Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c63882e1 by security tracker role at 2022-04-25T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2022-29801
+ RESERVED
+CVE-2022-29800
+ RESERVED
+CVE-2022-29799
+ RESERVED
+CVE-2022-29798
+ RESERVED
+CVE-2022-29797
+ RESERVED
+CVE-2022-29796
+ RESERVED
+CVE-2022-29795
+ RESERVED
+CVE-2022-29794
+ RESERVED
+CVE-2022-29793
+ RESERVED
+CVE-2022-29792
+ RESERVED
+CVE-2022-29791
+ RESERVED
+CVE-2022-29790
+ RESERVED
+CVE-2022-29789
+ RESERVED
+CVE-2022-27174
+ RESERVED
+CVE-2022-1465
+ RESERVED
+CVE-2022-1464
+ RESERVED
+CVE-2022-1463
+ RESERVED
+CVE-2022-1462
+ RESERVED
+CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub
reposito ...)
+ TODO: check
+CVE-2022-1460
+ RESERVED
+CVE-2022-1459 (Non-Privilege User Can View Patient’s Disclosures in
GitHub repo ...)
+ TODO: check
+CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository
openemr/ope ...)
+ TODO: check
+CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page &
EditProd ...)
+ TODO: check
+CVE-2022-1456
+ RESERVED
+CVE-2021-46789
+ RESERVED
+CVE-2021-46788
+ RESERVED
+CVE-2021-46787
+ RESERVED
+CVE-2021-46786
+ RESERVED
+CVE-2021-46785
+ RESERVED
CVE-2022-29788
RESERVED
CVE-2022-29787
@@ -428,8 +486,8 @@ CVE-2022-29594
RESERVED
CVE-2022-29593
RESERVED
-CVE-2022-1441
- RESERVED
+CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used
third-part ...)
+ TODO: check
CVE-2022-29592
RESERVED
CVE-2022-29591
@@ -706,20 +764,20 @@ CVE-2022-1398
RESERVED
CVE-2022-1397
RESERVED
-CVE-2022-1396
- RESERVED
+CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise
and escap ...)
+ TODO: check
CVE-2022-1395
RESERVED
CVE-2022-1394
RESERVED
CVE-2022-1393
RESERVED
-CVE-2022-1392
- RESERVED
-CVE-2022-1391
- RESERVED
-CVE-2022-1390
- RESERVED
+CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not
validate t ...)
+ TODO: check
+CVE-2022-1391 (The Cab fare calculator WordPress plugin through 1.0.3 does not
valida ...)
+ TODO: check
+CVE-2022-1390 (The Admin Word Count Column WordPress plugin through 2.2 does
not vali ...)
+ TODO: check
CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate]
- snort <unfixed> (bug #1009820)
[bullseye] - snort <no-dsa> (Minor issue)
@@ -916,12 +974,12 @@ CVE-2022-29421
RESERVED
CVE-2022-29420
RESERVED
-CVE-2022-29419
- RESERVED
-CVE-2022-29418
- RESERVED
-CVE-2022-29417
- RESERVED
+CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's
3xSocializer plug ...)
+ TODO: check
+CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's
ShortPixel Adapti ...)
+ TODO: check
CVE-2022-29416
RESERVED
CVE-2022-29415
@@ -1253,7 +1311,7 @@ CVE-2022-1380 (Stored Cross Site Scripting vulnerability
in Item name parameter
NOT-FOR-US: snipe-it
CVE-2022-1379
RESERVED
-CVE-2022-29266 (In APache APISIX before 3.13.1, an attacker can obtain a
plugin-config ...)
+CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a
security iss ...)
NOT-FOR-US: Apache APISIX
CVE-2022-1378
RESERVED
@@ -1796,8 +1854,8 @@ CVE-2022-29080 (The npm-dependency-versions package
through 0.3.0 for Node.js al
NOT-FOR-US: Node npm-dependency-versions
CVE-2022-29079
RESERVED
-CVE-2022-29078
- RESERVED
+CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for
Node.js ...)
+ TODO: check
CVE-2022-29077 (A heap-based buffer overflow exists in rippled before 1.8.5.
The vulne ...)
NOT-FOR-US: XRP rippled
CVE-2022-29076
@@ -2336,8 +2394,8 @@ CVE-2022-28873
RESERVED
CVE-2022-28872
RESERVED
-CVE-2022-28871
- RESERVED
+CVE-2022-28871 (A Denial-of-Service (DoS) vulnerability was discovered in
F-Secure Atl ...)
+ TODO: check
CVE-2022-28870 (A vulnerability affecting F-Secure SAFE browser was
discovered. A mali ...)
NOT-FOR-US: F-Secure
CVE-2022-28869 (A vulnerability affecting F-Secure SAFE browser was
discovered. A mali ...)
@@ -3041,8 +3099,8 @@ CVE-2022-1230
RESERVED
CVE-2022-1229
RESERVED
-CVE-2022-1228
- RESERVED
+CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and
escape ...)
+ TODO: check
CVE-2022-1227
RESERVED
- libpod 3.4.7+ds1-1
@@ -3128,8 +3186,8 @@ CVE-2022-28588
RESERVED
CVE-2022-28587
RESERVED
-CVE-2022-28586
- RESERVED
+CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows attacker to execute
javascript ...)
+ TODO: check
CVE-2022-28585
RESERVED
CVE-2022-28584
@@ -3288,8 +3346,8 @@ CVE-2022-28508
RESERVED
CVE-2022-28507
RESERVED
-CVE-2022-28506
- RESERVED
+CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function
DumpScreen2RG ...)
+ TODO: check
CVE-2022-28505
RESERVED
CVE-2022-28504
@@ -3630,12 +3688,12 @@ CVE-2022-1210 (A vulnerability classified as
problematic was found in LibTIFF 4.
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402
-CVE-2021-46782
- RESERVED
-CVE-2021-46781
- RESERVED
-CVE-2021-46780
- RESERVED
+CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5
does not ...)
+ TODO: check
+CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6
does not sa ...)
+ TODO: check
+CVE-2021-46780 (The Easy Google Maps WordPress plugin before 1.9.32 does not
escape th ...)
+ TODO: check
CVE-2022-28351
RESERVED
CVE-2022-28350
@@ -3794,8 +3852,8 @@ CVE-2022-26034 (Improper authentication vulnerability in
the communication proto
NOT-FOR-US: CENTUM
CVE-2022-1200
RESERVED
-CVE-2021-4225
- RESERVED
+CVE-2021-4225 (The SP Project & Document Manager WordPress plugin before
4.24 all ...)
+ TODO: check
CVE-2022-28299
RESERVED
CVE-2022-28298
@@ -3814,8 +3872,8 @@ CVE-2022-28292
RESERVED
CVE-2022-28291
RESERVED
-CVE-2022-28290
- RESERVED
+CVE-2022-28290 (Reflective Cross-Site Scripting vulnerability in WordPress
Country Sel ...)
+ TODO: check
CVE-2022-28289
RESERVED
{DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1}
@@ -4334,8 +4392,8 @@ CVE-2022-1158
NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4
CVE-2022-1157 (Missing sanitization of logged exception messages in all
versions prio ...)
- gitlab <unfixed>
-CVE-2022-1156
- RESERVED
+CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does
not es ...)
+ TODO: check
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in
GitHub r ...)
NOT-FOR-US: snipe-it
CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim
prior to 8 ...)
@@ -4345,10 +4403,10 @@ CVE-2022-1154 (Use after free in utf_ptr2char in GitHub
repository vim/vim prior
[stretch] - vim <postponed> (Minor issue, use-after-free in malicious
command file)
NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
NOTE:
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5
(v8.2.4646)
-CVE-2022-1153
- RESERVED
-CVE-2022-1152
- RESERVED
+CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise
and es ...)
+ TODO: check
+CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and
escape t ...)
