
+CVE-2022-36837
+ RESERVED
+CVE-2022-36836
+ RESERVED
+CVE-2022-36835
+ RESERVED
+CVE-2022-36834
+ RESERVED
+CVE-2022-36833
+ RESERVED
+CVE-2022-36832
+ RESERVED
+CVE-2022-36831
+ RESERVED
+CVE-2022-36830
+ RESERVED
+CVE-2022-36829
+ RESERVED
+CVE-2022-36828
+ RESERVED
+CVE-2022-36827
+ RESERVED
+CVE-2022-36826
+ RESERVED
+CVE-2022-36825
+ RESERVED
+CVE-2022-36824
+ RESERVED
+CVE-2022-36823
+ RESERVED
+CVE-2022-36822
+ RESERVED
+CVE-2022-36821
+ RESERVED
+CVE-2022-36820
+ RESERVED
+CVE-2022-36819
+ RESERVED
+CVE-2022-36818
+ RESERVED
+CVE-2022-36817
+ RESERVED
+CVE-2022-36816
+ RESERVED
+CVE-2022-36815
+ RESERVED
+CVE-2022-36814
+ RESERVED
+CVE-2022-36813
+ RESERVED
+CVE-2022-36812
+ RESERVED
+CVE-2022-36811
+ RESERVED
+CVE-2022-36810
+ RESERVED
+CVE-2022-36809
+ RESERVED
+CVE-2022-36808
+ RESERVED
+CVE-2022-36807
+ RESERVED
+CVE-2022-36806
+ RESERVED
+CVE-2022-36805
+ RESERVED
+CVE-2022-36804
+ RESERVED
+CVE-2022-36803
+ RESERVED
+CVE-2022-36802
+ RESERVED
+CVE-2022-36801
+ RESERVED
+CVE-2022-36800
+ RESERVED
+CVE-2022-36799
+ RESERVED
+CVE-2022-35401
+ RESERVED
+CVE-2022-2548
+ RESERVED
+CVE-2022-2547
+ RESERVED
CVE-2022-36787
RESERVED
CVE-2022-36786
@@ -1576,8 +1746,8 @@ CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for
Atlassian Jira is pron
NOT-FOR-US: Atlassian addon
CVE-2022-36130
RESERVED
-CVE-2022-36129
- RESERVED
+CVE-2022-36129 (HashiCorp Vault and Vault Enterprise through 2022-07-17 have
Incorrect ...)
+ TODO: check
CVE-2022-2455
RESERVED
CVE-2022-36128
@@ -4263,8 +4433,8 @@ CVE-2022-34973
RESERVED
CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind
SQL injec ...)
NOT-FOR-US: So Filter Shop
-CVE-2022-34971
- RESERVED
+CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising
Management m ...)
+ TODO: check
CVE-2022-34970
RESERVED
CVE-2022-34969
@@ -5356,10 +5526,10 @@ CVE-2022-34614
RESERVED
CVE-2022-34613
RESERVED
-CVE-2022-34612
- RESERVED
-CVE-2022-34611
- RESERVED
+CVE-2022-34612 (Rizin v0.4.0 and below was discovered to contain an integer
overflow v ...)
+ TODO: check
+CVE-2022-34611 (A cross-site scripting (XSS) vulnerability in
/index.php/?p=report of ...)
+ TODO: check
CVE-2022-34610 (H3C Magic R200 R200V200R004L02 was discovered to contain a
stack overf ...)
NOT-FOR-US: H3C Magic
CVE-2022-34609 (H3C Magic R200 R200V200R004L02 was discovered to contain a
stack overf ...)
@@ -5392,8 +5562,8 @@ CVE-2022-34596 (Tenda AX1803 v1.0.0.1_2890 was discovered
to contain a command i
NOT-FOR-US: Tenda
CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command
injecti ...)
NOT-FOR-US: Tenda
-CVE-2022-34594
- RESERVED
+CVE-2022-34594 (Advanced School Management System v1.0 was discovered to
contain a cro ...)
+ TODO: check
CVE-2022-34593
RESERVED
CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to
contain a co ...)
@@ -6506,7 +6676,7 @@ CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both
inclusive) and LTS 2.332.1
CVE-2022-2166
RESERVED
CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer
truncat ...)
- {DSA-5188-1}
+ {DSA-5192-1 DSA-5188-1}
- openjdk-8 8u342-b07-1
- openjdk-11 11.0.16+8-1
- openjdk-17 17.0.4+8-1
@@ -14364,14 +14534,14 @@ CVE-2022-31209 (An issue was discovered in Infiray
IRAY-A8Z3 1.0.957. The firmwa
NOT-FOR-US: Infiray
CVE-2022-31208 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The
webserver co ...)
NOT-FOR-US: Infiray
-CVE-2022-31207
- RESERVED
-CVE-2022-31206
- RESERVED
-CVE-2022-31205
- RESERVED
-CVE-2022-31204
- RESERVED
+CVE-2022-31207 (The Omron SYSMAC Cx product family PLCs (CS series, CJ series,
and CP ...)
+ TODO: check
+CVE-2022-31206 (The Omron SYSMAC Nx product family PLCs (NJ series, NY series,
NX seri ...)
+ TODO: check
+CVE-2022-31205 (In Omron CS series, CJ series, and CP series PLCs through
2022-05-18, ...)
+ TODO: check
+CVE-2022-31204 (Omron CS series, CJ series, and CP series PLCs through
2022-05-18 use ...)
+ TODO: check
CVE-2022-31203
RESERVED
CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows
directo ...)
@@ -16488,56 +16658,47 @@ CVE-2022-30522 (If Apache HTTP Server 2.4.53 is
configured to do transformations
NOTE:
https://github.com/apache/httpd/commit/96c75bba15b6ce20eb8d34aad717a046c000b233
CVE-2022-1642 (A program using swift-corelibs-foundation is vulnerable to a
denial of ...)
NOT-FOR-US: swift-corelibs-foundation
-CVE-2022-1641
- RESERVED
+CVE-2022-1641 (Use after free in Web UI Diagnostics in Google Chrome on Chrome
OS pri ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1640
- RESERVED
+CVE-2022-1640 (Use after free in Sharing in Google Chrome prior to
101.0.4951.64 allo ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1639
- RESERVED
+CVE-2022-1639 (Use after free in ANGLE in Google Chrome prior to 101.0.4951.64
allowe ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1638
- RESERVED
+CVE-2022-1638 (Heap buffer overflow in V8 Internationalization in Google
Chrome prior ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1637
- RESERVED
+CVE-2022-1637 (Inappropriate implementation in Web Contents in Google Chrome
prior to ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1636
- RESERVED
+CVE-2022-1636 (Use after free in Performance APIs in Google Chrome prior to
101.0.495 ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1635
- RESERVED
+CVE-2022-1635 (Use after free in Permission Prompts in Google Chrome prior to
101.0.4 ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1634
- RESERVED
+CVE-2022-1634 (Use after free in Browser UI in Google Chrome prior to
101.0.4951.64 a ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1633
- RESERVED
+CVE-2022-1633 (Use after free in Sharesheet in Google Chrome on Chrome OS
prior to 10 ...)
{DSA-5134-1}
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -17192,22 +17353,22 @@ CVE-2022-30278 (A vulnerability in Black Duck
Hub’s embedded MadCap Flare
NOT-FOR-US: Black Duck Hub
CVE-2022-30277 (BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain
an insu ...)
NOT-FOR-US: BD Synapsys
-CVE-2022-30276
- RESERVED
-CVE-2022-30275
- RESERVED
-CVE-2022-30274
- RESERVED
-CVE-2022-30273
- RESERVED
-CVE-2022-30272
- RESERVED
-CVE-2022-30271
- RESERVED
-CVE-2022-30270
- RESERVED
-CVE-2022-30269
- RESERVED
+CVE-2022-30276 (The Motorola MOSCAD and ACE line of RTUs through 2022-05-02
omit an au ...)
+ TODO: check
+CVE-2022-30275 (The Motorola MOSCAD Toolbox software through 2022-05-02 relies
on a cl ...)
+ TODO: check
+CVE-2022-30274 (The Motorola ACE1000 RTU through 2022-05-02 uses ECB
encryption unsafe ...)
+ TODO: check
+CVE-2022-30273 (The Motorola MDLC protocol through 2022-05-02 mishandles
message integ ...)
+ TODO: check
+CVE-2022-30272 (The Motorola ACE1000 RTU through 2022-05-02 mishandles
firmware integr ...)
+ TODO: check
+CVE-2022-30271 (The Motorola ACE1000 RTU through 2022-05-02 ships with a
hardcoded SSH ...)
+ TODO: check
+CVE-2022-30270 (The Motorola ACE1000 RTU through 2022-05-02 has default
credentials. I ...)
+ TODO: check
+CVE-2022-30269 (Motorola ACE1000 RTUs through 2022-05-02 mishandle application
integri ...)
+ TODO: check
CVE-2022-30268
RESERVED
CVE-2022-30267
@@ -18027,36 +18188,36 @@ CVE-2022-29967
(static_compressed_inmemory_website_callback.c in Glewlwyd throug
NOTE:
https://github.com/babelouest/glewlwyd/commit/e3f7245c33897bf9b3a75acfcdb8b7b93974bf11
CVE-2022-29966
RESERVED
-CVE-2022-29965
- RESERVED
-CVE-2022-29964
- RESERVED
-CVE-2022-29963
- RESERVED
-CVE-2022-29962
- RESERVED
+CVE-2022-29965 (The Emerson DeltaV Distributed Control System (DCS)
controllers and IO ...)
+ TODO: check
+CVE-2022-29964 (The Emerson DeltaV Distributed Control System (DCS)
controllers and IO ...)
+ TODO: check
+CVE-2022-29963 (The Emerson DeltaV Distributed Control System (DCS)
controllers and IO ...)
+ TODO: check
+CVE-2022-29962 (The Emerson DeltaV Distributed Control System (DCS)
controllers and IO ...)
+ TODO: check
CVE-2022-29961
RESERVED
-CVE-2022-29960
- RESERVED
+CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It
is an en ...)
+ TODO: check
CVE-2022-29959
RESERVED
-CVE-2022-29958
- RESERVED
-CVE-2022-29957
- RESERVED
+CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data
integrity. Th ...)
+ TODO: check
+CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through
2022-04-29 ...)
+ TODO: check
CVE-2022-29956
RESERVED
CVE-2022-29955
RESERVED
CVE-2022-29954
RESERVED
-CVE-2022-29953
- RESERVED
-CVE-2022-29952
- RESERVED
-CVE-2022-29951
- RESERVED
+CVE-2022-29953 (The Bently Nevada 3700 series of condition monitoring
equipment throug ...)
+ TODO: check
+CVE-2022-29952 (Bently Nevada condition monitoring equipment through
2022-04-29 mishan ...)
+ TODO: check
+CVE-2022-29951 (JTEKT TOYOPUC PLCs through 2022-04-29 mishandle
authentication. They u ...)
+ TODO: check
CVE-2022-29950 (** DISPUTED ** Experian Hunter 1.16 allows remote
authenticated users ...)
NOT-FOR-US: Experian Hunter
CVE-2022-29949
@@ -18527,128 +18688,107 @@ CVE-2022-1503 (A vulnerability, which was
classified as problematic, has been fo
NOT-FOR-US: GetSimple CMS
CVE-2022-1502 (Permissions were not properly verified in the API on projects
using ve ...)
NOT-FOR-US: Octopus Server
-CVE-2022-1501
- RESERVED
+CVE-2022-1501 (Inappropriate implementation in iframe in Google Chrome prior
to 101.0 ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1500
- RESERVED
+CVE-2022-1500 (Insufficient data validation in Dev Tools in Google Chrome
prior to 10 ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1499
- RESERVED
+CVE-2022-1499 (Inappropriate implementation in WebAuthentication in Google
Chrome pri ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1498
- RESERVED
+CVE-2022-1498 (Inappropriate implementation in HTML Parser in Google Chrome
prior to ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1497
- RESERVED
+CVE-2022-1497 (Inappropriate implementation in Input in Google Chrome prior to
101.0. ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1496
- RESERVED
+CVE-2022-1496 (Use after free in File Manager in Google Chrome prior to
101.0.4951.41 ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1495
- RESERVED
+CVE-2022-1495 (Incorrect security UI in Downloads in Google Chrome on Android
prior t ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1494
- RESERVED
+CVE-2022-1494 (Insufficient data validation in Trusted Types in Google Chrome
prior t ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1493
- RESERVED
+CVE-2022-1493 (Use after free in Dev Tools in Google Chrome prior to
101.0.4951.41 al ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1492
- RESERVED
+CVE-2022-1492 (Insufficient data validation in Blink Editing in Google Chrome
prior t ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1491
- RESERVED
+CVE-2022-1491 (Use after free in Bookmarks in Google Chrome prior to
101.0.4951.41 al ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1490
- RESERVED
+CVE-2022-1490 (Use after free in Browser Switcher in Google Chrome prior to
101.0.495 ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1489
- RESERVED
+CVE-2022-1489 (Out of bounds memory access in UI Shelf in Google Chrome on
Chrome OS, ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1488
- RESERVED
+CVE-2022-1488 (Inappropriate implementation in Extensions API in Google Chrome
prior ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1487
- RESERVED
+CVE-2022-1487 (Use after free in Ozone in Google Chrome prior to 101.0.4951.41
allowe ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1486
- RESERVED
+CVE-2022-1486 (Type confusion in V8 in Google Chrome prior to 101.0.4951.41
allowed a ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1485
- RESERVED
+CVE-2022-1485 (Use after free in File System API in Google Chrome prior to
101.0.4951 ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1484
- RESERVED
+CVE-2022-1484 (Heap buffer overflow in Web UI Settings in Google Chrome prior
to 101. ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1483
- RESERVED
+CVE-2022-1483 (Heap buffer overflow in WebGPU in Google Chrome prior to
101.0.4951.41 ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1482
- RESERVED
+CVE-2022-1482 (Inappropriate implementation in WebGL in Google Chrome prior to
101.0. ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1481
- RESERVED
+CVE-2022-1481 (Use after free in Sharing in Google Chrome on Mac prior to
101.0.4951. ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -18659,20 +18799,17 @@ CVE-2022-1480
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1479
- RESERVED
+CVE-2022-1479 (Use after free in ANGLE in Google Chrome prior to 101.0.4951.41
allowe ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1478
- RESERVED
+CVE-2022-1478 (Use after free in SwiftShader in Google Chrome prior to
101.0.4951.41 ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1477
- RESERVED
+CVE-2022-1477 (Use after free in Vulkan in Google Chrome prior to
101.0.4951.41 allow ...)
{DSA-5125-1}
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -20169,8 +20306,7 @@ CVE-2022-1365 (Exposure of Private Personal Information
to an Unauthorized Actor
NOT-FOR-US: lquixada/cross-fetch
CVE-2022-29265 (Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not
restrict XML ...)
NOT-FOR-US: Apache NiFi
-CVE-2022-1364
- RESERVED
+CVE-2022-1364 (Type confusion in V8 Turbofan in Google Chrome prior to
100.0.4896.127 ...)
{DSA-5121-1}
- chromium 100.0.4896.127-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -26622,8 +26758,8 @@ CVE-2022-27107 (OrangeHRM 4.10 is vulnerable to Stored
XSS in the "Share Video"
- orangehrm <itp> (bug #786622)
CVE-2022-27106
RESERVED
-CVE-2022-27105
- RESERVED
+CVE-2022-27105 (InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross
Site Scri ...)
+ TODO: check
CVE-2022-27104 (An Unauthenticated time-based blind SQL injection
vulnerability exists ...)
NOT-FOR-US: Forma LMS
CVE-2022-27103 (element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS)
via el- ...)
@@ -50714,6 +50850,7 @@ CVE-2022-21551 (Vulnerability in Oracle GoldenGate
(component: Oracle GoldenGate
CVE-2022-21550 (Vulnerability in the MySQL Cluster product of Oracle MySQL
(component: ...)
NOT-FOR-US: MySQL Cluster
CVE-2022-21549 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5192-1}
- openjdk-17 17.0.4+8-1
CVE-2022-21548 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
@@ -50730,12 +50867,12 @@ CVE-2022-21543 (Vulnerability in the PeopleSoft
Enterprise PeopleTools product o
CVE-2022-21542 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2022-21541 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5188-1}
+ {DSA-5192-1 DSA-5188-1}
- openjdk-8 8u342-b07-1
- openjdk-11 11.0.16+8-1
- openjdk-17 17.0.4+8-1
CVE-2022-21540 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5188-1}
+ {DSA-5192-1 DSA-5188-1}
- openjdk-8 8u342-b07-1
- openjdk-11 11.0.16+8-1
- openjdk-17 17.0.4+8-1
@@ -63027,8 +63164,8 @@ CVE-2021-40182
RESERVED
CVE-2021-40181
RESERVED
-CVE-2021-40180
- RESERVED
+CVE-2021-40180 (In the WeChat application 8.0.10 for Android and iOS, a mini
program c ...)
+ TODO: check
CVE-2021-40179
RESERVED
CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS
via the L ...)
@@ -80615,8 +80752,8 @@ CVE-2021-33059 (Improper input validation in the
Intel(R) Administrative Tools f
NOT-FOR-US: Intel
CVE-2021-33058 (Improper access control in the installer
Intel(R)Administrative Tools ...)
NOT-FOR-US: Intel
-CVE-2021-33057
- RESERVED
+CVE-2021-33057 (The QQ application 8.7.1 for Android and iOS does not enforce
the perm ...)
+ TODO: check
CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and
other prod ...)
NOT-FOR-US: Belledonne Belle-sip
CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows
unauthenticat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0524878a35568a145e1bc911db5ad9e0dcb939c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0524878a35568a145e1bc911db5ad9e0dcb939c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
