[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Aug 6 09:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3b1f94a5 by security tracker role at 2022-08-06T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2022-37450 (Go Ethereum (aka geth) through 1.10.21 allows attackers to increase re ...)
+ TODO: check
+CVE-2022-37449
+ RESERVED
+CVE-2022-37448
+ RESERVED
+CVE-2022-37447
+ RESERVED
+CVE-2022-37446
+ RESERVED
+CVE-2022-37445
+ RESERVED
+CVE-2022-37444
+ RESERVED
+CVE-2022-37443
+ RESERVED
+CVE-2022-37442
+ RESERVED
+CVE-2022-37441
+ RESERVED
+CVE-2022-37440
+ RESERVED
+CVE-2022-2687
+ RESERVED
+CVE-2022-2686
+ RESERVED
+CVE-2022-2685 (A vulnerability was found in SourceCodester Interview Management Syste ...)
+ TODO: check
+CVE-2022-2684 (A vulnerability has been found in SourceCodester Apartment Visitor Man ...)
+ TODO: check
+CVE-2022-2683 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2022-2682 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-2681 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2022-2680 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2022-2679 (A vulnerability was found in SourceCodester Interview Management Syste ...)
+ TODO: check
+CVE-2022-2678 (A vulnerability was found in SourceCodester Alphaware Simple E-Commerc ...)
+ TODO: check
+CVE-2022-2677 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...)
+ TODO: check
+CVE-2022-2676 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
+ TODO: check
CVE-2022-37439
RESERVED
CVE-2022-37438
@@ -12,8 +58,8 @@ CVE-2022-37433
RESERVED
CVE-2022-37432
RESERVED
-CVE-2022-2675
- RESERVED
+CVE-2022-2675 (Using off-the-shelf commodity hardware, the Unitree Go 1 robotics plat ...)
+ TODO: check
CVE-2022-2674 (A vulnerability was found in SourceCodester Best Fee Management System ...)
NOT-FOR-US: SourceCodester
CVE-2022-2673 (A vulnerability was found in Rigatur Online Booking and Hotel Manageme ...)
@@ -26,8 +72,7 @@ CVE-2022-2670
RESERVED
CVE-2022-2669
RESERVED
-CVE-2022-2668
- RESERVED
+CVE-2022-2668 (An issue was discovered in Keycloak that allows arbitrary Javascript t ...)
NOT-FOR-US: Keycloak
CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...)
- zlib <unfixed> (bug #1016710)
@@ -77,8 +122,8 @@ CVE-2022-37400
RESERVED
CVE-2022-37399
RESERVED
-CVE-2022-37398
- RESERVED
+CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when ...)
+ TODO: check
CVE-2022-36350
RESERVED
CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...)
@@ -5658,10 +5703,10 @@ CVE-2022-35165
RESERVED
CVE-2022-35164
RESERVED
-CVE-2022-35163
- RESERVED
-CVE-2022-35162
- RESERVED
+CVE-2022-35163 (Complete Online Job Search System v1.0 was discovered to contain a cro ...)
+ TODO: check
+CVE-2022-35162 (Complete Online Job Search System v1.0 was discovered to contain a cro ...)
+ TODO: check
CVE-2022-35161 (GVRET Stable Release as of Aug 15, 2015 was discovered to contain a bu ...)
NOT-FOR-US: GVRET
CVE-2022-35160
@@ -11821,8 +11866,8 @@ CVE-2022-32573
RESERVED
CVE-2022-30605
RESERVED
-CVE-2022-29886
- RESERVED
+CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...)
+ TODO: check
CVE-2022-29517
RESERVED
CVE-2022-29511
@@ -12280,8 +12325,8 @@ CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the
NOTE: https://github.com/ImageMagick/ImageMagick/pull/4963
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512 (7.1.0-28)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa (6.9.12-43)
-CVE-2022-32543
- RESERVED
+CVE-2022-32543 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...)
+ TODO: check
CVE-2022-32542
RESERVED
CVE-2022-32541
@@ -13069,8 +13114,8 @@ CVE-2022-31472 (Browse restriction bypass vulnerability in Cabinet of Cybozu Gar
NOT-FOR-US: Cybozu
CVE-2022-29521
RESERVED
-CVE-2022-29465
- RESERVED
+CVE-2022-29465 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
+ TODO: check
CVE-2022-25958
RESERVED
CVE-2022-1993 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. ...)
@@ -13325,8 +13370,7 @@ CVE-2022-1974
- linux 5.17.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1
NOTE: https://git.kernel.org/linus/da5c0f119203ad9728920456a0f52a6d850c01cd (5.18-rc6)
-CVE-2022-1973 [fs/ntfs3: Fix invalid free in log_replay]
- RESERVED
+CVE-2022-1973 (A use-after-free flaw was found in the Linux kernel in log_replay in f ...)
