[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 5 09:10:51 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ea3ba10 by security tracker role at 2022-08-05T08:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2022-37431 (A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS  ...)
+	TODO: check
+CVE-2022-37430
+	RESERVED
+CVE-2022-37429
+	RESERVED
+CVE-2022-37428
+	RESERVED
+CVE-2022-37427
+	RESERVED
+CVE-2022-37426
+	RESERVED
+CVE-2022-37425
+	RESERVED
+CVE-2022-37424
+	RESERVED
+CVE-2022-37423
+	RESERVED
+CVE-2022-37422
+	RESERVED
+CVE-2022-37421
+	RESERVED
+CVE-2022-37420
+	RESERVED
+CVE-2022-37419
+	RESERVED
+CVE-2022-37418
+	RESERVED
+CVE-2022-37417
+	RESERVED
+CVE-2022-37416 (Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory  ...)
+	TODO: check
+CVE-2022-37415 (The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buff ...)
+	TODO: check
+CVE-2022-37414
+	RESERVED
+CVE-2022-37413
+	RESERVED
+CVE-2022-37401
+	RESERVED
+CVE-2022-37400
+	RESERVED
+CVE-2022-37399
+	RESERVED
+CVE-2022-37398
+	RESERVED
+CVE-2022-36350
+	RESERVED
+CVE-2022-2667
+	RESERVED
+CVE-2022-2666
+	RESERVED
+CVE-2022-2665
+	RESERVED
+CVE-2022-2664
+	RESERVED
+CVE-2020-36591
+	RESERVED
+CVE-2020-36590
+	RESERVED
+CVE-2020-36589
+	RESERVED
+CVE-2020-36588
+	RESERVED
+CVE-2020-36587
+	RESERVED
+CVE-2020-36586
+	RESERVED
+CVE-2020-36585
+	RESERVED
+CVE-2020-36584
+	RESERVED
+CVE-2020-36583
+	RESERVED
+CVE-2020-36582
+	RESERVED
+CVE-2020-36581
+	RESERVED
+CVE-2020-36580
+	RESERVED
+CVE-2020-36579
+	RESERVED
+CVE-2020-36578
+	RESERVED
+CVE-2020-36577
+	RESERVED
+CVE-2020-36576
+	RESERVED
+CVE-2020-36575
+	RESERVED
+CVE-2020-36574
+	RESERVED
+CVE-2020-36573
+	RESERVED
+CVE-2020-36572
+	RESERVED
+CVE-2020-36571
+	RESERVED
+CVE-2020-36570
+	RESERVED
 CVE-2022-2663
 	RESERVED
 CVE-2022-2662
@@ -943,8 +1043,7 @@ CVE-2022-37032
 	RESERVED
 CVE-2022-37031
 	RESERVED
-CVE-2022-37030
-	RESERVED
+CVE-2022-37030 (Weak permissions on the configuration file in the PAM module in Grommu ...)
 	NOT-FOR-US: Gromox
 CVE-2022-37029
 	RESERVED
@@ -3654,16 +3753,16 @@ CVE-2022-35932
 	RESERVED
 CVE-2022-35931
 	RESERVED
-CVE-2022-35930
-	RESERVED
-CVE-2022-35929
-	RESERVED
+CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...)
+	TODO: check
+CVE-2022-35929 (cosign is a container signing and verification utility. In versions pr ...)
+	TODO: check
 CVE-2022-35928 (AES Crypt is a file encryption software for multiple platforms. AES Cr ...)
 	NOT-FOR-US: AES Crypt
-CVE-2022-35927
-	RESERVED
-CVE-2022-35926
-	RESERVED
+CVE-2022-35927 (Contiki-NG is an open-source, cross-platform operating system for IoT  ...)
+	TODO: check
+CVE-2022-35926 (Contiki-NG is an open-source, cross-platform operating system for IoT  ...)
+	TODO: check
 CVE-2022-35925 (BookWyrm is a social network for tracking reading. Versions prior to 0 ...)
 	NOT-FOR-US: BookWyrm
 CVE-2022-35924 (NextAuth.js is a complete open source authentication solution for Next ...)
@@ -3893,8 +3992,8 @@ CVE-2022-35860
 	RESERVED
 CVE-2022-35859
 	RESERVED
-CVE-2022-35858
-	RESERVED
+CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions in Sams ...)
+	TODO: check
 CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to execute arbitr ...)
 	NOT-FOR-US: kvf-admin
 CVE-2022-35856
@@ -5568,12 +5667,12 @@ CVE-2022-35146
 	RESERVED
 CVE-2022-35145
 	RESERVED
-CVE-2022-35144
-	RESERVED
-CVE-2022-35143
-	RESERVED
-CVE-2022-35142
-	RESERVED
+CVE-2022-35144 (Renato v0.17.0 was discovered to contain a cross-site scripting (XSS)  ...)
+	TODO: check
+CVE-2022-35143 (Renato v0.17.0 employs weak password complexity requirements, allowing ...)
+	TODO: check
+CVE-2022-35142 (An issue in Renato v0.17.0 allows attackers to cause a Denial of Servi ...)
+	TODO: check
 CVE-2022-35141
 	RESERVED
 CVE-2022-35140
@@ -5870,8 +5969,8 @@ CVE-2022-34995
 	RESERVED
 CVE-2022-34994
 	RESERVED
-CVE-2022-34993
-	RESERVED
+CVE-2022-34993 (Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code  ...)
+	TODO: check
 CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the ...)
 	TODO: check
 CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected cross-site  ...)
@@ -5916,8 +6015,8 @@ CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind SQL
 	NOT-FOR-US: So Filter Shop
 CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising Management m ...)
 	NOT-FOR-US: Feehi CMS
-CVE-2022-34970
-	RESERVED
+CVE-2022-34970 (Crow before v1.0+4 was discovered to contain a buffer overflow via the ...)
+	TODO: check
 CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereferen ...)
 	NOT-FOR-US: pingcap/tidb
 CVE-2022-34968 (An issue in the fetch_step function in Percona Server for MySQL v8.0.2 ...)
@@ -14281,8 +14380,8 @@ CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...)
 	NOT-FOR-US: Trudesk
-CVE-2022-31793
-	RESERVED
+CVE-2022-31793 (do_request in request.c in muhttpd before 1.1.7 allows remote attacker ...)
+	TODO: check
 CVE-2022-31792
 	RESERVED
 CVE-2022-31791
@@ -31749,8 +31848,8 @@ CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.
 	NOT-FOR-US: dexie
 CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...)
 	NOT-FOR-US: libvcs
-CVE-2022-21186
-	RESERVED
+CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are vulnerable  ...)
+	TODO: check
 CVE-2022-21169
 	RESERVED
 CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary  ...)
@@ -83161,8 +83260,8 @@ CVE-2021-32773 (Racket is a general-purpose programming language and an ecosyste
 	NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
 CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...)
 	NOT-FOR-US: Poddycast
-CVE-2021-32771
-	RESERVED
+CVE-2021-32771 (Contiki-NG is an open-source, cross-platform operating system for IoT  ...)
+	TODO: check
 CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
 	NOT-FOR-US: Gatsby
 CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea3ba1038db7085ffac81f9c7cdd83b0ceb42a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ea3ba1038db7085ffac81f9c7cdd83b0ceb42a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220805/2695d75c/attachment.htm>

More information about the debian-security-tracker-commits mailing list