Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a68aa4fc by security tracker role at 2022-04-27T08:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,100 +1,133 @@
+CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH
credenti ...)
+ TODO: check
+CVE-2022-29809
+ RESERVED
+CVE-2022-1503
+ RESERVED
+CVE-2022-1502
+ RESERVED
CVE-2022-1501
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1500
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1499
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1498
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1497
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1496
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1495
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1494
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1493
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1492
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1491
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1490
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1489
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1488
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1487
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1486
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1485
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1484
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1483
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1482
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1481
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1480
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1479
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1478
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1477
+ RESERVED
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -102,6 +135,7 @@ CVE-2022-1476
RESERVED
CVE-2022-1475
RESERVED
+ {DSA-5124-1}
- ffmpeg 7:4.4.2-1
NOTE: https://trac.ffmpeg.org/ticket/9651
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
@@ -374,10 +408,10 @@ CVE-2022-29703
RESERVED
CVE-2022-29702
RESERVED
-CVE-2022-29701
- RESERVED
-CVE-2022-29700
- RESERVED
+CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of
Zammad v5. ...)
+ TODO: check
+CVE-2022-29700 (A lack of password length restriction in Zammad v5.1.0 allows
for the ...)
+ TODO: check
CVE-2022-29699
RESERVED
CVE-2022-29698
@@ -2425,8 +2459,8 @@ CVE-2022-28920
RESERVED
CVE-2022-28919
RESERVED
-CVE-2022-28918
- RESERVED
+CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file
deletio ...)
+ TODO: check
CVE-2022-28917
RESERVED
CVE-2022-28916
@@ -3450,22 +3484,22 @@ CVE-2022-28530
RESERVED
CVE-2022-28529
RESERVED
-CVE-2022-28528
- RESERVED
-CVE-2022-28527
- RESERVED
+CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary
file upload ...)
+ TODO: check
+CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder
deletion ...)
+ TODO: check
CVE-2022-28526
RESERVED
-CVE-2022-28525
- RESERVED
-CVE-2022-28524
- RESERVED
-CVE-2022-28523
- RESERVED
-CVE-2022-28522
- RESERVED
-CVE-2022-28521
- RESERVED
+CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file
upload ...)
+ TODO: check
+CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component
/admin/ ...)
+ TODO: check
+CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site
scripting ...)
+ TODO: check
+CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion
vulnerabilit ...)
+ TODO: check
CVE-2022-28520
RESERVED
CVE-2022-28519
@@ -3607,12 +3641,12 @@ CVE-2022-28452
RESERVED
CVE-2022-28451
RESERVED
-CVE-2022-28450
- RESERVED
-CVE-2022-28449
- RESERVED
-CVE-2022-28448
- RESERVED
+CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS)
via the ...)
+ TODO: check
+CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting
(XSS). At App ...)
+ TODO: check
+CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting
(XSS). An att ...)
+ TODO: check
CVE-2022-28447
RESERVED
CVE-2022-28446
@@ -4891,8 +4925,8 @@ CVE-2022-28087
RESERVED
CVE-2022-28086
RESERVED
-CVE-2022-28085
- RESERVED
+CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer
overflow in ...)
+ TODO: check
CVE-2022-28084
RESERVED
CVE-2022-28083
@@ -4943,10 +4977,10 @@ CVE-2022-28061
RESERVED
CVE-2022-28060
RESERVED
-CVE-2022-28059
- RESERVED
-CVE-2022-28058
- RESERVED
+CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file
deletion vul ...)
+ TODO: check
+CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file
deletion vul ...)
+ TODO: check
CVE-2022-28057
RESERVED
CVE-2022-28056
@@ -5337,8 +5371,8 @@ CVE-2022-27890
RESERVED
CVE-2022-27889
RESERVED
-CVE-2022-27888
- RESERVED
+CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found
to be log ...)
+ TODO: check
CVE-2022-1102
RESERVED
CVE-2022-1101
@@ -6789,10 +6823,10 @@ CVE-2022-27334
RESERVED
CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows
attackers ...)
NOT-FOR-US: idcCMS
-CVE-2022-27332
- RESERVED
-CVE-2022-27331
- RESERVED
+CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to
write ent ...)
+ TODO: check
+CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts
administrative con ...)
+ TODO: check
CVE-2022-27330
RESERVED
CVE-2022-27329
@@ -8919,10 +8953,9 @@ CVE-2022-26567
RESERVED
CVE-2022-26566
RESERVED
-CVE-2022-26565 (A cross-site scripting (XSS) vulnerability in Totaljs commit
95f54a5 a ...)
+CVE-2022-26565 (A cross-site scripting (XSS) vulnerability in Totaljs all
versions bef ...)
NOT-FOR-US: Totaljs CMS
-CVE-2022-26564
- RESERVED
+CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a
cross-site scri ...)
- hoteldruid 3.0.4-1
[bullseye] - hoteldruid <no-dsa> (Minor issue)
[buster] - hoteldruid <no-dsa> (Minor issue)
@@ -22246,7 +22279,7 @@ CVE-2022-22521
RESERVED
CVE-2022-22520
RESERVED
-CVE-2022-22519 (A remote, authenticated attacker can send a specific crafted
HTTP or H ...)
+CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted
HTTP or ...)
NOT-FOR-US: CODESYS
CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially
applied secur ...)
NOT-FOR-US: CODESYS
@@ -22254,7 +22287,7 @@ CVE-2022-22517 (An unauthenticated, remote attacker can
disrupt existing communi
NOT-FOR-US: CODESYS
CVE-2022-22516 (The SysDrv3S driver in the CODESYS Control runtime system on
Microsoft ...)
NOT-FOR-US: CODESYS
-CVE-2022-22515 (A remote, unauthenticated attacker could utilize the control
programme ...)
+CVE-2022-22515 (A remote, authenticated attacker could utilize the control
program of ...)
NOT-FOR-US: CODESYS
CVE-2022-22514 (An authenticated, remote attacker can gain access to a
dereferenced po ...)
NOT-FOR-US: CODESYS
@@ -28036,7 +28069,7 @@ CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable
to a heap-buffer overflow
NOTE:
https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
NOTE: Introduced by:
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac
(2.39.2)
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130
-CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in
funcname ...)
+CVE-2021-44647 (Lua v5.4.3 and above are affected by SEGV by type confusion in
funcnam ...)
- lua5.4 5.4.4-1 (bug #1004189)
NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html
NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html
@@ -34614,7 +34647,7 @@ CVE-2021-43140 (SQL Injection vulnerability exists in
Sourcecodester. Simple Sub
NOT-FOR-US: Sourcecodester
CVE-2021-43139
RESERVED
-CVE-2021-43138 (A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2)
, which ...)
+CVE-2021-43138 (In Async before 2.6.4 and 3.x before 3.2.2, a malicious user
can obtai ...)
- node-async <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d
(3.2.2)
NOTE: https://github.com/caolan/async/pull/1828
@@ -41073,8 +41106,8 @@ CVE-2021-41043 (Use after free in tcpslice triggers
AddressSanitizer, no other c
NOTE:
https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a
(tcpslice-1.5)
CVE-2021-41042
RESERVED
-CVE-2021-41041
- RESERVED
+CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail
to throw ...)
+ TODO: check
CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14,
the CoA ...)
NOT-FOR-US: Eclipse Wakaama
CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5
client conn ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a68aa4fce0fc3ba319f8b36742aa72a5bf25c260
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a68aa4fce0fc3ba319f8b36742aa72a5bf25c260
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
