Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c38c374a by security tracker role at 2022-11-08T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,47 @@ +CVE-2022-45058 + RESERVED +CVE-2022-45057 + RESERVED +CVE-2022-45056 + RESERVED +CVE-2022-45055 + RESERVED +CVE-2022-45054 + RESERVED +CVE-2022-45053 + RESERVED +CVE-2022-45052 + RESERVED +CVE-2022-45051 + RESERVED +CVE-2022-45050 + RESERVED +CVE-2022-45049 + RESERVED +CVE-2022-45048 + RESERVED +CVE-2022-45047 + RESERVED +CVE-2022-45046 + RESERVED +CVE-2022-3899 + RESERVED +CVE-2022-3898 + RESERVED +CVE-2022-3897 + RESERVED +CVE-2022-3896 + RESERVED +CVE-2022-3895 + RESERVED +CVE-2022-3894 + RESERVED +CVE-2022-3893 + RESERVED +CVE-2022-3892 + RESERVED +CVE-2022-3891 + RESERVED CVE-2022-45045 RESERVED CVE-2022-3890 @@ -676,8 +720,8 @@ CVE-2022-44743 RESERVED CVE-2022-44742 RESERVED -CVE-2022-44741 - RESERVED +CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) + TODO: check CVE-2022-44740 RESERVED CVE-2022-44739 @@ -2358,8 +2402,8 @@ CVE-2022-44558 RESERVED CVE-2022-44557 RESERVED -CVE-2022-44556 - RESERVED +CVE-2022-44556 (Missing parameter type validation in the DRM module. Successful exploi ...) + TODO: check CVE-2022-44555 RESERVED CVE-2022-44554 @@ -2570,8 +2614,8 @@ CVE-2022-44459 RESERVED CVE-2022-44458 RESERVED -CVE-2022-44457 - RESERVED +CVE-2022-44457 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...) + TODO: check CVE-2022-43506 RESERVED CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distr ...) @@ -2893,28 +2937,28 @@ CVE-2022-44323 RESERVED CVE-2022-44322 RESERVED -CVE-2022-44321 - RESERVED -CVE-2022-44320 - RESERVED -CVE-2022-44319 - RESERVED -CVE-2022-44318 - RESERVED -CVE-2022-44317 - RESERVED -CVE-2022-44316 - RESERVED -CVE-2022-44315 - RESERVED -CVE-2022-44314 - RESERVED -CVE-2022-44313 - RESERVED -CVE-2022-44312 - RESERVED -CVE-2022-44311 - RESERVED +CVE-2022-44321 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44320 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44319 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44318 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44317 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44316 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44315 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44314 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44313 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44312 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the ...) + TODO: check CVE-2022-44310 RESERVED CVE-2022-44309 @@ -5416,8 +5460,8 @@ CVE-2023-0002 RESERVED CVE-2023-0001 RESERVED -CVE-2022-43958 - RESERVED +CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions). ...) + TODO: check CVE-2022-43957 RESERVED CVE-2022-43956 @@ -5877,6 +5921,7 @@ CVE-2022-43762 CVE-2022-43761 RESERVED CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...) + {DLA-3182-1} - vim 2:9.0.0813-1 NOTE: https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (v9.0.0805) CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby on Ra ...) @@ -6479,10 +6524,10 @@ CVE-2022-43548 [DNS rebinding in --inspect via invalid octal IP address] NOTE: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 CVE-2022-43547 RESERVED -CVE-2022-43546 - RESERVED -CVE-2022-43545 - RESERVED +CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + TODO: check +CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + TODO: check CVE-2022-43542 RESERVED CVE-2022-43541 @@ -6547,16 +6592,16 @@ CVE-2022-43499 RESERVED CVE-2022-43492 RESERVED -CVE-2022-43491 - RESERVED +CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...) + TODO: check CVE-2022-43490 RESERVED CVE-2022-43488 RESERVED CVE-2022-43482 RESERVED -CVE-2022-43481 - RESERVED +CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons fo ...) + TODO: check CVE-2022-43480 RESERVED CVE-2022-43479 @@ -6587,8 +6632,8 @@ CVE-2022-43445 RESERVED CVE-2022-43441 RESERVED -CVE-2022-43439 - RESERVED +CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + TODO: check CVE-2022-43438 RESERVED CVE-2022-43437 @@ -6611,8 +6656,8 @@ CVE-2022-42698 RESERVED CVE-2022-42497 RESERVED -CVE-2022-42494 - RESERVED +CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...) + TODO: check CVE-2022-42485 RESERVED CVE-2022-42479 @@ -6635,8 +6680,8 @@ CVE-2022-41990 RESERVED CVE-2022-41987 RESERVED -CVE-2022-41980 - RESERVED +CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...) + TODO: check CVE-2022-41978 RESERVED CVE-2022-41840 @@ -6967,10 +7012,10 @@ CVE-2022-3592 [Wide links protection broken] NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html CVE-2022-43399 RESERVED -CVE-2022-43398 - RESERVED -CVE-2022-43397 - RESERVED +CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + TODO: check +CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...) + TODO: check CVE-2022-43396 RESERVED CVE-2022-3591 @@ -7141,8 +7186,8 @@ CVE-2022-43345 RESERVED CVE-2022-43344 RESERVED -CVE-2022-43343 - RESERVED +CVE-2022-43343 (N-Prolog v1.91 was discovered to contain a global buffer overflow vuln ...) + TODO: check CVE-2022-43342 RESERVED CVE-2022-43341 @@ -8608,10 +8653,12 @@ CVE-2022-42826 CVE-2022-42825 (This issue was addressed by removing additional entitlements. This iss ...) NOT-FOR-US: Apple CVE-2022-42824 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5274-1 DSA-5273-1} - webkit2gtk 2.38.2-1 - wpewebkit 2.38.2-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html CVE-2022-42823 (A type confusion issue was addressed with improved memory handling. Th ...) + {DSA-5274-1 DSA-5273-1} - webkit2gtk 2.38.2-1 - wpewebkit 2.38.2-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html @@ -8662,6 +8709,7 @@ CVE-2022-42801 (A logic issue was addressed with improved checks. This issue is CVE-2022-42800 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2022-42799 (The issue was addressed with improved UI handling. This issue is fixed ...) + {DSA-5274-1 DSA-5273-1} - webkit2gtk 2.38.2-1 - wpewebkit 2.38.2-1 NOTE: https://webkitgtk.org/security/WSA-2022-0010.html @@ -11135,8 +11183,8 @@ CVE-2022-41759 RESERVED CVE-2022-41758 RESERVED -CVE-2022-41757 - RESERVED +CVE-2022-41757 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + TODO: check CVE-2022-41756 RESERVED CVE-2022-41755 @@ -11361,16 +11409,16 @@ CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vuln NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V ...) NOT-FOR-US: Siemens -CVE-2022-41664 - RESERVED -CVE-2022-41663 - RESERVED -CVE-2022-41662 - RESERVED -CVE-2022-41661 - RESERVED -CVE-2022-41660 - RESERVED +CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...) + TODO: check +CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...) + TODO: check +CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...) + TODO: check +CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...) + TODO: check +CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...) + TODO: check CVE-2022-41656 RESERVED CVE-2022-41655 @@ -11488,8 +11536,8 @@ CVE-2022-41315 RESERVED CVE-2022-41155 RESERVED -CVE-2022-41136 - RESERVED +CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) + TODO: check CVE-2022-41135 RESERVED CVE-2022-41134 @@ -11524,8 +11572,8 @@ CVE-2022-40192 RESERVED CVE-2022-40130 RESERVED -CVE-2022-40128 - RESERVED +CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...) + TODO: check CVE-2022-39044 RESERVED CVE-2022-38467 @@ -11650,6 +11698,7 @@ CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...) - gitlab <unfixed> CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) + {DLA-3182-1} - vim 2:9.0.0626-1 NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/ NOTE: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb (v9.0.0598) @@ -13597,6 +13646,7 @@ CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable assertion - jasper <removed> NOTE: https://github.com/jasper-software/jasper/issues/338 CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + {DLA-3182-1} - vim 2:9.0.0626-1 NOTE: https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da/ NOTE: https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d (v9.0.0483) @@ -13771,14 +13821,14 @@ CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnera NOT-FOR-US: WordPress plugin CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – ...) NOT-FOR-US: WordPress plugin -CVE-2022-40632 - RESERVED +CVE-2022-40632 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...) + TODO: check CVE-2022-40312 RESERVED CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in Rate my Po ...) NOT-FOR-US: WordPress plugin -CVE-2022-40223 - RESERVED +CVE-2022-40223 (Nonce token leakage and missing authorization in SearchWP premium plug ...) + TODO: check CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Swit ...) NOT-FOR-US: WordPress plugin CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in Xpl ...) @@ -13789,10 +13839,10 @@ CVE-2022-40213 (Multiple Authenticated (contributor+) Stored Cross-Site Scriptin NOT-FOR-US: WordPress plugin CVE-2022-40211 RESERVED -CVE-2022-40206 - RESERVED -CVE-2022-40205 - RESERVED +CVE-2022-40206 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...) + TODO: check +CVE-2022-40205 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...) + TODO: check CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awe ...) NOT-FOR-US: WordPress plugin CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page ...) @@ -13839,8 +13889,8 @@ CVE-2022-3212 (<bytes::Bytes as axum_core::extract::FromRequest>::from_req NOT-FOR-US: axum_core rust crate CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore -CVE-2022-30545 - RESERVED +CVE-2022-30545 (Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Co ...) + TODO: check CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...) NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...) @@ -14952,8 +15002,8 @@ CVE-2022-38140 RESERVED CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Stati ...) NOT-FOR-US: WordPress plugin -CVE-2022-38137 - RESERVED +CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin &l ...) + TODO: check CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's Photospace Galler ...) NOT-FOR-US: WordPress plugin CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control vulnerability in Cus ...) @@ -15559,6 +15609,7 @@ CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira do CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise a ...) NOT-FOR-US: WordPress plugin CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ...) + {DLA-3182-1} - vim 2:9.0.0626-1 (bug #1019590) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc @@ -16911,8 +16962,8 @@ CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum NOT-FOR-US: Rust crate evm CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...) TODO: check -CVE-2022-39352 - RESERVED +CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine inspired ...) + TODO: check CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...) NOT-FOR-US: Dependency-Track CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...) @@ -16933,8 +16984,8 @@ CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and NOT-FOR-US: Gin-vue-admin CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) NOT-FOR-US: Azure RTOS USBX -CVE-2022-39343 - RESERVED +CVE-2022-39343 (Azure RTOS FileX is a FAT-compatible file system that’s fully in ...) + TODO: check CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) NOT-FOR-US: OpenFGA CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) @@ -17328,6 +17379,7 @@ CVE-2022-39199 CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 a ...) NOT-FOR-US: Apache Dubbo CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ...) + {DLA-3182-1} - vim 2:9.0.0626-1 (bug #1019590) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e @@ -17473,10 +17525,10 @@ CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linu NOTE: https://git.kernel.org/linus/b67fbebd4cf980aecbcc750e1462128bffe8ae15 CVE-2022-39159 RESERVED -CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC8388 (All vers ...) +CVE-2022-39158 (A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All v ...) NOT-FOR-US: Siemens -CVE-2022-39157 - RESERVED +CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...) + TODO: check CVE-2022-39156 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...) NOT-FOR-US: Siemens CVE-2022-39155 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...) @@ -17517,8 +17569,8 @@ CVE-2022-39138 (A vulnerability has been identified in Parasolid V33.1 (All vers NOT-FOR-US: Siemens CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...) NOT-FOR-US: Siemens -CVE-2022-39136 - RESERVED +CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...) + TODO: check CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...) NOT-FOR-US: Apache Calcite CVE-2022-39134 @@ -17705,8 +17757,8 @@ CVE-2022-39071 RESERVED CVE-2022-39070 RESERVED -CVE-2022-39069 - RESERVED +CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...) + TODO: check CVE-2022-39068 RESERVED CVE-2022-39067 @@ -19010,6 +19062,7 @@ CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apa NOTE: https://issues.apache.org/jira/browse/BATIK-1333 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625 CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246. ...) + {DLA-3182-1} - vim 2:9.0.0626-1 (bug #1019590) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 @@ -22881,6 +22934,7 @@ CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not s CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...) + {DLA-3182-1} - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/ NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101) @@ -26012,8 +26066,8 @@ CVE-2022-36079 (Parse Server is an open source backend that can be deployed to a NOT-FOR-US: Node parse-server CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats. The vuln ...) NOT-FOR-US: gagliardetto/Binary (tool to provide encoding/decoding in Borsh and other formats) -CVE-2022-36077 - RESERVED +CVE-2022-36077 (The Electron framework enables writing cross-platform desktop applicat ...) + TODO: check CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...) NOT-FOR-US: NodeBB CVE-2022-36075 (Nextcloud files access control is a nextcloud app to manage access con ...) @@ -29067,6 +29121,7 @@ CVE-2022-2306 (Old session tokens can be used to authenticate to the application CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) + {DLA-3182-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/ @@ -29209,6 +29264,7 @@ CVE-2022-34895 CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...) NOT-FOR-US: JetBrains Hub CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) + {DLA-3182-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/ @@ -29338,10 +29394,10 @@ CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Opl NOT-FOR-US: WordPress plugin CVE-2022-32970 RESERVED -CVE-2022-32776 - RESERVED -CVE-2022-32587 - RESERVED +CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adva ...) + TODO: check +CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page ...) + TODO: check CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...) NOT-FOR-US: WordPress plugin CVE-2022-30705 @@ -36352,7 +36408,7 @@ CVE-2022-1970 CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerable to ...) NOT-FOR-US: Mobile browser color select plugin for WordPress CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - {DLA-3053-1} + {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b @@ -37738,7 +37794,7 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - {DLA-3053-1} + {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea @@ -38345,7 +38401,7 @@ CVE-2022-1852 (A NULL pointer dereference flaw was found in the Linux kernelR [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9 CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) - {DLA-3053-1} + {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d @@ -40296,7 +40352,7 @@ CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repo CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio ...) NOT-FOR-US: jgraph/drawio CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...) - {DLA-3053-1} + {DLA-3182-1 DLA-3053-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 @@ -40756,8 +40812,8 @@ CVE-2022-30696 (Local privilege escalation due to a DLL hijacking vulnerability. NOT-FOR-US: Acronis CVE-2022-30695 (Local privilege escalation due to excessive permissions assigned to ch ...) NOT-FOR-US: Acronis -CVE-2022-30694 - RESERVED +CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + TODO: check CVE-2022-30543 RESERVED CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and ...) @@ -41989,7 +42045,7 @@ CVE-2022-30321 (go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access v NOTE: https://github.com/hashicorp/go-getter/pull/359 NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim prior to ...) - {DLA-3011-1} + {DLA-3182-1 DLA-3011-1} - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 @@ -48482,7 +48538,7 @@ CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does n CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...) - snipe-it <itp> (bug #1005172) CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...) - {DLA-3011-1} + {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 @@ -49213,8 +49269,8 @@ CVE-2022-27916 RESERVED CVE-2022-27915 RESERVED -CVE-2022-27914 - RESERVED +CVE-2022-27914 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate fil ...) + TODO: check CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate fil ...) NOT-FOR-US: Joomla! CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with pub ...) @@ -49417,14 +49473,14 @@ CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scriptin NOT-FOR-US: WordPress plugin CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) NOT-FOR-US: WordPress plugin -CVE-2022-27858 - RESERVED +CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log <= 2. ...) + TODO: check CVE-2022-27857 RESERVED CVE-2022-27856 RESERVED -CVE-2022-27855 - RESERVED +CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analyti ...) + TODO: check CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) NOT-FOR-US: WordPress plugin CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) @@ -51910,7 +51966,7 @@ CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in GitHub ...) NOT-FOR-US: sqlpad CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim ...) - {DLA-3053-1} + {DLA-3182-1 DLA-3053-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 @@ -55568,7 +55624,7 @@ CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypass NOTE: https://github.com/Cacti/cacti/commit/8694bf28edad723585915a97b95fbf5b1816a02b (1.2.x) NOTE: https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628 (1.2.x) CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea @@ -55677,7 +55733,7 @@ CVE-2022-0716 CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that could cau ...) NOT-FOR-US: Schneider Electric CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3 @@ -56313,7 +56369,7 @@ CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8) CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782 @@ -57615,7 +57671,7 @@ CVE-2022-0574 (Improper Access Control in GitHub repository publify/publify prio CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure ...) NOT-FOR-US: JFrog Artifactory CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - {DLA-3011-1} + {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf @@ -58554,7 +58610,7 @@ CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect pe CVE-2022-0555 RESERVED CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/ @@ -59889,7 +59945,7 @@ CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Coo CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - {DLA-3011-1} + {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 @@ -60368,7 +60424,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...) - {DLA-3053-1} + {DLA-3182-1 DLA-3053-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/ @@ -60431,7 +60487,7 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...) - dolibarr <removed> CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - {DLA-3011-1} + {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 @@ -60468,7 +60524,7 @@ CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...) NOT-FOR-US: ShowDoc CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d @@ -61240,7 +61296,7 @@ CVE-2022-23942 (Apache Doris, prior to 1.0.0, used a hardcoded key and IV to ini CVE-2022-21184 (An information disclosure vulnerability exists in the License registra ...) NOT-FOR-US: Bachmann Visutec GmbH Atvise CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/ @@ -61263,7 +61319,7 @@ CVE-2022-0363 (The myCred WordPress plugin before 2.4.4 does not have any author CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...) NOT-FOR-US: ShowDoc CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b @@ -61271,7 +61327,7 @@ CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...) NOT-FOR-US: WordPress plugin CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def @@ -61472,7 +61528,7 @@ CVE-2022-23865 (Nyron 1.0 is affected by a SQL injection vulnerability through N CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...) NOT-FOR-US: calibre-web CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...) - {DLA-3011-1} + {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161 @@ -62163,7 +62219,7 @@ CVE-2022-0321 (The WP Voting Contest WordPress plugin before 3.0 does not saniti CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...) NOT-FOR-US: WordPress plugin CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b @@ -63686,7 +63742,7 @@ CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimc CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) NOT-FOR-US: pimcore CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - {DLA-3011-1} + {DLA-3182-1 DLA-3011-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 @@ -64082,7 +64138,7 @@ CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock noti CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...) NOT-FOR-US: WordPress plugin CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed @@ -67871,13 +67927,13 @@ CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...) NOT-FOR-US: bookstack CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950) CVE-2021-4192 (vim is vulnerable to Use After Free ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 @@ -72875,7 +72931,7 @@ CVE-2021-4070 (Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4 CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...) NOT-FOR-US: Apache Sling CVE-2021-4069 (vim is vulnerable to Use After Free ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/ @@ -74102,7 +74158,7 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input D NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd NOTE: Issues only in janus-demos built from src:janus CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92 @@ -74644,7 +74700,7 @@ CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlle CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: kimai2 CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (bug #1001896) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a @@ -74882,7 +74938,7 @@ CVE-2021-43961 (Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...) NOT-FOR-US: Lorensbergs Connect2 CVE-2021-3974 (vim is vulnerable to Use After Free ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 (bug #1001897) [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4 @@ -77843,13 +77899,13 @@ CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allow CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...) NOT-FOR-US: Sunnet eHRD CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582) CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...) - {DLA-2947-1} + {DLA-3182-1 DLA-2947-1} - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 @@ -88087,8 +88143,8 @@ CVE-2021-40305 RESERVED CVE-2021-40304 RESERVED -CVE-2021-40303 - RESERVED +CVE-2021-40303 (perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clien ...) + TODO: check CVE-2021-40302 RESERVED CVE-2021-40301 @@ -95894,7 +95950,7 @@ CVE-2021-37211 (The bulletin function of Flygo does not filter special character NOT-FOR-US: Flygo CVE-2021-37210 RESERVED -CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) +CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM ROS M2100, RUGGEDCOM ...) NOT-FOR-US: Siemens CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) NOT-FOR-US: Siemens View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c38c374a089f5fd61d02651f0e894cd01740644d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c38c374a089f5fd61d02651f0e894cd01740644d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits