Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
008b11d9 by security tracker role at 2022-08-15T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,131 @@
+CVE-2022-38362
+ RESERVED
+CVE-2022-38361
+ RESERVED
+CVE-2022-38360
+ RESERVED
+CVE-2022-38359
+ RESERVED
+CVE-2022-38358
+ RESERVED
+CVE-2022-38357
+ RESERVED
+CVE-2022-38354
+ RESERVED
+CVE-2022-38353
+ RESERVED
+CVE-2022-38352
+ RESERVED
+CVE-2022-38351
+ RESERVED
+CVE-2022-38350
+ RESERVED
+CVE-2022-38349
+ RESERVED
+CVE-2022-38348
+ RESERVED
+CVE-2022-38347
+ RESERVED
+CVE-2022-38346
+ RESERVED
+CVE-2022-38345
+ RESERVED
+CVE-2022-38344
+ RESERVED
+CVE-2022-38343
+ RESERVED
+CVE-2022-38342
+ RESERVED
+CVE-2022-38341
+ RESERVED
+CVE-2022-38340
+ RESERVED
+CVE-2022-38339
+ RESERVED
+CVE-2022-38338
+ RESERVED
+CVE-2022-38337
+ RESERVED
+CVE-2022-38336
+ RESERVED
+CVE-2022-38335
+ RESERVED
+CVE-2022-38334
+ RESERVED
+CVE-2022-38333
+ RESERVED
+CVE-2022-38332
+ RESERVED
+CVE-2022-38331
+ RESERVED
+CVE-2022-38330
+ RESERVED
+CVE-2022-38329
+ RESERVED
+CVE-2022-38328
+ RESERVED
+CVE-2022-38327
+ RESERVED
+CVE-2022-38326
+ RESERVED
+CVE-2022-38325
+ RESERVED
+CVE-2022-38324
+ RESERVED
+CVE-2022-38323
+ RESERVED
+CVE-2022-38322
+ RESERVED
+CVE-2022-38321
+ RESERVED
+CVE-2022-38320
+ RESERVED
+CVE-2022-38319
+ RESERVED
+CVE-2022-38318
+ RESERVED
+CVE-2022-38317
+ RESERVED
+CVE-2022-38316
+ RESERVED
+CVE-2022-38315
+ RESERVED
+CVE-2022-38314
+ RESERVED
+CVE-2022-38313
+ RESERVED
+CVE-2022-38312
+ RESERVED
+CVE-2022-38311
+ RESERVED
+CVE-2022-38310
+ RESERVED
+CVE-2022-38309
+ RESERVED
+CVE-2022-38308
+ RESERVED
+CVE-2022-38307
+ RESERVED
+CVE-2022-38306
+ RESERVED
+CVE-2022-36403
+ RESERVED
+CVE-2022-2825
+ RESERVED
+CVE-2022-2824 (Improper Access Control in GitHub repository openemr/openemr
prior to ...)
+ TODO: check
+CVE-2022-2823
+ RESERVED
+CVE-2022-2822 (An attacker can freely brute force username and password and
can takeo ...)
+ TODO: check
+CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository
namelessm ...)
+ TODO: check
+CVE-2022-2820 (Improper Access Control in GitHub repository
namelessmc/nameless prior ...)
+ TODO: check
+CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
+ TODO: check
+CVE-2022-2818 (Authentication Bypass by Primary Weakness in GitHub repository
cockpit ...)
+ TODO: check
CVE-2022-38305
RESERVED
CVE-2022-38304
@@ -3152,6 +3280,7 @@ CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager
Plus, OpManager MSP, Netw
NOT-FOR-US: Zoho ManageEngine
CVE-2022-2588
RESERVED
+ {DSA-5207-1}
- linux 5.18.16-1
NOTE:
https://lore.kernel.org/netdev/[email protected]/T/#u
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6
@@ -3159,11 +3288,13 @@ CVE-2022-2587 (Out of bounds write in Chrome OS Audio
Server in Google Chrome on
- chromium <not-affected> (Chrome on Chrome OS)
CVE-2022-2586
RESERVED
+ {DSA-5207-1}
- linux 5.18.16-1
NOTE:
https://lore.kernel.org/netfilter-devel/[email protected]/T/#t
NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/5
CVE-2022-2585
RESERVED
+ {DSA-5207-1}
- linux 5.18.16-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/#u
@@ -3426,6 +3557,7 @@ CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS
attack can occur. This
CVE-2022-36947
RESERVED
CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux
kernel th ...)
+ {DSA-5207-1}
- linux 5.18.16-1
NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
NOTE: Fixed by:
https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
@@ -3618,6 +3750,7 @@ CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and
earlier does not perform SS
CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850
allows ...)
NOT-FOR-US: Webmin module
CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14.
xfrm_expa ...)
+ {DSA-5207-1}
- linux 5.18.16-1
NOTE:
https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901
(v5.19-rc8)
CVE-2022-36878
@@ -4331,14 +4464,14 @@ CVE-2022-36528
RESERVED
CVE-2022-36527
RESERVED
-CVE-2022-36526
- RESERVED
-CVE-2022-36525
- RESERVED
-CVE-2022-36524
- RESERVED
-CVE-2022-36523
- RESERVED
+CVE-2022-36526 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 &
GO-RT-AC750_revB_FWv20 ...)
+ TODO: check
+CVE-2022-36525 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 &
GO-RT-AC750_revB_FWv20 ...)
+ TODO: check
+CVE-2022-36524 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 &
GO-RT-AC750_revB_FWv20 ...)
+ TODO: check
+CVE-2022-36523 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 &
GO-RT-AC750_revB_FWv20 ...)
+ TODO: check
CVE-2022-36522
RESERVED
CVE-2022-36521
@@ -4509,8 +4642,8 @@ CVE-2022-2537
RESERVED
CVE-2022-2536
RESERVED
-CVE-2022-2535
- RESERVED
+CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2
does not e ...)
+ TODO: check
CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-2533
@@ -5143,8 +5276,8 @@ CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4
and under there exists
NOT-FOR-US: Airspan AirSpot
CVE-2022-36263
RESERVED
-CVE-2022-36262
- RESERVED
+CVE-2022-36262 (An issue was discovered in taocms 3.0.2. in the website
settings that ...)
+ TODO: check
CVE-2022-36261
RESERVED
CVE-2022-36260
@@ -6607,23 +6740,23 @@ CVE-2022-35627
RESERVED
CVE-2022-2385 (A security issue was discovered in aws-iam-authenticator where
an allo ...)
NOT-FOR-US: Kubernetes aws-iam-authenticator
-CVE-2022-2384
- RESERVED
+CVE-2022-2384 (The Digital Publications by Supsystic WordPress plugin before
1.7.4 do ...)
+ TODO: check
CVE-2022-2383
RESERVED
CVE-2022-2382
RESERVED
-CVE-2022-2381
- RESERVED
+CVE-2022-2381 (The E Unlocked - Student Result WordPress plugin through 1.0.4
is lack ...)
+ TODO: check
CVE-2022-2380 (The Linux kernel was found vulnerable out of bounds memory
access in t ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
NOTE:
https://git.kernel.org/linus/bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 (5.18-rc1)
-CVE-2022-2379
- RESERVED
-CVE-2022-2378
- RESERVED
+CVE-2022-2379 (The Easy Student Results WordPress plugin through 2.2.8 lacks
authoris ...)
+ TODO: check
+CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does
not sanit ...)
+ TODO: check
CVE-2022-2377
RESERVED
CVE-2022-2376
@@ -6650,10 +6783,10 @@ CVE-2022-35626
RESERVED
CVE-2022-35625
RESERVED
-CVE-2022-35624
- RESERVED
-CVE-2022-35623
- RESERVED
+CVE-2022-35624 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability
can be ...)
+ TODO: check
+CVE-2022-35623 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability
can be ...)
+ TODO: check
CVE-2022-35622
RESERVED
CVE-2022-35621
@@ -7104,8 +7237,8 @@ CVE-2022-2356 (The Frontend File Manager & Sharing
WordPress plugin before 1
NOT-FOR-US: WordPress plugin
CVE-2022-2355 (The Easy Username Updater WordPress plugin before 1.0.5 does
not imple ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2354
- RESERVED
+CVE-2022-2354 (The WP-DBManager WordPress plugin before 2.80.8 does not
prevent admin ...)
+ TODO: check
CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an
unpickle ...)
NOT-FOR-US: rpc.py
CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows
../ dir ...)
@@ -7607,8 +7740,8 @@ CVE-2022-2316 (HTML injection vulnerability in secure
messages of Devolutions Se
NOT-FOR-US: Devolutions Server
CVE-2022-2315
RESERVED
-CVE-2022-2314
- RESERVED
+CVE-2022-2314 (The VR Calendar WordPress plugin through 2.2.2 lets any user
execute a ...)
+ TODO: check
CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for
Windows pr ...)
NOT-FOR-US: MA Smart Installer for Windows
CVE-2022-2312
@@ -10089,8 +10222,7 @@ CVE-2022-34296 (In Zalando Skipper before 0.13.218, a
query predicate could be b
NOT-FOR-US: Zalando Skipper
CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs. ...)
NOT-FOR-US: totd
-CVE-2022-34294
- RESERVED
+CVE-2022-34294 (totd 1.5.3 uses a fixed UDP source port in upstream queries
sent to DN ...)
NOT-FOR-US: totd
CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial
of serv ...)
- wolfssl <unfixed> (bug #1016981)
@@ -10139,8 +10271,8 @@ CVE-2022-34272 (A vulnerability has been identified in
PADS Standard/Plus Viewer
NOT-FOR-US: Siemens
CVE-2022-34271
RESERVED
-CVE-2022-2180
- RESERVED
+CVE-2022-2180 (The GREYD.SUITE WordPress theme does not properly validate
uploaded cu ...)
+ TODO: check
CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix
1100/1400 ...)
NOT-FOR-US: Rockwell
CVE-2022-2178
@@ -10455,8 +10587,8 @@ CVE-2022-2153
NOTE:
https://git.kernel.org/linus/7ec37d1cbe17d8189d9562178d8b29167fe1c31a (5.18-rc1)
NOTE:
https://git.kernel.org/linus/00b5f37189d24ac3ed46cb7f11742094778c46ce (5.18-rc1)
NOTE:
https://git.kernel.org/linus/b1e34d325397a33d97d845e312d7cf2a8b646b44 (5.18-rc1)
-CVE-2022-2152
- RESERVED
+CVE-2022-2152 (The Duplicate Page and Post Plugin WordPress plugin through 2.7
does n ...)
+ TODO: check
CVE-2022-2151 (The Best Contact Management Software WordPress plugin through
3.7.3 do ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2150
@@ -10860,23 +10992,17 @@ CVE-2017-20083 (A vulnerability, which was classified
as critical, was found in
NOT-FOR-US: JUNG Smart Visu Server
CVE-2017-20082 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: JUNG Smart Visu Server
-CVE-2022-33993
- RESERVED
+CVE-2022-33993 (Misinterpretation of special domain name characters in DNRD
(aka Domai ...)
NOT-FOR-US: dnrd
-CVE-2022-33992
- RESERVED
+CVE-2022-33992 (DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches
DNS que ...)
NOT-FOR-US: dnrd
-CVE-2022-33991
- RESERVED
+CVE-2022-33991 (dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS
queries with ...)
NOT-FOR-US: dproxy
-CVE-2022-33990
- RESERVED
+CVE-2022-33990 (Misinterpretation of special domain name characters in
dproxy-nexgen ( ...)
NOT-FOR-US: dproxy
-CVE-2022-33989
- RESERVED
+CVE-2022-33989 (dproxy-nexgen (aka dproxy nexgen) uses a static UDP source
port (selec ...)
NOT-FOR-US: dproxy
-CVE-2022-33988
- RESERVED
+CVE-2022-33988 (dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction
id (TXID ...)
NOT-FOR-US: dproxy
CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for
Node.js allow ...)
- node-got 11.8.3+~cs58.7.37-3 (bug #1013264)
@@ -11227,8 +11353,8 @@ CVE-2022-33917 (An issue was discovered in the Arm Mali
GPU Kernel Driver (Valha
NOT-FOR-US: ARM Mali
CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive
Information ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2116
- RESERVED
+CVE-2022-2116 (The Contact Form DB WordPress plugin before 1.8.0 does not
sanitise an ...)
+ TODO: check
CVE-2022-2115 (The Popup Anything WordPress plugin before 2.1.7 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2114 (The Data Tables Generator by Supsystic WordPress plugin before
1.10.20 ...)
@@ -20367,6 +20493,7 @@ CVE-2022-26374
RESERVED
CVE-2022-26373 [Post-Barrier Return Stack Buffer Predictions (PBRSB)]
RESERVED
+ {DSA-5207-1}
- linux 5.18.16-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html
NOTE:
https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3
@@ -22230,12 +22357,13 @@ CVE-2022-29902
CVE-2022-1526 (A vulnerability, which was classified as problematic, was found
in Eml ...)
NOT-FOR-US: Emlog Pro
CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new
Spectre ...)
+ {DSA-5207-1}
- linux 5.18.14-1
NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
CVE-2022-29900 (Mis-trained branch predictions for return instructions may
allow arbit ...)
- {DSA-5184-1}
+ {DSA-5207-1 DSA-5184-1}
- linux 5.18.14-1
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
@@ -24705,7 +24833,7 @@ CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt
affecting all versions start
NOTE: https://gitlab.com/muttmua/mutt/-/issues/404
NOTE:
https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
NOTE:
https://gitlab.com/neomutt/neomutt/-/commit/ee7cb4e461c1cdf0ac14817b03687d5908b85f84
-CVE-2022-1327 (The Image Gallery - Grid Gallery WordPress plugin through 1.1.1
does n ...)
+CVE-2022-1327 (The Image Gallery WordPress plugin before 1.1.6 does not
sanitize and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not
saniti ...)
NOT-FOR-US: WordPress plugin
@@ -25809,7 +25937,7 @@ CVE-2022-1272
RESERVED
CVE-2022-1270
RESERVED
-CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.11 does not sanitise
and esc ...)
+CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.12 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
@@ -36090,7 +36218,7 @@ CVE-2022-0600 (The Conference Scheduler WordPress
plugin before 2.4.3 does not s
NOT-FOR-US: WordPress plugin
CVE-2022-0599 (The Mapping Multiple URLs Redirect Same Page WordPress plugin
through ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0598 (The Login with phone number WordPress plugin through 1.3.7 do
not sani ...)
+CVE-2022-0598 (The Login with phone number WordPress plugin before 1.3.8 does
not san ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to
1.2.11. ...)
NOT-FOR-US: microweber
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/008b11d9041ed26ba886a029ec34a080900dd54c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/008b11d9041ed26ba886a029ec34a080900dd54c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
