Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 15d4bf7e by security tracker role at 2022-07-11T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,45 @@ +CVE-2022-35628 + RESERVED +CVE-2022-35627 + RESERVED +CVE-2022-2385 + RESERVED +CVE-2022-2384 + RESERVED +CVE-2022-2383 + RESERVED +CVE-2022-2382 + RESERVED +CVE-2022-2381 + RESERVED +CVE-2022-2380 + RESERVED +CVE-2022-2379 + RESERVED +CVE-2022-2378 + RESERVED +CVE-2022-2377 + RESERVED +CVE-2022-2376 + RESERVED +CVE-2022-2375 + RESERVED +CVE-2022-2374 + RESERVED +CVE-2022-2373 + RESERVED +CVE-2022-2372 + RESERVED +CVE-2022-2371 + RESERVED +CVE-2022-2370 + RESERVED +CVE-2022-2369 + RESERVED +CVE-2022-2368 (Business Logic Errors in GitHub repository microweber/microweber prior ...) + TODO: check +CVE-2022-2367 + RESERVED CVE-2022-35626 RESERVED CVE-2022-35625 @@ -427,8 +469,8 @@ CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitial NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1065 NOTE: https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c NOTE: https://sick.codes/sick-2022-113 -CVE-2022-2366 - RESERVED +CVE-2022-2366 (Incorrect default configuration for trusted IP header in Mattermost ve ...) + TODO: check CVE-2022-2365 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) TODO: check CVE-2022-2364 @@ -1563,8 +1605,8 @@ CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035) CVE-2022-2303 RESERVED -CVE-2022-2302 - RESERVED +CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password verifi ...) + TODO: check CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. ...) - chafa 1.10.3-1 (unimportant) NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/ @@ -1581,16 +1623,19 @@ CVE-2022-2297 RESERVED CVE-2022-2296 RESERVED + {DSA-5180-1} - chromium 103.0.5060.114-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-2295 RESERVED + {DSA-5180-1} - chromium 103.0.5060.114-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-2294 RESERVED + {DSA-5180-1} - chromium 103.0.5060.114-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) @@ -2104,24 +2149,24 @@ CVE-2022-34747 RESERVED CVE-2022-34746 RESERVED -CVE-2022-34743 - RESERVED -CVE-2022-34742 - RESERVED -CVE-2022-34741 - RESERVED -CVE-2022-34740 - RESERVED -CVE-2022-34739 - RESERVED -CVE-2022-34738 - RESERVED -CVE-2022-34737 - RESERVED -CVE-2022-34736 - RESERVED -CVE-2022-34735 - RESERVED +CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read vulnerabili ...) + TODO: check +CVE-2022-34742 (The system module has a read/write vulnerability. Successful exploitat ...) + TODO: check +CVE-2022-34741 (The NFC module has a buffer overflow vulnerability. Successful exploit ...) + TODO: check +CVE-2022-34740 (The NFC module has a buffer overflow vulnerability. Successful exploit ...) + TODO: check +CVE-2022-34739 (The fingerprint module has a vulnerability of overflow in arithmetic a ...) + TODO: check +CVE-2022-34738 (The SystemUI module has a vulnerability in permission control. If this ...) + TODO: check +CVE-2022-34737 (The application security module has a vulnerability in permission assi ...) + TODO: check +CVE-2022-34736 (The frame scheduling module has a null pointer dereference vulnerabili ...) + TODO: check +CVE-2022-34735 (The frame scheduling module has a null pointer dereference vulnerabili ...) + TODO: check CVE-2022-2245 RESERVED CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all ...) @@ -4358,8 +4403,8 @@ CVE-2022-29921 RESERVED CVE-2022-26084 RESERVED -CVE-2022-2123 - RESERVED +CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF whi ...) + TODO: check CVE-2022-2122 RESERVED CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...) @@ -4518,8 +4563,8 @@ CVE-2022-33913 (In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04. - mahara <removed> CVE-2022-33912 (A permission issue affects users that deployed the shipped version of ...) NOT-FOR-US: Check MK as packaged by upstream -CVE-2022-33911 - RESERVED +CVE-2022-33911 (An issue was discovered in Couchbase Server 7.x before 7.0.4. Field na ...) + TODO: check CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers ...) - mantis <removed> CVE-2022-33909 @@ -4878,16 +4923,16 @@ CVE-2022-2095 RESERVED CVE-2022-2094 RESERVED -CVE-2022-2093 - RESERVED -CVE-2022-2092 - RESERVED -CVE-2022-2091 - RESERVED +CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...) + TODO: check +CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...) + TODO: check +CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not implement nonc ...) + TODO: check CVE-2022-2090 RESERVED -CVE-2022-2089 - RESERVED +CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise ...) + TODO: check CVE-2022-33758 RESERVED CVE-2022-33757 @@ -5000,64 +5045,64 @@ CVE-2022-33715 RESERVED CVE-2022-33714 RESERVED -CVE-2022-33713 - RESERVED -CVE-2022-33712 - RESERVED -CVE-2022-33711 - RESERVED -CVE-2022-33710 - RESERVED -CVE-2022-33709 - RESERVED -CVE-2022-33708 - RESERVED -CVE-2022-33707 - RESERVED -CVE-2022-33706 - RESERVED -CVE-2022-33705 - RESERVED -CVE-2022-33704 - RESERVED -CVE-2022-33703 - RESERVED -CVE-2022-33702 - RESERVED -CVE-2022-33701 - RESERVED -CVE-2022-33700 - RESERVED -CVE-2022-33699 - RESERVED -CVE-2022-33698 - RESERVED -CVE-2022-33697 - RESERVED -CVE-2022-33696 - RESERVED -CVE-2022-33695 - RESERVED -CVE-2022-33694 - RESERVED -CVE-2022-33693 - RESERVED -CVE-2022-33692 - RESERVED -CVE-2022-33691 - RESERVED -CVE-2022-33690 - RESERVED -CVE-2022-33689 - RESERVED -CVE-2022-33688 - RESERVED -CVE-2022-33687 - RESERVED -CVE-2022-33686 - RESERVED -CVE-2022-33685 - RESERVED +CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior to vers ...) + TODO: check +CVE-2022-33712 (Intent redirection vulnerability using implict intent in Camera prior ...) + TODO: check +CVE-2022-33711 (Improper validation of integrity check vulnerability in Samsung USB Dr ...) + TODO: check +CVE-2022-33710 (Improper input validation vulnerability in BillingPackageInsraller in ...) + TODO: check +CVE-2022-33709 (Improper input validation vulnerability in ApexPackageInstaller in Gal ...) + TODO: check +CVE-2022-33708 (Improper input validation vulnerability in AppsPackageInstaller in Gal ...) + TODO: check +CVE-2022-33707 (Improper identifier creation logic in Find My Mobile prior to version ...) + TODO: check +CVE-2022-33706 (Improper access control vulnerability in Samsung Gallery prior to vers ...) + TODO: check +CVE-2022-33705 (Information exposure in Calendar prior to version 12.3.05.10000 allows ...) + TODO: check +CVE-2022-33704 (Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior ...) + TODO: check +CVE-2022-33703 (Improper validation vulnerability in CACertificateInfo prior to SMR Ju ...) + TODO: check +CVE-2022-33702 (Improper authorization vulnerability in Knoxguard prior to SMR Jul-202 ...) + TODO: check +CVE-2022-33701 (Improper access control vulnerability in KnoxCustomManagerService prio ...) + TODO: check +CVE-2022-33700 (Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prio ...) + TODO: check +CVE-2022-33699 (Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prio ...) + TODO: check +CVE-2022-33698 (Exposure of Sensitive Information in Telecom application prior to SMR ...) + TODO: check +CVE-2022-33697 (Sensitive information exposure vulnerability in ImsServiceSwitchBase i ...) + TODO: check +CVE-2022-33696 (Exposure of Sensitive Information in Telephony service prior to SMR Ju ...) + TODO: check +CVE-2022-33695 (Use of improper permission in InputManagerService prior to SMR Jul-202 ...) + TODO: check +CVE-2022-33694 (Exposure of Sensitive Information in CSC application prior to SMR Jul- ...) + TODO: check +CVE-2022-33693 (Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 ...) + TODO: check +CVE-2022-33692 (Exposure of Sensitive Information in Messaging application prior to SM ...) + TODO: check +CVE-2022-33691 (A possible race condition vulnerability in score driver prior to SMR J ...) + TODO: check +CVE-2022-33690 (Improper input validation in Contacts Storage prior to SMR Jul-2022 Re ...) + TODO: check +CVE-2022-33689 (Improper access control vulnerability in TelephonyUI prior to SMR Jul- ...) + TODO: check +CVE-2022-33688 (Sensitive information exposure vulnerability in EventType in SecTeleph ...) + TODO: check +CVE-2022-33687 (Exposure of Sensitive Information in telephony-common.jar prior to SMR ...) + TODO: check +CVE-2022-33686 (Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul- ...) + TODO: check +CVE-2022-33685 (Unprotected dynamic receiver in Wearable Manager Service prior to SMR ...) + TODO: check CVE-2022-33684 RESERVED CVE-2022-33683 @@ -6116,8 +6161,8 @@ CVE-2022-33175 (Power Distribution Units running on Powertek firmware (multiple NOT-FOR-US: Powertek CVE-2022-33174 (Power Distribution Units running on Powertek firmware (multiple brands ...) NOT-FOR-US: Powertek -CVE-2022-33173 - RESERVED +CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase Server before ...) + TODO: check CVE-2022-33172 RESERVED CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either ...) @@ -6686,8 +6731,8 @@ CVE-2022-2052 RESERVED