Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15d4bf7e by security tracker role at 2022-07-11T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-35628
+ RESERVED
+CVE-2022-35627
+ RESERVED
+CVE-2022-2385
+ RESERVED
+CVE-2022-2384
+ RESERVED
+CVE-2022-2383
+ RESERVED
+CVE-2022-2382
+ RESERVED
+CVE-2022-2381
+ RESERVED
+CVE-2022-2380
+ RESERVED
+CVE-2022-2379
+ RESERVED
+CVE-2022-2378
+ RESERVED
+CVE-2022-2377
+ RESERVED
+CVE-2022-2376
+ RESERVED
+CVE-2022-2375
+ RESERVED
+CVE-2022-2374
+ RESERVED
+CVE-2022-2373
+ RESERVED
+CVE-2022-2372
+ RESERVED
+CVE-2022-2371
+ RESERVED
+CVE-2022-2370
+ RESERVED
+CVE-2022-2369
+ RESERVED
+CVE-2022-2368 (Business Logic Errors in GitHub repository
microweber/microweber prior ...)
+ TODO: check
+CVE-2022-2367
+ RESERVED
CVE-2022-35626
RESERVED
CVE-2022-35625
@@ -427,8 +469,8 @@ CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can
perform an uninitial
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1065
NOTE:
https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c
NOTE: https://sick.codes/sick-2022-113
-CVE-2022-2366
- RESERVED
+CVE-2022-2366 (Incorrect default configuration for trusted IP header in
Mattermost ve ...)
+ TODO: check
CVE-2022-2365 (Cross-site Scripting (XSS) - Stored in GitHub repository
zadam/trilium ...)
TODO: check
CVE-2022-2364
@@ -1563,8 +1605,8 @@ CVE-2022-2304 (Stack-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE:
https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939
(v9.0.0035)
CVE-2022-2303
RESERVED
-CVE-2022-2302
- RESERVED
+CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password
verifi ...)
+ TODO: check
CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to
1.10.3. ...)
- chafa 1.10.3-1 (unimportant)
NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/
@@ -1581,16 +1623,19 @@ CVE-2022-2297
RESERVED
CVE-2022-2296
RESERVED
+ {DSA-5180-1}
- chromium 103.0.5060.114-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2295
RESERVED
+ {DSA-5180-1}
- chromium 103.0.5060.114-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-2294
RESERVED
+ {DSA-5180-1}
- chromium 103.0.5060.114-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -2104,24 +2149,24 @@ CVE-2022-34747
RESERVED
CVE-2022-34746
RESERVED
-CVE-2022-34743
- RESERVED
-CVE-2022-34742
- RESERVED
-CVE-2022-34741
- RESERVED
-CVE-2022-34740
- RESERVED
-CVE-2022-34739
- RESERVED
-CVE-2022-34738
- RESERVED
-CVE-2022-34737
- RESERVED
-CVE-2022-34736
- RESERVED
-CVE-2022-34735
- RESERVED
+CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read
vulnerabili ...)
+ TODO: check
+CVE-2022-34742 (The system module has a read/write vulnerability. Successful
exploitat ...)
+ TODO: check
+CVE-2022-34741 (The NFC module has a buffer overflow vulnerability. Successful
exploit ...)
+ TODO: check
+CVE-2022-34740 (The NFC module has a buffer overflow vulnerability. Successful
exploit ...)
+ TODO: check
+CVE-2022-34739 (The fingerprint module has a vulnerability of overflow in
arithmetic a ...)
+ TODO: check
+CVE-2022-34738 (The SystemUI module has a vulnerability in permission control.
If this ...)
+ TODO: check
+CVE-2022-34737 (The application security module has a vulnerability in
permission assi ...)
+ TODO: check
+CVE-2022-34736 (The frame scheduling module has a null pointer dereference
vulnerabili ...)
+ TODO: check
+CVE-2022-34735 (The frame scheduling module has a null pointer dereference
vulnerabili ...)
+ TODO: check
CVE-2022-2245
RESERVED
CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE
affecting all ...)
@@ -4358,8 +4403,8 @@ CVE-2022-29921
RESERVED
CVE-2022-26084
RESERVED
-CVE-2022-2123
- RESERVED
+CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to
CSRF whi ...)
+ TODO: check
CVE-2022-2122
RESERVED
CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer
derefer ...)
@@ -4518,8 +4563,8 @@ CVE-2022-33913 (In Mahara 21.04 before 21.04.6, 21.10
before 21.10.4, and 22.04.
- mahara <removed>
CVE-2022-33912 (A permission issue affects users that deployed the shipped
version of ...)
NOT-FOR-US: Check MK as packaged by upstream
-CVE-2022-33911
- RESERVED
+CVE-2022-33911 (An issue was discovered in Couchbase Server 7.x before 7.0.4.
Field na ...)
+ TODO: check
CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote
attackers ...)
- mantis <removed>
CVE-2022-33909
@@ -4878,16 +4923,16 @@ CVE-2022-2095
RESERVED
CVE-2022-2094
RESERVED
-CVE-2022-2093
- RESERVED
-CVE-2022-2092
- RESERVED
-CVE-2022-2091
- RESERVED
+CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not
sanitize an ...)
+ TODO: check
+CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress
plugin befo ...)
+ TODO: check
+CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not
implement nonc ...)
+ TODO: check
CVE-2022-2090
RESERVED
-CVE-2022-2089
- RESERVED
+CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not
sanitise ...)
+ TODO: check
CVE-2022-33758
RESERVED
CVE-2022-33757
@@ -5000,64 +5045,64 @@ CVE-2022-33715
RESERVED
CVE-2022-33714
RESERVED
-CVE-2022-33713
- RESERVED
-CVE-2022-33712
- RESERVED
-CVE-2022-33711
- RESERVED
-CVE-2022-33710
- RESERVED
-CVE-2022-33709
- RESERVED
-CVE-2022-33708
- RESERVED
-CVE-2022-33707
- RESERVED
-CVE-2022-33706
- RESERVED
-CVE-2022-33705
- RESERVED
-CVE-2022-33704
- RESERVED
-CVE-2022-33703
- RESERVED
-CVE-2022-33702
- RESERVED
-CVE-2022-33701
- RESERVED
-CVE-2022-33700
- RESERVED
-CVE-2022-33699
- RESERVED
-CVE-2022-33698
- RESERVED
-CVE-2022-33697
- RESERVED
-CVE-2022-33696
- RESERVED
-CVE-2022-33695
- RESERVED
-CVE-2022-33694
- RESERVED
-CVE-2022-33693
- RESERVED
-CVE-2022-33692
- RESERVED
-CVE-2022-33691
- RESERVED
-CVE-2022-33690
- RESERVED
-CVE-2022-33689
- RESERVED
-CVE-2022-33688
- RESERVED
-CVE-2022-33687
- RESERVED
-CVE-2022-33686
- RESERVED
-CVE-2022-33685
- RESERVED
+CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior
to vers ...)
+ TODO: check
+CVE-2022-33712 (Intent redirection vulnerability using implict intent in
Camera prior ...)
+ TODO: check
+CVE-2022-33711 (Improper validation of integrity check vulnerability in
Samsung USB Dr ...)
+ TODO: check
+CVE-2022-33710 (Improper input validation vulnerability in
BillingPackageInsraller in ...)
+ TODO: check
+CVE-2022-33709 (Improper input validation vulnerability in
ApexPackageInstaller in Gal ...)
+ TODO: check
+CVE-2022-33708 (Improper input validation vulnerability in
AppsPackageInstaller in Gal ...)
+ TODO: check
+CVE-2022-33707 (Improper identifier creation logic in Find My Mobile prior to
version ...)
+ TODO: check
+CVE-2022-33706 (Improper access control vulnerability in Samsung Gallery prior
to vers ...)
+ TODO: check
+CVE-2022-33705 (Information exposure in Calendar prior to version
12.3.05.10000 allows ...)
+ TODO: check
+CVE-2022-33704 (Improper validation vulnerability in ucmRetParcelable of
KnoxSDK prior ...)
+ TODO: check
+CVE-2022-33703 (Improper validation vulnerability in CACertificateInfo prior
to SMR Ju ...)
+ TODO: check
+CVE-2022-33702 (Improper authorization vulnerability in Knoxguard prior to SMR
Jul-202 ...)
+ TODO: check
+CVE-2022-33701 (Improper access control vulnerability in
KnoxCustomManagerService prio ...)
+ TODO: check
+CVE-2022-33700 (Exposure of Sensitive Information in putDsaSimImsi in
TelephonyUI prio ...)
+ TODO: check
+CVE-2022-33699 (Exposure of Sensitive Information in getDsaSimImsi in
TelephonyUI prio ...)
+ TODO: check
+CVE-2022-33698 (Exposure of Sensitive Information in Telecom application prior
to SMR ...)
+ TODO: check
+CVE-2022-33697 (Sensitive information exposure vulnerability in
ImsServiceSwitchBase i ...)
+ TODO: check
+CVE-2022-33696 (Exposure of Sensitive Information in Telephony service prior
to SMR Ju ...)
+ TODO: check
+CVE-2022-33695 (Use of improper permission in InputManagerService prior to SMR
Jul-202 ...)
+ TODO: check
+CVE-2022-33694 (Exposure of Sensitive Information in CSC application prior to
SMR Jul- ...)
+ TODO: check
+CVE-2022-33693 (Exposure of Sensitive Information in CID Manager prior to SMR
Jul-2022 ...)
+ TODO: check
+CVE-2022-33692 (Exposure of Sensitive Information in Messaging application
prior to SM ...)
+ TODO: check
+CVE-2022-33691 (A possible race condition vulnerability in score driver prior
to SMR J ...)
+ TODO: check
+CVE-2022-33690 (Improper input validation in Contacts Storage prior to SMR
Jul-2022 Re ...)
+ TODO: check
+CVE-2022-33689 (Improper access control vulnerability in TelephonyUI prior to
SMR Jul- ...)
+ TODO: check
+CVE-2022-33688 (Sensitive information exposure vulnerability in EventType in
SecTeleph ...)
+ TODO: check
+CVE-2022-33687 (Exposure of Sensitive Information in telephony-common.jar
prior to SMR ...)
+ TODO: check
+CVE-2022-33686 (Exposure of Sensitive Information in GsmAlarmManager prior to
SMR Jul- ...)
+ TODO: check
+CVE-2022-33685 (Unprotected dynamic receiver in Wearable Manager Service prior
to SMR ...)
+ TODO: check
CVE-2022-33684
RESERVED
CVE-2022-33683
@@ -6116,8 +6161,8 @@ CVE-2022-33175 (Power Distribution Units running on
Powertek firmware (multiple
NOT-FOR-US: Powertek
CVE-2022-33174 (Power Distribution Units running on Powertek firmware
(multiple brands ...)
NOT-FOR-US: Powertek
-CVE-2022-33173
- RESERVED
+CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase
Server before ...)
+ TODO: check
CVE-2022-33172
RESERVED
CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0
can either ...)
@@ -6686,8 +6731,8 @@ CVE-2022-2052
RESERVED
CVE-2022-2051
RESERVED
-CVE-2022-2050
- RESERVED
+CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape
one of i ...)
+ TODO: check
CVE-2022-32957
RESERVED
CVE-2022-32956
@@ -8496,7 +8541,7 @@ CVE-2022-30943 (Browsing restriction bypass vulnerability
in Bulletin of Cybozu
CVE-2022-30602 (Operation restriction bypass in multiple applications of
Cybozu Garoon ...)
NOT-FOR-US: Cybozu
CVE-2022-29926
- RESERVED
+ REJECTED
CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor
issue in mu ...)
NOT-FOR-US: Cybozu
CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to
reflected C ...)
@@ -8841,20 +8886,20 @@ CVE-2022-1959
RESERVED
CVE-2022-1958 (A vulnerability classified as critical has been found in
FileCloud. Af ...)
NOT-FOR-US: FileCloud
-CVE-2022-1957
- RESERVED
-CVE-2022-1956
- RESERVED
+CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have
CSRF c ...)
+ TODO: check
+CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have
authori ...)
+ TODO: check
CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the
victim's ...)
NOT-FOR-US: oxen-io/session-android
CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab
CE/EE a ...)
- gitlab <unfixed>
CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin
before 1.2.3 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1952
- RESERVED
-CVE-2022-1951
- RESERVED
+CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental
WordPres ...)
+ TODO: check
+CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1
does not ...)
+ TODO: check
CVE-2022-1950
RESERVED
CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base.
That mish ...)
@@ -9357,8 +9402,8 @@ CVE-2022-31906 (Online Fire Reporting System v1.0 is
vulnerable to Cross Site Sc
NOT-FOR-US: Online Fire Reporting System
CVE-2022-31905
RESERVED
-CVE-2022-31904
- RESERVED
+CVE-2022-31904 (EGT-Kommunikationstechnik UG Mediacenter before v2.0 was
discovered to ...)
+ TODO: check
CVE-2022-31903
RESERVED
CVE-2022-31902
@@ -9607,10 +9652,10 @@ CVE-2022-1940 (A Stored Cross-Site Scripting
vulnerability in Jira integration i
NOTE:
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not
properly vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1938
- RESERVED
-CVE-2022-1937
- RESERVED
+CVE-2022-1938 (The Awin Data Feed WordPress plugin through 1.6 does not
sanitise and ...)
+ TODO: check
+CVE-2022-1937 (The Awin Data Feed WordPress plugin through 1.6 does not
sanitise and ...)
+ TODO: check
CVE-2022-XXXX [Sanitizing and other XSS protections]
- spip 4.1.2+dfsg-1
[bullseye] - spip 3.2.11-3+deb11u4
@@ -9785,8 +9830,8 @@ CVE-2022-1912
RESERVED
CVE-2022-1911
RESERVED
-CVE-2022-1910
- RESERVED
+CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin
before 2. ...)
+ TODO: check
CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository
causefx/organ ...)
NOT-FOR-US: organizr
CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi
prior to 0. ...)
@@ -9842,7 +9887,8 @@ CVE-2022-1901
RESERVED
CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
NOT-FOR-US: Copify plugin for WordPress
-CVE-2021-46815 (Configuration defects in the secure OS module. Successful
exploitation ...)
+CVE-2021-46815
+ REJECTED
NOT-FOR-US: Huawei
CVE-2021-46814 (The video framework has an out-of-bounds memory read/write
vulnerabili ...)
NOT-FOR-US: Huawei
@@ -9980,8 +10026,8 @@ CVE-2022-1896 (The underConstruction WordPress plugin
before 1.21 does not sanit
NOT-FOR-US: WordPress plugin
CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1894
- RESERVED
+CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not
escape and s ...)
+ TODO: check
CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo
Manage ...)
NOT-FOR-US: Zoo Management System
CVE-2022-31733
@@ -11592,8 +11638,8 @@ CVE-2022-31140
RESERVED
CVE-2022-31139
RESERVED
-CVE-2022-31138
- RESERVED
+CVE-2022-31138 (mailcow is a mailserver suite. Prior to mailcow-dockerized
version 202 ...)
+ TODO: check
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
TODO: check
CVE-2022-31136 (Bookwyrm is an open source social reading and reviewing
program. Versi ...)
@@ -12010,8 +12056,8 @@ CVE-2022-1795 (Use After Free in GitHub repository
gpac/gpac prior to v2.1.0-DEV
[stretch] - gpac <end-of-life> (No longer supported in LTS)
NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc
NOTE:
https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514
-CVE-2022-1794
- RESERVED
+CVE-2022-1794 (The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords
as pla ...)
+ TODO: check
CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF
check ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not
have CSRF ...)
@@ -12127,8 +12173,8 @@ CVE-2022-1759 (The RB Internal Links WordPress plugin
through 2.0.16 does not ha
NOT-FOR-US: WordPress plugin
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1757
- RESERVED
+CVE-2022-1757 (The Pagebar WordPress plugin through 2.65 does not have CSRF
check in ...)
+ TODO: check
CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1755
@@ -12239,28 +12285,28 @@ CVE-2022-30938
RESERVED
CVE-2022-30937 (A vulnerability has been identified in EN100 Ethernet module
DNP3 IP v ...)
NOT-FOR-US: Siemens
-CVE-2022-30792
- RESERVED
-CVE-2022-30791
- RESERVED
-CVE-2022-30758
- RESERVED
-CVE-2022-30757
- RESERVED
-CVE-2022-30756
- RESERVED
-CVE-2022-30755
- RESERVED
-CVE-2022-30754
- RESERVED
-CVE-2022-30753
- RESERVED
-CVE-2022-30752
- RESERVED
-CVE-2022-30751
- RESERVED
-CVE-2022-30750
- RESERVED
+CVE-2022-30792 (In CmpChannelServer of CODESYS V3 in multiple versions an
uncontrolled ...)
+ TODO: check
+CVE-2022-30791 (In CmpBlkDrvTcp of CODESYS V3 in multiple versions an
uncontrolled res ...)
+ TODO: check
+CVE-2022-30758 (Implicit Intent hijacking vulnerability in Finder prior to SMR
Jul-202 ...)
+ TODO: check
+CVE-2022-30757 (Improper authorization in isemtelephony prior to SMR Jul-2022
Release ...)
+ TODO: check
+CVE-2022-30756 (Implicit Intent hijacking vulnerability in Finder prior to SMR
Jul-202 ...)
+ TODO: check
+CVE-2022-30755 (Improper authentication vulnerability in AppLock prior to SMR
Jul-2022 ...)
+ TODO: check
+CVE-2022-30754 (Implicit Intent hijacking vulnerability in AppLinker prior to
SMR Jul- ...)
+ TODO: check
+CVE-2022-30753 (Improper use of a unique device ID in unprotected
SecSoterService prio ...)
+ TODO: check
+CVE-2022-30752 (Improper access control vulnerability in sendDHCPACKBroadcast
function ...)
+ TODO: check
+CVE-2022-30751 (Improper access control vulnerability in sendDHCPACKBroadcast
function ...)
+ TODO: check
+CVE-2022-30750 (Improper access control vulnerability in
updateLastConnectedClientInfo ...)
+ TODO: check
CVE-2022-30749 (Improper access control vulnerability in Smart Things prior to
1.7.85. ...)
NOT-FOR-US: Samsung
CVE-2022-30748 (Unprotected dynamic receiver in Samsung Members prior to
version 4.2.0 ...)
@@ -12372,8 +12418,8 @@ CVE-2022-1733 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE: https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a
NOTE:
https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813
(v8.2.4968)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1732
- RESERVED
+CVE-2022-1732 (The Rename wp-login.php WordPress plugin through 2.6.0 does not
have C ...)
+ TODO: check
CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is
vulnerable to ...)
NOT-FOR-US: Metasonic Doc WebClient
CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository
jgraph/drawio ...)
@@ -13577,8 +13623,8 @@ CVE-2022-1628
RESERVED
CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have
CSRF c ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1626
- RESERVED
+CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF
check i ...)
+ TODO: check
CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have
CSRF ch ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does
not have ...)
@@ -14146,8 +14192,8 @@ CVE-2022-1601
RESERVED
CVE-2022-1600
RESERVED
-CVE-2022-1599
- RESERVED
+CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does
not ha ...)
+ TODO: check
CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.4 which is a
companion to t ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a
companion for ...)
@@ -14342,8 +14388,8 @@ CVE-2022-1578
RESERVED
CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not
have CS ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1576
- RESERVED
+CVE-2022-1576 (The WP Maintenance Mode & Coming Soon WordPress plugin
before 2.4. ...)
+ TODO: check
CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub
repository ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have
authorisation ...)
@@ -14695,8 +14741,8 @@ CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and
earlier fails to properly re
NOT-FOR-US: Mattermost Playbooks plugin
CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does
not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1546
- RESERVED
+CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through
1.5.2 does ...)
+ TODO: check
CVE-2022-30114
RESERVED
CVE-2022-30113
@@ -15698,8 +15744,8 @@ CVE-2022-1475 (An integer overflow vulnerability was
found in FFmpeg versions be
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f
(n4.4.2)
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d
(n4.3.4)
-CVE-2022-1474
- RESERVED
+CVE-2022-1474 (The WP Event Manager WordPress plugin before 3.1.28 does not
sanitise ...)
+ TODO: check
CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table,
contains ...)
[experimental] - openssl 3.0.3-1
- openssl <not-affected> (Only affects OpenSSL 3.0)
@@ -19129,8 +19175,8 @@ CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac
prior to 2.1.0-DEV. ...)
NOTE:
https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1
CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3
does not s ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1220
- RESERVED
+CVE-2022-1220 (The FoxyShop WordPress plugin before 4.8.2 does not sanitise
and escap ...)
+ TODO: check
CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository
pimcore ...)
NOT-FOR-US: pimcore
CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not
sanitise an ...)
@@ -21336,8 +21382,8 @@ CVE-2022-1098 (Delta Electronics DIAEnergie (all
versions prior to 1.8.02.004) a
NOT-FOR-US: Delta Electronics DIAEnergie
CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized
insertion ...)
NOT-FOR-US: Harmony OS
-CVE-2021-46741
- RESERVED
+CVE-2021-46741 (The basic framework and setting module have defects, which
were introd ...)
+ TODO: check
CVE-2021-46740 (The device authentication service module has a defect
vulnerability in ...)
NOT-FOR-US: Harmony OS
CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site
scripting ...)
@@ -21940,8 +21986,8 @@ CVE-2022-1059
RESERVED
CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea
prior to 1. ...)
- gitea <removed>
-CVE-2022-1057
- RESERVED
+CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through
2.0.2.02 do ...)
+ TODO: check
CVE-2021-46739
RESERVED
CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP
transformation code ...)
@@ -56885,8 +56931,8 @@ CVE-2021-41398
RESERVED
CVE-2021-41397
RESERVED
-CVE-2021-41396
- RESERVED
+CVE-2021-41396 (Live555 through 1.08 does not handle socket connections
properly. A hu ...)
+ TODO: check
CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers
to contro ...)
NOT-FOR-US: Teleport
CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12,
and 7.x b ...)
@@ -60444,16 +60490,16 @@ CVE-2021-40018 (The eID module has a null pointer
reference vulnerability. Succe
NOT-FOR-US: Huawei
CVE-2021-40017
RESERVED
-CVE-2021-40016
- RESERVED
+CVE-2021-40016 (Improper permission control vulnerability in the Bluetooth
module.Succ ...)
+ TODO: check
CVE-2021-40015 (There is a race condition vulnerability in the binder driver
subsystem ...)
NOT-FOR-US: Huawei
CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow
vulnera ...)
NOT-FOR-US: Huawei
-CVE-2021-40013
- RESERVED
-CVE-2021-40012
- RESERVED
+CVE-2021-40013 (Improper permission control vulnerability in the Bluetooth
module.Succ ...)
+ TODO: check
+CVE-2021-40012 (Vulnerability of pointers being incorrectly used during data
transmiss ...)
+ TODO: check
CVE-2021-40011 (There is an uncontrolled resource consumption vulnerability in
the dis ...)
NOT-FOR-US: Huawei
CVE-2021-40010 (The bone voice ID TA has a heap overflow
vulnerability.Successful expl ...)
@@ -60478,8 +60524,8 @@ CVE-2021-40001 (The CaasKit module has a path traversal
vulnerability. Successfu
NOT-FOR-US: Huawei
CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability.
Success ...)
NOT-FOR-US: Huawei
-CVE-2021-39999
- RESERVED
+CVE-2021-39999 (There is a buffer overflow vulnerability in eSE620X vESS
V100R001C10SP ...)
+ TODO: check
CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for
multiple ...)
NOT-FOR-US: Huawei
CVE-2021-39997 (There is a vulnerability of unstrict input parameter
verification in t ...)
@@ -68914,14 +68960,14 @@ CVE-2021-36670
RESERVED
CVE-2021-36669
RESERVED
-CVE-2021-36668
- RESERVED
-CVE-2021-36667
- RESERVED
-CVE-2021-36666
- RESERVED
-CVE-2021-36665
- RESERVED
+CVE-2021-36668 (URL injection in Driva inSync 6.9.0 for MacOS, allows
attackers to for ...)
+ TODO: check
+CVE-2021-36667 (Command injection vulnerability in Druva inSync 6.9.0 for
MacOS, allow ...)
+ TODO: check
+CVE-2021-36666 (An issue was discovered in Druva 6.9.0 for MacOS, allows
attackers to ...)
+ TODO: check
+CVE-2021-36665 (An issue was discovered in Druva 6.9.0 for macOS, allows
attackers to ...)
+ TODO: check
CVE-2021-36664
RESERVED
CVE-2021-36663
@@ -182138,8 +182184,8 @@ CVE-2020-4152 (IBM QRadar Network Security 5.4.0 and
5.5.0 transmits sensitive o
NOT-FOR-US: IBM
CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an
authenticated attac ...)
NOT-FOR-US: IBM
-CVE-2020-4150
- RESERVED
+CVE-2020-4150 (IBM SiteProtector Appliance 3.1.1 contains hard-coded
credentials, suc ...)
+ TODO: check
CVE-2020-4149
RESERVED
CVE-2020-4148
@@ -182162,8 +182208,8 @@ CVE-2020-4140 (IBM Security SiteProtector System
3.1.1 is vulnerable to cross-si
NOT-FOR-US: IBM
CVE-2020-4139
RESERVED
-CVE-2020-4138
- RESERVED
+CVE-2020-4138 (IBM SiteProtector Appliance 3.1.1 allows web pages to be stored
locall ...)
+ TODO: check
CVE-2020-4137
RESERVED
CVE-2020-4136
@@ -223621,7 +223667,7 @@ CVE-2019-9671
RESERVED
CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x
before ...)
NOT-FOR-US: Synacor Zimbra Collaboration Suite
-CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a
unique attac ...)
+CVE-2019-9669 (** DISPUTED ** The Wordfence plugin 7.2.3 for WordPress allows
XSS via ...)
NOT-FOR-US: Wordfence plugin for WordPress
CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through
2012-03-28. recei ...)
NOT-FOR-US: rovinbhandari FTP
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d4bf7ee57892fa8e4992394b5b370a3f1c4f10
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15d4bf7ee57892fa8e4992394b5b370a3f1c4f10
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
