[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 5 21:30:19 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b629b1b by security tracker role at 2022-08-05T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,34 @@
-CVE-2022-37434 [buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field]
+CVE-2022-37439
+ RESERVED
+CVE-2022-37438
+ RESERVED
+CVE-2022-37437
+ RESERVED
+CVE-2022-37436
+ RESERVED
+CVE-2022-37435
+ RESERVED
+CVE-2022-37433
+ RESERVED
+CVE-2022-37432
+ RESERVED
+CVE-2022-2675
+ RESERVED
+CVE-2022-2674 (A vulnerability was found in SourceCodester Best Fee Management System ...)
+ TODO: check
+CVE-2022-2673 (A vulnerability was found in Rigatur Online Booking and Hotel Manageme ...)
+ TODO: check
+CVE-2022-2672 (A vulnerability was found in SourceCodester Garage Management System. ...)
+ TODO: check
+CVE-2022-2671 (A vulnerability was found in SourceCodester Garage Management System a ...)
+ TODO: check
+CVE-2022-2670
+ RESERVED
+CVE-2022-2669
+ RESERVED
+CVE-2022-2668
+ RESERVED
+CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...)
- zlib <unfixed> (bug #1016710)
NOTE: https://github.com/ivd38/zlib_overflow
NOTE: https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
@@ -50,14 +80,14 @@ CVE-2022-37398
RESERVED
CVE-2022-36350
RESERVED
-CVE-2022-2667
- RESERVED
+CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...)
+ TODO: check
CVE-2022-2666
RESERVED
-CVE-2022-2665
- RESERVED
-CVE-2022-2664
- RESERVED
+CVE-2022-2665 (A vulnerability classified as critical was found in SourceCodester Sim ...)
+ TODO: check
+CVE-2022-2664 (A vulnerability classified as critical has been found in Private Cloud ...)
+ TODO: check
CVE-2020-36591
RESERVED
CVE-2020-36590
@@ -194,8 +224,8 @@ CVE-2022-2638
RESERVED
CVE-2022-2637
RESERVED
-CVE-2022-2636
- RESERVED
+CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
+ TODO: check
CVE-2022-2635
RESERVED
CVE-2022-37393
@@ -304,8 +334,8 @@ CVE-2022-2628
RESERVED
CVE-2022-2627
RESERVED
-CVE-2022-2626
- RESERVED
+CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...)
+ TODO: check
CVE-2022-37348
RESERVED
CVE-2022-37347
@@ -1600,30 +1630,30 @@ CVE-2022-36842
RESERVED
CVE-2022-36841
RESERVED
-CVE-2022-36840
- RESERVED
-CVE-2022-36839
- RESERVED
-CVE-2022-36838
- RESERVED
-CVE-2022-36837
- RESERVED
-CVE-2022-36836
- RESERVED
-CVE-2022-36835
- RESERVED
-CVE-2022-36834
- RESERVED
-CVE-2022-36833
- RESERVED
-CVE-2022-36832
- RESERVED
-CVE-2022-36831
- RESERVED
-CVE-2022-36830
- RESERVED
-CVE-2022-36829
- RESERVED
+CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to version 2 ...)
+ TODO: check
+CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout prior t ...)
+ TODO: check
+CVE-2022-36838 (Implicit Intent hijacking vulnerability in Galaxy Wearable prior to ve ...)
+ TODO: check
+CVE-2022-36837 (Intent redirection vulnerability using implicit intent in Samsung emai ...)
+ TODO: check
+CVE-2022-36836 (Unprotected provider vulnerability in Charm by Samsung prior to versio ...)
+ TODO: check
+CVE-2022-36835 (Implicit Intent hijacking vulnerability in Samsung Internet Browser pr ...)
+ TODO: check
+CVE-2022-36834 (Exposure of Sensitive Information vulnerability in Game Launcher prior ...)
+ TODO: check
+CVE-2022-36833 (Improper Privilege Management vulnerability in Game Optimizing Service ...)
+ TODO: check
+CVE-2022-36832 (Improper access control vulnerability in WebApp in Cameralyzer prior t ...)
+ TODO: check
+CVE-2022-36831 (Path traversal vulnerability in UriFileUtils of Samsung Notes prior to ...)
+ TODO: check
+CVE-2022-36830 (PendingIntent hijacking vulnerability in cancelAlarmManager in Charm b ...)
+ TODO: check
+CVE-2022-36829 (PendingIntent hijacking vulnerability in releaseAlarm in Charm by Sams ...)
+ TODO: check
CVE-2022-36828
RESERVED
CVE-2022-36827
@@ -1744,8 +1774,7 @@ CVE-2022-2541
RESERVED
CVE-2022-2540
RESERVED
-CVE-2022-2539
- RESERVED
+CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-2538
RESERVED
@@ -2416,15 +2445,13 @@ CVE-2022-2536
RESERVED
CVE-2022-2535
RESERVED
-CVE-2022-2534
- RESERVED
+CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-2533
RESERVED
CVE-2022-2532
RESERVED
-CVE-2022-2531
- RESERVED
+CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2530
RESERVED
@@ -2586,16 +2613,16 @@ CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scr
NOT-FOR-US: WordPress plugin
CVE-2022-36341
RESERVED
-CVE-2022-36296
- RESERVED
+CVE-2022-36296 (Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND pl ...)
+ TODO: check
CVE-2022-36292
RESERVED
CVE-2022-36288
RESERVED
CVE-2022-36285
RESERVED
-CVE-2022-36284
- RESERVED
+CVE-2022-36284 (Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerc ...)
+ TODO: check
CVE-2022-36282
RESERVED
CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
@@ -2622,8 +2649,8 @@ CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob A
NOT-FOR-US: WordPress plugin
CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site Scripting ( ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-33201
- RESERVED
+CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – ...)
+ TODO: check
CVE-2022-33142
RESERVED
CVE-2022-2515
@@ -2634,8 +2661,7 @@ CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnera
NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22)
CVE-2022-2513
RESERVED
-CVE-2022-2512
- RESERVED
+CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...)
NOT-FOR-US: BlueSpice
@@ -2731,20 +2757,15 @@ CVE-2022-29494
RESERVED
CVE-2022-29493
RESERVED
-CVE-2022-2501
- RESERVED
+CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2022-2500
- RESERVED
+CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
- gitlab <unfixed>
-CVE-2022-2499
- RESERVED
+CVE-2022-2499 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2022-2498
- RESERVED
+CVE-2022-2498 (An issue in pipeline subscriptions in GitLab EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2022-2497
- RESERVED
+CVE-2022-2497 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-2496
RESERVED
@@ -3018,15 +3039,13 @@ CVE-2022-36276
RESERVED
CVE-2022-2460
RESERVED
-CVE-2022-2459
- RESERVED
+CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-2458
RESERVED
CVE-2022-2457
RESERVED
-CVE-2022-2456
- RESERVED
+CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
CVE-2022-36275
RESERVED
@@ -3750,8 +3769,8 @@ CVE-2022-35938
RESERVED
CVE-2022-35937
RESERVED
-CVE-2022-35936
- RESERVED
+CVE-2022-35936 (Ethermint is an Ethereum library. In Ethermint running versions before ...)
+ TODO: check
CVE-2022-35935
RESERVED
CVE-2022-35934
@@ -3934,8 +3953,7 @@ CVE-2022-2419 (A vulnerability was found in URVE Web Manager. It has been declar
NOT-FOR-US: URVE Web Manager
CVE-2022-2418 (A vulnerability was found in URVE Web Manager. It has been classified ...)
NOT-FOR-US: URVE Web Manager
-CVE-2022-2417
- RESERVED
+CVE-2022-2417 (Insufficient validation in GitLab CE/EE affecting all versions from 12 ...)
- gitlab <unfixed>
CVE-2022-2416
RESERVED
@@ -5431,8 +5449,7 @@ CVE-2022-2327 (io_uring use work_flags to determine which identity need to grab
- linux 5.14.6-1
[bullseye] - linux 5.10.127-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
-CVE-2022-2326
- RESERVED
+CVE-2022-2326 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
NOT-FOR-US: Trend Micro
@@ -6138,8 +6155,7 @@ CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A ty
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3
NOTE: https://www.randorisec.fr/crack-linux-firewall/
-CVE-2022-2307
- RESERVED
+CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all versions sta ...)
- gitlab <unfixed>
CVE-2022-34917
RESERVED
@@ -6155,8 +6171,7 @@ CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
NOTE: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035)
-CVE-2022-2303
- RESERVED
+CVE-2022-2303 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password verifi ...)
NOT-FOR-US: Lenze
@@ -6632,10 +6647,10 @@ CVE-2022-34771
RESERVED
CVE-2022-34770
RESERVED
-CVE-2022-34769
- RESERVED
-CVE-2022-34768
- RESERVED
+CVE-2022-34769 (Michlol - rashim web interface Insecure direct object references (IDOR ...)
+ TODO: check
+CVE-2022-34768 (Supersmart.me - Walk Through Performing unauthorized actions on other ...)
+ TODO: check
CVE-2022-34767 (Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone t ...)
NOT-FOR-US: ALLNET
CVE-2022-34766
@@ -9498,8 +9513,7 @@ CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly o
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=919925673d6c9cfed3c1085497f5dfbbed5fc431 (OpenSSL_1_1_1q)
CVE-2022-2096
RESERVED
-CVE-2022-2095
- RESERVED
+CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...)
- gitlab <unfixed>
CVE-2022-2094
RESERVED
@@ -9595,48 +9609,48 @@ CVE-2022-2086 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Bank Management System
CVE-2022-33735
RESERVED
-CVE-2022-33734
- RESERVED
-CVE-2022-33733
- RESERVED
-CVE-2022-33732
- RESERVED
-CVE-2022-33731
- RESERVED
-CVE-2022-33730
- RESERVED
-CVE-2022-33729
- RESERVED
-CVE-2022-33728
- RESERVED
-CVE-2022-33727
- RESERVED
-CVE-2022-33726
- RESERVED
-CVE-2022-33725
- RESERVED
-CVE-2022-33724
- RESERVED
-CVE-2022-33723
- RESERVED
-CVE-2022-33722
- RESERVED
-CVE-2022-33721
- RESERVED
-CVE-2022-33720
- RESERVED
-CVE-2022-33719
- RESERVED
-CVE-2022-33718
- RESERVED
-CVE-2022-33717
- RESERVED
-CVE-2022-33716
- RESERVED
-CVE-2022-33715
- RESERVED
-CVE-2022-33714
- RESERVED
+CVE-2022-33734 (Sensitive information exposure in onCharacteristicChanged in Charm by ...)
+ TODO: check
+CVE-2022-33733 (Sensitive information exposure in onCharacteristicRead in Charm by Sam ...)
+ TODO: check
+CVE-2022-33732 (Improper access control vulnerability in Samsung Dex for PC prior to S ...)
+ TODO: check
+CVE-2022-33731 (Improper access control vulnerability in DesktopSystemUI prior to SMR ...)
+ TODO: check
+CVE-2022-33730 (Heap-based buffer overflow vulnerability in Samsung Dex for PC prior t ...)
+ TODO: check
+CVE-2022-33729 (Improper restriction of broadcasting Intent in ConfirmConnectActivity ...)
+ TODO: check
+CVE-2022-33728 (Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 R ...)
+ TODO: check
+CVE-2022-33727 (A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Au ...)
+ TODO: check
+CVE-2022-33726 (Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Au ...)
+ TODO: check
+CVE-2022-33725 (A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 ...)
+ TODO: check
+CVE-2022-33724 (Exposure of Sensitive Information in Samsung Dialer application?prior ...)
+ TODO: check
+CVE-2022-33723 (A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug- ...)
+ TODO: check
+CVE-2022-33722 (Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug ...)
+ TODO: check
+CVE-2022-33721 (A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-202 ...)
+ TODO: check
+CVE-2022-33720 (Improper authentication vulnerability in AppLock prior to SMR Aug-2022 ...)
+ TODO: check
+CVE-2022-33719 (Improper input validation in baseband prior to SMR Aug-2022 Release 1 ...)
+ TODO: check
+CVE-2022-33718 (An improper access control vulnerability in Wi-Fi Service prior to SMR ...)
+ TODO: check
+CVE-2022-33717 (A missing input validation before memory read in SEM TA prior to SMR A ...)
+ TODO: check
+CVE-2022-33716 (An absence of variable initialization in ICCC TA prior to SMR Aug-2022 ...)
+ TODO: check
+CVE-2022-33715 (Improper access control and path traversal vulnerability in LauncherPr ...)
+ TODO: check
+CVE-2022-33714 (Improper access control vulnerability in SemWifiApBroadcastReceiver pr ...)
+ TODO: check
CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior to vers ...)
NOT-FOR-US: Samsung
CVE-2022-33712 (Intent redirection vulnerability using implict intent in Camera prior ...)
@@ -11319,8 +11333,7 @@ CVE-2022-32588
RESERVED
CVE-2022-32281
RESERVED
-CVE-2022-2053
- RESERVED
+CVE-2022-2053 (When a POST request comes through AJP and the request exceeds the max- ...)
- undertow 2.2.18-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2095862
NOTE: https://github.com/undertow-io/undertow/commit/10ad8964162162ce6d441e951cb9efcdaa585916
@@ -12205,8 +12218,8 @@ CVE-2022-28666 (Broken Access Control vulnerability in YIKES Inc. Custom Product
NOT-FOR-US: WordPress plugin
CVE-2022-28612 (Improper Access Control vulnerability leading to multiple Authenticate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-25649
- RESERVED
+CVE-2022-25649 (Multiple Improper Access Control vulnerabilities in StoreApps Affiliat ...)
+ TODO: check
CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in the pla ...)
NOT-FOR-US: SCORM Engine
CVE-2022-2034
@@ -14835,26 +14848,26 @@ CVE-2022-31667
RESERVED
CVE-2022-31666
RESERVED
-CVE-2022-31665
- RESERVED
-CVE-2022-31664
- RESERVED
-CVE-2022-31663
- RESERVED
-CVE-2022-31662
- RESERVED
-CVE-2022-31661
- RESERVED
-CVE-2022-31660
- RESERVED
-CVE-2022-31659
- RESERVED
-CVE-2022-31658
- RESERVED
-CVE-2022-31657
- RESERVED
-CVE-2022-31656
- RESERVED
+CVE-2022-31665 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-31664 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-31663 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-31662 (VMware Workspace ONE Access, Identity Manager, Connectors and vRealize ...)
+ TODO: check
+CVE-2022-31661 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-31660 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-31659 (VMware Workspace ONE Access and Identity Manager contain a remote code ...)
+ TODO: check
+CVE-2022-31658 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
+CVE-2022-31657 (VMware Workspace ONE Access and Identity Manager contain a URL injecti ...)
+ TODO: check
+CVE-2022-31656 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...)
+ TODO: check
CVE-2022-31655 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...)
NOT-FOR-US: VMware
CVE-2022-31654 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...)
@@ -17921,8 +17934,8 @@ CVE-2022-1705
NOTE: https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f (go1.19rc1)
NOTE: https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e (go1.18.4)
NOTE: https://github.com/golang/go/commit/d13431c37ab62f9755f705731536ff74e7165b08 (go1.17.12)
-CVE-2022-1704
- RESERVED
+CVE-2022-1704 (Due to an XML external entity reference, the software parses XML in th ...)
+ TODO: check
CVE-2022-1703 (Improper neutralization of special elements in the SonicWall SSL-VPN S ...)
NOT-FOR-US: SonicWall
CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...)
@@ -27921,8 +27934,7 @@ CVE-2022-1014 (The WP Contacts Manager WordPress plugin through 2.2.4 fails to p
NOT-FOR-US: WordPress plugin
CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to properl ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1012
- RESERVED
+CVE-2022-1012 (A memory leak problem was found in the TCP source port generation algo ...)
{DSA-5173-1 DSA-5161-1 DLA-3065-1}
- linux 5.17.11-1
[bullseye] - linux 5.10.127-1
@@ -35512,18 +35524,18 @@ CVE-2022-0529 (A flaw was found in Unzip. The vulnerability occurs during the co
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402
NOTE: https://github.com/ByteHackr/unzip_poc
NOTE: Unclear status, checking with upstream
-CVE-2021-46681
- RESERVED
-CVE-2021-46680
- RESERVED
-CVE-2021-46679
- RESERVED
-CVE-2021-46678
- RESERVED
-CVE-2021-46677
- RESERVED
-CVE-2021-46676
- RESERVED
+CVE-2021-46681 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
+ TODO: check
+CVE-2021-46680 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
+ TODO: check
+CVE-2021-46679 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
+ TODO: check
+CVE-2021-46678 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
+ TODO: check
+CVE-2021-46677 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
+ TODO: check
+CVE-2021-46676 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...)
+ TODO: check
CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
NOT-FOR-US: swift-nio-http2
CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
@@ -43949,8 +43961,8 @@ CVE-2022-22301 (An improper neutralization of special elements used in an OS Com
NOT-FOR-US: FortiGuard
CVE-2022-22300 (A improper handling of insufficient permissions or privileges in Forti ...)
NOT-FOR-US: FortiGuard
-CVE-2022-22299
- RESERVED
+CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line interprete ...)
+ TODO: check
CVE-2022-22298
RESERVED
CVE-2022-22297
@@ -73260,8 +73272,8 @@ CVE-2021-36863
RESERVED
CVE-2021-36862
RESERVED
-CVE-2021-36861
- RESERVED
+CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Sta ...)
+ TODO: check
CVE-2021-36860
RESERVED
CVE-2021-36859
@@ -85281,7 +85293,7 @@ CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 1
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3)
-CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitialized v ...)
+CVE-2018-25014 (A use of uninitialized value was found in libwebp in versions before 1 ...)
{DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
@@ -88823,26 +88835,26 @@ CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in
{DSA-5096-1 DLA-2941-1 DLA-2689-1}
- linux 5.10.9-1
NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
-CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+CVE-2018-25013 (A heap-based buffer overflow was found in libwebp in versions before 1 ...)
{DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
-CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+CVE-2018-25012 (A heap-based buffer overflow was found in libwebp in versions before 1 ...)
{DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
-CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
+CVE-2018-25011 (A heap-based buffer overflow was found in libwebp in versions before 1 ...)
{DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
-CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+CVE-2018-25010 (A heap-based buffer overflow was found in libwebp in versions before 1 ...)
{DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0
-CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+CVE-2018-25009 (A heap-based buffer overflow was found in libwebp in versions before 1 ...)
{DSA-4930-1 DLA-2677-1}
- libwebp 0.6.1-2.1
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
@@ -96455,8 +96467,8 @@ CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator
- zint 2.9.1-1.1 (bug #983610)
NOTE: https://sourceforge.net/p/zint/tickets/218/
NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
-CVE-2021-27798
- RESERVED
+CVE-2021-27798 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability in Brocade Fabric OS v ...)
+ TODO: check
CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...)
NOT-FOR-US: Brocade
CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...)
@@ -194638,8 +194650,8 @@ CVE-2020-1756
RESERVED
CVE-2020-1755
RESERVED
-CVE-2020-1754
- RESERVED
+CVE-2020-1754 (In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the gra ...)
+ TODO: check
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
{DSA-4950-1}
- ansible 2.9.16+dfsg-1
@@ -194912,8 +194924,8 @@ CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vuln
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...)
- moodle <removed>
-CVE-2020-1691
- RESERVED
+CVE-2020-1691 (In Moodle 3.8, messages required extra sanitizing before updating the ...)
+ TODO: check
CVE-2020-1690 (An improper authorization flaw was discovered in openstack-selinux's a ...)
NOT-FOR-US: openstack-selinux
CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...)
@@ -278536,17 +278548,17 @@ CVE-2018-10870 (redhat-certification does not properly sanitize paths in rhcertS
NOT-FOR-US: Red Hat Certification
CVE-2018-10869 (redhat-certification does not properly restrict files that can be down ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10868 (It has been discovered that redhat-certification does not properly lim ...)
+CVE-2018-10868 (redhat-certification 7 does not properly restrict the number of recurs ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10867 (It has been discovered that redhat-certification does not restrict fil ...)
+CVE-2018-10867 (Files are accessible without restrictions from the /update/results pag ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10866 (It has been discovered that redhat-certification does not perform an a ...)
+CVE-2018-10866 (It was discovered that the /configuration view of redhat-certification ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10865 (It has been discovered that redhat-certification does not perform an a ...)
+CVE-2018-10865 (It was discovered that the /configuration view of redhat-certification ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in redha ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10863 (It has been discovered that redhat-certification is not properly confi ...)
+CVE-2018-10863 (It was discovered that redhat-certification 7 is not properly configur ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...)
- wildfly <itp> (bug #752018)
@@ -381267,8 +381279,8 @@ CVE-2016-3099 (mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise
[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
-CVE-2016-3098
- RESERVED
+CVE-2016-3098 (Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 ...)
+ TODO: check
CVE-2016-3097 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat ...)
NOT-FOR-US: spacewalk-java
CVE-2016-3096 (The create_script function in the lxc_container module in Ansible befo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b629b1b928f062490edba9adb3dd687d1f1a153
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b629b1b928f062490edba9adb3dd687d1f1a153
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220805/7c97460b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list