Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a68aa4fc by security tracker role at 2022-04-27T08:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,100 +1,133 @@ +CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 could write SSH credenti ...) + TODO: check +CVE-2022-29809 + RESERVED +CVE-2022-1503 + RESERVED +CVE-2022-1502 + RESERVED CVE-2022-1501 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1500 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1499 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1498 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1497 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1496 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1495 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1494 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1493 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1492 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1491 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1490 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1489 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1488 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1487 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1486 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1485 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1484 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1483 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1482 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1481 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1480 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1479 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1478 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2022-1477 + RESERVED - chromium 101.0.4951.41-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) @@ -102,6 +135,7 @@ CVE-2022-1476 RESERVED CVE-2022-1475 RESERVED + {DSA-5124-1} - ffmpeg 7:4.4.2-1 NOTE: https://trac.ffmpeg.org/ticket/9651 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 @@ -374,10 +408,10 @@ CVE-2022-29703 RESERVED CVE-2022-29702 RESERVED -CVE-2022-29701 - RESERVED -CVE-2022-29700 - RESERVED +CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of Zammad v5. ...) + TODO: check +CVE-2022-29700 (A lack of password length restriction in Zammad v5.1.0 allows for the ...) + TODO: check CVE-2022-29699 RESERVED CVE-2022-29698 @@ -2425,8 +2459,8 @@ CVE-2022-28920 RESERVED CVE-2022-28919 RESERVED -CVE-2022-28918 - RESERVED +CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) + TODO: check CVE-2022-28917 RESERVED CVE-2022-28916 @@ -3450,22 +3484,22 @@ CVE-2022-28530 RESERVED CVE-2022-28529 RESERVED -CVE-2022-28528 - RESERVED -CVE-2022-28527 - RESERVED +CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...) + TODO: check +CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder deletion ...) + TODO: check CVE-2022-28526 RESERVED -CVE-2022-28525 - RESERVED -CVE-2022-28524 - RESERVED -CVE-2022-28523 - RESERVED -CVE-2022-28522 - RESERVED -CVE-2022-28521 - RESERVED +CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file upload ...) + TODO: check +CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection vulnerabi ...) + TODO: check +CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/ ...) + TODO: check +CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site scripting ...) + TODO: check +CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion vulnerabilit ...) + TODO: check CVE-2022-28520 RESERVED CVE-2022-28519 @@ -3607,12 +3641,12 @@ CVE-2022-28452 RESERVED CVE-2022-28451 RESERVED -CVE-2022-28450 - RESERVED -CVE-2022-28449 - RESERVED -CVE-2022-28448 - RESERVED +CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...) + TODO: check +CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At App ...) + TODO: check +CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An att ...) + TODO: check CVE-2022-28447 RESERVED CVE-2022-28446 @@ -4891,8 +4925,8 @@ CVE-2022-28087 RESERVED CVE-2022-28086 RESERVED -CVE-2022-28085 - RESERVED +CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in ...) + TODO: check CVE-2022-28084 RESERVED CVE-2022-28083 @@ -4943,10 +4977,10 @@ CVE-2022-28061 RESERVED CVE-2022-28060 RESERVED -CVE-2022-28059 - RESERVED -CVE-2022-28058 - RESERVED +CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) + TODO: check +CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) + TODO: check CVE-2022-28057 RESERVED CVE-2022-28056 @@ -5337,8 +5371,8 @@ CVE-2022-27890 RESERVED CVE-2022-27889 RESERVED -CVE-2022-27888 - RESERVED +CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...) + TODO: check CVE-2022-1102 RESERVED CVE-2022-1101 @@ -6789,10 +6823,10 @@ CVE-2022-27334 RESERVED CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...) NOT-FOR-US: idcCMS -CVE-2022-27332 - RESERVED -CVE-2022-27331 - RESERVED +CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to write ent ...) + TODO: check +CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts administrative con ...) + TODO: check CVE-2022-27330 RESERVED CVE-2022-27329 @@ -8919,10 +8953,9 @@ CVE-2022-26567 RESERVED CVE-2022-26566 RESERVED -CVE-2022-26565 (A cross-site scripting (XSS) vulnerability in Totaljs commit 95f54a5 a ...) +CVE-2022-26565 (A cross-site scripting (XSS) vulnerability in Totaljs all versions bef ...) NOT-FOR-US: Totaljs CMS -CVE-2022-26564 - RESERVED +CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-site scri ...) - hoteldruid 3.0.4-1 [bullseye] - hoteldruid <no-dsa> (Minor issue) [buster] - hoteldruid <no-dsa> (Minor issue) @@ -22246,7 +22279,7 @@ CVE-2022-22521 RESERVED CVE-2022-22520 RESERVED -CVE-2022-22519 (A remote, authenticated attacker can send a specific crafted HTTP or H ...) +CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted HTTP or ...) NOT-FOR-US: CODESYS CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially applied secur ...) NOT-FOR-US: CODESYS @@ -22254,7 +22287,7 @@ CVE-2022-22517 (An unauthenticated, remote attacker can disrupt existing communi NOT-FOR-US: CODESYS CVE-2022-22516 (The SysDrv3S driver in the CODESYS Control runtime system on Microsoft ...) NOT-FOR-US: CODESYS -CVE-2022-22515 (A remote, unauthenticated attacker could utilize the control programme ...) +CVE-2022-22515 (A remote, authenticated attacker could utilize the control program of ...) NOT-FOR-US: CODESYS CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferenced po ...) NOT-FOR-US: CODESYS @@ -28036,7 +28069,7 @@ CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/ NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac (2.39.2) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130 -CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...) +CVE-2021-44647 (Lua v5.4.3 and above are affected by SEGV by type confusion in funcnam ...) - lua5.4 5.4.4-1 (bug #1004189) NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html @@ -34614,7 +34647,7 @@ CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Sub NOT-FOR-US: Sourcecodester CVE-2021-43139 RESERVED -CVE-2021-43138 (A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which ...) +CVE-2021-43138 (In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtai ...) - node-async <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d (3.2.2) NOTE: https://github.com/caolan/async/pull/1828 @@ -41073,8 +41106,8 @@ CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other c NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5) CVE-2021-41042 RESERVED -CVE-2021-41041 - RESERVED +CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw ...) + TODO: check CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...) NOT-FOR-US: Eclipse Wakaama CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a68aa4fce0fc3ba319f8b36742aa72a5bf25c260 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a68aa4fce0fc3ba319f8b36742aa72a5bf25c260 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits