From abdf38c13878c7d802bd66cea91e0d3f4ceffc2f Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 4 Jul 2022 20:10:29 +0000 Subject: automatic update --- data/CVE/list | 142 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 81 insertions(+), 61 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 21c8861d9a..d02e641380 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,23 @@ +CVE-2022-34917 + RESERVED +CVE-2022-34916 + RESERVED +CVE-2022-2306 + RESERVED +CVE-2022-2305 + RESERVED +CVE-2022-2304 + RESERVED +CVE-2022-2303 + RESERVED +CVE-2022-2302 + RESERVED +CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. ...) + TODO: check +CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + TODO: check +CVE-2022-2299 + RESERVED CVE-2022-2298 RESERVED CVE-2022-2297 @@ -273,8 +293,8 @@ CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions sta TODO: check CVE-2022-2269 RESERVED -CVE-2022-2268 - RESERVED +CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...) + TODO: check CVE-2022-2267 RESERVED CVE-2022-2266 @@ -607,6 +627,7 @@ CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE af TODO: check CVE-2022-2226 RESERVED + {DSA-5175-1} - thunderbird 1:91.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226 CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel Booki ...) @@ -1251,7 +1272,7 @@ CVE-2022-2201 RESERVED CVE-2022-2200 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -1266,7 +1287,7 @@ CVE-2022-34485 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34485 CVE-2022-34484 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -1283,7 +1304,7 @@ CVE-2022-34482 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34482 CVE-2022-34481 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -1296,7 +1317,7 @@ CVE-2022-34480 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34480 CVE-2022-34479 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -1333,7 +1354,7 @@ CVE-2022-34473 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34473 CVE-2022-34472 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -1346,7 +1367,7 @@ CVE-2022-34471 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34471 CVE-2022-34470 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -1359,7 +1380,7 @@ CVE-2022-34469 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34469 CVE-2022-34468 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 102.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -1866,8 +1887,7 @@ CVE-2022-34267 RESERVED CVE-2022-34266 RESERVED -CVE-2022-34265 [Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments] - RESERVED +CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...) - python-django NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/2 NOTE: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/ @@ -4503,8 +4523,8 @@ CVE-2022-33173 RESERVED CVE-2022-33172 RESERVED -CVE-2022-33171 - RESERVED +CVE-2022-33171 (** DISPUTED ** The findOne function in TypeORM before 0.3.0 can either ...) + TODO: check CVE-2022-33170 RESERVED CVE-2022-33169 @@ -7019,8 +7039,8 @@ CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) [buster] - vim (Minor issue) NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050) -CVE-2022-1967 - RESERVED +CVE-2022-1967 (The WP Championship WordPress plugin before 9.3 is lacking CSRF checks ...) + TODO: check CVE-2022-1966 REJECTED CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...) @@ -7895,8 +7915,8 @@ CVE-2022-1948 NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...) NOT-FOR-US: Trudesk -CVE-2022-1946 - RESERVED +CVE-2022-1946 (The Gallery WordPress plugin before 2.0.0 does not sanitise and escape ...) + TODO: check CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...) - apache2 2.4.54-1 (bug #1012513) [bullseye] - apache2 (Minor issue; can be fixed in point release) @@ -8235,7 +8255,7 @@ CVE-2022-31745 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745 CVE-2022-31744 RESERVED - {DSA-5172-1 DLA-3064-1} + {DSA-5175-1 DSA-5172-1 DLA-3064-1} - firefox 101.0-1 - firefox-esr 91.11.0esr-1 - thunderbird 1:91.11.0-1 @@ -13597,8 +13617,8 @@ CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin NOT-FOR-US: RAD-ISM-900-EN CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...) NOT-FOR-US: RAD-ISM-900-EN -CVE-2022-29892 - RESERVED +CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) + TODO: check CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...) - tomcat9 9.0.63-1 [bullseye] - tomcat9 (Minor issue) @@ -13635,34 +13655,34 @@ CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions NOT-FOR-US: Siemens CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...) NOT-FOR-US: Koyo Screen Creator Advance2 -CVE-2022-29513 - RESERVED -CVE-2022-29484 - RESERVED -CVE-2022-29471 - RESERVED -CVE-2022-29467 - RESERVED -CVE-2022-28718 - RESERVED -CVE-2022-28713 - RESERVED -CVE-2022-28692 - RESERVED -CVE-2022-27807 - RESERVED -CVE-2022-27803 - RESERVED -CVE-2022-27661 - RESERVED -CVE-2022-27627 - RESERVED -CVE-2022-26368 - RESERVED -CVE-2022-26054 - RESERVED -CVE-2022-26051 - RESERVED +CVE-2022-29513 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10. ...) + TODO: check +CVE-2022-29484 (Operation restriction bypass vulnerability in Space of Cybozu Garoon 4 ...) + TODO: check +CVE-2022-29471 (Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon a ...) + TODO: check +CVE-2022-29467 (Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to ...) + TODO: check +CVE-2022-28718 (Operation restriction bypass vulnerability in Bulletin of Cybozu Garoo ...) + TODO: check +CVE-2022-28713 (Improper authentication vulnerability in Scheduler of Cybozu Garoon 4. ...) + TODO: check +CVE-2022-28692 (Improper input validation vulnerability in Scheduler of Cybozu Garoon ...) + TODO: check +CVE-2022-27807 (Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 ...) + TODO: check +CVE-2022-27803 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) + TODO: check +CVE-2022-27661 (Operation restriction bypass vulnerability in Workflow of Cybozu Garoo ...) + TODO: check +CVE-2022-27627 (Cross-site scripting vulnerability in Organization's Information of Cy ...) + TODO: check +CVE-2022-26368 (Browse restriction bypass and operation restriction bypass vulnerabili ...) + TODO: check +CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Garoon 4. ...) + TODO: check +CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...) + TODO: check CVE-2022-1525 RESERVED CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...) @@ -16276,8 +16296,8 @@ CVE-2022-1303 (The Slide Anything WordPress plugin before 2.3.44 does not saniti NOT-FOR-US: WordPress plugin CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...) NOT-FOR-US: MZ Automation LibIEC61850 -CVE-2022-1301 - RESERVED +CVE-2022-1301 (The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize ...) + TODO: check CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service function ...) NOT-FOR-US: TRUMPF TruTops CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize and esc ...) @@ -28897,14 +28917,14 @@ CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication by NOTE: https://github.com/OpenVPN/openvpn/commit/58ec3bb4aac77131118dbbc39a65181e7847adee (v2.4.12) NOTE: https://github.com/OpenVPN/openvpn/commit/af3e382649d96ae77cc5e42be8270f355e5cfec5 (v2.5.6) CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...) - {DLA-3060-1} + {DSA-5176-1 DLA-3060-1} - blender 3.1.2+dfsg-1 NOTE: Issue: https://developer.blender.org/T94572 NOTE: Patch: https://developer.blender.org/D11952 NOTE: https://developer.blender.org/rB77616082f44da5258faf9ec0d53618c721b88c62 (v3.1.0) NOTE: https://developer.blender.org/rB1ee4e6bf31ff32f87f9cd1eafa548d6811794380 (v2.93.9) CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads to a w ...) - {DLA-3060-1} + {DSA-5176-1 DLA-3060-1} - blender 3.1.2+dfsg-1 NOTE: Issue: https://developer.blender.org/T94629 NOTE: Patch: https://developer.blender.org/D13744 @@ -28912,7 +28932,7 @@ CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads t NOTE: https://developer.blender.org/rBe07f16776bca5e9494e6b143170f31d5eeb160ce (v2.93.8) NOTE: https://developer.blender.org/rB63fdcbb5889e31b5f07d8d5c8e923cc57900fe1b (v2.83.19) CVE-2022-0544 (An integer underflow in the DDS loader of Blender leads to an out-of-b ...) - {DLA-3060-1} + {DSA-5176-1 DLA-3060-1} - blender 3.1.2+dfsg-1 NOTE: Issue: https://developer.blender.org/T94661 NOTE: https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816 (v3.1.0) @@ -33908,8 +33928,8 @@ CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the jso NOT-FOR-US: WordPress plugin CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) NOT-FOR-US: pimcore -CVE-2022-0250 - RESERVED +CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does ...) + TODO: check CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...) - gitlab CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...) @@ -96612,7 +96632,7 @@ CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat ve NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1 NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43) NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63) -CVE-2021-25121 (The Rating by BestWebSoft WordPress plugin through 1.5 does not valida ...) +CVE-2021-25121 (The Rating by BestWebSoft WordPress plugin before 1.6 does not validat ...) NOT-FOR-US: WordPress plugin CVE-2021-25120 (The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do no ...) NOT-FOR-US: WordPress plugin @@ -96722,8 +96742,8 @@ CVE-2021-25068 (The Sync WooCommerce Product feed to Google Shopping WordPress p NOT-FOR-US: WordPress plugin CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...) NOT-FOR-US: WordPress plugin -CVE-2021-25066 - RESERVED +CVE-2021-25066 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not s ...) + TODO: check CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...) NOT-FOR-US: WordPress plugin CVE-2021-25064 (The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize us ...) @@ -96742,8 +96762,8 @@ CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to NOT-FOR-US: WordPress plugin CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...) NOT-FOR-US: WordPress plugin -CVE-2021-25056 - RESERVED +CVE-2021-25056 (The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not s ...) + TODO: check CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...) NOT-FOR-US: WordPress plugin CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...) @@ -97884,7 +97904,7 @@ CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any NOT-FOR-US: WordPress plugin CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...) NOT-FOR-US: WordPress plugin -CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...) +CVE-2021-24485 (The Special Text Boxes WordPress plugin before 5.9.110 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...) NOT-FOR-US: WordPress plugin -- cgit v1.2.3