CVE-2022-2051 RESERVED -CVE-2022-2050 - RESERVED +CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape one of i ...) + TODO: check CVE-2022-32957 RESERVED CVE-2022-32956 @@ -8496,7 +8541,7 @@ CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of Cybozu CVE-2022-30602 (Operation restriction bypass in multiple applications of Cybozu Garoon ...) NOT-FOR-US: Cybozu CVE-2022-29926 - RESERVED + REJECTED CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor issue in mu ...) NOT-FOR-US: Cybozu CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflected C ...) @@ -8841,20 +8886,20 @@ CVE-2022-1959 RESERVED CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...) NOT-FOR-US: FileCloud -CVE-2022-1957 - RESERVED -CVE-2022-1956 - RESERVED +CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have CSRF c ...) + TODO: check +CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have authori ...) + TODO: check CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...) NOT-FOR-US: oxen-io/session-android CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...) - gitlab <unfixed> CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...) NOT-FOR-US: WordPress plugin -CVE-2022-1952 - RESERVED -CVE-2022-1951 - RESERVED +CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPres ...) + TODO: check +CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1 does not ...) + TODO: check CVE-2022-1950 RESERVED CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...) @@ -9357,8 +9402,8 @@ CVE-2022-31906 (Online Fire Reporting System v1.0 is vulnerable to Cross Site Sc NOT-FOR-US: Online Fire Reporting System CVE-2022-31905 RESERVED -CVE-2022-31904 - RESERVED +CVE-2022-31904 (EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to ...) + TODO: check CVE-2022-31903 RESERVED CVE-2022-31902 @@ -9607,10 +9652,10 @@ CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration i NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not properly vali ...) NOT-FOR-US: WordPress plugin -CVE-2022-1938 - RESERVED -CVE-2022-1937 - RESERVED +CVE-2022-1938 (The Awin Data Feed WordPress plugin through 1.6 does not sanitise and ...) + TODO: check +CVE-2022-1937 (The Awin Data Feed WordPress plugin through 1.6 does not sanitise and ...) + TODO: check CVE-2022-XXXX [Sanitizing and other XSS protections] - spip 4.1.2+dfsg-1 [bullseye] - spip 3.2.11-3+deb11u4 @@ -9785,8 +9830,8 @@ CVE-2022-1912 RESERVED CVE-2022-1911 RESERVED -CVE-2022-1910 - RESERVED +CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...) + TODO: check CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) NOT-FOR-US: organizr CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) @@ -9842,7 +9887,8 @@ CVE-2022-1901 RESERVED CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site Request Fo ...) NOT-FOR-US: Copify plugin for WordPress -CVE-2021-46815 (Configuration defects in the secure OS module. Successful exploitation ...) +CVE-2021-46815 + REJECTED NOT-FOR-US: Huawei CVE-2021-46814 (The video framework has an out-of-bounds memory read/write vulnerabili ...) NOT-FOR-US: Huawei @@ -9980,8 +10026,8 @@ CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not sanit NOT-FOR-US: WordPress plugin CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not have CSRF ...) NOT-FOR-US: WordPress plugin -CVE-2022-1894 - RESERVED +CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape and s ...) + TODO: check CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...) NOT-FOR-US: Zoo Management System CVE-2022-31733 @@ -11592,8 +11638,8 @@ CVE-2022-31140 RESERVED CVE-2022-31139 RESERVED -CVE-2022-31138 - RESERVED +CVE-2022-31138 (mailcow is a mailserver suite. Prior to mailcow-dockerized version 202 ...) + TODO: check CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...) TODO: check CVE-2022-31136 (Bookwyrm is an open source social reading and reviewing program. Versi ...) @@ -12010,8 +12056,8 @@ CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 -CVE-2022-1794 - RESERVED +CVE-2022-1794 (The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as pla ...) + TODO: check CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF ...) @@ -12127,8 +12173,8 @@ CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not ha NOT-FOR-US: WordPress plugin CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...) NOT-FOR-US: WordPress plugin -CVE-2022-1757 - RESERVED +CVE-2022-1757 (The Pagebar WordPress plugin through 2.65 does not have CSRF check in ...) + TODO: check CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1755 @@ -12239,28 +12285,28 @@ CVE-2022-30938 RESERVED CVE-2022-30937 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...) NOT-FOR-US: Siemens -CVE-2022-30792 - RESERVED -CVE-2022-30791 - RESERVED -CVE-2022-30758 - RESERVED -CVE-2022-30757 - RESERVED -CVE-2022-30756 - RESERVED -CVE-2022-30755 - RESERVED -CVE-2022-30754 - RESERVED -CVE-2022-30753 - RESERVED -CVE-2022-30752 - RESERVED -CVE-2022-30751 - RESERVED -CVE-2022-30750 - RESERVED +CVE-2022-30792 (In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ...) + TODO: check +CVE-2022-30791 (In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled res ...) + TODO: check +CVE-2022-30758 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...) + TODO: check +CVE-2022-30757 (Improper authorization in isemtelephony prior to SMR Jul-2022 Release ...) + TODO: check +CVE-2022-30756 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...) + TODO: check +CVE-2022-30755 (Improper authentication vulnerability in AppLock prior to SMR Jul-2022 ...) + TODO: check +CVE-2022-30754 (Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul- ...) + TODO: check +CVE-2022-30753 (Improper use of a unique device ID in unprotected SecSoterService prio ...) + TODO: check +CVE-2022-30752 (Improper access control vulnerability in sendDHCPACKBroadcast function ...) + TODO: check +CVE-2022-30751 (Improper access control vulnerability in sendDHCPACKBroadcast function ...) + TODO: check +CVE-2022-30750 (Improper access control vulnerability in updateLastConnectedClientInfo ...) + TODO: check CVE-2022-30749 (Improper access control vulnerability in Smart Things prior to 1.7.85. ...) NOT-FOR-US: Samsung CVE-2022-30748 (Unprotected dynamic receiver in Samsung Members prior to version 4.2.0 ...) @@ -12372,8 +12418,8 @@ CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968) NOTE: Crash in CLI tool, no security impact -CVE-2022-1732 - RESERVED +CVE-2022-1732 (The Rename wp-login.php WordPress plugin through 2.6.0 does not have C ...) + TODO: check CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...) NOT-FOR-US: Metasonic Doc WebClient CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) @@ -13577,8 +13623,8 @@ CVE-2022-1628 RESERVED CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...) NOT-FOR-US: WordPress plugin -CVE-2022-1626 - RESERVED +CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF check i ...) + TODO: check CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have CSRF ch ...) NOT-FOR-US: WordPress plugin CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...) @@ -14146,8 +14192,8 @@ CVE-2022-1601 RESERVED CVE-2022-1600 RESERVED -CVE-2022-1599 - RESERVED +CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...) + TODO: check CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a companion to t ...) NOT-FOR-US: WordPress plugin CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...) @@ -14342,8 +14388,8 @@ CVE-2022-1578 RESERVED CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...) NOT-FOR-US: WordPress plugin -CVE-2022-1576 - RESERVED +CVE-2022-1576 (The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4. ...) + TODO: check CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...) NOT-FOR-US: jgraph/drawio CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...) @@ -14695,8 +14741,8 @@ CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly re NOT-FOR-US: Mattermost Playbooks plugin CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sanit ...) NOT-FOR-US: WordPress plugin -CVE-2022-1546 - RESERVED +CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through 1.5.2 does ...) + TODO: check CVE-2022-30114 RESERVED CVE-2022-30113 @@ -15698,8 +15744,8 @@ CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg versions be NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4) -CVE-2022-1474 - RESERVED +CVE-2022-1474 (The WP Event Manager WordPress plugin before 3.1.28 does not sanitise ...) + TODO: check CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, contains ...) [experimental] - openssl 3.0.3-1 - openssl <not-affected> (Only affects OpenSSL 3.0) @@ -19129,8 +19175,8 @@ CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...) NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1 CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not s ...) NOT-FOR-US: WordPress plugin -CVE-2022-1220 - RESERVED +CVE-2022-1220 (The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escap ...) + TODO: check CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...) NOT-FOR-US: pimcore CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not sanitise an ...) @@ -21336,8 +21382,8 @@ CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) a NOT-FOR-US: Delta Electronics DIAEnergie CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized insertion ...) NOT-FOR-US: Harmony OS -CVE-2021-46741 - RESERVED +CVE-2021-46741 (The basic framework and setting module have defects, which were introd ...) + TODO: check CVE-2021-46740 (The device authentication service module has a defect vulnerability in ...) NOT-FOR-US: Harmony OS CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) @@ -21940,8 +21986,8 @@ CVE-2022-1059 RESERVED CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...) - gitea <removed> -CVE-2022-1057 - RESERVED +CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 do ...) + TODO: check CVE-2021-46739 RESERVED CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...) @@ -56885,8 +56931,8 @@ CVE-2021-41398 RESERVED CVE-2021-41397 RESERVED -CVE-2021-41396 - RESERVED +CVE-2021-41396 (Live555 through 1.08 does not handle socket connections properly. A hu ...) + TODO: check CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...) NOT-FOR-US: Teleport CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) @@ -60444,16 +60490,16 @@ CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Succe NOT-FOR-US: Huawei CVE-2021-40017 RESERVED -CVE-2021-40016 - RESERVED +CVE-2021-40016 (Improper permission control vulnerability in the Bluetooth module.Succ ...) + TODO: check CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...) NOT-FOR-US: Huawei CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...) NOT-FOR-US: Huawei -CVE-2021-40013 - RESERVED -CVE-2021-40012 - RESERVED +CVE-2021-40013 (Improper permission control vulnerability in the Bluetooth module.Succ ...) + TODO: check +CVE-2021-40012 (Vulnerability of pointers being incorrectly used during data transmiss ...) + TODO: check CVE-2021-40011 (There is an uncontrolled resource consumption vulnerability in the dis ...) NOT-FOR-US: Huawei CVE-2021-40010 (The bone voice ID TA has a heap overflow vulnerability.Successful expl ...) @@ -60478,8 +60524,8 @@ CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successfu NOT-FOR-US: Huawei CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...) NOT-FOR-US: Huawei -CVE-2021-39999 - RESERVED +CVE-2021-39999 (There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SP ...) + TODO: check CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...) NOT-FOR-US: Huawei CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...) @@ -68914,14 +68960,14 @@ CVE-2021-36670 RESERVED CVE-2021-36669 RESERVED -CVE-2021-36668 - RESERVED -CVE-2021-36667 - RESERVED -CVE-2021-36666 - RESERVED -CVE-2021-36665 - RESERVED +CVE-2021-36668 (URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to for ...) + TODO: check +CVE-2021-36667 (Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allow ...) + TODO: check +CVE-2021-36666 (An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to ...) + TODO: check +CVE-2021-36665 (An issue was discovered in Druva 6.9.0 for macOS, allows attackers to ...) + TODO: check CVE-2021-36664 RESERVED CVE-2021-36663 @@ -182138,8 +182184,8 @@ CVE-2020-4152 (IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive o NOT-FOR-US: IBM CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...) NOT-FOR-US: IBM -CVE-2020-4150 - RESERVED +CVE-2020-4150 (IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, suc ...) + TODO: check CVE-2020-4149 RESERVED CVE-2020-4148 @@ -182162,8 +182208,8 @@ CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-si NOT-FOR-US: IBM CVE-2020-4139 RESERVED -CVE-2020-4138 - RESERVED +CVE-2020-4138 (IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locall ...) + TODO: check CVE-2020-4137 RESERVED CVE-2020-4136 @@ -223621,7 +223667,7 @@ CVE-2019-9671 RESERVED CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before ...) NOT-FOR-US: Synacor Zimbra Collaboration Suite -CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...) +CVE-2019-9669 (** DISPUTED ** The Wordfence plugin 7.2.3 for WordPress allows XSS via ...) NOT-FOR-US: Wordfence plugin for WordPress CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 2012-03-28. recei ...) NOT-FOR-US: rovinbhandari FTP View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d4bf7ee57892fa8e4992394b5b370a3f1c4f10 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d4bf7ee57892fa8e4992394b5b370a3f1c4f10 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits