[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 22 21:10:35 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b2a8e0f by security tracker role at 2022-04-22T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2022-29582 [io_uring: fix race between timeout flush and removal]
+CVE-2022-29592
+ RESERVED
+CVE-2022-29591
+ RESERVED
+CVE-2022-29590
+ RESERVED
+CVE-2022-29589 (Crypt Server before 3.3.0 allows XSS in the index view. This is relate ...)
+ TODO: check
+CVE-2022-29588
+ RESERVED
+CVE-2022-29587
+ RESERVED
+CVE-2022-29586
+ RESERVED
+CVE-2022-29585
+ RESERVED
+CVE-2022-29584
+ RESERVED
+CVE-2022-29583 (service_windows.go in the kardianos service package for Go omits quoti ...)
+ TODO: check
+CVE-2022-29581
+ RESERVED
+CVE-2022-29580
+ RESERVED
+CVE-2022-29579
+ RESERVED
+CVE-2022-1440 (Command Injection vulnerability in git-interface at 2.1.1 in GitHub repos ...)
+ TODO: check
+CVE-2022-1439 (Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository ...)
+ TODO: check
+CVE-2022-1438
+ RESERVED
+CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
+ TODO: check
+CVE-2022-1436
+ RESERVED
+CVE-2022-1435
+ RESERVED
+CVE-2022-1434
+ RESERVED
+CVE-2022-1433
+ RESERVED
+CVE-2022-1432
+ RESERVED
+CVE-2022-1431
+ RESERVED
+CVE-2022-1430
+ RESERVED
+CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...)
+ TODO: check
+CVE-2022-1428
+ RESERVED
+CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free ...)
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -4195,8 +4247,8 @@ CVE-2022-28076
RESERVED
CVE-2022-28075
RESERVED
-CVE-2022-28074
- RESERVED
+CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site scripting (XS ...)
+ TODO: check
CVE-2022-28073
RESERVED
CVE-2022-28072
@@ -5835,12 +5887,12 @@ CVE-2022-27408
RESERVED
CVE-2022-27407
RESERVED
-CVE-2022-27406
- RESERVED
-CVE-2022-27405
- RESERVED
-CVE-2022-27404
- RESERVED
+CVE-2022-27406 (FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere ...)
+ TODO: check
+CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere ...)
+ TODO: check
+CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere ...)
+ TODO: check
CVE-2022-27403
RESERVED
CVE-2022-27402
@@ -14851,8 +14903,8 @@ CVE-2022-24274
RESERVED
CVE-2022-24273
RESERVED
-CVE-2022-24272 (An authenticated user may trigger an invariant assertion during comman ...)
- TODO: check
+CVE-2022-24272
+ REJECTED
CVE-2022-23400
RESERVED
CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...)
@@ -20816,7 +20868,7 @@ CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded
[stretch] - lighttpd <not-affected> (Vulnerable code not present; the issue was introduced in later versions)
NOTE: https://redmine.lighttpd.net/issues/3134
NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
-CVE-2022-22706 (An Arm product family through 2022-01-03 has an Exposed Dangerous Meth ...)
+CVE-2022-22706 (Arm Mali GPU Kernel Driver allows a non-privileged user to achieve wri ...)
NOT-FOR-US: ARM Mali GPU driver
CVE-2022-22705
RESERVED
@@ -45450,8 +45502,8 @@ CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML E
NOT-FOR-US: IBM
CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
NOT-FOR-US: IBM
-CVE-2021-38946
- RESERVED
+CVE-2021-38946 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...)
+ TODO: check
CVE-2021-38945
RESERVED
CVE-2021-38944
@@ -45532,12 +45584,12 @@ CVE-2021-38907
RESERVED
CVE-2021-38906
RESERVED
-CVE-2021-38905
- RESERVED
-CVE-2021-38904
- RESERVED
-CVE-2021-38903
- RESERVED
+CVE-2021-38905 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authent ...)
+ TODO: check
+CVE-2021-38904 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote a ...)
+ TODO: check
+CVE-2021-38903 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...)
+ TODO: check
CVE-2021-38902
RESERVED
CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...)
@@ -45570,8 +45622,8 @@ CVE-2021-38888
RESERVED
CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
NOT-FOR-US: IBM
-CVE-2021-38886
- RESERVED
+CVE-2021-38886 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...)
+ TODO: check
CVE-2021-38885
RESERVED
CVE-2021-38884
@@ -52245,8 +52297,8 @@ CVE-2021-36205 (Under certain circumstances the session token is not cleared on
TODO: check
CVE-2021-36204
RESERVED
-CVE-2021-36203
- RESERVED
+CVE-2021-36203 (A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 ...)
+ TODO: check
CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...)
NOT-FOR-US: Johnson Controls Metasys
CVE-2021-36201
@@ -60104,12 +60156,12 @@ CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Version
NOT-FOR-US: FATEK Automation FvDesigner
CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...)
NOT-FOR-US: Advantech
-CVE-2021-32929
- RESERVED
+CVE-2021-32929 (All versions of Uffizio GPS Tracker may allow an attacker to perform u ...)
+ TODO: check
CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...)
NOT-FOR-US: Sentinel LDK Run-Time Environment installer
-CVE-2021-32927
- RESERVED
+CVE-2021-32927 (An attacker may be able to inject client-side JavaScript code on multi ...)
+ TODO: check
CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
NOT-FOR-US: Rockwell Automation
CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...)
@@ -68620,8 +68672,8 @@ CVE-2021-29826
RESERVED
CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...)
NOT-FOR-US: IBM
-CVE-2021-29824
- RESERVED
+CVE-2021-29824 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to privi ...)
+ TODO: check
CVE-2021-29823
RESERVED
CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
@@ -92940,8 +92992,8 @@ CVE-2021-20466
RESERVED
CVE-2021-20465
RESERVED
-CVE-2021-20464
- RESERVED
+CVE-2021-20464 (IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, a ...)
+ TODO: check
CVE-2021-20463
RESERVED
CVE-2021-20462
@@ -137124,8 +137176,8 @@ CVE-2020-14125
RESERVED
CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...)
NOT-FOR-US: Xiaomi
-CVE-2020-14123
- RESERVED
+CVE-2020-14123 (There is a pointer double free vulnerability in Some MIUI Services. Wh ...)
+ TODO: check
CVE-2020-14122 (Some Xiaomi phones have information leakage vulnerabilities, and some ...)
TODO: check
CVE-2020-14121 (A business logic vulnerability exists in Mi App Store. The vulnerabili ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2a8e0f771310ff61df8d81dd06f370a9e022ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2a8e0f771310ff61df8d81dd06f370a9e022ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220422/30cb151f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list