+ TODO: check
CVE-2022-1151
RESERVED
CVE-2022-1150
@@ -4666,10 +4724,10 @@ CVE-2022-28096
RESERVED
CVE-2022-28095
RESERVED
-CVE-2022-28094
- RESERVED
-CVE-2022-28093
- RESERVED
+CVE-2022-28094 (SCBS Online Sports Venue Reservation System v1.0 was
discovered to con ...)
+ TODO: check
+CVE-2022-28093 (SCBS Online Sports Venue Reservation System v1.0 was
discovered to con ...)
+ TODO: check
CVE-2022-28092
RESERVED
CVE-2022-28091
@@ -4748,8 +4806,8 @@ CVE-2022-28055
RESERVED
CVE-2022-28054
RESERVED
-CVE-2022-28053
- RESERVED
+CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file
upload vul ...)
+ TODO: check
CVE-2022-28052 (Directory Traversal vulnerability in file
cn/roothub/store/FileSystemS ...)
NOT-FOR-US: Roothub
CVE-2022-28051
@@ -5209,12 +5267,12 @@ CVE-2022-1096
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1095
RESERVED
-CVE-2022-1094
- RESERVED
+CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise
and esc ...)
+ TODO: check
CVE-2022-1093
RESERVED
-CVE-2022-1092
- RESERVED
+CVE-2022-1092 (The myCred WordPress plugin before 2.4.4 does not have
authorisation a ...)
+ TODO: check
CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before
1.9.10 c ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does
not sa ...)
@@ -5274,7 +5332,7 @@ CVE-2022-1067 (Navigating to a specific URL with a
patient ID number will result
NOT-FOR-US: LifePoint Informatics Patient Portal
CVE-2022-27863 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel
Booking ...)
NOT-FOR-US: Vikbooking
-CVE-2022-27862 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel
Booking ...)
+CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking
Hotel Bo ...)
NOT-FOR-US: Vikbooking
CVE-2022-27861
RESERVED
@@ -6297,10 +6355,10 @@ CVE-2022-27431
RESERVED
CVE-2022-27430
RESERVED
-CVE-2022-27429
- RESERVED
-CVE-2022-27428
- RESERVED
+CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side
Request Forger ...)
+ TODO: check
+CVE-2022-27428 (A stored cross-site scripting (XSS) vulnerability in
/index.php/album/ ...)
+ TODO: check
CVE-2022-27427 (A zero-code remote code injection vulnerability via
configuration.php ...)
NOT-FOR-US: Chamilo LMS
CVE-2022-27426 (A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13
allows at ...)
@@ -6480,10 +6538,10 @@ CVE-2022-27376 (MariaDB Server v10.6.5 and below was
discovered to contain an us
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26354
-CVE-2022-27375
- RESERVED
-CVE-2022-27374
- RESERVED
+CVE-2022-27375 (Tenda AX12 V22.03.01.21_CN was discovered to contain a
Cross-Site Requ ...)
+ TODO: check
+CVE-2022-27374 (Tenda AX12 V22.03.01.21_CN was discovered to contain a
Cross-Site Requ ...)
+ TODO: check
CVE-2022-27373
RESERVED
CVE-2022-27372
@@ -6608,8 +6666,8 @@ CVE-2022-27313
RESERVED
CVE-2022-27312
RESERVED
-CVE-2022-27311
- RESERVED
+CVE-2022-27311 (Gibbon v3.4.4 and below allows attackers to execute a
Server-Side Requ ...)
+ TODO: check
CVE-2022-27310
RESERVED
CVE-2022-27309
@@ -6790,8 +6848,8 @@ CVE-2022-27242
RESERVED
CVE-2022-27241 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Siemens
-CVE-2022-1027
- RESERVED
+CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before
1.2.7 allo ...)
+ TODO: check
CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of
Net View ...)
NOT-FOR-US: Kyocera printers
CVE-2022-1025
@@ -7233,8 +7291,8 @@ CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in
GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in
Shop's O ...)
NOT-FOR-US: microweber
-CVE-2022-0953
- RESERVED
+CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress
plugin be ...)
+ TODO: check
CVE-2022-0952
RESERVED
CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS
Vulnerability in ...)
@@ -7317,8 +7375,8 @@ CVE-2022-27137
RESERVED
CVE-2022-27136
RESERVED
-CVE-2022-27135
- RESERVED
+CVE-2022-27135 (xpdf 4.03 has heap buffer overflow in the function
readXRefTable locat ...)
+ TODO: check
CVE-2022-27134
RESERVED
CVE-2022-27133 (zbzcms v1.0 was discovered to contain an arbitrary file
deletion vulne ...)
@@ -7381,8 +7439,8 @@ CVE-2022-27105
RESERVED
CVE-2022-27104 (An Unauthenticated time-based blind SQL injection
vulnerability exists ...)
NOT-FOR-US: Forma LMS
-CVE-2022-27103
- RESERVED
+CVE-2022-27103 (element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS)
via el- ...)
+ TODO: check
CVE-2022-27102
RESERVED
CVE-2022-27101
@@ -8629,10 +8687,10 @@ CVE-2022-26599
RESERVED
CVE-2022-26598
RESERVED
-CVE-2022-26597
- RESERVED
-CVE-2022-26596
- RESERVED
+CVE-2022-26597 (Cross-site scripting (XSS) vulnerability in the Layout
module's Open G ...)
+ TODO: check
+CVE-2022-26596 (Cross-site scripting (XSS) vulnerability in Journal module's
web conte ...)
+ TODO: check
CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2
fix pack 1 ...)
NOT-FOR-US: Liferay
CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay
Portal ...)
@@ -8771,8 +8829,8 @@ CVE-2022-0878 (Electric Vehicle (EV) commonly utilises
the Combined Charging Sys
NOT-FOR-US: Combined Charging System
CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository
bookstackapp/ ...)
NOT-FOR-US: bookstack
-CVE-2022-0876
- RESERVED
+CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0
does not ...)
+ TODO: check
CVE-2022-0875
RESERVED
CVE-2022-0874
@@ -9962,8 +10020,8 @@ CVE-2022-0784 (The Title Experiments Free WordPress
plugin before 9.0.1 does not
NOT-FOR-US: WordPress plugin
CVE-2022-0783
RESERVED
-CVE-2022-0782
- RESERVED
+CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise
and escap ...)
+ TODO: check
CVE-2022-0781
RESERVED
CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to
disable th ...)
@@ -9992,8 +10050,8 @@ CVE-2022-0771
RESERVED
CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before
2.9.9 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0769
- RESERVED
+CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to
properly sanit ...)
+ TODO: check
CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository
rudloff/alltub ...)
NOT-FOR-US: rudloff/alltube
CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated
administr ...)
@@ -10106,8 +10164,8 @@ CVE-2022-0762 (Business Logic Errors in GitHub
repository microweber/microweber
NOT-FOR-US: microweber
CVE-2021-4224
RESERVED
-CVE-2022-26111
- RESERVED
+CVE-2022-26111 (The BeanShell components of IRISNext through 9.8.28 allow
execution of ...)
+ TODO: check
CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x
before ...)
{DLA-2984-1}
- condor <unfixed> (bug #1008634)
@@ -10429,8 +10487,8 @@ CVE-2022-25869
RESERVED
CVE-2022-25867
RESERVED
-CVE-2022-25866
- RESERVED
+CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to
Command I ...)
+ TODO: check
CVE-2022-25865
RESERVED
CVE-2022-25863
@@ -11851,8 +11909,8 @@ CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE
4.0.0 to 4.1.1 improperly
NOT-FOR-US: EC-CUBE
CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0
does not v ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0693
- RESERVED
+CVE-2022-0693 (The Master Elements WordPress plugin through 8.0 does not
validate and ...)
+ TODO: check
CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube
prior to ...)
NOT-FOR-US: alltube
CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM
url-parse prio ...)
@@ -12143,10 +12201,10 @@ CVE-2022-0659 (The Sync QCloud COS WordPress plugin
before 2.0.1 does not escape
NOT-FOR-US: WordPress plugin
CVE-2022-0658 (The CommonsBooking WordPress plugin before 2.6.8 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0657
- RESERVED
-CVE-2022-0656
- RESERVED
+CVE-2022-0657 (The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress
plugin ...)
+ TODO: check
+CVE-2022-0656 (The Web To Print Shop : uDraw WordPress plugin before 3.3.3
does not v ...)
+ TODO: check
CVE-2022-26520 (** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who
controls the ...)
- libpgjava 42.3.3-1
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
@@ -12345,8 +12403,8 @@ CVE-2022-0635 (Versions affected: BIND 9.18.0 When a
vulnerable version of named
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2022-0635
-CVE-2022-0634
- RESERVED
+CVE-2022-0634 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin
before 3 ...)
+ TODO: check
CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium
before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
@@ -13621,8 +13679,8 @@ CVE-2022-24793 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE:
https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
TODO: check, might impact src:asterisk and src:ring
-CVE-2022-24792
- RESERVED
+CVE-2022-24792 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly,
using Cran ...)
NOT-FOR-US: wasmtime
CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1
server for R ...)
@@ -14087,8 +14145,8 @@ CVE-2022-0543 (It was discovered, that redis, a
persistent key-value database, d
NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
CVE-2022-0542
RESERVED
-CVE-2022-0541
- RESERVED
+CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into
wp-conf ...)
+ TODO: check
CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated
attack ...)
NOT-FOR-US: Jira Seraph
CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist
ptrofimov/beanstalk_c ...)
@@ -15086,8 +15144,8 @@ CVE-2022-0479 (The Popup Builder WordPress plugin
before 4.1.1 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0477
- RESERVED
+CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions
starting ...)
+ TODO: check
CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior
to 5.6. ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d
@@ -15873,8 +15931,8 @@ CVE-2022-0400 [Out of bounds read in the smc protocol
stack]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)
CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin
before 1. ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0398
- RESERVED
+CVE-2022-0398 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin
before 3 ...)
+ TODO: check
CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before
2.9.4 d ...)
NOT-FOR-US: WordPress plugin
CVE-2018-25030 (A vulnerability classified as problematic has been found in
Mirmay Sec ...)
@@ -16619,8 +16677,8 @@ CVE-2022-0365 (The affected product is vulnerable to an
authenticated OS command
NOT-FOR-US: Ricon Mobile
CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0363
- RESERVED
+CVE-2022-0363 (The myCred WordPress plugin before 2.4.4 does not have any
authorisati ...)
+ TODO: check
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
NOT-FOR-US: ShowDoc
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
@@ -18414,8 +18472,8 @@ CVE-2022-0289 (Use after free in Safe browsing in
Google Chrome prior to 97.0.46
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro
WordPr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0287
- RESERVED
+CVE-2022-0287 (The myCred WordPress plugin before 2.4.3.1 does not have any
authorisa ...)
+ TODO: check
CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer
dereference in bo ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -22247,8 +22305,8 @@ CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000
server could allow a remote
NOT-FOR-US: IBM
CVE-2022-22393
RESERVED
-CVE-2022-22392
- RESERVED
+CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to
upload arb ...)
+ TODO: check
CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow
an authen ...)
NOT-FOR-US: IBM
CVE-2022-22390
@@ -23557,20 +23615,20 @@ CVE-2021-45844 (Improper sanitization in the
invocation of ODA File Converter fr
NOTE: https://tracker.freecad.org/view.php?id=4809
CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site
Scripting (X ...)
NOT-FOR-US: glFusion CMS
-CVE-2021-45842
- RESERVED
-CVE-2021-45841
- RESERVED
-CVE-2021-45840
- RESERVED
-CVE-2021-45839
- RESERVED
+CVE-2021-45842 (It is possible to obtain the first administrator's hash set up
in Terr ...)
+ TODO: check
+CVE-2021-45841 (In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517),
an attack ...)
+ TODO: check
+CVE-2021-45840 (It is possible to execute arbitrary commands as root in
Terramaster F4 ...)
+ TODO: check
+CVE-2021-45839 (It is possible to obtain the first administrator's hash set up
on the ...)
+ TODO: check
CVE-2021-45838
RESERVED
-CVE-2021-45837
- RESERVED
-CVE-2021-45836
- RESERVED
+CVE-2021-45837 (It is possible to execute arbitrary commands as root in
Terramaster F4 ...)
+ TODO: check
+CVE-2021-45836 (An authenticated attacker can execute arbitrary commands as
root in Te ...)
+ TODO: check
CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated
attacker to ...)
NOT-FOR-US: Online Admission System
CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to
the Ope ...)
@@ -45806,8 +45864,8 @@ CVE-2021-39042
RESERVED
CVE-2021-39041
RESERVED
-CVE-2021-39040
- RESERVED
+CVE-2021-39040 (IBM Planning Analytics Workspace 2.0 could be vulnerable to
malicious ...)
+ TODO: check
CVE-2021-39039
RESERVED
CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere
Application Ser ...)
@@ -52186,8 +52244,8 @@ CVE-2021-36462
RESERVED
CVE-2021-36461
RESERVED
-CVE-2021-36460
- RESERVED
+CVE-2021-36460 (VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's
password ...)
+ TODO: check
CVE-2021-36459
RESERVED
CVE-2021-36458
@@ -81111,8 +81169,8 @@ CVE-2021-25113 (The Dropdown Menu Widget WordPress
plugin through 1.9.7 does not
NOT-FOR-US: WordPress plugin
CVE-2021-25112 (The WHMCS Bridge WordPress plugin before 6.4b does not
sanitise and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25111
- RESERVED
+CVE-2021-25111 (The English WordPress Admin WordPress plugin before 1.5.2 does
not val ...)
+ TODO: check
CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any
logged in u ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by
a SQL I ...)
@@ -81145,8 +81203,8 @@ CVE-2021-25096 (The IP2Location Country Blocker
WordPress plugin before 2.26.5 b
NOT-FOR-US: WordPress plugin
CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25094
- RESERVED
+CVE-2021-25094 (The Tatsu WordPress plugin before 3.3.12 add_custom_font
action can be ...)
+ TODO: check
CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have
authorisa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have
CSRF chec ...)
@@ -81419,8 +81477,8 @@ CVE-2021-24959 (The WP Email Users WordPress plugin
through 1.7.6 does not escap
NOT-FOR-US: WordPress plugin
CVE-2021-24958 (The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24957
- RESERVED
+CVE-2021-24957 (The Advanced Page Visit Counter WordPress plugin through 5.0.8
does no ...)
+ TODO: check
CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler
WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24955 (The User Registration, Login Form, User Profile &
Membership WordP ...)
@@ -81723,8 +81781,8 @@ CVE-2021-24807 (The Support Board WordPress plugin
before 3.3.5 allows Authentic
NOT-FOR-US: WordPress plugin
CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF
when ad ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24805
- RESERVED
+CVE-2021-24805 (The DW Question & Answer Pro WordPress plugin through
1.3.4 does n ...)
+ TODO: check
CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not
have nonce ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24803 (The Core Tweaks WP Setup WordPress plugin through 4.1 allows
to bulk-s ...)
@@ -81733,8 +81791,8 @@ CVE-2021-24802 (The Colorful Categories WordPress
plugin before 2.0.15 does not
NOT-FOR-US: WordPress plugin
CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have
any auth ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24800
- RESERVED
+CVE-2021-24800 (The DW Question & Answer Pro WordPress plugin through
1.3.4 does n ...)
+ TODO: check
CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not
sanitise a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c63882e1eb0a646f15e080dbca9bcc8fe1e5086c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c63882e1eb0a646f15e080dbca9bcc8fe1e5086c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
