Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9b31a24e by security tracker role at 2022-03-21T20:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,499 @@ +CVE-2022-27492 + RESERVED +CVE-2022-27491 + RESERVED +CVE-2022-27490 + RESERVED +CVE-2022-27489 + RESERVED +CVE-2022-27488 + RESERVED +CVE-2022-27487 + RESERVED +CVE-2022-27486 + RESERVED +CVE-2022-27485 + RESERVED +CVE-2022-27484 + RESERVED +CVE-2022-27483 + RESERVED +CVE-2022-27482 + RESERVED +CVE-2022-27481 + RESERVED +CVE-2022-27480 + RESERVED +CVE-2022-27479 + RESERVED +CVE-2022-27478 + RESERVED +CVE-2022-27477 + RESERVED +CVE-2022-27476 + RESERVED +CVE-2022-27475 + RESERVED +CVE-2022-27474 + RESERVED +CVE-2022-27473 + RESERVED +CVE-2022-27472 + RESERVED +CVE-2022-27471 + RESERVED +CVE-2022-27470 + RESERVED +CVE-2022-27469 + RESERVED +CVE-2022-27468 + RESERVED +CVE-2022-27467 + RESERVED +CVE-2022-27466 + RESERVED +CVE-2022-27465 + RESERVED +CVE-2022-27464 + RESERVED +CVE-2022-27463 + RESERVED +CVE-2022-27462 + RESERVED +CVE-2022-27461 + RESERVED +CVE-2022-27460 + RESERVED +CVE-2022-27459 + RESERVED +CVE-2022-27458 + RESERVED +CVE-2022-27457 + RESERVED +CVE-2022-27456 + RESERVED +CVE-2022-27455 + RESERVED +CVE-2022-27454 + RESERVED +CVE-2022-27453 + RESERVED +CVE-2022-27452 + RESERVED +CVE-2022-27451 + RESERVED +CVE-2022-27450 + RESERVED +CVE-2022-27449 + RESERVED +CVE-2022-27448 + RESERVED +CVE-2022-27447 + RESERVED +CVE-2022-27446 + RESERVED +CVE-2022-27445 + RESERVED +CVE-2022-27444 + RESERVED +CVE-2022-27443 + RESERVED +CVE-2022-27442 + RESERVED +CVE-2022-27441 + RESERVED +CVE-2022-27440 + RESERVED +CVE-2022-27439 + RESERVED +CVE-2022-27438 + RESERVED +CVE-2022-27437 + RESERVED +CVE-2022-27436 + RESERVED +CVE-2022-27435 + RESERVED +CVE-2022-27434 + RESERVED +CVE-2022-27433 + RESERVED +CVE-2022-27432 + RESERVED +CVE-2022-27431 + RESERVED +CVE-2022-27430 + RESERVED +CVE-2022-27429 + RESERVED +CVE-2022-27428 + RESERVED +CVE-2022-27427 + RESERVED +CVE-2022-27426 + RESERVED +CVE-2022-27425 + RESERVED +CVE-2022-27424 + RESERVED +CVE-2022-27423 + RESERVED +CVE-2022-27422 + RESERVED +CVE-2022-27421 + RESERVED +CVE-2022-27420 + RESERVED +CVE-2022-27419 + RESERVED +CVE-2022-27418 + RESERVED +CVE-2022-27417 + RESERVED +CVE-2022-27416 + RESERVED +CVE-2022-27415 + RESERVED +CVE-2022-27414 + RESERVED +CVE-2022-27413 + RESERVED +CVE-2022-27412 + RESERVED +CVE-2022-27411 + RESERVED +CVE-2022-27410 + RESERVED +CVE-2022-27409 + RESERVED +CVE-2022-27408 + RESERVED +CVE-2022-27407 + RESERVED +CVE-2022-27406 + RESERVED +CVE-2022-27405 + RESERVED +CVE-2022-27404 + RESERVED +CVE-2022-27403 + RESERVED +CVE-2022-27402 + RESERVED +CVE-2022-27401 + RESERVED +CVE-2022-27400 + RESERVED +CVE-2022-27399 + RESERVED +CVE-2022-27398 + RESERVED +CVE-2022-27397 + RESERVED +CVE-2022-27396 + RESERVED +CVE-2022-27395 + RESERVED +CVE-2022-27394 + RESERVED +CVE-2022-27393 + RESERVED +CVE-2022-27392 + RESERVED +CVE-2022-27391 + RESERVED +CVE-2022-27390 + RESERVED +CVE-2022-27389 + RESERVED +CVE-2022-27388 + RESERVED +CVE-2022-27387 + RESERVED +CVE-2022-27386 + RESERVED +CVE-2022-27385 + RESERVED +CVE-2022-27384 + RESERVED +CVE-2022-27383 + RESERVED +CVE-2022-27382 + RESERVED +CVE-2022-27381 + RESERVED +CVE-2022-27380 + RESERVED +CVE-2022-27379 + RESERVED +CVE-2022-27378 + RESERVED +CVE-2022-27377 + RESERVED +CVE-2022-27376 + RESERVED +CVE-2022-27375 + RESERVED +CVE-2022-27374 + RESERVED +CVE-2022-27373 + RESERVED +CVE-2022-27372 + RESERVED +CVE-2022-27371 + RESERVED +CVE-2022-27370 + RESERVED +CVE-2022-27369 + RESERVED +CVE-2022-27368 + RESERVED +CVE-2022-27367 + RESERVED +CVE-2022-27366 + RESERVED +CVE-2022-27365 + RESERVED +CVE-2022-27364 + RESERVED +CVE-2022-27363 + RESERVED +CVE-2022-27362 + RESERVED +CVE-2022-27361 + RESERVED +CVE-2022-27360 + RESERVED +CVE-2022-27359 + RESERVED +CVE-2022-27358 + RESERVED +CVE-2022-27357 + RESERVED +CVE-2022-27356 + RESERVED +CVE-2022-27355 + RESERVED +CVE-2022-27354 + RESERVED +CVE-2022-27353 + RESERVED +CVE-2022-27352 + RESERVED +CVE-2022-27351 + RESERVED +CVE-2022-27350 + RESERVED +CVE-2022-27349 + RESERVED +CVE-2022-27348 + RESERVED +CVE-2022-27347 + RESERVED +CVE-2022-27346 + RESERVED +CVE-2022-27345 + RESERVED +CVE-2022-27344 + RESERVED +CVE-2022-27343 + RESERVED +CVE-2022-27342 + RESERVED +CVE-2022-27341 + RESERVED +CVE-2022-27340 + RESERVED +CVE-2022-27339 + RESERVED +CVE-2022-27338 + RESERVED +CVE-2022-27337 + RESERVED +CVE-2022-27336 + RESERVED +CVE-2022-27335 + RESERVED +CVE-2022-27334 + RESERVED +CVE-2022-27333 + RESERVED +CVE-2022-27332 + RESERVED +CVE-2022-27331 + RESERVED +CVE-2022-27330 + RESERVED +CVE-2022-27329 + RESERVED +CVE-2022-27328 + RESERVED +CVE-2022-27327 + RESERVED +CVE-2022-27326 + RESERVED +CVE-2022-27325 + RESERVED +CVE-2022-27324 + RESERVED +CVE-2022-27323 + RESERVED +CVE-2022-27322 + RESERVED +CVE-2022-27321 + RESERVED +CVE-2022-27320 + RESERVED +CVE-2022-27319 + RESERVED +CVE-2022-27318 + RESERVED +CVE-2022-27317 + RESERVED +CVE-2022-27316 + RESERVED +CVE-2022-27315 + RESERVED +CVE-2022-27314 + RESERVED +CVE-2022-27313 + RESERVED +CVE-2022-27312 + RESERVED +CVE-2022-27311 + RESERVED +CVE-2022-27310 + RESERVED +CVE-2022-27309 + RESERVED +CVE-2022-27308 + RESERVED +CVE-2022-27307 + RESERVED +CVE-2022-27306 + RESERVED +CVE-2022-27305 + RESERVED +CVE-2022-27304 + RESERVED +CVE-2022-27303 + RESERVED +CVE-2022-27302 + RESERVED +CVE-2022-27301 + RESERVED +CVE-2022-27300 + RESERVED +CVE-2022-27299 + RESERVED +CVE-2022-27298 + RESERVED +CVE-2022-27297 + RESERVED +CVE-2022-27296 + RESERVED +CVE-2022-27295 + RESERVED +CVE-2022-27294 + RESERVED +CVE-2022-27293 + RESERVED +CVE-2022-27292 + RESERVED +CVE-2022-27291 + RESERVED +CVE-2022-27290 + RESERVED +CVE-2022-27289 + RESERVED +CVE-2022-27288 + RESERVED +CVE-2022-27287 + RESERVED +CVE-2022-27286 + RESERVED +CVE-2022-27285 + RESERVED +CVE-2022-27284 + RESERVED +CVE-2022-27283 + RESERVED +CVE-2022-27282 + RESERVED +CVE-2022-27281 + RESERVED +CVE-2022-27280 + RESERVED +CVE-2022-27279 + RESERVED +CVE-2022-27278 + RESERVED +CVE-2022-27277 + RESERVED +CVE-2022-27276 + RESERVED +CVE-2022-27275 + RESERVED +CVE-2022-27274 + RESERVED +CVE-2022-27273 + RESERVED +CVE-2022-27272 + RESERVED +CVE-2022-27271 + RESERVED +CVE-2022-27270 + RESERVED +CVE-2022-27269 + RESERVED +CVE-2022-27268 + RESERVED +CVE-2022-27267 + RESERVED +CVE-2022-27266 + RESERVED +CVE-2022-27265 + RESERVED +CVE-2022-27264 + RESERVED +CVE-2022-27263 + RESERVED +CVE-2022-27262 + RESERVED +CVE-2022-27261 + RESERVED +CVE-2022-27260 + RESERVED +CVE-2022-27259 + RESERVED +CVE-2022-27232 + RESERVED +CVE-2022-27179 + RESERVED +CVE-2022-26519 + RESERVED +CVE-2022-26516 + RESERVED +CVE-2022-26419 + RESERVED +CVE-2022-26417 + RESERVED +CVE-2022-26022 + RESERVED +CVE-2022-25959 + RESERVED +CVE-2022-1037 + RESERVED +CVE-2022-1036 + RESERVED +CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) + TODO: check +CVE-2022-1034 + RESERVED +CVE-2022-1033 + RESERVED +CVE-2022-1032 + RESERVED CVE-2022-1031 RESERVED CVE-2022-27258 @@ -115,8 +611,8 @@ CVE-2022-1006 RESERVED CVE-2022-1005 RESERVED -CVE-2022-1004 - RESERVED +CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...) + TODO: check CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to proper ...) - mattermost-server <itp> (bug #823556) CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...) @@ -924,8 +1420,8 @@ CVE-2022-26962 RESERVED CVE-2022-26961 RESERVED -CVE-2022-26960 - RESERVED +CVE-2022-26960 (connector.minimal.php in std42 elFinder through 2.1.60 is affected by ...) + TODO: check CVE-2022-26959 RESERVED CVE-2022-26958 @@ -2034,8 +2530,8 @@ CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow w {DSA-5100-1 DLA-2944-1} - nbd 1:3.24-1 (bug #1006915) NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html -CVE-2022-26494 - RESERVED +CVE-2022-26494 (An XSS was identified in the Admin Web interface of PrimeKey SignServe ...) + TODO: check CVE-2022-26493 RESERVED CVE-2022-26492 @@ -2358,7 +2854,7 @@ CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-ligh NOT-FOR-US: pytorchlightning CVE-2022-26387 RESERVED - {DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -2367,7 +2863,7 @@ CVE-2022-26387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387 CVE-2022-26386 RESERVED - {DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2942-1} - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386 @@ -2378,7 +2874,7 @@ CVE-2022-26385 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385 CVE-2022-26384 RESERVED - {DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -2387,7 +2883,7 @@ CVE-2022-26384 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384 CVE-2022-26383 RESERVED - {DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -2400,7 +2896,7 @@ CVE-2022-26382 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382 CVE-2022-26381 RESERVED - {DSA-5097-1 DLA-2942-1} + {DSA-5106-1 DSA-5097-1 DLA-2942-1} - firefox 98.0-1 - firefox-esr 91.7.0esr-1 - thunderbird 1:91.7.0-1 @@ -3303,8 +3799,8 @@ CVE-2022-26088 RESERVED CVE-2022-0761 RESERVED -CVE-2022-0760 - RESERVED +CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...) + TODO: check CVE-2022-0759 RESERVED CVE-2022-26085 @@ -3619,8 +4115,8 @@ CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper Input TODO: check CVE-2022-25767 RESERVED -CVE-2022-25766 - RESERVED +CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...) + TODO: check CVE-2022-25765 RESERVED CVE-2022-25764 @@ -3832,8 +4328,8 @@ CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The socke NOT-FOR-US: SinGooCMS CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Ex ...) TODO: check -CVE-2022-0747 - RESERVED +CVE-2022-0747 (The Infographic Maker WordPress plugin before 4.3.8 does not validate ...) + TODO: check CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...) - dolibarr <removed> CVE-2022-0745 @@ -3920,8 +4416,8 @@ CVE-2022-0741 NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ CVE-2022-0740 RESERVED -CVE-2022-0739 - RESERVED +CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...) + TODO: check CVE-2022-0738 RESERVED - gitlab <not-affected> (Vulnerable code introduced later) @@ -4540,8 +5036,8 @@ CVE-2022-25572 RESERVED CVE-2022-25571 RESERVED -CVE-2022-25570 - RESERVED +CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...) + TODO: check CVE-2022-25569 RESERVED CVE-2022-25568 @@ -4977,8 +5473,8 @@ CVE-2022-25370 RESERVED CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handl ...) NOT-FOR-US: EC-CUBE -CVE-2022-0694 - RESERVED +CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0 does not v ...) + TODO: check CVE-2022-0693 RESERVED CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...) @@ -4999,8 +5495,8 @@ CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/mic NOT-FOR-US: microweber CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...) NOT-FOR-US: microweber -CVE-2022-0687 - RESERVED +CVE-2022-0687 (The Amelia WordPress plugin before 1.0.47 stores image blobs into actu ...) + TODO: check CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) - node-url-parse 1.5.9+~1.4.8-1 [stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support) @@ -5132,8 +5628,8 @@ CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulne NOT-FOR-US: WordPress plugin CVE-2022-0682 RESERVED -CVE-2022-0681 - RESERVED +CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not have CSRF ...) + TODO: check CVE-2022-0680 RESERVED CVE-2022-0679 @@ -5423,8 +5919,8 @@ CVE-2022-0642 RESERVED CVE-2022-0641 RESERVED -CVE-2022-0640 - RESERVED +CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...) + TODO: check CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) - node-url-parse 1.5.7-1 [bullseye] - node-url-parse <no-dsa> (Minor issue) @@ -5468,10 +5964,10 @@ CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to [stretch] - vim <postponed> (Minor issue) NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/ NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397) -CVE-2022-0628 - RESERVED -CVE-2022-0627 - RESERVED +CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize and esca ...) + TODO: check +CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and escape ...) + TODO: check CVE-2022-0626 RESERVED CVE-2022-0625 @@ -5598,8 +6094,8 @@ CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file syst - linux 5.16.7-1 NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f -CVE-2022-0616 - RESERVED +CVE-2022-0616 (The Amelia WordPress plugin before 1.0.47 does not have CSRF check in ...) + TODO: check CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products for Lin ...) NOT-FOR-US: ESET CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...) @@ -5813,10 +6309,10 @@ CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 include NOT-FOR-US: WordPress plugin CVE-2022-0592 RESERVED -CVE-2022-0591 - RESERVED -CVE-2022-0590 - RESERVED +CVE-2022-0591 (The FormCraft WordPress plugin before 3.8.28 does not validate the URL ...) + TODO: check +CVE-2022-0590 (The BulletProof Security WordPress plugin before 5.8 does not sanitise ...) + TODO: check CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) NOT-FOR-US: LibreNMS CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) @@ -6711,8 +7207,8 @@ CVE-2022-24777 RESERVED CVE-2022-24776 RESERVED -CVE-2022-24775 - RESERVED +CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...) + TODO: check CVE-2022-24774 RESERVED CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...) @@ -6735,8 +7231,8 @@ CVE-2022-24768 RESERVED CVE-2022-24767 RESERVED -CVE-2022-24766 - RESERVED +CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) + TODO: check CVE-2022-24765 RESERVED CVE-2022-24764 @@ -7197,8 +7693,8 @@ CVE-2022-24658 RESERVED CVE-2022-24657 RESERVED -CVE-2022-24656 - RESERVED +CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting ...) + TODO: check CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear ...) NOT-FOR-US: Netgear CVE-2022-24654 @@ -7708,10 +8204,10 @@ CVE-2022-22147 RESERVED CVE-2022-21130 RESERVED -CVE-2022-0515 - RESERVED -CVE-2022-0514 - RESERVED +CVE-2022-0515 (Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/ ...) + TODO: check +CVE-2022-0514 (Business Logic Errors in GitHub repository crater-invoice/crater prior ...) + TODO: check CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) NOT-FOR-US: WordPress plugin CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) @@ -8082,8 +8578,8 @@ CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to - radare2 <unfixed> NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d NOTE: https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b -CVE-2022-0475 - RESERVED +CVE-2022-0475 (Malicious translator is able to inject JavaScript code in few translat ...) + TODO: check CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...) NOT-FOR-US: OTRS NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian @@ -8110,6 +8606,7 @@ CVE-2022-24303 NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1) CVE-2022-24302 (In Paramiko before 2.10.1, a race condition (between creation and chmo ...) + {DLA-2959-1} - paramiko <unfixed> (bug #1008012) NOTE: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1) CVE-2022-24296 @@ -8428,8 +8925,8 @@ CVE-2022-0425 RESERVED CVE-2022-0424 RESERVED -CVE-2022-0423 - RESERVED +CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...) + TODO: check CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not sanitise an ...) NOT-FOR-US: WordPress plugin CVE-2022-0421 @@ -8508,12 +9005,12 @@ CVE-2022-24239 RESERVED CVE-2022-24238 RESERVED -CVE-2022-24237 - RESERVED -CVE-2022-24236 - RESERVED -CVE-2022-24235 - RESERVED +CVE-2022-24237 (The snaptPowered2 component of Snapt Aria v12.8 was discovered to cont ...) + TODO: check +CVE-2022-24236 (An insecure permissions vulnerability in Snapt Aria v12.8 allows unaut ...) + TODO: check +CVE-2022-24235 (A Cross-Site Request Forgery (CSRF) in the management portal of Snapt ...) + TODO: check CVE-2022-24234 RESERVED CVE-2022-24233 @@ -8739,8 +9236,8 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2 NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245) CVE-2022-0416 RESERVED -CVE-2022-0415 - RESERVED +CVE-2022-0415 (Remote Command Execution in uploading repository file in GitHub reposi ...) + TODO: check CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...) {DLA-2913-1} - xterm 370-2 (bug #1004689) @@ -9599,8 +10096,8 @@ CVE-2022-0366 (An authenticated and authorized agent user could potentially gain NOT-FOR-US: Sophos CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...) NOT-FOR-US: Ricon Mobile -CVE-2022-0364 - RESERVED +CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not ...) + TODO: check CVE-2022-0363 RESERVED CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...) @@ -12254,8 +12751,8 @@ CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) NOT-FOR-US: livehelperchat CVE-2022-0230 (The Better WordPress Google XML Sitemaps WordPress plugin through 1.4. ...) NOT-FOR-US: WordPress plugin -CVE-2022-0229 - RESERVED +CVE-2022-0229 (The miniOrange's Google Authenticator WordPress plugin before 5.5 does ...) + TODO: check CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) NOT-FOR-US: WordPress plugin CVE-2021-46304 @@ -15137,8 +15634,8 @@ CVE-2022-22396 RESERVED CVE-2022-22395 RESERVED -CVE-2022-22394 - RESERVED +CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote attack ...) + TODO: check CVE-2022-22393 RESERVED CVE-2022-22392 @@ -16355,12 +16852,12 @@ CVE-2021-45880 RESERVED CVE-2021-45879 RESERVED -CVE-2021-45878 - RESERVED -CVE-2021-45877 - RESERVED -CVE-2021-45876 - RESERVED +CVE-2021-45878 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrec ...) + TODO: check +CVE-2021-45877 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard cod ...) + TODO: check +CVE-2021-45876 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthen ...) + TODO: check CVE-2021-45875 RESERVED CVE-2021-45874 @@ -18869,8 +19366,8 @@ CVE-2021-45119 RESERVED CVE-2021-45118 RESERVED -CVE-2021-45117 - RESERVED +CVE-2021-45117 (The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not hand ...) + TODO: check CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) - python-django 2:3.2.11-1 (bug #1003113) [bullseye] - python-django <postponed> (Minor issue; fix in next update) @@ -45682,8 +46179,8 @@ CVE-2021-36102 RESERVED CVE-2021-36101 RESERVED -CVE-2021-36100 - RESERVED +CVE-2021-36100 (Specially crafted string in OTRS system configuration can allow the ex ...) + TODO: check CVE-2021-36099 RESERVED CVE-2021-36098 @@ -73896,8 +74393,8 @@ CVE-2021-25021 (The OMGF | Host Google Fonts Locally WordPress plugin before 4.5 NOT-FOR-US: WordPress plugin CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 ...) NOT-FOR-US: WordPress plugin -CVE-2021-25019 - RESERVED +CVE-2021-25019 (The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does no ...) + TODO: check CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...) NOT-FOR-US: WordPress plugin CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...) @@ -74124,8 +74621,8 @@ CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugi NOT-FOR-US: WordPress plugin CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not check for ...) NOT-FOR-US: WordPress plugin -CVE-2021-24905 - RESERVED +CVE-2021-24905 (The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not ...) + TODO: check CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...) NOT-FOR-US: WordPress plugin CVE-2021-24903 (The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise ...) @@ -74412,7 +74909,7 @@ CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have p NOT-FOR-US: WordPress plugin CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...) NOT-FOR-US: WordPress plugin -CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...) +CVE-2021-24761 (The Error Log Viewer WordPress plugin before 1.1.2 does not perform no ...) NOT-FOR-US: WordPress plugin CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...) NOT-FOR-US: WordPress plugin @@ -105951,8 +106448,8 @@ CVE-2020-24774 RESERVED CVE-2020-24773 RESERVED -CVE-2020-24772 - RESERVED +CVE-2020-24772 (In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a we ...) + TODO: check CVE-2020-24771 RESERVED CVE-2020-24770 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b31a24e32e6de27e121bd4e7446587b6af7e517 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b31a24e32e6de27e121bd4e7446587b6af7e517 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits