Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5fe68d3 by security tracker role at 2022-09-23T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2022-41336
+ RESERVED
+CVE-2022-41335
+ RESERVED
+CVE-2022-41334
+ RESERVED
+CVE-2022-41333
+ RESERVED
+CVE-2022-41332
+ RESERVED
+CVE-2022-41331
+ RESERVED
+CVE-2022-41330
+ RESERVED
+CVE-2022-41329
+ RESERVED
+CVE-2022-41328
+ RESERVED
+CVE-2022-41327
+ RESERVED
+CVE-2022-3291
+ RESERVED
+CVE-2022-3290
+ RESERVED
+CVE-2022-3289
+ RESERVED
+CVE-2022-3288
+ RESERVED
+CVE-2022-3287
+ RESERVED
+CVE-2022-3286
+ RESERVED
+CVE-2022-3285
+ RESERVED
+CVE-2022-3284
+ RESERVED
+CVE-2022-3283
+ RESERVED
+CVE-2022-3282
+ RESERVED
CVE-2022-41326
RESERVED
CVE-2022-41325
@@ -42,8 +82,8 @@ CVE-2022-3271
RESERVED
CVE-2022-3270
RESERVED
-CVE-2022-3269
- RESERVED
+CVE-2022-3269 (Session Fixation in GitHub repository ikus060/rdiffweb prior to
2.4.7. ...)
+ TODO: check
CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca
prior ...)
NOT-FOR-US: minarca
CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository
ikus060/rdiffwe ...)
@@ -198,8 +238,8 @@ CVE-2022-41221
RESERVED
CVE-2022-40224
RESERVED
-CVE-2022-3263
- RESERVED
+CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version
6.7 has ...)
+ TODO: check
CVE-2022-3262
RESERVED
NOT-FOR-US: OpenShift
@@ -211,8 +251,8 @@ CVE-2022-3259
RESERVED
CVE-2022-3258
RESERVED
-CVE-2022-3257
- RESERVED
+CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently
process a s ...)
+ TODO: check
CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530.
...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3
@@ -797,8 +837,8 @@ CVE-2022-40985
RESERVED
CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend
Micro M ...)
NOT-FOR-US: Trend Micro
-CVE-2022-40979
- RESERVED
+CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables
of "pas ...)
+ TODO: check
CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was
vulnerabl ...)
NOT-FOR-US: installer of JetBrains IntelliJ IDEA
CVE-2022-40977
@@ -809,6 +849,7 @@ CVE-2022-40969
RESERVED
CVE-2022-40962
RESERVED
+ {DSA-5237-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -821,6 +862,7 @@ CVE-2022-40961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961
CVE-2022-40960
RESERVED
+ {DSA-5237-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -829,6 +871,7 @@ CVE-2022-40960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960
CVE-2022-40959
RESERVED
+ {DSA-5237-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -837,6 +880,7 @@ CVE-2022-40959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959
CVE-2022-40958
RESERVED
+ {DSA-5237-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -845,6 +889,7 @@ CVE-2022-40958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958
CVE-2022-40957
RESERVED
+ {DSA-5237-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -853,6 +898,7 @@ CVE-2022-40957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957
CVE-2022-40956
RESERVED
+ {DSA-5237-1}
- firefox 105.0-1
- firefox-esr 102.3.0esr-1
- thunderbird 1:102.3.0-1
@@ -1056,26 +1102,26 @@ CVE-2022-40871
RESERVED
CVE-2022-40870
RESERVED
-CVE-2022-40869
- RESERVED
-CVE-2022-40868
- RESERVED
-CVE-2022-40867
- RESERVED
-CVE-2022-40866
- RESERVED
-CVE-2022-40865
- RESERVED
-CVE-2022-40864
- RESERVED
+CVE-2022-40869 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack
overflow vulner ...)
+ TODO: check
+CVE-2022-40868 (Tenda W20E router V15.11.0.6
(US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...)
+ TODO: check
+CVE-2022-40867 (Tenda W20E router V15.11.0.6
(US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...)
+ TODO: check
+CVE-2022-40866 (Tenda W20E router V15.11.0.6
(US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...)
+ TODO: check
+CVE-2022-40865 (Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow
vulnera ...)
+ TODO: check
+CVE-2022-40864 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack
overflow vulner ...)
+ TODO: check
CVE-2022-40863
RESERVED
-CVE-2022-40862
- RESERVED
-CVE-2022-40861
- RESERVED
-CVE-2022-40860
- RESERVED
+CVE-2022-40862 (Tenda AC15 and AC18 router V15.03.05.19 contains stack
overflow vulner ...)
+ TODO: check
+CVE-2022-40861 (Tenda AC18 router V15.03.05.19 contains a stack overflow
vulnerability ...)
+ TODO: check
+CVE-2022-40860 (Tenda AC15 router V15.03.05.19 contains a stack overflow
vulnerability ...)
+ TODO: check
CVE-2022-40859
RESERVED
CVE-2022-40858
@@ -1084,16 +1130,16 @@ CVE-2022-40857
RESERVED
CVE-2022-40856
RESERVED
-CVE-2022-40855
- RESERVED
-CVE-2022-40854
- RESERVED
-CVE-2022-40853
- RESERVED
+CVE-2022-40855 (Tenda W20E router V15.11.0.6 contains a stack overflow in the
function ...)
+ TODO: check
+CVE-2022-40854 (Tenda AC18 router contained a stack overflow vulnerability in
/goform/ ...)
+ TODO: check
+CVE-2022-40853 (Tenda AC15 router V15.03.05.19 contains a stack overflow via
the list ...)
+ TODO: check
CVE-2022-40852
RESERVED
-CVE-2022-40851
- RESERVED
+CVE-2022-40851 (Tenda AC15 V15.03.05.19 contained a stack overflow via the
function fr ...)
+ TODO: check
CVE-2022-40850
RESERVED
CVE-2022-40849
@@ -1269,8 +1315,8 @@ CVE-2022-40765
RESERVED
CVE-2022-40764
RESERVED
-CVE-2022-3236
- RESERVED
+CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin
allows ...)
+ TODO: check
CVE-2022-40763
RESERVED
CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490.
...)
@@ -1310,8 +1356,8 @@ CVE-2022-40750
RESERVED
CVE-2022-40749
RESERVED
-CVE-2022-40748
- RESERVED
+CVE-2022-40748 (IBM InfoSphere Information Server 11.7 is vulnerable to
cross-site scr ...)
+ TODO: check
CVE-2022-40747
RESERVED
CVE-2022-40746
@@ -1405,8 +1451,8 @@ CVE-2022-40718
RESERVED
CVE-2022-40717
RESERVED
-CVE-2022-40716
- RESERVED
+CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4,
and 1.13. ...)
+ TODO: check
CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute
Path Trave ...)
NOT-FOR-US: NOKIA
CVE-2022-40714 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS
exists u ...)
@@ -1463,34 +1509,34 @@ CVE-2022-40676
RESERVED
CVE-2022-40675
RESERVED
-CVE-2022-40672
- RESERVED
-CVE-2022-40671
- RESERVED
+CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
+CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my
Post – ...)
+ TODO: check
CVE-2022-40632
RESERVED
CVE-2022-40312
RESERVED
-CVE-2022-40310
- RESERVED
+CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in
Rate my Po ...)
+ TODO: check
CVE-2022-40223
RESERVED
CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex
FavIcon Swit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload
vulnerability in Xpl ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40215
- RESERVED
-CVE-2022-40213
- RESERVED
+CVE-2022-40215 (Multiple Authenticated Stored Cross-Site Scripting (XSS)
vulnerabiliti ...)
+ TODO: check
+CVE-2022-40213 (Multiple Authenticated (contributor+) Stored Cross-Site
Scripting (XSS ...)
+ TODO: check
CVE-2022-40211
RESERVED
CVE-2022-40206
RESERVED
CVE-2022-40205
RESERVED
-CVE-2022-40193
- RESERVED
+CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability in Awe ...)
+ TODO: check
CVE-2022-40131
RESERVED
CVE-2022-38974
@@ -1499,24 +1545,24 @@ CVE-2022-38468
RESERVED
CVE-2022-38461
RESERVED
-CVE-2022-38454
- RESERVED
+CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io
Image Opt ...)
+ TODO: check
CVE-2022-38104
RESERVED
-CVE-2022-38079
- RESERVED
+CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup
Scheduler plugi ...)
+ TODO: check
CVE-2022-38074
RESERVED
CVE-2022-38073 (Multiple Authenticated (custom specific plugin role)
Persistent Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36424
RESERVED
-CVE-2022-36417
- RESERVED
+CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site
Request Forg ...)
+ TODO: check
CVE-2022-36404
RESERVED
-CVE-2022-35238
- RESERVED
+CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in
Awesome Filter ...)
+ TODO: check
CVE-2022-33978
RESERVED
CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and
classifi ...)
@@ -1698,12 +1744,12 @@ CVE-2022-3194
CVE-2022-3193
RESERVED
NOT-FOR-US: ovirt-engine
-CVE-2022-40630
- RESERVED
-CVE-2022-40629
- RESERVED
-CVE-2022-40628
- RESERVED
+CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions
of EN6200 ...)
+ TODO: check
+CVE-2022-40629 (This vulnerability exists in Tacitine Firewall, all versions
of EN6200 ...)
+ TODO: check
+CVE-2022-40628 (This vulnerability exists in Tacitine Firewall, all versions
of EN6200 ...)
+ TODO: check
CVE-2022-40627
RESERVED
CVE-2022-40626 (An unauthenticated user can create a link with reflected
Javascript co ...)
@@ -2293,10 +2339,10 @@ CVE-2022-40361
RESERVED
CVE-2022-40360
RESERVED
-CVE-2022-40359
- RESERVED
-CVE-2022-40358
- RESERVED
+CVE-2022-40359 (Cross site scripting (XSS) vulnerability in kfm through 1.4.7
via craf ...)
+ TODO: check
+CVE-2022-40358 (An issue was discovered in AjaXplorer 4.2.3, allows attackers
to cause ...)
+ TODO: check
CVE-2022-40357 (A security issue was discovered in Z-BlogPHP <= 1.7.2. A
Server-Sid ...)
NOT-FOR-US: Z-BlogPHP
CVE-2022-40356
@@ -2608,26 +2654,26 @@ CVE-2022-40198
RESERVED
CVE-2022-40197
RESERVED
-CVE-2022-40195
- RESERVED
-CVE-2022-40194
- RESERVED
+CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
+CVE-2022-40194 (Unauthenticated Sensitive Information Disclosure vulnerability
in Cust ...)
+ TODO: check
CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS)
vulnerab ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40189
RESERVED
-CVE-2022-40132
- RESERVED
+CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously
Simple Po ...)
+ TODO: check
CVE-2022-38976
RESERVED
-CVE-2022-38704
- RESERVED
-CVE-2022-38703
- RESERVED
-CVE-2022-38470
- RESERVED
-CVE-2022-38460
- RESERVED
+CVE-2022-38704 (Cross-Site Request Forgery (CSRF) vulnerability in SEO
Redirection plu ...)
+ TODO: check
+CVE-2022-38703 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
+CVE-2022-38470 (Cross-Site Request Forgery (CSRF) vulnerability in Customer
Reviews fo ...)
+ TODO: check
+CVE-2022-38460 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
+ TODO: check
CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors
Team wpFor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38140
@@ -2638,28 +2684,28 @@ CVE-2022-38137
RESERVED
CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's
Photospace Galler ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38134
- RESERVED
+CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control
vulnerability in Cus ...)
+ TODO: check
CVE-2022-38098
RESERVED
-CVE-2022-38095
- RESERVED
+CVE-2022-38095 (Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus
Advanced ...)
+ TODO: check
CVE-2022-38086
RESERVED
-CVE-2022-38085
- RESERVED
+CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more
By Adam p ...)
+ TODO: check
CVE-2022-38077
RESERVED
-CVE-2022-37342
- RESERVED
+CVE-2022-37342 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2022-36790
RESERVED
-CVE-2022-36388
- RESERVED
+CVE-2022-36388 (Cross-Site Request Forgery (CSRF) vulnerability in YDS Support
Ticket ...)
+ TODO: check
CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36340
- RESERVED
+CVE-2022-36340 (Unauthenticated Optin Campaign Cache Deletion vulnerability in
MailOpt ...)
+ TODO: check
CVE-2022-36299
RESERVED
CVE-2022-36295
@@ -2674,8 +2720,7 @@ CVE-2022-3164
RESERVED
CVE-2022-3163
RESERVED
-CVE-2022-40188
- RESERVED
+CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote attackers to cause a
denial o ...)
- knot-resolver 5.5.3-1
[bullseye] - knot-resolver <no-dsa> (Minor issue)
NOTE:
https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185
(v5.5.3)
@@ -2846,8 +2891,8 @@ CVE-2022-3146
NOT-FOR-US: tripleo-ansible
CVE-2022-3145
RESERVED
-CVE-2022-3144
- RESERVED
+CVE-2022-3144 (The Wordfence Security – Firewall & Malware Scan
plugin for ...)
+ TODO: check
CVE-2022-3143
RESERVED
NOT-FOR-US: WildFly Elytron
@@ -2915,22 +2960,22 @@ CVE-2022-40109 (TOTOLINK A3002R
TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vuln
NOT-FOR-US: TOTOLINK
CVE-2022-40108
RESERVED
-CVE-2022-40107
- RESERVED
-CVE-2022-40106
- RESERVED
-CVE-2022-40105
- RESERVED
-CVE-2022-40104
- RESERVED
-CVE-2022-40103
- RESERVED
-CVE-2022-40102
- RESERVED
-CVE-2022-40101
- RESERVED
-CVE-2022-40100
- RESERVED
+CVE-2022-40107 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-40106 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-40105 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-40104 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-40103 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-40102 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-40101 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer
overflow vi ...)
+ TODO: check
+CVE-2022-40100 (Tenda i9 v1.0.0.8(3828) was discovered to contain a command
injection ...)
+ TODO: check
CVE-2022-40099
RESERVED
CVE-2022-40098
@@ -2943,12 +2988,12 @@ CVE-2022-40095
RESERVED
CVE-2022-40094
RESERVED
-CVE-2022-40093
- RESERVED
-CVE-2022-40092
- RESERVED
-CVE-2022-40091
- RESERVED
+CVE-2022-40093 (Online Tours & Travels Management System v1.0 was
discovered to co ...)
+ TODO: check
+CVE-2022-40092 (Online Tours & Travels Management System v1.0 was
discovered to co ...)
+ TODO: check
+CVE-2022-40091 (Online Tours & Travels Management System v1.0 was
discovered to co ...)
+ TODO: check
CVE-2022-40090
RESERVED
CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College
Website ...)
@@ -4762,10 +4807,10 @@ CVE-2022-39241
RESERVED
CVE-2022-39240
RESERVED
-CVE-2022-39239
- RESERVED
-CVE-2022-39238
- RESERVED
+CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify
using ipx. ...)
+ TODO: check
+CVE-2022-39238 (Arvados is an open source platform for managing and analyzing
biomedic ...)
+ TODO: check
CVE-2022-39237
RESERVED
CVE-2022-39236
@@ -4778,10 +4823,10 @@ CVE-2022-39233
RESERVED
CVE-2022-39232
RESERVED
-CVE-2022-39231
- RESERVED
-CVE-2022-39230
- RESERVED
+CVE-2022-39231 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the
authorizatio ...)
+ TODO: check
CVE-2022-39229
RESERVED
CVE-2022-39228
@@ -5615,8 +5660,8 @@ CVE-2022-38938
RESERVED
CVE-2022-38937
RESERVED
-CVE-2022-38936
- RESERVED
+CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue
detecte ...)
+ TODO: check
CVE-2022-38935
RESERVED
CVE-2022-38934
@@ -6223,8 +6268,8 @@ CVE-2022-38744
RESERVED
CVE-2022-38743
RESERVED
-CVE-2022-38742
- RESERVED
+CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 -
13.0.0 is ...)
+ TODO: check
CVE-2022-38741
RESERVED
CVE-2022-38740
@@ -6346,14 +6391,14 @@ CVE-2022-35273 (OS command injection vulnerability in
GUI setting page of Centre
NOT-FOR-US: CentreCOM AR260S
CVE-2022-34869 (Undocumented hidden command that can be executed from the
telnet funct ...)
NOT-FOR-US: CentreCOM AR260S
-CVE-2022-2973
- RESERVED
-CVE-2022-2972
- RESERVED
-CVE-2022-2971
- RESERVED
-CVE-2022-2970
- RESERVED
+CVE-2022-2973 (MZ Automation's libIEC61850 (versions 1.4 and prior; version
1.5 prior ...)
+ TODO: check
+CVE-2022-2972 (MZ Automation's libIEC61850 (versions 1.4 and prior; version
1.5 prior ...)
+ TODO: check
+CVE-2022-2971 (MZ Automation's libIEC61850 (versions 1.4 and prior; version
1.5 prior ...)
+ TODO: check
+CVE-2022-2970 (MZ Automation's libIEC61850 (versions 1.4 and prior; version
1.5 prior ...)
+ TODO: check
CVE-2022-2969
RESERVED
CVE-2022-2968
@@ -6549,8 +6594,8 @@ CVE-2022-2938 (A flaw was found in the Linux kernel's
implementation of Pressure
[bullseye] - linux 5.10.103-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a06247c6804f1a7c86a2e5398a4c1f1db1471848 (5.17-rc2)
-CVE-2022-2937
- RESERVED
+CVE-2022-2937 (The Image Hover Effects Ultimate plugin for WordPress is
vulnerable to ...)
+ TODO: check
CVE-2022-2936 (The Image Hover Effects Ultimate plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress
CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is
vulnerable to ...)
@@ -7106,10 +7151,10 @@ CVE-2022-38441
RESERVED
CVE-2022-38440
RESERVED
-CVE-2022-38439
- RESERVED
-CVE-2022-38438
- RESERVED
+CVE-2022-38439 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
+ TODO: check
+CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is
affected b ...)
+ TODO: check
CVE-2022-38437
RESERVED
CVE-2022-38436
@@ -7587,13 +7632,13 @@ CVE-2022-38344
RESERVED
CVE-2022-38343
RESERVED
-CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered
to conta ...)
+CVE-2022-38342 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was
discover ...)
NOT-FOR-US: Safe Software FME Server
-CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ
server- ...)
+CVE-2022-38341 (Safe Software FME Server v2021.2.5 and below does not employ
server-si ...)
NOT-FOR-US: Safe Software FME Server
-CVE-2022-38340 (Safe Software FME Server v2022.0.1.1 and below was discovered
to conta ...)
+CVE-2022-38340 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was
discover ...)
NOT-FOR-US: Safe Software FME Server
-CVE-2022-38339 (Safe Software FME Server v2022.0.1.1 and below contains a
cross-site s ...)
+CVE-2022-38339 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below
contains a c ...)
NOT-FOR-US: Safe Software FME Server
CVE-2022-38338
RESERVED
@@ -8046,8 +8091,8 @@ CVE-2022-38082
RESERVED
CVE-2022-2786
RESERVED
-CVE-2022-2785
- RESERVED
+CVE-2022-2785 (There exists an arbitrary memory read within the Linux Kernel
BPF - Co ...)
+ TODO: check
CVE-2022-2784
RESERVED
CVE-2022-2783
@@ -8290,8 +8335,8 @@ CVE-2022-38067 (Unauthenticated Event Deletion
vulnerability in Totalsoft Event
NOT-FOR-US: WordPress plugin
CVE-2022-38062
RESERVED
-CVE-2022-38061
- RESERVED
+CVE-2022-38061 (Authenticated (author+) CSV Injection vulnerability in Export
Post Inf ...)
+ TODO: check
CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey
Trofimov's A ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38058 (Authenticated (subscriber+) Plugin Setting change
vulnerability in WP ...)
@@ -8314,24 +8359,24 @@ CVE-2022-37402
RESERVED
CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts
Accommodation Syste ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-37339
- RESERVED
-CVE-2022-37338
- RESERVED
+CVE-2022-37339 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
+ TODO: check
+CVE-2022-37338 (Multiple Authenticated (contributor+) Stored Cross-Site
Scripting (XSS ...)
+ TODO: check
CVE-2022-37335 (Authenticated (author+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-37330
- RESERVED
-CVE-2022-37328
- RESERVED
-CVE-2022-36798
- RESERVED
+CVE-2022-37330 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
+ TODO: check
+CVE-2022-37328 (Authenticated (author+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
+ TODO: check
+CVE-2022-36798 (Cross-Site Request Forgery (CSRF) vulnerability in
Topdigitaltrends Me ...)
+ TODO: check
CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion
vulnerabili ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36791
- RESERVED
+CVE-2022-36791 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS)
vulnera ...)
+ TODO: check
CVE-2022-36428
RESERVED
CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc.
About Rent ...)
@@ -11077,8 +11122,7 @@ CVE-2022-2568 (A privilege escalation flaw was found in
the Ansible Automation P
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2566
- RESERVED
+CVE-2022-2566 (A heap out-of-bounds memory write exists in FFMPEG since
version 5.1. ...)
- ffmpeg 7:5.1.1-1
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it lands in
4.3.x)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833
@@ -11220,8 +11264,8 @@ CVE-2022-36946 (nfqnl_mangle in
net/netfilter/nfnetlink_queue.c in the Linux ker
NOTE: Fixed by:
https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
CVE-2022-36945 (The Remote Keyless Entry (RKE) receiving unit on certain Mazda
vehicle ...)
NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Mazda vehicles
-CVE-2022-36944
- RESERVED
+CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java deserialization chain in
its JAR ...)
+ TODO: check
CVE-2022-36797
RESERVED
CVE-2022-36794
@@ -12626,8 +12670,8 @@ CVE-2022-36359 (An issue was discovered in the HTTP
FileResponse class in Django
NOTE: Introduced by:
https://github.com/django/django/commit/a177f854c34718e473bcd0a2dc6c4fd935c8e327
CVE-2022-36342
RESERVED
-CVE-2022-36338
- RESERVED
+CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
+ TODO: check
CVE-2022-36337
RESERVED
CVE-2022-36336 (A link following vulnerability in the scanning function of
Trend Micro ...)
@@ -13840,8 +13884,8 @@ CVE-2022-35895 (An issue was discovered in Insyde
InsydeH2O with kernel 5.0 thro
NOT-FOR-US: Insyde
CVE-2022-35894 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
NOT-FOR-US: Insyde
-CVE-2022-35893
- RESERVED
+CVE-2022-35893 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
+ TODO: check
CVE-2022-35892
RESERVED
CVE-2022-35891
@@ -14279,8 +14323,8 @@ CVE-2022-35723
RESERVED
CVE-2022-35722
RESERVED
-CVE-2022-35721
- RESERVED
+CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored
cross-si ...)
+ TODO: check
CVE-2022-35720
RESERVED
CVE-2022-35719
@@ -15187,8 +15231,7 @@ CVE-2022-2349
RESERVED
CVE-2022-2348
RESERVED
-CVE-2022-2347 [Unchecked Download Size and Direction in U-Boot USB DFU]
- RESERVED
+CVE-2022-2347 (There exists an unchecked length field in UBoot. The U-Boot DFU
implem ...)
- u-boot <unfixed> (bug #1014959)
[bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <no-dsa> (Minor issue)
@@ -15522,8 +15565,8 @@ CVE-2022-35259
RESERVED
CVE-2022-35258
RESERVED
-CVE-2022-35257
- RESERVED
+CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for
Windows ( ...)
+ TODO: check
CVE-2022-35256 [HTTP Request Smuggling Due to Incorrect Parsing of Header
Fields]
RESERVED
- nodejs <unfixed>
@@ -15535,28 +15578,27 @@ CVE-2022-35255 [Weak randomness in WebCrypto keygen]
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#weak-randomness-in-webcrypto-keygen-high-cve-2022-35255
CVE-2022-35254
RESERVED
-CVE-2022-35253
- RESERVED
-CVE-2022-35252
- RESERVED
+CVE-2022-35253 (A vulnerability exists in Hyperledger Fabric <2.4 could
allow an at ...)
+ TODO: check
+CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S)
server, ...)
- curl 7.85.0-1 (bug #1018831)
[bullseye] - curl 7.74.0-1.3+deb11u3
NOTE: https://curl.se/docs/CVE-2022-35252.html
NOTE: Fixed by:
https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb0ed786592c65c3
(curl-7_85_0)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/31/2
NOTE:
https://daniel.haxx.se/blog/2022/09/05/a-bug-that-was-23-years-old-or-not/
-CVE-2022-35251
- RESERVED
-CVE-2022-35250
- RESERVED
-CVE-2022-35249
- RESERVED
-CVE-2022-35248
- RESERVED
-CVE-2022-35247
- RESERVED
-CVE-2022-35246
- RESERVED
+CVE-2022-35251 (A cross-site scripting vulnerability exists in Rocket.chat
<v5 due ...)
+ TODO: check
+CVE-2022-35250 (A privilege escalation vulnerability exists in Rocket.chat
<v5 whic ...)
+ TODO: check
+CVE-2022-35249 (A information disclosure vulnerability exists in Rocket.Chat
<v5 wh ...)
+ TODO: check
+CVE-2022-35248 (A improper authentication vulnerability exists in Rocket.Chat
<v5, ...)
+ TODO: check
+CVE-2022-35247 (A information disclosure vulnerability exists in Rocket.chat
<v5, & ...)
+ TODO: check
+CVE-2022-35246 (A NoSQL-Injection information disclosure vulnerability
vulnerability e ...)
+ TODO: check
CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive
for Box ve ...)
NOT-FOR-US: Passage Drive
CVE-2022-32765
@@ -15927,24 +15969,24 @@ CVE-2022-35101 (SWFTools commit 772e55a2 was
discovered to contain a segmentatio
CVE-2022-35100 (SWFTools commit 772e55a2 was discovered to contain a
segmentation viol ...)
- swftools <removed>
NOTE: https://github.com/matthiaskramm/swftools/issues/182
-CVE-2022-35099
- RESERVED
-CVE-2022-35098
- RESERVED
-CVE-2022-35097
- RESERVED
-CVE-2022-35096
- RESERVED
-CVE-2022-35095
- RESERVED
-CVE-2022-35094
- RESERVED
-CVE-2022-35093
- RESERVED
-CVE-2022-35092
- RESERVED
-CVE-2022-35091
- RESERVED
+CVE-2022-35099 (SWFTools commit 772e55a2 was discovered to contain a stack
overflow vi ...)
+ TODO: check
+CVE-2022-35098 (SWFTools commit 772e55a2 was discovered to contain a
heap-buffer overf ...)
+ TODO: check
+CVE-2022-35097 (SWFTools commit 772e55a2 was discovered to contain a
segmentation viol ...)
+ TODO: check
+CVE-2022-35096 (SWFTools commit 772e55a2 was discovered to contain a
heap-buffer overf ...)
+ TODO: check
+CVE-2022-35095 (SWFTools commit 772e55a2 was discovered to contain a
segmentation viol ...)
+ TODO: check
+CVE-2022-35094 (SWFTools commit 772e55a2 was discovered to contain a
heap-buffer overf ...)
+ TODO: check
+CVE-2022-35093 (SWFTools commit 772e55a2 was discovered to contain a global
buffer ove ...)
+ TODO: check
+CVE-2022-35092 (SWFTools commit 772e55a2 was discovered to contain a
segmentation viol ...)
+ TODO: check
+CVE-2022-35091 (SWFTools commit 772e55a2 was discovered to contain a floating
point ex ...)
+ TODO: check
CVE-2022-35090 (SWFTools commit 772e55a2 was discovered to contain a
heap-buffer overf ...)
- swftools <removed>
NOTE: https://github.com/matthiaskramm/swftools/issues/181
@@ -18111,8 +18153,8 @@ CVE-2022-34350
RESERVED
CVE-2022-34349
RESERVED
-CVE-2022-34348
- RESERVED
+CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to
an XML Ex ...)
+ TODO: check
CVE-2022-2190
RESERVED
CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not
escape th ...)
@@ -20000,14 +20042,11 @@ CVE-2022-33685 (Unprotected dynamic receiver in
Wearable Manager Service prior t
NOT-FOR-US: Samsung
CVE-2022-33684
RESERVED
-CVE-2022-33683
- RESERVED
+CVE-2022-33683 (Apache Pulsar Brokers and Proxies create an internal Pulsar
Admin Clie ...)
NOT-FOR-US: Apache Pulsar
-CVE-2022-33682
- RESERVED
+CVE-2022-33682 (TLS hostname verification cannot be enabled in the Pulsar
Broker's Jav ...)
NOT-FOR-US: Apache Pulsar
-CVE-2022-33681
- RESERVED
+CVE-2022-33681 (Delayed TLS hostname verification in the Pulsar Java Client
and the Pu ...)
NOT-FOR-US: Apache Pulsar
CVE-2022-33680 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability. ...)
NOT-FOR-US: Microsoft
@@ -21485,8 +21524,8 @@ CVE-2022-2072 (The Name Directory WordPress plugin
before 1.25.3 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have
CSRF c ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2070
- RESERVED
+CVE-2022-2070 (In Grandstream GSD3710 in its 1.0.11.13 version, it's possible
to over ...)
+ TODO: check
CVE-2022-2069
RESERVED
CVE-2022-2068 (In addition to the c_rehash shell command injection identified
in CVE- ...)
@@ -21860,32 +21899,32 @@ CVE-2022-32855
RESERVED
CVE-2022-32854 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2022-32853
- RESERVED
-CVE-2022-32852
- RESERVED
-CVE-2022-32851
- RESERVED
+CVE-2022-32853 (An out-of-bounds read issue was addressed with improved input
validati ...)
+ TODO: check
+CVE-2022-32852 (An out-of-bounds read issue was addressed with improved input
validati ...)
+ TODO: check
+CVE-2022-32851 (An out-of-bounds read issue was addressed with improved input
validati ...)
+ TODO: check
CVE-2022-32850
RESERVED
-CVE-2022-32849
- RESERVED
-CVE-2022-32848
- RESERVED
-CVE-2022-32847
- RESERVED
+CVE-2022-32849 (An information disclosure issue was addressed by removing the
vulnerab ...)
+ TODO: check
+CVE-2022-32848 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2022-32847 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2022-32846
RESERVED
-CVE-2022-32845
- RESERVED
+CVE-2022-32845 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
CVE-2022-32844
RESERVED
-CVE-2022-32843
- RESERVED
-CVE-2022-32842
- RESERVED
-CVE-2022-32841
- RESERVED
+CVE-2022-32843 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
+ TODO: check
+CVE-2022-32842 (An out-of-bounds read issue was addressed with improved input
validati ...)
+ TODO: check
+CVE-2022-32841 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
CVE-2022-32840 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32839 (The issue was addressed with improved bounds checks. This
issue is fix ...)
@@ -21902,48 +21941,47 @@ CVE-2022-32834 (An access issue was addressed with
improvements to the sandbox.
NOT-FOR-US: Apple
CVE-2022-32833
RESERVED
-CVE-2022-32832
- RESERVED
-CVE-2022-32831
- RESERVED
+CVE-2022-32832 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
CVE-2022-32830
RESERVED
-CVE-2022-32829
- RESERVED
-CVE-2022-32828
- RESERVED
+CVE-2022-32829 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2022-32828 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
CVE-2022-32827
RESERVED
-CVE-2022-32826
- RESERVED
-CVE-2022-32825
- RESERVED
+CVE-2022-32826 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2022-32825 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
CVE-2022-32824
RESERVED
-CVE-2022-32823
- RESERVED
+CVE-2022-32823 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
CVE-2022-32822
RESERVED
-CVE-2022-32821
- RESERVED
-CVE-2022-32820
- RESERVED
-CVE-2022-32819
- RESERVED
-CVE-2022-32818
- RESERVED
-CVE-2022-32817
- RESERVED
-CVE-2022-32816 [A UI spoofing issue was addressed with improved UI handling]
- RESERVED
+CVE-2022-32821 (A memory corruption issue was addressed with improved
validation. This ...)
+ TODO: check
+CVE-2022-32820 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2022-32819 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2022-32818 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2022-32817 (An out-of-bounds read issue was addressed with improved bounds
checkin ...)
+ TODO: check
+CVE-2022-32816 (The issue was addressed with improved UI handling. This issue
is fixed ...)
{DSA-5211-1 DSA-5210-1 DLA-3073-1}
- webkit2gtk 2.36.6-1
- wpewebkit 2.36.6-1
NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
-CVE-2022-32815
- RESERVED
-CVE-2022-32814
- RESERVED
+CVE-2022-32815 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2022-32814 (A type confusion issue was addressed with improved state
handling. Thi ...)
+ TODO: check
CVE-2022-32813 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32812 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -21956,38 +21994,37 @@ CVE-2022-32809
RESERVED
CVE-2022-32808
RESERVED
-CVE-2022-32807
- RESERVED
+CVE-2022-32807 (This issue was addressed with improved file handling. This
issue is fi ...)
+ TODO: check
CVE-2022-32806
RESERVED
-CVE-2022-32805
- RESERVED
+CVE-2022-32805 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
CVE-2022-32804
RESERVED
CVE-2022-32803
RESERVED
CVE-2022-32802 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
-CVE-2022-32801
- RESERVED
-CVE-2022-32800
- RESERVED
-CVE-2022-32799
- RESERVED
-CVE-2022-32798
- RESERVED
-CVE-2022-32797
- RESERVED
-CVE-2022-32796
- RESERVED
+CVE-2022-32801 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2022-32800 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2022-32799 (An out-of-bounds read issue was addressed with improved bounds
checkin ...)
+ TODO: check
+CVE-2022-32798 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2022-32797 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2022-32796 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2022-32795 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2022-32794
RESERVED
CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with
improved bound ...)
NOT-FOR-US: Apple
-CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input
validation]
- RESERVED
+CVE-2022-32792 (An out-of-bounds write issue was addressed with improved input
validat ...)
{DSA-5211-1 DSA-5210-1 DLA-3073-1}
- webkit2gtk 2.36.6-1
- wpewebkit 2.36.6-1
@@ -21995,26 +22032,26 @@ CVE-2022-32792 [An out-of-bounds write issue was
addressed with improved input v
NOTE:
https://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792/
CVE-2022-32791
RESERVED
-CVE-2022-32790
- RESERVED
-CVE-2022-32789
- RESERVED
+CVE-2022-32790 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2022-32789 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
CVE-2022-32788 (A buffer overflow was addressed with improved bounds checking.
This is ...)
NOT-FOR-US: Apple
-CVE-2022-32787
- RESERVED
-CVE-2022-32786
- RESERVED
-CVE-2022-32785
- RESERVED
+CVE-2022-32787 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
+ TODO: check
+CVE-2022-32786 (An issue in the handling of environment variables was
addressed with i ...)
+ TODO: check
+CVE-2022-32785 (A null pointer dereference was addressed with improved
validation. Thi ...)
+ TODO: check
CVE-2022-32784
RESERVED
-CVE-2022-32783
- RESERVED
-CVE-2022-32782
- RESERVED
-CVE-2022-32781
- RESERVED
+CVE-2022-32783 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2022-32782 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
+ TODO: check
+CVE-2022-32781 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
+ TODO: check
CVE-2022-32780
RESERVED
CVE-2022-32779
@@ -22564,8 +22601,8 @@ CVE-2022-2027 (Improper Neutralization of Formula
Elements in a CSV File in GitH
NOT-FOR-US: kromitgmbh/titra
CVE-2022-2026 (Cross-site Scripting (XSS) - Stored in GitHub repository
kromitgmbh/ti ...)
NOT-FOR-US: kromitgmbh/titra
-CVE-2022-2025
- RESERVED
+CVE-2022-2025 (an attacker with knowledge of user/pass of Grandstream GSD3710
in its ...)
+ TODO: check
CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been
declared ...)
NOT-FOR-US: InnoSetup
CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers
before July 2 ...)
@@ -23533,14 +23570,14 @@ CVE-2022-1977 (The Import Export All WordPress
Images, Users & Post Types Wo
NOT-FOR-US: WordPress plugin
CVE-2022-32230 (Microsoft Windows SMBv3 suffers from a null pointer
dereference in ver ...)
NOT-FOR-US: Microsoft
-CVE-2022-32229
- RESERVED
-CVE-2022-32228
- RESERVED
-CVE-2022-32227
- RESERVED
-CVE-2022-32226
- RESERVED
+CVE-2022-32229 (A information disclosure vulnerability exists in Rockert.Chat
<v5 d ...)
+ TODO: check
+CVE-2022-32228 (An information disclosure vulnerability exists in Rocket.Chat
<v5, ...)
+ TODO: check
+CVE-2022-32227 (A cleartext transmission of sensitive information exists in
Rocket.Cha ...)
+ TODO: check
+CVE-2022-32226 (An improper access control vulnerability exists in Rocket.Chat
<v5, ...)
+ TODO: check
CVE-2022-32225 (A reflected DOM-Based XSS vulnerability has been discovered in
the Hel ...)
NOT-FOR-US: Veeam
CVE-2022-32224
@@ -23560,14 +23597,14 @@ CVE-2022-32222 (A cryptographic vulnerability exists
on Node.js on linux in vers
NOTE:
https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001
CVE-2022-32221
RESERVED
-CVE-2022-32220
- RESERVED
-CVE-2022-32219
- RESERVED
-CVE-2022-32218
- RESERVED
-CVE-2022-32217
- RESERVED
+CVE-2022-32220 (An information disclosure vulnerability exists in Rocket.Chat
<v5 d ...)
+ TODO: check
+CVE-2022-32219 (An information disclosure vulnerability exists in Rocket.Chat
<v4.7 ...)
+ TODO: check
+CVE-2022-32218 (An information disclosure vulnerability exists in Rocket.Chat
<v5, ...)
+ TODO: check
+CVE-2022-32217 (A cleartext storage of sensitive information exists in
Rocket.Chat < ...)
+ TODO: check
CVE-2022-32216
RESERVED
CVE-2022-32215 (The llhttp parser in the http module in Node v17.6.0 does not
correctl ...)
@@ -23598,8 +23635,8 @@ CVE-2022-32212 (A OS Command Injection vulnerability
exists in Node.js versions
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212
NOTE:
https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131
(v14.x)
NOTE:
https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464
(main)
-CVE-2022-32211
- RESERVED
+CVE-2022-32211 (A SQL injection vulnerability exists in Rocket.Chat
<v3.18.6, <v ...)
+ TODO: check
CVE-2022-32210 (`Undici.ProxyAgent` never verifies the remote server's
certificate, an ...)
- node-undici 5.6.1+dfsg1+~cs18.9.16-1
NOTE: https://github.com/advisories/GHSA-pgw7-wx7w-2w33
@@ -29887,8 +29924,8 @@ CVE-2019-25060 (The WPGraphQL WordPress plugin before
0.3.5 doesn't properly res
NOT-FOR-US: WordPress plugin
CVE-2022-30125
RESERVED
-CVE-2022-30124
- RESERVED
+CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat
Mobile ...)
+ TODO: check
CVE-2022-30123 [Possible shell escape sequence injection vulnerability in Rack]
RESERVED
{DLA-3095-1}
@@ -29902,8 +29939,8 @@ CVE-2022-30122 [Denial of Service Vulnerability in Rack
Multipart Parsing]
- ruby-rack 2.2.4-1
NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2
-CVE-2022-30121
- RESERVED
+CVE-2022-30121 (The “LANDesk(R) Management Agent” service exposes
a socket ...)
+ TODO: check
CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers
only. Whe ...)
NOT-FOR-US: Concrete CMS
CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When
using In ...)
@@ -33563,8 +33600,8 @@ CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote
Command Execution. ...)
NOT-FOR-US: Spryker Commerce OS
CVE-2022-28887
RESERVED
-CVE-2022-28886
- RESERVED
+CVE-2022-28886 (A Denial-of-Service vulnerability was discovered in the
F-Secure and W ...)
+ TODO: check
CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the
fsicapd ...)
NOT-FOR-US: WithSecure
CVE-2022-28884 (A Denial-of-Service vulnerability was discovered in the
F-Secure and W ...)
@@ -35964,8 +36001,8 @@ CVE-2022-1123 (The Leaflet Maps Marker (Google Maps,
OpenStreetMap, Bing Maps) W
NOT-FOR-US: WordPress plugin
CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue
(e.g., ...)
NOT-FOR-US: Firebase PHP-JWT
-CVE-2020-36521
- RESERVED
+CVE-2020-36521 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2022-28128 (Untrusted search path vulnerability in AttacheCase ver.3.6.1.0
and ear ...)
NOT-FOR-US: AttacheCase
CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus
v0.7.4 and ...)
@@ -37603,8 +37640,8 @@ CVE-2022-1039 (The weak password on the web user
interface can be exploited via
NOT-FOR-US: Red Lion
CVE-2022-1038
RESERVED
-CVE-2022-27492
- RESERVED
+CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code
executi ...)
+ TODO: check
CVE-2022-27491 (A improper verification of source of a communication channel
in Fortin ...)
NOT-FOR-US: FortiGuard
CVE-2022-27490
@@ -39953,8 +39990,8 @@ CVE-2022-26709
NOTE: https://webkitgtk.org/security/WSA-2022-0005.html
CVE-2022-26708 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2022-26707
- RESERVED
+CVE-2022-26707 (An issue in the handling of environment variables was
addressed with i ...)
+ TODO: check
CVE-2022-26706 (An access issue was addressed with additional sandbox
restrictions on ...)
NOT-FOR-US: Apple
CVE-2022-26705
@@ -39967,8 +40004,7 @@ CVE-2022-26702 (A use after free issue was addressed
with improved memory manage
NOT-FOR-US: Apple
CVE-2022-26701 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
-CVE-2022-26700
- RESERVED
+CVE-2022-26700 (A memory corruption issue was addressed with improved state
management ...)
{DSA-5155-1 DSA-5154-1}
- webkit2gtk 2.36.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -41722,8 +41758,8 @@ CVE-2022-26114 (An improper neutralization of input
during web page generation v
NOT-FOR-US: FortiGuard
CVE-2022-26113 (An execution with unnecessary privileges vulnerability
[CWE-250] in Fo ...)
NOT-FOR-US: Fortinet
-CVE-2022-26112
- RESERVED
+CVE-2022-26112 (In 0.10.0 or older versions of Apache Pinot, Pinot query
endpoint and ...)
+ TODO: check
CVE-2022-26042 (An OS command injection vulnerability exists in the daretools
binary f ...)
NOT-FOR-US: InHand Networks InRouter302
CVE-2022-26007 (An OS command injection vulnerability exists in the console
factory fu ...)
@@ -47273,8 +47309,7 @@ CVE-2022-24282 (A vulnerability has been identified in
SINEC NMS (All versions).
NOT-FOR-US: Siemens
CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All
versions). A pri ...)
NOT-FOR-US: Siemens
-CVE-2022-24280
- RESERVED
+CVE-2022-24280 (Improper Input Validation vulnerability in Proxy component of
Apache P ...)
NOT-FOR-US: Apache Pulsar
CVE-2022-24277
RESERVED
@@ -51566,8 +51601,8 @@ CVE-2022-23146
RESERVED
CVE-2022-23145
RESERVED
-CVE-2022-23144
- RESERVED
+CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB
product. ...)
+ TODO: check
CVE-2022-23143
RESERVED
CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could
construct and se ...)
@@ -53552,8 +53587,7 @@ CVE-2022-22639 (A logic issue was addressed with
improved state management. This
NOT-FOR-US: Apple
CVE-2022-22638 (A null pointer dereference was addressed with improved
validation. Thi ...)
NOT-FOR-US: Apple
-CVE-2022-22637 [A logic issue was addressed with improved state management]
- RESERVED
+CVE-2022-22637 (A logic issue was addressed with improved state management.
This issue ...)
{DSA-5061-1 DSA-5060-1}
- webkit2gtk 2.34.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -53573,15 +53607,13 @@ CVE-2022-22631 (An out-of-bounds write issue was
addressed with improved bounds
NOT-FOR-US: Apple
CVE-2022-22630
RESERVED
-CVE-2022-22629 [A buffer overflow issue was addressed with improved memory
handling]
- RESERVED
+CVE-2022-22629 (A buffer overflow issue was addressed with improved memory
handling. T ...)
{DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
- wpewebkit 2.36.0-2
NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
-CVE-2022-22628 [A use after free issue was addressed with improved memory
management]
- RESERVED
+CVE-2022-22628 (A use after free issue was addressed with improved memory
management. ...)
{DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -53593,8 +53625,7 @@ CVE-2022-22626 (An out-of-bounds read was addressed
with improved bounds checkin
NOT-FOR-US: Apple
CVE-2022-22625 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2022-22624 [A use after free issue was addressed with improved memory
management]
- RESERVED
+CVE-2022-22624 (A use after free issue was addressed with improved memory
management. ...)
{DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
@@ -53630,8 +53661,8 @@ CVE-2022-22612 (A memory consumption issue was
addressed with improved memory ha
NOT-FOR-US: Apple
CVE-2022-22611 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2022-22610
- RESERVED
+CVE-2022-22610 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2022-22609 (The issue was addressed with additional permissions checks.
This issue ...)
NOT-FOR-US: Apple
CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
@@ -54202,8 +54233,8 @@ CVE-2022-22425
RESERVED
CVE-2022-22424 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to
obtain s ...)
NOT-FOR-US: IBM
-CVE-2022-22423
- RESERVED
+CVE-2022-22423 (IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767
and CCA 7. ...)
+ TODO: check
CVE-2022-22422
RESERVED
CVE-2022-22421
@@ -58680,8 +58711,8 @@ CVE-2021-45037
RESERVED
CVE-2021-45036
RESERVED
-CVE-2021-45035
- RESERVED
+CVE-2021-45035 (Velneo vClient on its 28.1.3 version, does not correctly check
the cer ...)
+ TODO: check
CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE
WITH I/O ...)
NOT-FOR-US: Siemens
CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE
WITH I/O ...)
@@ -73875,8 +73906,8 @@ CVE-2021-3784
RESERVED
CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During
Web Pa ...)
NOT-FOR-US: yourls
-CVE-2021-3782
- RESERVED
+CVE-2021-3782 (An internal reference count is held on the buffer pool,
incremented ev ...)
+ TODO: check
CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape
flaw was ...)
{DSA-4972-1}
- ghostscript 9.53.3~dfsg-8 (bug #994011)
@@ -127594,7 +127625,7 @@ CVE-2021-20079 (Nessus versions 8.13.2 and earlier
were found to contain a privi
NOT-FOR-US: Nessus
CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to
a remote ...)
NOT-FOR-US: Manage Engine OpManager
-CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a
privilege e ...)
+CVE-2021-20077 (Nessus Agent versions 7.2.0 through 8.2.2 were found to
inadvertently ...)
NOT-FOR-US: Nessus Agent
CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0
were fou ...)
NOT-FOR-US: Tenable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5fe68d3794651f7dae115e26af3a68cfe41ff6e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5fe68d3794651f7dae115e26af3a68cfe41ff6e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
