From 949ff0ec9cd1f6db381796491d5ff63f5e875d3a Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 26 Sep 2022 08:10:13 +0000 Subject: automatic update --- data/CVE/list | 449 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 439 insertions(+), 10 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index e7ff209115..0e0dd649db 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,429 @@ +CVE-2022-41553 + RESERVED +CVE-2022-41552 + RESERVED +CVE-2022-41551 + RESERVED +CVE-2022-41550 + RESERVED +CVE-2022-41549 + RESERVED +CVE-2022-41548 + RESERVED +CVE-2022-41547 + RESERVED +CVE-2022-41546 + RESERVED +CVE-2022-41545 + RESERVED +CVE-2022-41544 + RESERVED +CVE-2022-41543 + RESERVED +CVE-2022-41542 + RESERVED +CVE-2022-41541 + RESERVED +CVE-2022-41540 + RESERVED +CVE-2022-41539 + RESERVED +CVE-2022-41538 + RESERVED +CVE-2022-41537 + RESERVED +CVE-2022-41536 + RESERVED +CVE-2022-41535 + RESERVED +CVE-2022-41534 + RESERVED +CVE-2022-41533 + RESERVED +CVE-2022-41532 + RESERVED +CVE-2022-41531 + RESERVED +CVE-2022-41530 + RESERVED +CVE-2022-41529 + RESERVED +CVE-2022-41528 + RESERVED +CVE-2022-41527 + RESERVED +CVE-2022-41526 + RESERVED +CVE-2022-41525 + RESERVED +CVE-2022-41524 + RESERVED +CVE-2022-41523 + RESERVED +CVE-2022-41522 + RESERVED +CVE-2022-41521 + RESERVED +CVE-2022-41520 + RESERVED +CVE-2022-41519 + RESERVED +CVE-2022-41518 + RESERVED +CVE-2022-41517 + RESERVED +CVE-2022-41516 + RESERVED +CVE-2022-41515 + RESERVED +CVE-2022-41514 + RESERVED +CVE-2022-41513 + RESERVED +CVE-2022-41512 + RESERVED +CVE-2022-41511 + RESERVED +CVE-2022-41510 + RESERVED +CVE-2022-41509 + RESERVED +CVE-2022-41508 + RESERVED +CVE-2022-41507 + RESERVED +CVE-2022-41506 + RESERVED +CVE-2022-41505 + RESERVED +CVE-2022-41504 + RESERVED +CVE-2022-41503 + RESERVED +CVE-2022-41502 + RESERVED +CVE-2022-41501 + RESERVED +CVE-2022-41500 + RESERVED +CVE-2022-41499 + RESERVED +CVE-2022-41498 + RESERVED +CVE-2022-41497 + RESERVED +CVE-2022-41496 + RESERVED +CVE-2022-41495 + RESERVED +CVE-2022-41494 + RESERVED +CVE-2022-41493 + RESERVED +CVE-2022-41492 + RESERVED +CVE-2022-41491 + RESERVED +CVE-2022-41490 + RESERVED +CVE-2022-41489 + RESERVED +CVE-2022-41488 + RESERVED +CVE-2022-41487 + RESERVED +CVE-2022-41486 + RESERVED +CVE-2022-41485 + RESERVED +CVE-2022-41484 + RESERVED +CVE-2022-41483 + RESERVED +CVE-2022-41482 + RESERVED +CVE-2022-41481 + RESERVED +CVE-2022-41480 + RESERVED +CVE-2022-41479 + RESERVED +CVE-2022-41478 + RESERVED +CVE-2022-41477 + RESERVED +CVE-2022-41476 + RESERVED +CVE-2022-41475 + RESERVED +CVE-2022-41474 + RESERVED +CVE-2022-41473 + RESERVED +CVE-2022-41472 + RESERVED +CVE-2022-41471 + RESERVED +CVE-2022-41470 + RESERVED +CVE-2022-41469 + RESERVED +CVE-2022-41468 + RESERVED +CVE-2022-41467 + RESERVED +CVE-2022-41466 + RESERVED +CVE-2022-41465 + RESERVED +CVE-2022-41464 + RESERVED +CVE-2022-41463 + RESERVED +CVE-2022-41462 + RESERVED +CVE-2022-41461 + RESERVED +CVE-2022-41460 + RESERVED +CVE-2022-41459 + RESERVED +CVE-2022-41458 + RESERVED +CVE-2022-41457 + RESERVED +CVE-2022-41456 + RESERVED +CVE-2022-41455 + RESERVED +CVE-2022-41454 + RESERVED +CVE-2022-41453 + RESERVED +CVE-2022-41452 + RESERVED +CVE-2022-41451 + RESERVED +CVE-2022-41450 + RESERVED +CVE-2022-41449 + RESERVED +CVE-2022-41448 + RESERVED +CVE-2022-41447 + RESERVED +CVE-2022-41446 + RESERVED +CVE-2022-41445 + RESERVED +CVE-2022-41444 + RESERVED +CVE-2022-41443 + RESERVED +CVE-2022-41442 + RESERVED +CVE-2022-41441 + RESERVED +CVE-2022-41440 + RESERVED +CVE-2022-41439 + RESERVED +CVE-2022-41438 + RESERVED +CVE-2022-41437 + RESERVED +CVE-2022-41436 + RESERVED +CVE-2022-41435 + RESERVED +CVE-2022-41434 + RESERVED +CVE-2022-41433 + RESERVED +CVE-2022-41432 + RESERVED +CVE-2022-41431 + RESERVED +CVE-2022-41430 + RESERVED +CVE-2022-41429 + RESERVED +CVE-2022-41428 + RESERVED +CVE-2022-41427 + RESERVED +CVE-2022-41426 + RESERVED +CVE-2022-41425 + RESERVED +CVE-2022-41424 + RESERVED +CVE-2022-41423 + RESERVED +CVE-2022-41422 + RESERVED +CVE-2022-41421 + RESERVED +CVE-2022-41420 + RESERVED +CVE-2022-41419 + RESERVED +CVE-2022-41418 + RESERVED +CVE-2022-41417 + RESERVED +CVE-2022-41416 + RESERVED +CVE-2022-41415 + RESERVED +CVE-2022-41414 + RESERVED +CVE-2022-41413 + RESERVED +CVE-2022-41412 + RESERVED +CVE-2022-41411 + RESERVED +CVE-2022-41410 + RESERVED +CVE-2022-41409 + RESERVED +CVE-2022-41408 + RESERVED +CVE-2022-41407 + RESERVED +CVE-2022-41406 + RESERVED +CVE-2022-41405 + RESERVED +CVE-2022-41404 + RESERVED +CVE-2022-41403 + RESERVED +CVE-2022-41402 + RESERVED +CVE-2022-41401 + RESERVED +CVE-2022-41400 + RESERVED +CVE-2022-41399 + RESERVED +CVE-2022-41398 + RESERVED +CVE-2022-41397 + RESERVED +CVE-2022-41396 + RESERVED +CVE-2022-41395 + RESERVED +CVE-2022-41394 + RESERVED +CVE-2022-41393 + RESERVED +CVE-2022-41392 + RESERVED +CVE-2022-41391 + RESERVED +CVE-2022-41390 + RESERVED +CVE-2022-41389 + RESERVED +CVE-2022-41388 + RESERVED +CVE-2022-41387 + RESERVED +CVE-2022-41386 + RESERVED +CVE-2022-41385 + RESERVED +CVE-2022-41384 + RESERVED +CVE-2022-41383 + RESERVED +CVE-2022-41382 + RESERVED +CVE-2022-41381 + RESERVED +CVE-2022-41380 + RESERVED +CVE-2022-41379 + RESERVED +CVE-2022-41378 + RESERVED +CVE-2022-41377 + RESERVED +CVE-2022-41376 + RESERVED +CVE-2022-41375 + RESERVED +CVE-2022-41374 + RESERVED +CVE-2022-41373 + RESERVED +CVE-2022-41372 + RESERVED +CVE-2022-41371 + RESERVED +CVE-2022-41370 + RESERVED +CVE-2022-41369 + RESERVED +CVE-2022-41368 + RESERVED +CVE-2022-41367 + RESERVED +CVE-2022-41366 + RESERVED +CVE-2022-41365 + RESERVED +CVE-2022-41364 + RESERVED +CVE-2022-41363 + RESERVED +CVE-2022-41362 + RESERVED +CVE-2022-41361 + RESERVED +CVE-2022-41360 + RESERVED +CVE-2022-41359 + RESERVED +CVE-2022-41358 + RESERVED +CVE-2022-41357 + RESERVED +CVE-2022-41356 + RESERVED +CVE-2022-41355 + RESERVED +CVE-2022-41354 + RESERVED +CVE-2022-41353 + RESERVED +CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...) + TODO: check +CVE-2022-41351 + RESERVED +CVE-2022-41350 + RESERVED +CVE-2022-41349 + RESERVED +CVE-2022-41348 + RESERVED +CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e ...) + TODO: check +CVE-2022-41346 + RESERVED +CVE-2022-41345 + RESERVED +CVE-2022-41344 + RESERVED +CVE-2022-40984 + RESERVED +CVE-2022-3299 + RESERVED +CVE-2022-3298 + RESERVED CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...) TODO: check CVE-2022-36368 @@ -6124,7 +6550,7 @@ CVE-2022-3011 CVE-2022-38785 REJECTED CVE-2022-38784 (Poppler prior to and including 22.08.0 contains an integer overflow in ...) - {DSA-5224-1} + {DSA-5224-1 DLA-3120-1} - poppler 22.08.0-2.1 (bug #1018971) NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52 (poppler-22.09.0) NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf @@ -38159,7 +38585,7 @@ CVE-2022-27339 CVE-2022-27338 RESERVED CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...) - {DSA-5224-1} + {DSA-5224-1 DLA-3120-1} - poppler 22.08.0-2 (bug #1010695) [stretch] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 @@ -42392,8 +42818,8 @@ CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the mem NOT-FOR-US: node nconf CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...) NOT-FOR-US: grapejs -CVE-2022-21797 - RESERVED +CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...) + TODO: check CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...) NOT-FOR-US: github.com/masterminds/vcs CVE-2022-21232 @@ -42436,8 +42862,8 @@ CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injec NOT-FOR-US: libvcs CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are vulnerable ...) NOT-FOR-US: acrontum/filesystem-template -CVE-2022-21169 - RESERVED +CVE-2022-21169 (The package express-xss-sanitizer before 1.1.3 are vulnerable to Proto ...) + TODO: check CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary ...) NOT-FOR-US: masuit.tools CVE-2022-21165 (All versions of package font-converter are vulnerable to Arbitrary Com ...) @@ -138531,6 +138957,7 @@ CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...) + {DLA-3120-1} - poppler 0.85.0-2 [stretch] - poppler (Minor issue; maybe worth fixing later) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742 @@ -223236,7 +223663,7 @@ CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02 CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...) - 3proxy (bug #718219) CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...) - {DLA-2440-1} + {DLA-3120-1 DLA-2440-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (bug #933812) [jessie] - poppler (Minor issue) @@ -237595,7 +238022,7 @@ CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in c CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...) - limesurvey (bug #472802) CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...) - {DLA-2440-1 DLA-1963-1} + {DLA-3120-1 DLA-2440-1 DLA-1963-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #941776) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805 @@ -237785,6 +238212,7 @@ CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphv [jessie] - graphviz (Minor issue) NOTE: https://gitlab.com/graphviz/graphviz/issues/1512 CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...) + {DLA-3120-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #925264) [stretch] - poppler (Minor issue) @@ -255179,7 +255607,7 @@ CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f NOTE: binutils not covered by security support CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...) - {DLA-2440-1 DLA-1939-1} + {DLA-3120-1 DLA-2440-1 DLA-1939-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #917974) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 @@ -267305,7 +267733,7 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 (poppler-0.72.0) NOTE: Issue in pdfdetach cli tool leading to crash CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...) - {DLA-2440-1 DLA-1706-1} + {DLA-3120-1 DLA-2440-1 DLA-1706-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #913177) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659 @@ -267684,6 +268112,7 @@ CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4. NOTE: https://github.com/bestpractical/email-address-list/commit/6dd5021a6e5df2e8c86a163dc2e180a76a38e63b NOTE: https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30 CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...) + {DLA-3120-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #913164) [stretch] - poppler (Negligible security impact) -- cgit v1.2.3