Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
118c00f1 by security tracker role at 2023-01-03T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-0034
+ RESERVED
+CVE-2023-0033
+ RESERVED
+CVE-2022-4870
+ RESERVED
+CVE-2015-10011 (A vulnerability classified as problematic has been found in
OpenDNS Op ...)
+ TODO: check
+CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been
rated as ...)
+ TODO: check
CVE-2023-22576
RESERVED
CVE-2023-22575
@@ -519,8 +529,8 @@ CVE-2023-22454
RESERVED
CVE-2023-22453
RESERVED
-CVE-2023-22452
- RESERVED
+CVE-2023-22452 (kenny2automate is a Discord bot. In the web interface for
server setti ...)
+ TODO: check
CVE-2023-22451 (Kiwi TCMS is an open source test management system. In version
11.6 an ...)
TODO: check
CVE-2022-4823 (A vulnerability, which was classified as problematic, was found
in InS ...)
@@ -1333,22 +1343,22 @@ CVE-2022-4745
RESERVED
CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and
classified as ...)
NOT-FOR-US: Brave UX for-the-badge
-CVE-2022-47908
- RESERVED
+CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server
v4.0.12.0 and ea ...)
+ TODO: check
CVE-2022-4744
RESERVED
CVE-2022-4743
RESERVED
CVE-2022-4742 (A vulnerability, which was classified as critical, has been
found in j ...)
NOT-FOR-US: Node json-pointer module
-CVE-2022-47317
- RESERVED
-CVE-2022-46360
- RESERVED
-CVE-2022-43448
- RESERVED
-CVE-2022-41645
- RESERVED
+CVE-2022-47317 (Out-of-bounds write vulnerability in V-Server v4.0.12.0 and
earlier al ...)
+ TODO: check
+CVE-2022-46360 (Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier
and TEL ...)
+ TODO: check
+CVE-2022-43448 (Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and
earlier and TE ...)
+ TODO: check
+CVE-2022-41645 (Out-of-bounds read vulnerability in V-Server v4.0.12.0 and
earlier all ...)
+ TODO: check
CVE-2022-4741 (A vulnerability was found in docconv up to 1.2.0 and classified
as pro ...)
NOT-FOR-US: docconv
CVE-2022-4740 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -2423,8 +2433,8 @@ CVE-2022-47620
RESERVED
CVE-2022-47619
RESERVED
-CVE-2022-47618
- RESERVED
+CVE-2022-47618 (Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded
administrato ...)
+ TODO: check
CVE-2022-47617
RESERVED
CVE-2022-47616
@@ -5619,8 +5629,8 @@ CVE-2022-4419
RESERVED
CVE-2022-4418
RESERVED
-CVE-2022-4417
- RESERVED
+CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress
plugin ...)
+ TODO: check
CVE-2021-4244 (A vulnerability classified as problematic has been found in
yikes-inc- ...)
NOT-FOR-US: yikes-inc-easy-mailchimp-extender
CVE-2021-4243 (A vulnerability was found in claviska jquery-minicolors up to
2.3.5. I ...)
@@ -5916,8 +5926,8 @@ CVE-2022-4382
RESERVED
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1
-CVE-2022-4381
- RESERVED
+CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not
validate and e ...)
+ TODO: check
CVE-2022-4380
RESERVED
CVE-2022-4379
@@ -5950,16 +5960,16 @@ CVE-2022-4375 (A vulnerability was found in Mingsoft
MCMS up to 5.2.9. It has be
NOT-FOR-US: Mingsoft MCMS
CVE-2022-4374
RESERVED
-CVE-2022-4373
- RESERVED
-CVE-2022-4372
- RESERVED
-CVE-2022-4371
- RESERVED
-CVE-2022-4370
- RESERVED
-CVE-2022-4369
- RESERVED
+CVE-2022-4373 (The Quote-O-Matic WordPress plugin through 1.0.5 does not
properly san ...)
+ TODO: check
+CVE-2022-4372 (The Web Invoice WordPress plugin through 2.1.3 does not
properly sanit ...)
+ TODO: check
+CVE-2022-4371 (The Web Invoice WordPress plugin through 2.1.3 does not
properly sanit ...)
+ TODO: check
+CVE-2022-4370 (The multimedial images WordPress plugin through 1.0b does not
properly ...)
+ TODO: check
+CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress plugin before 2.4.4
does not s ...)
+ TODO: check
CVE-2022-4368
RESERVED
CVE-2022-4367
@@ -6054,30 +6064,30 @@ CVE-2022-4364 (A vulnerability classified as critical
has been found in Teledyne
NOT-FOR-US: Teledyne
CVE-2022-4363
RESERVED
-CVE-2022-4362
- RESERVED
+CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not
validate and e ...)
+ TODO: check
CVE-2022-4361
RESERVED
-CVE-2022-4360
- RESERVED
-CVE-2022-4359
- RESERVED
-CVE-2022-4358
- RESERVED
-CVE-2022-4357
- RESERVED
-CVE-2022-4356
- RESERVED
-CVE-2022-4355
- RESERVED
+CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not
properl ...)
+ TODO: check
+CVE-2022-4359 (The WP RSS By Publishers WordPress plugin through 0.1 does not
properl ...)
+ TODO: check
+CVE-2022-4358 (The WP RSS By Publishers WordPress plugin through 0.1 does not
properl ...)
+ TODO: check
+CVE-2022-4357 (The LetsRecover WordPress plugin through 1.1.0 does not
properly sanit ...)
+ TODO: check
+CVE-2022-4356 (The LetsRecover WordPress plugin through 1.1.0 does not
properly sanit ...)
+ TODO: check
+CVE-2022-4355 (The LetsRecover WordPress plugin through 1.1.0 does not
properly sanit ...)
+ TODO: check
CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and
classified as ...)
NOT-FOR-US: LinZhaoguan pb-cms
CVE-2022-4353 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and
classifie ...)
NOT-FOR-US: LinZhaoguan pb-cms
-CVE-2022-4352
- RESERVED
-CVE-2022-4351
- RESERVED
+CVE-2022-4352 (The Qe SEO Handyman WordPress plugin through 1.0 does not
properly san ...)
+ TODO: check
+CVE-2022-4351 (The Qe SEO Handyman WordPress plugin through 1.0 does not
properly san ...)
+ TODO: check
CVE-2022-4350 (A vulnerability, which was classified as problematic, was found
in Min ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-4349 (A vulnerability classified as problematic has been found in
CTF-hacker ...)
@@ -6188,8 +6198,8 @@ CVE-2022-46752
RESERVED
CVE-2022-46751
RESERVED
-CVE-2022-4340
- RESERVED
+CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an
Insecu ...)
+ TODO: check
CVE-2022-4339
REJECTED
CVE-2022-4338 [Integer Underflow in Organization Specific TLV]
@@ -6224,8 +6234,8 @@ CVE-2022-4331
RESERVED
CVE-2022-4330
RESERVED
-CVE-2022-4329
- RESERVED
+CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin
through 1.0 d ...)
+ TODO: check
CVE-2022-4328
RESERVED
CVE-2022-4327
@@ -6234,8 +6244,8 @@ CVE-2022-4326 (Improper preservation of permissions
vulnerability in Trellix End
NOT-FOR-US: Trellix Endpoint Agent (xAgent)
CVE-2022-4325
RESERVED
-CVE-2022-4324
- RESERVED
+CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8
unserialises t ...)
+ TODO: check
CVE-2022-4323
RESERVED
CVE-2018-25048
@@ -6572,18 +6582,18 @@ CVE-2022-4304
RESERVED
CVE-2022-4303
RESERVED
-CVE-2022-4302
- RESERVED
+CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes
user inpu ...)
+ TODO: check
CVE-2022-4301
RESERVED
CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as
critical. T ...)
NOT-FOR-US: FastCMS
CVE-2022-4299
RESERVED
-CVE-2022-4298
- RESERVED
-CVE-2022-4297
- RESERVED
+CVE-2022-4298 (The Wholesale Market WordPress plugin before 2.2.1 does not
have autho ...)
+ TODO: check
+CVE-2022-4297 (The WP AutoComplete Search WordPress plugin through 1.0.4 does
not san ...)
+ TODO: check
CVE-2022-4296 (A vulnerability classified as problematic has been found in
TP-Link TL ...)
NOT-FOR-US: TP-Link
CVE-2022-46663
@@ -7492,16 +7502,16 @@ CVE-2023-21524
RESERVED
CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed
to relia ...)
NOT-FOR-US: Rapid7 Nexpose and InsightVM
-CVE-2022-4260
- RESERVED
+CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and
escape ...)
+ TODO: check
CVE-2022-4259
RESERVED
CVE-2022-4258
RESERVED
CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It
has been ...)
NOT-FOR-US: C-DATA Web Management System
-CVE-2022-4256
- RESERVED
+CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before
2.4.4 does ...)
+ TODO: check
CVE-2022-4255
RESERVED
CVE-2022-4254
@@ -7574,10 +7584,10 @@ CVE-2022-4239 (The Workreap WordPress theme before
2.6.4 does not verify that an
NOT-FOR-US: WordPress theme
CVE-2022-4238
RESERVED
-CVE-2022-4237
- RESERVED
-CVE-2022-4236
- RESERVED
+CVE-2022-4237 (The Welcart e-Commerce WordPress plugin before 2.8.6 does not
validate ...)
+ TODO: check
+CVE-2022-4236 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not
validate ...)
+ TODO: check
CVE-2022-4235
RESERVED
CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management
System. ...)
@@ -7745,18 +7755,18 @@ CVE-2022-46338 (g810-led 0.4.2, a LED configuration
tool for Logitech Gx10 keybo
[bullseye] - g810-led 0.4.2-1+deb11u1
NOTE: https://github.com/MatMoul/g810-led/pull/297
NOTE: Fixed by:
https://github.com/MatMoul/g810-led/commit/e2b486fd1bc21e0b784e1b4c959770772dfced24
(v0.4.3)
-CVE-2022-46309
- RESERVED
+CVE-2022-46309 (Vitals ESP upload function has a path traversal vulnerability.
A remot ...)
+ TODO: check
CVE-2022-46308
RESERVED
CVE-2022-46307
RESERVED
-CVE-2022-46306
- RESERVED
-CVE-2022-46305
- RESERVED
-CVE-2022-46304
- RESERVED
+CVE-2022-46306 (ChangingTec ServiSign component has a path traversal
vulnerability due ...)
+ TODO: check
+CVE-2022-46305 (ChangingTec ServiSign component has a path traversal
vulnerability. An ...)
+ TODO: check
+CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for
special ...)
+ TODO: check
CVE-2022-46295
RESERVED
CVE-2022-46294
@@ -7826,12 +7836,12 @@ CVE-2022-42489
CVE-2022-4201
RESERVED
- gitlab <unfixed>
-CVE-2022-4200
- RESERVED
+CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not
sanitis ...)
+ TODO: check
CVE-2022-4199
RESERVED
-CVE-2022-4198
- RESERVED
+CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not
sanitise a ...)
+ TODO: check
CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4196
@@ -8781,16 +8791,16 @@ CVE-2022-4144 (An out-of-bounds read flaw was found in
the QXL display device em
NOTE:
https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622
CVE-2022-4143
RESERVED
-CVE-2022-4142
- RESERVED
+CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before
0.1.6 does ...)
+ TODO: check
CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by
allowing a ...)
- vim 2:9.0.1000-1 (bug #1027146)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
NOTE:
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
(v9.0.0947)
-CVE-2022-4140
- RESERVED
+CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not
validate ...)
+ TODO: check
CVE-2022-4139
RESERVED
{DLA-3244-1}
@@ -9108,8 +9118,8 @@ CVE-2022-4121 [Null pointer dereference in
mailimap_mailbox_data_status_free in
NOTE:
https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba
CVE-2022-4120 (The Stop Spammers Security | Block Spam Users, Comments, Forms
WordPre ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4119
- RESERVED
+CVE-2022-4119 (The Image Optimizer, Resizer and CDN WordPress plugin before
6.8.1 doe ...)
+ TODO: check
CVE-2022-4118
RESERVED
CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a
parame ...)
@@ -9129,8 +9139,8 @@ CVE-2022-45783
RESERVED
CVE-2022-45782
RESERVED
-CVE-2022-4114
- RESERVED
+CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some
paramete ...)
+ TODO: check
CVE-2022-4113
RESERVED
CVE-2022-4112 (The Quizlord WordPress plugin through 2.0 does not sanitise and
escape ...)
@@ -9139,8 +9149,8 @@ CVE-2022-4111 (Unrestricted file size limit can lead to
DoS in tooljet/tooljet &
NOT-FOR-US: ToolJet
CVE-2022-4110 (The Eventify™ WordPress plugin through 2.1 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4109
- RESERVED
+CVE-2022-4109 (The Wholesale Market for WooCommerce WordPress plugin before
2.0.0 doe ...)
+ TODO: check
CVE-2022-4108 (The Wholesale Market for WooCommerce WordPress plugin before
1.0.8 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4107 (The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5
does n ...)
@@ -9759,8 +9769,8 @@ CVE-2022-4101
RESERVED
CVE-2022-4100
RESERVED
-CVE-2022-4099
- RESERVED
+CVE-2022-4099 (The Joy Of Text Lite WordPress plugin before 2.3.1 does not
properly s ...)
+ TODO: check
CVE-2022-4098 (Multiple Wiesemann&Theis products of the ComServer Series
are pron ...)
NOT-FOR-US: Wiesemann&Theis products of ComServer Series
CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is
suscep ...)
@@ -9883,12 +9893,12 @@ CVE-2022-4061 (The JobBoardWP WordPress plugin before
1.2.2 does not properly va
NOT-FOR-US: WordPress plugin
CVE-2022-4060
RESERVED
-CVE-2022-4059
- RESERVED
+CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1
does no ...)
+ TODO: check
CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does
not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4057
- RESERVED
+CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily
guessable ...)
+ TODO: check
CVE-2023-21523
RESERVED
CVE-2023-21522
@@ -9932,8 +9942,8 @@ CVE-2022-4051 (A vulnerability has been found in Hostel
Searching Project and cl
NOT-FOR-US: Hostel Searching Project
CVE-2022-4050 (The JoomSport WordPress plugin before 5.2.8 does not properly
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4049
- RESERVED
+CVE-2022-4049 (The WP User WordPress plugin through 7.0 does not properly
sanitize an ...)
+ TODO: check
CVE-2022-4048
RESERVED
CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin
before ...)
@@ -10006,8 +10016,8 @@ CVE-2022-4027 (The Simple:Press plugin for WordPress is
vulnerable to Stored Cro
NOT-FOR-US: Simple:Press plugin for WordPress
CVE-2022-4026
RESERVED
-CVE-2022-4025
- RESERVED
+CVE-2022-4025 (Inappropriate implementation in Paint in Google Chrome prior to
98.0.4 ...)
+ TODO: check
CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not
have a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4023
@@ -10131,8 +10141,8 @@ CVE-2022-43660 (Improper neutralization of Server-Side
Includes (SSW) within a w
- movabletype-opensource <removed>
CVE-2022-3995 (The TeraWallet plugin for WordPress is vulnerable to Insecure
Direct O ...)
NOT-FOR-US: TeraWallet plugin for WordPress
-CVE-2022-3994
- RESERVED
+CVE-2022-3994 (The Authenticator WordPress plugin before 1.3.1 does not
prevent subsc ...)
+ TODO: check
CVE-2023-21518
RESERVED
CVE-2023-21517
@@ -11137,8 +11147,8 @@ CVE-2022-3938
RESERVED
CVE-2022-3937 (The Easy Video Player WordPress plugin before 1.2.2.3 does not
sanitiz ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3936
- RESERVED
+CVE-2022-3936 (The Team Members WordPress plugin before 5.2.1 does not
sanitize and e ...)
+ TODO: check
CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3934 (The Flat PM WordPress plugin through 2.661 does not sanitize
and escap ...)
@@ -11338,8 +11348,8 @@ CVE-2022-3913
RESERVED
CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not
properl ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3911
- RESERVED
+CVE-2022-3911 (The iubenda | All-in-one Compliance for GDPR / CCPA Cookie
Consent + m ...)
+ TODO: check
CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege
Escalati ...)
- linux 5.19.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -12181,8 +12191,8 @@ CVE-2022-3865 (The WP User Merger WordPress plugin
before 1.5.3 does not properl
NOT-FOR-US: WordPress plugin
CVE-2022-3864
RESERVED
-CVE-2022-3863
- RESERVED
+CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to
100.0.4896 ...)
+ TODO: check
CVE-2023-21418
RESERVED
CVE-2023-21417
@@ -12255,8 +12265,8 @@ CVE-2022-3862 (The Livemesh Addons for Elementor
WordPress plugin before 7.2.4 d
NOT-FOR-US: WordPress plugin
CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object
Injection ...)
NOT-FOR-US: Betheme theme for WordPress
-CVE-2022-3860
- RESERVED
+CVE-2022-3860 (The Visual Email Designer for WooCommerce WordPress plugin
before 1.7. ...)
+ TODO: check
CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix
Agent (TA) ...)
NOT-FOR-US: Trellix
CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat,
Line, WeC ...)
@@ -13528,8 +13538,8 @@ CVE-2022-42465
RESERVED
CVE-2022-3843
RESERVED
-CVE-2022-3842
- RESERVED
+CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to
105.0.5195.125 a ...)
+ TODO: check
CVE-2022-3841
RESERVED
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
@@ -17034,8 +17044,8 @@ CVE-2022-3706 (Improper authorization in GitLab CE/EE
affecting all versions fro
- gitlab <unfixed>
CVE-2022-43932
RESERVED
-CVE-2022-43931
- RESERVED
+CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop
Functionality in S ...)
+ TODO: check
CVE-2022-43930
RESERVED
CVE-2022-43929
@@ -18134,12 +18144,12 @@ CVE-2022-43441
RESERVED
CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
-CVE-2022-43438
- RESERVED
-CVE-2022-43437
- RESERVED
-CVE-2022-43436
- RESERVED
+CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect
Authorization ...)
+ TODO: check
+CVE-2022-43437 (The Download function’s parameter of EasyTest has
insufficient v ...)
+ TODO: check
+CVE-2022-43436 (The File Upload function of EasyTest has insufficient
filtering for sp ...)
+ TODO: check
CVE-2022-42888 (Unauth. Privilege Escalation vulnerability in ARMember premium
plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42884
@@ -18370,8 +18380,8 @@ CVE-2022-3616 (Attackers can create long chains of CAs
that would lead to OctoRP
NOTE:
https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc
CVE-2022-3615
RESERVED
-CVE-2022-3614
- RESERVED
+CVE-2022-3614 (In affected versions of Octopus Deploy users of certain
browsers using ...)
+ TODO: check
CVE-2022-3613
RESERVED
CVE-2022-3612
@@ -20122,8 +20132,8 @@ CVE-2022-40221
RESERVED
CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version
1.89 ma ...)
NOT-FOR-US: PHOENIX
-CVE-2022-3460
- RESERVED
+CVE-2022-3460 (In affected versions of Octopus Deploy it is possible for
certain type ...)
+ TODO: check
CVE-2022-3459
RESERVED
CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource
Manage ...)
@@ -24672,8 +24682,8 @@ CVE-2022-3243 (The Import all XML, CSV & TXT
WordPress plugin before 6.5.8 d
NOT-FOR-US: WordPress plugin
CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior
to 1.3 ...)
NOT-FOR-US: microweber
-CVE-2022-3241
- RESERVED
+CVE-2022-3241 (The Build App Online WordPress plugin before 1.0.19 does not
properly ...)
+ TODO: check
CVE-2017-20148 (In the ebuild package through logcheck-1.3.23.ebuild for
Logcheck on G ...)
NOT-FOR-US: ebuild package for Logcheck on Gentoo
CVE-2017-20147 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing
on Gent ...)
@@ -25536,8 +25546,8 @@ CVE-2022-40742 (Mail SQR Expert system has a Local File
Inclusion vulnerability.
NOT-FOR-US: Mail SQR Expert system
CVE-2022-40741 (Mail SQR Expert’s specific function has insufficient
filtering f ...)
NOT-FOR-US: Mail SQR Expert system
-CVE-2022-40740
- RESERVED
+CVE-2022-40740 (Realtek GPON router has insufficient filtering for special
characters. ...)
+ TODO: check
CVE-2022-40739 (Ragic report generation page has insufficient filtering for
special ch ...)
NOT-FOR-US: Ragic
CVE-2022-3227
@@ -29782,14 +29792,14 @@ CVE-2022-3061 (Found Linux Kernel flaw in the i740
driver. The Userspace program
NOTE:
https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
CVE-2022-39043
RESERVED
-CVE-2022-39042
- RESERVED
-CVE-2022-39041
- RESERVED
-CVE-2022-39040
- RESERVED
-CVE-2022-39039
- RESERVED
+CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An
unauthent ...)
+ TODO: check
+CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for
specific API ...)
+ TODO: check
+CVE-2022-39040 (aEnrich a+HRD log read function has a path traversal
vulnerability. An ...)
+ TODO: check
+CVE-2022-39039 (aEnrich’s a+HRD has inadequate filtering for specific
URL parame ...)
+ TODO: check
CVE-2022-39038 (Agentflow BPM enterprise management system has improper
authentication ...)
NOT-FOR-US: Agentflow BPM enterprise management system
CVE-2022-39037 (Agentflow BPM file download function has a path traversal
vulnerabilit ...)
@@ -32917,10 +32927,10 @@ CVE-2022-31474
RESERVED
CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS)
vulnerability in 8 D ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2743
- RESERVED
-CVE-2022-2742
- RESERVED
+CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome
OS and L ...)
+ TODO: check
+CVE-2022-2742 (Use after free in Exosphere in Google Chrome on Chrome OS and
Lacros p ...)
+ TODO: check
CVE-2022-2741 (The denial-of-service can be triggered by transmitting a
carefully cra ...)
NOT-FOR-US: zephyr-rtos
CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website
CMS. It ha ...)
@@ -66442,8 +66452,7 @@ CVE-2022-0802 (Inappropriate implementation in Full
screen mode in Google Chrome
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
-CVE-2022-0801
- RESERVED
+CVE-2022-0801 (Inappropriate implementation in HTML parser in Google Chrome
prior to ...)
{DSA-5089-1}
- chromium 99.0.4844.51-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -74158,8 +74167,8 @@ CVE-2022-23836
RESERVED
CVE-2022-23835 (** DISPUTED ** The Visual Voice Mail (VVM) application through
2022-02 ...)
NOT-FOR-US: Visual Voice Mail (VVM) application
-CVE-2022-0337
- RESERVED
+CVE-2022-0337 (Inappropriate implementation in File System API in Google
Chrome on Wi ...)
+ TODO: check
CVE-2022-0336 (The Samba AD DC includes checks when adding service principals
names ( ...)
[experimental] - samba 2:4.16.0+dfsg-1
- samba 2:4.16.0+dfsg-2 (bug #1004694)
@@ -83120,6 +83129,7 @@ CVE-2021-4129 (Mozilla developers and community members
Julian Hector, Randell J
CVE-2021-4128 (When transitioning in and out of fullscreen mode, a graphics
object wa ...)
TODO: check
CVE-2021-4127 (An out of date graphics library (Angle) likely contained
vulnerabiliti ...)
+ {DSA-4876-1 DSA-4874-1}
- firefox-esr 78.9.0esr-1
- thunderbird 1:78.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-4127
@@ -125052,8 +125062,8 @@ CVE-2021-30559 (Out of bounds write in ANGLE in
Google Chrome prior to 91.0.4472
- chromium 93.0.4577.82-1 (bug #990079)
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-30558
- RESERVED
+CVE-2021-30558 (Insufficient policy enforcement in content security policy in
Google C ...)
+ TODO: check
CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to
91.0.4472.114 al ...)
- chromium 93.0.4577.82-1 (bug #990079)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -149696,8 +149706,8 @@ CVE-2021-21201 (Use after free in permissions in
Google Chrome prior to 90.0.443
{DSA-4906-1}
- chromium 90.0.4430.72-1 (bug #987053)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2021-21200
- RESERVED
+CVE-2021-21200 (Out of bounds read in WebUI Settings in Google Chrome prior to
89.0.43 ...)
+ TODO: check
CVE-2021-21199 (Use after free in Aura in Google Chrome on Linux prior to
89.0.4389.11 ...)
{DSA-4886-1}
- chromium 89.0.4389.114-1
@@ -250764,8 +250774,8 @@ CVE-2019-13770
RESERVED
CVE-2019-13769
RESERVED
-CVE-2019-13768
- RESERVED
+CVE-2019-13768 (Use after free in FileAPI in Google Chrome prior to
72.0.3626.81 allow ...)
+ TODO: check
CVE-2019-13767 (Use after free in media picker in Google Chrome prior to
79.0.3945.88 ...)
{DSA-4606-1}
- chromium 79.0.3945.130-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/118c00f1dacf2a56012b610e6269e445acd84fb5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/118c00f1dacf2a56012b610e6269e445acd84fb5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
