diff options
author | Moritz Mühlenhoff <jmm@debian.org> | 2022-09-23 14:31:49 +0200 |
---|---|---|
committer | Moritz Mühlenhoff <jmm@debian.org> | 2022-09-23 14:32:37 +0200 |
commit | 21fe653a692a527ddd04e19de264c3dc0689e207 (patch) | |
tree | 469d0e60c8c9a63a9cfbf1ad606720dc9e61da85 /data/CVE/list | |
parent | cd3dd58814def1c9ee4dad13b8b4471c475587d6 (diff) |
bullseye triage
Diffstat (limited to 'data/CVE/list')
-rw-r--r-- | data/CVE/list | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1b5b36a5dd..806ce92511 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -52,6 +52,7 @@ CVE-2022-3266 RESERVED CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop notific ...) - kitty <unfixed> + [bullseye] - kitty <no-dsa> (Minor issue) NOTE: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f (v0.26.2) CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication] RESERVED @@ -2777,6 +2778,7 @@ CVE-2022-40147 RESERVED CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) - batik <unfixed> + [bullseye] - batik <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/3 NOTE: https://issues.apache.org/jira/browse/BATIK-1335 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903910 @@ -5774,9 +5776,9 @@ CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Ov NOTE: Crash in CLI tool, no security impact CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - mplayer <unfixed> + [bullseye] - mplayer <no-dsa> (Minor issue) NOTE: https://trac.mplayerhq.hu/ticket/2400 NOTE: https://trac.mplayerhq.hu/ticket/2404 - TODO: check, unclear if fixed, upstream cannot reproduce CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...) - mplayer <unfixed> NOTE: https://trac.mplayerhq.hu/ticket/2407 @@ -5799,9 +5801,10 @@ CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Ov NOTE: https://trac.mplayerhq.hu/ticket/2395 TODO: Fixed by other fixes, but not pin pointed upstream, try to isolate revision to fix issue CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) - - mplayer <unfixed> + - mplayer <unfixed> (unimportant) NOTE: https://trac.mplayerhq.hu/ticket/2392 NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (r38384) + NOTE: Crash in CLI tool, no security impact CVE-2022-38854 RESERVED CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) @@ -6518,6 +6521,7 @@ CVE-2022-38649 RESERVED CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) - batik <unfixed> + [bullseye] - batik <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/4 NOTE: https://issues.apache.org/jira/browse/BATIK-1333 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625 @@ -7244,6 +7248,7 @@ CVE-2020-36592 RESERVED CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) - batik <unfixed> + [bullseye] - batik <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/2 NOTE: https://issues.apache.org/jira/browse/BATIK-1331 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903462 @@ -16174,6 +16179,7 @@ CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflo NOTE: Crash in CLI tool, no security impact CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...) - advancecomp <unfixed> (bug #1019592) + [bullseye] - advancecomp <no-dsa> (Minor issue) [buster] - advancecomp <no-dsa> (Minor issue) NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation fault. ...) @@ -16787,6 +16793,7 @@ CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in ke CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...) {DLA-3111-1} - mod-wsgi 4.9.0-1.1 (bug #1016476) + [bullseye] - mod-wsgi <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100563 NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 (4.9.3) NOTE: WSGITrustedProxies and vulnerable code introduced in https://github.com/GrahamDumpleton/mod_wsgi/commit/543fc33c23b4cb5e623d574b7efbf85c8dedb396 (4.4.10) @@ -27160,6 +27167,7 @@ CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. .. NOTE: Crash in CLI tool, no security impact CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. ...) - gpac <unfixed> (bug #1016443) + [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc @@ -31464,6 +31472,7 @@ CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmwar NOT-FOR-US: Dingtian CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) - gpac <unfixed> (bug #1016443) + [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://github.com/gpac/gpac/issues/2175 @@ -32978,6 +32987,7 @@ CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not s NOT-FOR-US: WordPress plugin CVE-2022-1325 (A flaw was found in Clmg, where with the help of a maliciously crafted ...) - cimg <unfixed> (bug #1018941) + [bullseye] - cimg <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2074549 NOTE: https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 (v3.1.0) NOTE: https://github.com/GreycLab/CImg/issues/343 @@ -34342,6 +34352,7 @@ CVE-2022-1223 (Improper Access Control in GitHub repository phpipam/phpipam prio - phpipam <itp> (bug #731713) CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. ...) - gpac <unfixed> (bug #1016443) + [bullseye] - gpac <no-dsa> (Minor issue) [buster] - gpac <end-of-life> (EOL in buster LTS) [stretch] - gpac <end-of-life> (No longer supported in LTS) NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d @@ -65176,12 +65187,14 @@ CVE-2021-43306 (An exponential ReDoS (Regular Expression Denial of Service) can NOT-FOR-US: Node jquery-validation CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...) - clickhouse <unfixed> (bug #1008216) + [bullseye] - clickhouse <no-dsa> (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...) - clickhouse <unfixed> (bug #1008216) + [bullseye] - clickhouse <no-dsa> (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 @@ -69564,12 +69577,14 @@ CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when pars NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...) - clickhouse <unfixed> (bug #1008216) + [bullseye] - clickhouse <no-dsa> (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...) - clickhouse <unfixed> (bug #1008216) + [bullseye] - clickhouse <no-dsa> (Minor issue) NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 @@ -74258,12 +74273,12 @@ CVE-2021-40649 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued b NOT-FOR-US: Connx CVE-2021-40648 (In man2html 1.6g, a filename can be created to overwrite the previous ...) - man2html <unfixed> + [bullseye] - man2html <no-dsa> (Minor issue) NOTE: https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 - TODO: check details CVE-2021-40647 (In man2html 1.6g, a specific string being read in from a file will ove ...) - man2html <unfixed> + [bullseye] - man2html <no-dsa> (Minor issue) NOTE: https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 - TODO: check details CVE-2021-40646 RESERVED CVE-2021-40645 (An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/ ...) |