- linux 5.18.5-1 (unimportant)
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -15053,8 +15097,8 @@ CVE-2022-1878
RESERVED
CVE-2022-1877
RESERVED
-CVE-2022-31618
- RESERVED
+CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
CVE-2022-31617
RESERVED
CVE-2022-31616
@@ -15079,8 +15123,8 @@ CVE-2022-31615
- nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1016620)
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1016621)
-CVE-2022-31614
- RESERVED
+CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
CVE-2022-31613
RESERVED
CVE-2022-31612
@@ -15089,8 +15133,8 @@ CVE-2022-31611
RESERVED
CVE-2022-31610
RESERVED
-CVE-2022-31609
- RESERVED
+CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ TODO: check
CVE-2022-31608
RESERVED
- nvidia-graphics-drivers <unfixed> (bug #1016614)
@@ -22616,8 +22660,8 @@ CVE-2022-29073
RESERVED
CVE-2022-29072 (** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalat ...)
NOT-FOR-US: 7-Zip on Windows
-CVE-2022-29071
- RESERVED
+CVE-2022-29071 (This advisory documents an internally found vulnerability in the on pr ...)
+ TODO: check
CVE-2022-29070
RESERVED
CVE-2022-29069
@@ -23157,8 +23201,8 @@ CVE-2022-28882
RESERVED
CVE-2022-28881
RESERVED
-CVE-2022-28880
- RESERVED
+CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
+ TODO: check
CVE-2022-28879 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
NOT-FOR-US: F-Secure
CVE-2022-28878 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
@@ -23584,10 +23628,10 @@ CVE-2022-28668 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: Sante DICOM Viewer
CVE-2022-28667
RESERVED
-CVE-2022-28665
- RESERVED
-CVE-2022-28664
- RESERVED
+CVE-2022-28665 (A memory corruption vulnerability exists in the httpd unescape functio ...)
+ TODO: check
+CVE-2022-28664 (A memory corruption vulnerability exists in the httpd unescape functio ...)
+ TODO: check
CVE-2022-28611
RESERVED
CVE-2022-28126
@@ -23602,8 +23646,8 @@ CVE-2022-27639
RESERVED
CVE-2022-27638
RESERVED
-CVE-2022-27631
- RESERVED
+CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape functio ...)
+ TODO: check
CVE-2022-27499
RESERVED
CVE-2022-27234
@@ -23628,8 +23672,8 @@ CVE-2022-26509
RESERVED
CVE-2022-26508
RESERVED
-CVE-2022-26376
- RESERVED
+CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...)
+ TODO: check
CVE-2022-26369
RESERVED
CVE-2022-26367
@@ -25330,8 +25374,7 @@ CVE-2022-28161 (An information exposure through log file vulnerability in Brocad
NOT-FOR-US: Brocade SANnav
CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are vuln ...)
NOT-FOR-US: Rockwell Automation
-CVE-2022-1158
- RESERVED
+CVE-2022-1158 (A flaw was found in KVM. When updating a guest's page table entry, vm_ ...)
{DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -26447,18 +26490,18 @@ CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (an
NOT-FOR-US: Adobe
CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...)
NOT-FOR-US: Adobe
-CVE-2022-27660
- RESERVED
-CVE-2022-27633
- RESERVED
-CVE-2022-27630
- RESERVED
-CVE-2022-27185
- RESERVED
-CVE-2022-27178
- RESERVED
-CVE-2022-26346
- RESERVED
+CVE-2022-27660 (A denial of service vulnerability exists in the confctl_set_guest_wlan ...)
+ TODO: check
+CVE-2022-27633 (An information disclosure vulnerability exists in the confctl_get_gues ...)
+ TODO: check
+CVE-2022-27630 (An information disclosure vulnerability exists in the confctl_get_mast ...)
+ TODO: check
+CVE-2022-27185 (A denial of service vulnerability exists in the confctl_set_master_wla ...)
+ TODO: check
+CVE-2022-27178 (A denial of service vulnerability exists in the confctl_set_wan_cfg fu ...)
+ TODO: check
+CVE-2022-26346 (A denial of service vulnerability exists in the ucloud_del_node functi ...)
+ TODO: check
CVE-2022-1060
RESERVED
CVE-2022-27782 (libcurl would reuse a previously created connection even when a TLS or ...)
@@ -27072,8 +27115,8 @@ CVE-2022-27536 (Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can
- golang-1.17 <not-affected> (MacOS-specific)
NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8
NOTE: https://go.dev/issue/51759
-CVE-2022-27535
- RESERVED
+CVE-2022-27535 (Kaspersky VPN Secure Connection for Windows version up to 21.5 was vul ...)
+ TODO: check
CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security ...)
NOT-FOR-US: Kaspersky
CVE-2022-27533
@@ -29228,8 +29271,8 @@ CVE-2022-26425
RESERVED
CVE-2022-26421
RESERVED
-CVE-2022-26342
- RESERVED
+CVE-2022-26342 (A buffer overflow vulnerability exists in the confsrv ucloud_set_node_ ...)
+ TODO: check
CVE-2022-26076
RESERVED
CVE-2022-26062
@@ -29238,10 +29281,10 @@ CVE-2022-26052
RESERVED
CVE-2022-26032
RESERVED
-CVE-2022-26009
- RESERVED
-CVE-2022-25996
- RESERVED
+CVE-2022-26009 (A stack-based buffer overflow vulnerability exists in the confsrv uclo ...)
+ TODO: check
+CVE-2022-25996 (A stack-based buffer overflow vulnerability exists in the confsrv addT ...)
+ TODO: check
CVE-2022-25987
RESERVED
CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
@@ -37558,56 +37601,56 @@ CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O wit
NOT-FOR-US: Insyde
CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
NOT-FOR-US: Insyde
-CVE-2022-24029
- RESERVED
-CVE-2022-24028
- RESERVED
-CVE-2022-24027
- RESERVED
-CVE-2022-24026
- RESERVED
-CVE-2022-24025
- RESERVED
-CVE-2022-24024
- RESERVED
-CVE-2022-24023
- RESERVED
-CVE-2022-24022
- RESERVED
-CVE-2022-24021
- RESERVED
-CVE-2022-24020
- RESERVED
-CVE-2022-24019
- RESERVED
-CVE-2022-24018
- RESERVED
-CVE-2022-24017
- RESERVED
-CVE-2022-24016
- RESERVED
-CVE-2022-24015
- RESERVED
-CVE-2022-24014
- RESERVED
-CVE-2022-24013
- RESERVED
-CVE-2022-24012
- RESERVED
-CVE-2022-24011
- RESERVED
-CVE-2022-24010
- RESERVED
-CVE-2022-24009
- RESERVED
-CVE-2022-24008
- RESERVED
-CVE-2022-24007
- RESERVED
-CVE-2022-24006
- RESERVED
-CVE-2022-24005
- RESERVED
+CVE-2022-24029 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24028 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24027 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24026 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24025 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24024 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24023 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24022 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24021 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24020 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24019 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24018 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24017 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24016 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24015 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24014 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24013 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24012 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24011 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24010 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24009 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24008 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24007 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24006 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
+CVE-2022-24005 (A buffer overflow vulnerability exists in the GetValue functionality o ...)
+ TODO: check
CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...)
@@ -37868,8 +37911,8 @@ CVE-2022-23975 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <=
NOT-FOR-US: Access Demo Importer
CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path allowed ...)
NOT-FOR-US: Apache Pinot
-CVE-2022-23103
- RESERVED
+CVE-2022-23103 (A stack-based buffer overflow vulnerability exists in the confsrv conf ...)
+ TODO: check
CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...)
@@ -38117,20 +38160,20 @@ CVE-2022-23925 (Potential vulnerabilities have been identified in the system BIO
NOT-FOR-US: HP
CVE-2022-23924 (Potential vulnerabilities have been identified in the system BIOS of c ...)
NOT-FOR-US: HP
-CVE-2022-23919
- RESERVED
-CVE-2022-23918
- RESERVED
-CVE-2022-23399
- RESERVED
-CVE-2022-22144
- RESERVED
-CVE-2022-22140
- RESERVED
-CVE-2022-21201
- RESERVED
-CVE-2022-21178
- RESERVED
+CVE-2022-23919 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...)
+ TODO: check
+CVE-2022-23918 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...)
+ TODO: check
+CVE-2022-23399 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...)
+ TODO: check
+CVE-2022-22144 (A hard-coded password vulnerability exists in the libcommonprod.so pro ...)
+ TODO: check
+CVE-2022-22140 (An os command injection vulnerability exists in the confsrv ucloud_add ...)
+ TODO: check
+CVE-2022-21201 (A stack-based buffer overflow vulnerability exists in the confers uclo ...)
+ TODO: check
+CVE-2022-21178 (An os command injection vulnerability exists in the confsrv ucloud_add ...)
+ TODO: check
CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...)
NOT-FOR-US: simple-get nodejs module
CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow ...)
@@ -94670,8 +94713,8 @@ CVE-2021-28513
RESERVED
CVE-2021-28512
RESERVED
-CVE-2021-28511
- RESERVED
+CVE-2021-28511 (This advisory documents the impact of an internally found vulnerabilit ...)
+ TODO: check
CVE-2021-28510
RESERVED
CVE-2021-28509 (This advisory documents the impact of an internally found vulnerabilit ...)
@@ -225946,7 +225989,7 @@ CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x be
CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account tokens i ...)
NOT-FOR-US: Red Hat Quay
CVE-2019-10204
- RESERVED
+ REJECTED
CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...)
- pdns 4.2.0-1 (low; bug #970729)
[buster] - pdns 4.1.6-3+deb10u1
@@ -306778,7 +306821,7 @@ CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a vulnerabili
CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for the d ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2018-1076
- RESERVED
+ REJECTED
CVE-2018-1075 (ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered passwo ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1074 (ovirt-engine API and administration web portal before versions 4.2.2.5 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1f94a57517b71c65192a635952e50d37167ebf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b1f94a57517b71c65192a635952e50d37167ebf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220806/8f4e9ecf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list