Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 13b56749 by security tracker role at 2022-09-19T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,147 @@ +CVE-2022-41030 + RESERVED +CVE-2022-41029 + RESERVED +CVE-2022-41028 + RESERVED +CVE-2022-41027 + RESERVED +CVE-2022-41026 + RESERVED +CVE-2022-41025 + RESERVED +CVE-2022-41024 + RESERVED +CVE-2022-41023 + RESERVED +CVE-2022-41022 + RESERVED +CVE-2022-41021 + RESERVED +CVE-2022-41020 + RESERVED +CVE-2022-41019 + RESERVED +CVE-2022-41018 + RESERVED +CVE-2022-41017 + RESERVED +CVE-2022-41016 + RESERVED +CVE-2022-41015 + RESERVED +CVE-2022-41014 + RESERVED +CVE-2022-41013 + RESERVED +CVE-2022-41012 + RESERVED +CVE-2022-41011 + RESERVED +CVE-2022-41010 + RESERVED +CVE-2022-41009 + RESERVED +CVE-2022-41008 + RESERVED +CVE-2022-41007 + RESERVED +CVE-2022-41006 + RESERVED +CVE-2022-41005 + RESERVED +CVE-2022-41004 + RESERVED +CVE-2022-41003 + RESERVED +CVE-2022-41002 + RESERVED +CVE-2022-41001 + RESERVED +CVE-2022-41000 + RESERVED +CVE-2022-40999 + RESERVED +CVE-2022-40998 + RESERVED +CVE-2022-40997 + RESERVED +CVE-2022-40996 + RESERVED +CVE-2022-40995 + RESERVED +CVE-2022-40994 + RESERVED +CVE-2022-40993 + RESERVED +CVE-2022-40992 + RESERVED +CVE-2022-40991 + RESERVED +CVE-2022-40990 + RESERVED +CVE-2022-40989 + RESERVED +CVE-2022-40988 + RESERVED +CVE-2022-40987 + RESERVED +CVE-2022-40986 + RESERVED +CVE-2022-40985 + RESERVED +CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...) + TODO: check +CVE-2022-40979 + RESERVED +CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...) + TODO: check +CVE-2022-40977 + RESERVED +CVE-2022-40976 + RESERVED +CVE-2022-40969 + RESERVED +CVE-2022-40962 + RESERVED +CVE-2022-40961 + RESERVED +CVE-2022-40960 + RESERVED +CVE-2022-40959 + RESERVED +CVE-2022-40958 + RESERVED +CVE-2022-40957 + RESERVED +CVE-2022-40956 + RESERVED +CVE-2022-40955 + RESERVED +CVE-2022-40954 + RESERVED +CVE-2022-40701 + RESERVED +CVE-2022-40220 + RESERVED +CVE-2022-39045 + RESERVED +CVE-2022-38715 + RESERVED +CVE-2022-38459 + RESERVED +CVE-2022-38088 + RESERVED +CVE-2022-36279 + RESERVED +CVE-2022-3240 + RESERVED +CVE-2022-3239 + RESERVED +CVE-2022-3238 + RESERVED +CVE-2022-3237 + RESERVED CVE-2022-40953 RESERVED CVE-2022-40952 @@ -280,22 +424,22 @@ CVE-2022-40814 RESERVED CVE-2022-40813 RESERVED -CVE-2022-40812 - RESERVED -CVE-2022-40811 - RESERVED -CVE-2022-40810 - RESERVED -CVE-2022-40809 - RESERVED -CVE-2022-40808 - RESERVED -CVE-2022-40807 - RESERVED -CVE-2022-40806 - RESERVED -CVE-2022-40805 - RESERVED +CVE-2022-40812 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40811 (The d8s-urls for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40810 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...) + TODO: check +CVE-2022-40809 (The d8s-dicts for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40808 (The d8s-dates for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40807 (The d8s-domains for python, as distributed on PyPI, included a potenti ...) + TODO: check +CVE-2022-40806 (The d8s-uuids for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40805 (The d8s-urls for python 0.1.0, as distributed on PyPI, included a pote ...) + TODO: check CVE-2022-40804 RESERVED CVE-2022-40803 @@ -517,14 +661,14 @@ CVE-2022-40717 RESERVED CVE-2022-40716 RESERVED -CVE-2022-40715 - RESERVED -CVE-2022-40714 - RESERVED -CVE-2022-40713 - RESERVED -CVE-2022-40712 - RESERVED +CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...) + TODO: check +CVE-2022-40714 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...) + TODO: check +CVE-2022-40713 (An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path ...) + TODO: check +CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...) + TODO: check CVE-2022-40711 RESERVED CVE-2022-40710 @@ -537,8 +681,8 @@ CVE-2022-40707 RESERVED CVE-2022-3219 RESERVED -CVE-2022-3218 - RESERVED +CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...) + TODO: check CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...) TODO: check CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...) @@ -635,8 +779,8 @@ CVE-2022-3215 RESERVED CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...) NOT-FOR-US: Delta -CVE-2022-3213 - RESERVED +CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) + TODO: check CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_request ...) NOT-FOR-US: axum_core rust crate CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) @@ -846,8 +990,8 @@ CVE-2022-40610 RESERVED CVE-2022-40609 RESERVED -CVE-2022-40608 - RESERVED +CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File System ...) + TODO: check CVE-2022-40607 RESERVED CVE-2022-3192 @@ -1173,8 +1317,8 @@ CVE-2022-40470 RESERVED CVE-2022-40469 RESERVED -CVE-2022-40468 - RESERVED +CVE-2022-40468 (Tinyproxy commit 84f203f and earlier does not process HTTP request lin ...) + TODO: check CVE-2022-40467 RESERVED CVE-2022-40466 @@ -1245,24 +1389,24 @@ CVE-2022-40434 RESERVED CVE-2022-40433 RESERVED -CVE-2022-40432 - RESERVED -CVE-2022-40431 - RESERVED -CVE-2022-40430 - RESERVED -CVE-2022-40429 - RESERVED -CVE-2022-40428 - RESERVED -CVE-2022-40427 - RESERVED -CVE-2022-40426 - RESERVED -CVE-2022-40425 - RESERVED -CVE-2022-40424 - RESERVED +CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a potenti ...) + TODO: check +CVE-2022-40431 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40430 (The d8s-utility for python, as distributed on PyPI, included a potenti ...) + TODO: check +CVE-2022-40429 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...) + TODO: check +CVE-2022-40428 (The d8s-mpeg for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40427 (The d8s-domains for python, as distributed on PyPI, included a potenti ...) + TODO: check +CVE-2022-40426 (The d8s-asns for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40425 (The d8s-html for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-40424 (The d8s-urls for python, as distributed on PyPI, included a potential ...) + TODO: check CVE-2022-40423 RESERVED CVE-2022-40422 @@ -1674,8 +1818,8 @@ CVE-2022-40236 RESERVED CVE-2022-40235 RESERVED -CVE-2022-40234 - RESERVED +CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1 ...) + TODO: check CVE-2022-40233 RESERVED CVE-2022-40232 @@ -1887,18 +2031,18 @@ CVE-2022-3149 RESERVED CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...) NOT-FOR-US: jgraph/drawio -CVE-2022-40144 - RESERVED -CVE-2022-40143 - RESERVED -CVE-2022-40142 - RESERVED -CVE-2022-40141 - RESERVED -CVE-2022-40140 - RESERVED -CVE-2022-40139 - RESERVED +CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a ...) + TODO: check +CVE-2022-40143 (A link following local privilege escalation vulnerability in Trend Mic ...) + TODO: check +CVE-2022-40142 (A security link following local privilege escalation vulnerability in ...) + TODO: check +CVE-2022-40141 (A vulnerability in Trend Micro Apex One and Apex One as a Service coul ...) + TODO: check +CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One and A ...) + TODO: check +CVE-2022-40139 (Improper validation of some components used by the rollback mechanism ...) + TODO: check CVE-2022-40138 RESERVED CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...) @@ -1944,10 +2088,10 @@ CVE-2022-40127 RESERVED CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...) NOT-FOR-US: Movable Type plugin -CVE-2022-3142 - RESERVED -CVE-2022-3141 - RESERVED +CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise ...) + TODO: check +CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...) + TODO: check CVE-2022-3140 RESERVED CVE-2022-3139 @@ -2058,26 +2202,26 @@ CVE-2022-40078 RESERVED CVE-2022-40077 RESERVED -CVE-2022-40076 - RESERVED -CVE-2022-40075 - RESERVED -CVE-2022-40074 - RESERVED -CVE-2022-40073 - RESERVED -CVE-2022-40072 - RESERVED -CVE-2022-40071 - RESERVED -CVE-2022-40070 - RESERVED -CVE-2022-40069 - RESERVED -CVE-2022-40068 - RESERVED -CVE-2022-40067 - RESERVED +CVE-2022-40076 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...) + TODO: check +CVE-2022-40075 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + TODO: check +CVE-2022-40074 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + TODO: check +CVE-2022-40073 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + TODO: check +CVE-2022-40072 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + TODO: check +CVE-2022-40071 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + TODO: check +CVE-2022-40070 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/http ...) + TODO: check +CVE-2022-40069 (]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/ht ...) + TODO: check +CVE-2022-40068 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...) + TODO: check +CVE-2022-40067 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + TODO: check CVE-2022-40066 RESERVED CVE-2022-40065 @@ -4522,8 +4666,8 @@ CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. .. - vim <unfixed> (bug #1019590) NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322) -CVE-2022-3036 - RESERVED +CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 does n ...) + TODO: check CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) - snipe-it <itp> (bug #1005172) CVE-2022-3034 @@ -4776,22 +4920,22 @@ CVE-2022-38889 RESERVED CVE-2022-38888 RESERVED -CVE-2022-38887 - RESERVED -CVE-2022-38886 - RESERVED -CVE-2022-38885 - RESERVED -CVE-2022-38884 - RESERVED -CVE-2022-38883 - RESERVED -CVE-2022-38882 - RESERVED -CVE-2022-38881 - RESERVED -CVE-2022-38880 - RESERVED +CVE-2022-38887 (The d8s-python for python, as distributed on PyPI, included a potentia ...) + TODO: check +CVE-2022-38886 (The d8s-xml for python, as distributed on PyPI, included a potential c ...) + TODO: check +CVE-2022-38885 (The d8s-netstrings for python, as distributed on PyPI, included a pote ...) + TODO: check +CVE-2022-38884 (The d8s-grammars for python, as distributed on PyPI, included a potent ...) + TODO: check +CVE-2022-38883 (The d8s-math for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-38882 (The d8s-json for python, as distributed on PyPI, included a potential ...) + TODO: check +CVE-2022-38881 (The d8s-archives for python, as distributed on PyPI, included a potent ...) + TODO: check +CVE-2022-38880 (The d8s-urls for python, as distributed on PyPI, included a potential ...) + TODO: check CVE-2022-38879 RESERVED CVE-2022-38878 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...) @@ -5039,8 +5183,8 @@ CVE-2022-3023 RESERVED CVE-2022-3022 REJECTED -CVE-2022-3021 - RESERVED +CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...) + TODO: check CVE-2022-3020 RESERVED CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...) @@ -5169,8 +5313,8 @@ CVE-2022-38766 RESERVED CVE-2022-38765 RESERVED -CVE-2022-38764 - RESERVED +CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...) + TODO: check CVE-2022-38763 RESERVED CVE-2022-38762 @@ -5445,8 +5589,8 @@ CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due [buster] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/ NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1) -CVE-2022-2958 - RESERVED +CVE-2022-2958 (The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and esca ...) + TODO: check CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...) NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...) @@ -5686,10 +5830,10 @@ CVE-2022-38620 RESERVED CVE-2022-38619 RESERVED -CVE-2022-38618 - RESERVED -CVE-2022-38617 - RESERVED +CVE-2022-38618 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) + TODO: check +CVE-2022-38617 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) + TODO: check CVE-2022-38616 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) NOT-FOR-US: SmartVista CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...) @@ -5771,10 +5915,10 @@ CVE-2022-38579 RESERVED CVE-2022-38578 RESERVED -CVE-2022-38577 - RESERVED -CVE-2022-38576 - RESERVED +CVE-2022-38577 (ProcessMaker before v3.5.4 was discovered to contain insecure permissi ...) + TODO: check +CVE-2022-38576 (Interview Management System v1.0 was discovered to contain a SQL injec ...) + TODO: check CVE-2022-38575 RESERVED CVE-2022-38574 @@ -6181,8 +6325,8 @@ CVE-2022-38427 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and ea NOT-FOR-US: Adobe CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) NOT-FOR-US: Adobe -CVE-2022-38425 - RESERVED +CVE-2022-38425 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check CVE-2022-38424 RESERVED CVE-2022-38423 @@ -6534,8 +6678,8 @@ CVE-2022-2842 (A vulnerability classified as critical has been found in SourceCo NOT-FOR-US: SourceCodester Gym Management System CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...) NOT-FOR-US: CrowdStrike Falcon -CVE-2022-2840 - RESERVED +CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...) + TODO: check CVE-2022-2839 RESERVED CVE-2022-2838 (In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Pars ...) @@ -6628,8 +6772,8 @@ CVE-2022-38343 RESERVED CVE-2022-38342 (Safe Software FME Server v2022.0.1.1 and below was discovered to conta ...) NOT-FOR-US: Safe Software FME Server -CVE-2022-38341 - RESERVED +CVE-2022-38341 (Safe Software FME Server v2022.0.1.1 and below does not employ server- ...) + TODO: check CVE-2022-38340 RESERVED CVE-2022-38339 @@ -6644,8 +6788,8 @@ CVE-2022-38335 RESERVED CVE-2022-38334 (XPDF v4.04 was discovered to contain a stack overflow via the function ...) TODO: check -CVE-2022-38333 - RESERVED +CVE-2022-38333 (Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to co ...) + TODO: check CVE-2022-38332 RESERVED CVE-2022-38331 @@ -7257,10 +7401,10 @@ CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita NOT-FOR-US: Kareadita/Kavita CVE-2022-2755 RESERVED -CVE-2022-2754 - RESERVED -CVE-2022-2753 - RESERVED +CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...) + TODO: check +CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...) + TODO: check CVE-2022-2752 RESERVED CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) @@ -7868,10 +8012,10 @@ CVE-2022-2712 RESERVED CVE-2022-2711 RESERVED -CVE-2022-2710 - RESERVED -CVE-2022-2709 - RESERVED +CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...) + TODO: check +CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...) + TODO: check CVE-2022-37863 RESERVED CVE-2022-37862 @@ -8203,6 +8347,7 @@ CVE-2022-37707 RESERVED CVE-2022-37706 RESERVED + {DLA-3115-1} - e17 0.25.4-1 NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit NOTE: https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141 @@ -8217,8 +8362,8 @@ CVE-2022-37702 RESERVED CVE-2022-37701 RESERVED -CVE-2022-37700 - RESERVED +CVE-2022-37700 (Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obt ...) + TODO: check CVE-2022-37699 RESERVED CVE-2022-37698 @@ -9167,10 +9312,10 @@ CVE-2022-2627 RESERVED CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...) NOT-FOR-US: Hestia Control Panel -CVE-2022-37348 - RESERVED -CVE-2022-37347 - RESERVED +CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) + TODO: check +CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) + TODO: check CVE-2022-37341 RESERVED CVE-2022-37340 @@ -9559,8 +9704,8 @@ CVE-2022-37205 RESERVED CVE-2022-37204 RESERVED -CVE-2022-37203 - RESERVED +CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...) + TODO: check CVE-2022-37202 RESERVED CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. ...) @@ -10098,8 +10243,8 @@ CVE-2022-2569 (The affected device stores sensitive information in cleartext, wh NOT-FOR-US: ARC Informatique CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...) NOT-FOR-US: Red Hat Ansible Automation Platform -CVE-2022-2567 - RESERVED +CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanitise a ...) + TODO: check CVE-2022-2566 RESERVED - ffmpeg 7:5.1.1-1 @@ -12817,8 +12962,8 @@ CVE-2022-35916 (OpenZeppelin Contracts is a library for secure smart contract de NOT-FOR-US: OpenZeppelin CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract developm ...) NOT-FOR-US: OpenZeppelin -CVE-2022-35914 - RESERVED +CVE-2022-35914 (/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for ...) + TODO: check CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a ...) NOT-FOR-US: Samourai Wallet Stonewallx2 CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...) @@ -13346,28 +13491,28 @@ CVE-2022-35711 RESERVED CVE-2022-35710 RESERVED -CVE-2022-35709 - RESERVED -CVE-2022-35708 - RESERVED -CVE-2022-35707 - RESERVED -CVE-2022-35706 - RESERVED -CVE-2022-35705 - RESERVED -CVE-2022-35704 - RESERVED -CVE-2022-35703 - RESERVED -CVE-2022-35702 - RESERVED -CVE-2022-35701 - RESERVED -CVE-2022-35700 - RESERVED -CVE-2022-35699 - RESERVED +CVE-2022-35709 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35708 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35707 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35706 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35705 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35704 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35703 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35702 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35701 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35700 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check +CVE-2022-35699 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + TODO: check CVE-2022-35698 RESERVED CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and earlier) ...) @@ -15510,8 +15655,8 @@ CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Ene NOT-FOR-US: Hitachi CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...) NOT-FOR-US: OpenVPN Access Server -CVE-2022-34893 - RESERVED +CVE-2022-34893 (Trend Micro Security 2022 (consumer) has a link following vulnerabilit ...) + TODO: check CVE-2022-34892 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2022-34891 (This vulnerability allows local attackers to escalate privileges on af ...) @@ -20695,9 +20840,10 @@ CVE-2022-32892 RESERVED CVE-2022-32891 RESERVED + {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 - NOTE: https://webkitgtk.org/security/WSA-2022-0009.html + NOTE: https://webkitgtk.org/security/WSA-2022-0009.html CVE-2022-32890 RESERVED CVE-2022-32889 @@ -20710,7 +20856,7 @@ CVE-2022-32886 RESERVED - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 - NOTE: https://webkitgtk.org/security/WSA-2022-0009.html + NOTE: https://webkitgtk.org/security/WSA-2022-0009.html CVE-2022-32885 RESERVED CVE-2022-32884 @@ -26893,7 +27039,7 @@ CVE-2022-30772 RESERVED CVE-2022-30771 RESERVED -CVE-2022-30770 (Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8 ...) +CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and ...) NOT-FOR-US: Terminalfour CVE-2022-30769 RESERVED @@ -28315,8 +28461,8 @@ CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 do NOT-FOR-US: WordPress plugin CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...) NOT-FOR-US: clinical-genomics/scout -CVE-2022-1591 - RESERVED +CVE-2022-1591 (The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does n ...) + TODO: check CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...) NOT-FOR-US: Bludit CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...) @@ -28487,8 +28633,8 @@ CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin befor NOT-FOR-US: WordPress plugin CVE-2022-1581 RESERVED -CVE-2022-1580 - RESERVED +CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...) + TODO: check CVE-2022-1579 RESERVED CVE-2022-1578 @@ -29406,8 +29552,8 @@ CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and es NOT-FOR-US: WordPress plugin CVE-2021-4227 RESERVED -CVE-2022-29908 - RESERVED +CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 ...) + TODO: check CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...) NOT-FOR-US: MediaWiki Nimbus skin CVE-2022-29906 (The admin API module in the QuizGame extension for MediaWiki through 1 ...) @@ -35534,7 +35680,7 @@ CVE-2022-1096 (Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allow - chromium 99.0.4844.84-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-1095 (The Mihdan: No External Links WordPress plugin through 4.8.0 does not ...) +CVE-2022-1095 (The Mihdan: No External Links WordPress plugin before 5.0.2 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin @@ -92436,7 +92582,7 @@ CVE-2021-32912 RESERVED - webkit2gtk 2.38.0-1 - wpewebkit 2.38.0-1 - NOTE: https://webkitgtk.org/security/WSA-2022-0009.html + NOTE: https://webkitgtk.org/security/WSA-2022-0009.html CVE-2021-32911 RESERVED CVE-2021-32910 @@ -112842,7 +112988,7 @@ CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 NOT-FOR-US: WordPress plugin CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files and automa ...) NOT-FOR-US: WordPress plugin -CVE-2021-25118 (The Yoast SEO WordPress plugin before 17.3 discloses the full internal ...) +CVE-2021-25118 (The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) disclos ...) NOT-FOR-US: WordPress plugin CVE-2021-25117 RESERVED @@ -113074,7 +113220,7 @@ CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP fil NOT-FOR-US: WordPress plugin CVE-2021-25003 (The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a ...) NOT-FOR-US: WordPress plugin -CVE-2021-25002 (The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any au ...) +CVE-2021-25002 (The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any aut ...) NOT-FOR-US: WordPress plugin CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13b567497d99ea6e91c387cf5bd9ad0a6eab04f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13b567497d99ea6e91c387cf5bd9ad0a6eab04f5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits