Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 22a83aa9 by security tracker role at 2022-06-01T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,23 @@ +CVE-2022-32204 + RESERVED +CVE-2022-32203 + RESERVED +CVE-2022-1971 + RESERVED +CVE-2022-1970 + RESERVED +CVE-2022-1969 + RESERVED +CVE-2022-1968 + RESERVED +CVE-2022-1967 + RESERVED +CVE-2022-1966 + RESERVED +CVE-2022-1965 + RESERVED +CVE-2022-1964 + RESERVED CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...) - libjpeg <unfixed> (unimportant) NOTE: https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7 @@ -177,8 +197,8 @@ CVE-2022-1951 RESERVED CVE-2022-1950 RESERVED -CVE-2022-1949 - RESERVED +CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...) + TODO: check CVE-2022-32135 RESERVED CVE-2022-32134 @@ -519,48 +539,48 @@ CVE-2022-31967 RESERVED CVE-2022-31966 RESERVED -CVE-2022-31965 - RESERVED -CVE-2022-31964 - RESERVED +CVE-2022-31965 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-31964 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-31963 RESERVED -CVE-2022-31962 - RESERVED -CVE-2022-31961 - RESERVED +CVE-2022-31962 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-31961 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-31960 RESERVED -CVE-2022-31959 - RESERVED +CVE-2022-31959 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-31958 RESERVED -CVE-2022-31957 - RESERVED -CVE-2022-31956 - RESERVED +CVE-2022-31957 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-31956 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-31955 RESERVED CVE-2022-31954 RESERVED -CVE-2022-31953 - RESERVED -CVE-2022-31952 - RESERVED -CVE-2022-31951 - RESERVED +CVE-2022-31953 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-31952 (Rescue Dispatch Management System v1.0 is vulnerable to SQL injection ...) + TODO: check +CVE-2022-31951 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-31950 RESERVED CVE-2022-31949 RESERVED -CVE-2022-31948 - RESERVED +CVE-2022-31948 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check CVE-2022-31947 RESERVED -CVE-2022-31946 - RESERVED -CVE-2022-31945 - RESERVED +CVE-2022-31946 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + TODO: check +CVE-2022-31945 (Rescue Dispatch Management System v1.0 is vulnerable to Delete any fil ...) + TODO: check CVE-2022-31944 RESERVED CVE-2022-31943 @@ -861,8 +881,7 @@ CVE-2022-1945 RESERVED CVE-2022-1944 RESERVED -CVE-2022-1943 [udf: Avoid using stale lengthOfImpUse] - RESERVED +CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file system ...) - linux 5.17.11-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) @@ -1139,6 +1158,7 @@ CVE-2022-31748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748 CVE-2022-31747 RESERVED + {DSA-5156-1} - firefox <unfixed> - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1161,6 +1181,7 @@ CVE-2022-31743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743 CVE-2022-31742 RESERVED + {DSA-5156-1} - firefox <unfixed> - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1169,6 +1190,7 @@ CVE-2022-31742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742 CVE-2022-31741 RESERVED + {DSA-5156-1} - firefox <unfixed> - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1177,6 +1199,7 @@ CVE-2022-31741 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741 CVE-2022-31740 RESERVED + {DSA-5156-1} - firefox <unfixed> - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1193,6 +1216,7 @@ CVE-2022-31739 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739 CVE-2022-31738 RESERVED + {DSA-5156-1} - firefox <unfixed> - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1201,6 +1225,7 @@ CVE-2022-31738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738 CVE-2022-31737 RESERVED + {DSA-5156-1} - firefox <unfixed> - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -1209,6 +1234,7 @@ CVE-2022-31737 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737 CVE-2022-31736 RESERVED + {DSA-5156-1} - firefox <unfixed> - firefox-esr 91.10.0esr-1 - thunderbird 1:91.10.0-1 @@ -2270,38 +2296,38 @@ CVE-2022-31356 RESERVED CVE-2022-31355 RESERVED -CVE-2022-31354 - RESERVED -CVE-2022-31353 - RESERVED -CVE-2022-31352 - RESERVED -CVE-2022-31351 - RESERVED -CVE-2022-31350 - RESERVED +CVE-2022-31354 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31353 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31352 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in ...) + TODO: check +CVE-2022-31351 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via ...) + TODO: check +CVE-2022-31350 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check CVE-2022-31349 RESERVED -CVE-2022-31348 - RESERVED -CVE-2022-31347 - RESERVED -CVE-2022-31346 - RESERVED -CVE-2022-31345 - RESERVED -CVE-2022-31344 - RESERVED -CVE-2022-31343 - RESERVED -CVE-2022-31342 - RESERVED +CVE-2022-31348 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31347 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31346 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31345 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31344 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31343 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + TODO: check +CVE-2022-31342 (Online Car Wash Booking System v1.0 is vulnerable to Delete any file v ...) + TODO: check CVE-2022-31341 RESERVED -CVE-2022-31340 - RESERVED -CVE-2022-31339 - RESERVED +CVE-2022-31340 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...) + TODO: check +CVE-2022-31339 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...) + TODO: check CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) NOT-FOR-US: Online Ordering System CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) @@ -2440,14 +2466,14 @@ CVE-2022-31271 RESERVED CVE-2022-31270 RESERVED -CVE-2022-30540 - RESERVED -CVE-2022-29488 - RESERVED -CVE-2022-28690 - RESERVED -CVE-2022-27184 - RESERVED +CVE-2022-30540 (The affected product is vulnerable to a heap-based buffer overflow via ...) + TODO: check +CVE-2022-29488 (The affected product is vulnerable to an out-of-bounds read via uninit ...) + TODO: check +CVE-2022-28690 (The affected product is vulnerable to an out-of-bounds write via unini ...) + TODO: check +CVE-2022-27184 (The affected product is vulnerable to an out-of-bounds write, which ma ...) + TODO: check CVE-2022-1836 [floppy: disable FDRAWCMD by default] RESERVED - linux 5.17.6-1 @@ -4705,8 +4731,8 @@ CVE-2022-30472 (Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based NOT-FOR-US: Tenda CVE-2022-30471 RESERVED -CVE-2022-30470 - RESERVED +CVE-2022-30470 (In Afian Filerun 20220202 Changing the "search_tika_path" variable to ...) + TODO: check CVE-2022-30469 RESERVED CVE-2022-30468 @@ -6294,8 +6320,8 @@ CVE-2022-29877 (A vulnerability has been identified in SICAM P850 (All versions NOT-FOR-US: Siemens CVE-2022-29876 (A vulnerability has been identified in SICAM P850 (All versions < V ...) NOT-FOR-US: Siemens -CVE-2022-29875 - RESERVED +CVE-2022-29875 (A vulnerability has been identified in Biograph Horizon PET/CT Systems ...) + TODO: check CVE-2022-29874 (A vulnerability has been identified in SICAM P850 (All versions < V ...) NOT-FOR-US: Siemens CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions < V ...) @@ -6810,10 +6836,10 @@ CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violat NOT-FOR-US: njs CVE-2022-29778 RESERVED -CVE-2022-29777 - RESERVED -CVE-2022-29776 - RESERVED +CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) + TODO: check +CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) + TODO: check CVE-2022-29775 RESERVED CVE-2022-29774 @@ -8629,8 +8655,8 @@ CVE-2022-29100 RESERVED CVE-2022-29099 RESERVED -CVE-2022-29098 - RESERVED +CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak ...) + TODO: check CVE-2022-29097 RESERVED CVE-2022-29096 @@ -14847,22 +14873,22 @@ CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRow NOTE: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows CVE-2022-26979 RESERVED -CVE-2022-26978 - RESERVED -CVE-2022-26977 - RESERVED -CVE-2022-26976 - RESERVED -CVE-2022-26975 - RESERVED -CVE-2022-26974 - RESERVED -CVE-2022-26973 - RESERVED -CVE-2022-26972 - RESERVED -CVE-2022-26971 - RESERVED +CVE-2022-26978 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check +CVE-2022-26977 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check +CVE-2022-26976 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check +CVE-2022-26975 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check +CVE-2022-26974 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check +CVE-2022-26973 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check +CVE-2022-26972 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check +CVE-2022-26971 (Barco Control Room Management Suite web application, which is part of ...) + TODO: check CVE-2022-26970 RESERVED CVE-2022-26969 @@ -26590,10 +26616,10 @@ CVE-2022-23239 RESERVED CVE-2022-23238 RESERVED -CVE-2022-23237 - RESERVED -CVE-2022-23236 - RESERVED +CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...) + TODO: check +CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40 through 11.7 ...) + TODO: check CVE-2022-23235 RESERVED CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a vulnerability wh ...) @@ -36706,7 +36732,7 @@ CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) .. CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2021-4014 - RESERVED + REJECTED CVE-2021-4013 RESERVED CVE-2021-4012 @@ -42994,21 +43020,21 @@ CVE-2021-42706 (This vulnerability could allow an attacker to disclose informati NOT-FOR-US: Advantech CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...) NOT-FOR-US: PLC Editor -CVE-2021-42704 (Inkscape version 0.19 is vulnerable to an out-of-bounds write, which m ...) +CVE-2021-42704 (Inkscape version 0.91 is vulnerable to an out-of-bounds write, which m ...) - inkscape 1.0-1 NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) TODO: Unclear if this is really fixed in 1.0+ CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...) NOT-FOR-US: Advantech -CVE-2021-42702 (Inkscape version 0.19 can access an uninitialized pointer, which may a ...) +CVE-2021-42702 (Inkscape version 0.91 can access an uninitialized pointer, which may a ...) - inkscape 1.0-1 NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) TODO: Unclear if this is really fixed in 1.0+ CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...) NOT-FOR-US: AzeoTech -CVE-2021-42700 (Inkscape 0.19 is vulnerable to an out-of-bounds read, which may allow ...) +CVE-2021-42700 (Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow ...) - inkscape 1.0-1 NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) @@ -65536,20 +65562,20 @@ CVE-2021-34085 (Read access violation in the III_dequantize_sample function in m - mp3gain 1.6.2-1 NOTE: Vulnerable code removed in https://sourceforge.net/p/mp3gain/code/ci/aea83203960fc6d3237b1ae38e8434ec8681b21a/ (v1.6.0) NOTE: https://drive.google.com/drive/folders/1epm65c4_iC0zE5V_leoet4Jyk1Prz2p5?usp=sharing -CVE-2021-34084 - RESERVED -CVE-2021-34083 - RESERVED -CVE-2021-34082 - RESERVED -CVE-2021-34081 - RESERVED -CVE-2021-34080 - RESERVED -CVE-2021-34079 - RESERVED -CVE-2021-34078 - RESERVED +CVE-2021-34084 (OS command injection vulnerability in Turistforeningen node-s3-uploade ...) + TODO: check +CVE-2021-34083 (Google-it is a Node.js package which allows its users to send search q ...) + TODO: check +CVE-2021-34082 (OS Command Injection vulnerability in allenhwkim proctree through 0.1. ...) + TODO: check +CVE-2021-34081 (OS Command Injection vulnerability in bbultman gitsome through 0.2.3 a ...) + TODO: check +CVE-2021-34080 (OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.j ...) + TODO: check +CVE-2021-34079 (OS Command injection vulnerability in Mintzo Docker-Tester through 1.2 ...) + TODO: check +CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS command i ...) + TODO: check CVE-2021-34077 RESERVED CVE-2021-34076 @@ -67595,8 +67621,8 @@ CVE-2021-33256 (** DISPUTED ** A CSV injection vulnerability on the login panel NOT-FOR-US: ManageEngine CVE-2021-33255 RESERVED -CVE-2021-33254 - RESERVED +CVE-2021-33254 (An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Comm ...) + TODO: check CVE-2021-33253 RESERVED CVE-2021-33252 @@ -81794,8 +81820,8 @@ CVE-2021-27916 RESERVED CVE-2021-27915 RESERVED -CVE-2021-27914 - RESERVED +CVE-2021-27914 (A cross-site scripting (XSS) vulnerability in the installer component ...) + TODO: check CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...) NOT-FOR-US: Mautic CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...) @@ -84784,12 +84810,12 @@ CVE-2021-26637 RESERVED CVE-2021-26636 RESERVED -CVE-2021-26635 - RESERVED -CVE-2021-26634 - RESERVED -CVE-2021-26633 - RESERVED +CVE-2021-26635 (In the code that verifies the file size in the ark library, it is poss ...) + TODO: check +CVE-2021-26634 (SQL injection and file upload attacks are possible due to insufficient ...) + TODO: check +CVE-2021-26633 (SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoa ...) + TODO: check CVE-2021-26632 RESERVED CVE-2021-26631 (Improper input validation vulnerability in Mangboard commerce package ...) @@ -117666,10 +117692,10 @@ CVE-2020-26187 RESERVED CVE-2020-26186 (Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS Ru ...) NOT-FOR-US: Dell Inspiron 5675 BIOS -CVE-2020-26185 - RESERVED -CVE-2020-26184 - RESERVED +CVE-2020-26185 (Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buf ...) + TODO: check +CVE-2020-26184 (Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Im ...) + TODO: check CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper auth ...) NOT-FOR-US: EMC CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...) @@ -129593,8 +129619,8 @@ CVE-2020-20973 RESERVED CVE-2020-20972 RESERVED -CVE-2020-20971 - RESERVED +CVE-2020-20971 (Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via ...) + TODO: check CVE-2020-20970 RESERVED CVE-2020-20969 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22a83aa91ea254a15842522bb22c5fc6c08c5ddd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22a83aa91ea254a15842522bb22c5fc6c08c5ddd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits