[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 11 09:10:29 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9370d219 by security tracker role at 2022-08-11T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,142 @@
-CVE-2022-38150 [VSV00009: Varnish Denial of Service]
+CVE-2022-38169
+ RESERVED
+CVE-2022-38168
+ RESERVED
+CVE-2022-38167
+ RESERVED
+CVE-2022-38166
+ RESERVED
+CVE-2022-38165
+ RESERVED
+CVE-2022-38164
+ RESERVED
+CVE-2022-38163
+ RESERVED
+CVE-2022-38162
+ RESERVED
+CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...)
+ TODO: check
+CVE-2022-38160
+ RESERVED
+CVE-2022-38159
+ RESERVED
+CVE-2022-38158
+ RESERVED
+CVE-2022-38157
+ RESERVED
+CVE-2022-38156
+ RESERVED
+CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted applicatio ...)
+ TODO: check
+CVE-2022-38154
+ RESERVED
+CVE-2022-38153
+ RESERVED
+CVE-2022-38152
+ RESERVED
+CVE-2022-38151
+ RESERVED
+CVE-2022-38149
+ RESERVED
+CVE-2022-38148
+ RESERVED
+CVE-2022-38147
+ RESERVED
+CVE-2022-38146
+ RESERVED
+CVE-2022-38145
+ RESERVED
+CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...)
+ TODO: check
+CVE-2022-38132
+ RESERVED
+CVE-2022-38131
+ RESERVED
+CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
+ TODO: check
+CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...)
+ TODO: check
+CVE-2022-38128
+ RESERVED
+CVE-2022-38127
+ RESERVED
+CVE-2022-38126
+ RESERVED
+CVE-2022-38125
+ RESERVED
+CVE-2022-38124
+ RESERVED
+CVE-2022-38123
+ RESERVED
+CVE-2022-38122
+ RESERVED
+CVE-2022-38121
+ RESERVED
+CVE-2022-38120
+ RESERVED
+CVE-2022-38119
+ RESERVED
+CVE-2022-38118
+ RESERVED
+CVE-2022-38117
+ RESERVED
+CVE-2022-38116
+ RESERVED
+CVE-2022-38103
+ RESERVED
+CVE-2022-38092
+ RESERVED
+CVE-2022-38087
+ RESERVED
+CVE-2022-38076
+ RESERVED
+CVE-2022-38060
+ RESERVED
+CVE-2022-38056
+ RESERVED
+CVE-2022-37336
+ RESERVED
+CVE-2022-37329
+ RESERVED
+CVE-2022-36406
+ RESERVED
+CVE-2022-36351
+ RESERVED
+CVE-2022-33893
+ RESERVED
+CVE-2022-2759
+ RESERVED
+CVE-2022-2758
+ RESERVED
+CVE-2022-2757
+ RESERVED
+CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavi ...)
+ TODO: check
+CVE-2022-2755
+ RESERVED
+CVE-2022-2754
+ RESERVED
+CVE-2022-2753
+ RESERVED
+CVE-2022-2752
+ RESERVED
+CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...)
+ TODO: check
+CVE-2022-2750 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2022-2749 (A vulnerability was found in SourceCodester Gym Management System. It ...)
+ TODO: check
+CVE-2022-2748 (A vulnerability was found in SourceCodester Simple Online Book Store S ...)
+ TODO: check
+CVE-2022-2747 (A vulnerability was found in SourceCodester Simple Online Book Store a ...)
+ TODO: check
+CVE-2022-2746 (A vulnerability has been found in SourceCodester Simple Online Book St ...)
+ TODO: check
+CVE-2022-2745 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2022-2744 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cau ...)
- varnish <unfixed>
[bullseye] - varnish <not-affected> (Vulnerable code not present)
[buster] - varnish <not-affected> (Vulnerable code not present)
@@ -134,16 +272,16 @@ CVE-2022-2742
RESERVED
CVE-2022-2741
RESERVED
-CVE-2022-2740
- RESERVED
+CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
+ TODO: check
CVE-2022-2739
RESERVED
CVE-2022-2738
RESERVED
CVE-2022-2737
RESERVED
-CVE-2022-2736
- RESERVED
+CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
+ TODO: check
CVE-2022-2735
RESERVED
CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
@@ -2987,8 +3125,8 @@ CVE-2022-36925
RESERVED
CVE-2022-36924
RESERVED
-CVE-2022-36923
- RESERVED
+CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...)
+ TODO: check
CVE-2022-2556
RESERVED
CVE-2022-2555
@@ -3254,8 +3392,8 @@ CVE-2022-36803
RESERVED
CVE-2022-36802
RESERVED
-CVE-2022-36801
- RESERVED
+CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ TODO: check
CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server and Data ...)
NOT-FOR-US: Atlassian
CVE-2022-36799 (This issue exists to document that a security improvement in the way t ...)
@@ -3363,8 +3501,8 @@ CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds write
NOT-FOR-US: png2webp
CVE-2022-36751
RESERVED
-CVE-2022-36750
- RESERVED
+CVE-2022-36750 (Clinic's Patient Management System v1.0 is vulnerable to SQL injection ...)
+ TODO: check
CVE-2022-36749
RESERVED
CVE-2022-36748
@@ -4344,12 +4482,12 @@ CVE-2022-36327
RESERVED
CVE-2022-36326
RESERVED
-CVE-2022-36325
- RESERVED
-CVE-2022-36324
- RESERVED
-CVE-2022-36323
- RESERVED
+CVE-2022-36325 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...)
+ TODO: check
+CVE-2022-36324 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...)
+ TODO: check
+CVE-2022-36323 (A vulnerability has been identified in SCALANCE M-800 / S615 (All vers ...)
+ TODO: check
CVE-2022-36322 (In JetBrains TeamCity before 2022.04.2 build parameter injection was p ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2022-36321 (In JetBrains TeamCity before 2022.04.2 the private SSH key could be wr ...)
@@ -4605,8 +4743,8 @@ CVE-2022-36272
RESERVED
CVE-2022-36271
RESERVED
-CVE-2022-36270
- RESERVED
+CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...)
+ TODO: check
CVE-2022-36269
RESERVED
CVE-2022-36268
@@ -4887,7 +5025,7 @@ CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is pron
NOT-FOR-US: Atlassian addon
CVE-2022-36130
RESERVED
-CVE-2022-36129 (HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect ...)
+CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clu ...)
NOT-FOR-US: HashiCorp Vault
CVE-2022-2455
RESERVED
@@ -5851,8 +5989,8 @@ CVE-2022-35717
RESERVED
CVE-2022-35716 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7 ...)
NOT-FOR-US: IBM
-CVE-2022-35715
- RESERVED
+CVE-2022-35715 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ TODO: check
CVE-2022-35714
RESERVED
CVE-2022-34861
@@ -6897,8 +7035,8 @@ CVE-2022-35282
RESERVED
CVE-2022-35281
RESERVED
-CVE-2022-35280
- RESERVED
+CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...)
+ TODO: check
CVE-2022-35279
RESERVED
CVE-2022-35278
@@ -8298,8 +8436,8 @@ CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting
- gitlab <unfixed>
CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...)
- gitlab <unfixed>
-CVE-2022-2242
- RESERVED
+CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to i ...)
+ TODO: check
CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...)
@@ -8523,10 +8661,10 @@ CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All
NOT-FOR-US: Siemens
CVE-2022-34662
RESERVED
-CVE-2022-34661
- RESERVED
-CVE-2022-34660
- RESERVED
+CVE-2022-34661 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ TODO: check
+CVE-2022-34660 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ TODO: check
CVE-2022-2225 (By using warp-cli subcommands (disable-ethernet, disable-wifi), it was ...)
NOT-FOR-US: Cloudflare Warp
CVE-2022-2224 (The WordPress plugin Gallery for Social Photo is vulnerable to Cross-S ...)
@@ -8584,8 +8722,8 @@ CVE-2017-20110 (A vulnerability, which was classified as problematic, has been f
NOT-FOR-US: Teleopti WFM
CVE-2017-20109 (A vulnerability classified as problematic was found in Teleopti WFM up ...)
NOT-FOR-US: Teleopti WFM
-CVE-2022-34659
- RESERVED
+CVE-2022-34659 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...)
+ TODO: check
CVE-2022-34647
RESERVED
CVE-2022-34646
@@ -9146,7 +9284,7 @@ CVE-2022-34467 (A vulnerability has been identified in Mendix Excel Importer Mod
NOT-FOR-US: Siemens
CVE-2022-34466 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
-CVE-2022-34465 (A vulnerability has been identified in Parasolid V33.1 (All versions), ...)
+CVE-2022-34465 (A vulnerability has been identified in Parasolid V33.1 (All versions & ...)
NOT-FOR-US: Siemens
CVE-2022-34464 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...)
NOT-FOR-US: Siemens
@@ -9358,8 +9496,8 @@ CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4
NOT-FOR-US: Dell
CVE-2022-34366
RESERVED
-CVE-2022-34365
- RESERVED
+CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API. An atta ...)
+ TODO: check
CVE-2022-34364
RESERVED
CVE-2022-34363
@@ -10654,22 +10792,22 @@ CVE-2022-33933
RESERVED
CVE-2022-33932
RESERVED
-CVE-2022-33931
- RESERVED
-CVE-2022-33930
- RESERVED
-CVE-2022-33929
- RESERVED
-CVE-2022-33928
- RESERVED
-CVE-2022-33927
- RESERVED
-CVE-2022-33926
- RESERVED
-CVE-2022-33925
- RESERVED
-CVE-2022-33924
- RESERVED
+CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...)
+ TODO: check
+CVE-2022-33930 (Dell Wyse Management Suite 3.6.1 and below contains Information Disclo ...)
+ TODO: check
+CVE-2022-33929 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...)
+ TODO: check
+CVE-2022-33928 (Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Pass ...)
+ TODO: check
+CVE-2022-33927 (Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation ...)
+ TODO: check
+CVE-2022-33926 (Dell Wyse Management Suite 3.6.1 and below contains an improper access ...)
+ TODO: check
+CVE-2022-33925 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...)
+ TODO: check
+CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...)
+ TODO: check
CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...)
NOT-FOR-US: Dell
CVE-2022-33922
@@ -15992,13 +16130,12 @@ CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-ba
NOTE: Only impact the ftbench in freetype2-demos
CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expressio ...)
NOT-FOR-US: Apache Tapestry
-CVE-2022-31780
- RESERVED
+CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...)
- trafficserver 9.1.3+ds-1
-CVE-2022-31779
- RESERVED
-CVE-2022-31778
- RESERVED
+CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...)
+ TODO: check
+CVE-2022-31778 (Improper Input Validation vulnerability in handling the Transfer-Encod ...)
+ TODO: check
CVE-2022-31777
RESERVED
CVE-2022-31776 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...)
@@ -20431,17 +20568,17 @@ CVE-2022-30325 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devi
NOT-FOR-US: TRENDnet
CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...)
- nomad <not-affected> (In Debian Nomad doesn't bundle go-getter, but build depends a shared deb)
-CVE-2022-30323 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
+CVE-2022-30323 (go-getter up to 1.5.11 and 2.0.2 panicked when processing password-pro ...)
- golang-github-hashicorp-go-getter <unfixed> (bug #1011741)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
NOTE: https://github.com/hashicorp/go-getter/pull/359
NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0)
-CVE-2022-30322 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
+CVE-2022-30322 (go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustio ...)
- golang-github-hashicorp-go-getter <unfixed> (bug #1011741)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
NOTE: https://github.com/hashicorp/go-getter/pull/359
NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0)
-CVE-2022-30321 (HashiCorp go-getter through 2.0.2 does not safely perform downloads (i ...)
+CVE-2022-30321 (go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go- ...)
- golang-github-hashicorp-go-getter <unfixed> (bug #1011741)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
NOTE: https://github.com/hashicorp/go-getter/pull/359
@@ -23981,7 +24118,7 @@ CVE-2022-29154 (An issue was discovered in rsync before 3.2.5 that allows malici
NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7e5424b806e8eea053016268ad186276e9083b77 (v3.2.5pre1)
NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3d7015afa223494e3318495c2f5de9cb49229da9 (v3.2.5pre1)
NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=2f7c583143bc6e80902139c23d9d7283f88fbc6a (v3.2.5pre1)
-CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. ...)
+CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...)
- consul <unfixed> (bug #1015218)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...)
@@ -24108,8 +24245,8 @@ CVE-2022-29092 (Dell SupportAssist Client Consumer versions (3.11.0 and versions
NOT-FOR-US: Dell SupportAssist
CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...)
NOT-FOR-US: Dell
-CVE-2022-29090
- RESERVED
+CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data E ...)
+ TODO: check
CVE-2022-29089
RESERVED
CVE-2022-29088
@@ -24725,8 +24862,8 @@ CVE-2022-28883
RESERVED
CVE-2022-28882
RESERVED
-CVE-2022-28881
- RESERVED
+CVE-2022-28881 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ TODO: check
CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...)
NOT-FOR-US: F-Secure
CVE-2022-28879 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
@@ -26993,8 +27130,7 @@ CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go
- golang-1.11 <removed>
CVE-2022-28130
RESERVED
-CVE-2022-28129
- RESERVED
+CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsing of ...)
- trafficserver 9.1.3+ds-1
CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...)
- gitlab <unfixed>
@@ -30412,7 +30548,7 @@ CVE-2022-0936 (Cross-site Scripting (XSS) - Stored in GitHub repository autolab/
NOT-FOR-US: Autolab
CVE-2022-26946
RESERVED
-CVE-2022-26945 (HashiCorp go-getter before 2.0.2 allows Command Injection. ...)
+CVE-2022-26945 (go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless r ...)
- golang-github-hashicorp-go-getter <unfixed> (bug #1011741)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
NOTE: https://github.com/hashicorp/go-getter/pull/359
@@ -33016,8 +33152,8 @@ CVE-2022-25975
RESERVED
CVE-2022-25974
RESERVED
-CVE-2022-25973
- RESERVED
+CVE-2022-25973 (All versions of package mc-kill-port are vulnerable to Arbitrary Comma ...)
+ TODO: check
CVE-2022-25971
RESERVED
CVE-2022-25970
@@ -33621,8 +33757,8 @@ CVE-2022-25795 (A maliciously crafted PDF file can be used to dereference for a
NOT-FOR-US: Autodesk
CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...)
NOT-FOR-US: Autodesk
-CVE-2022-25793
- RESERVED
+CVE-2022-25793 (A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, ...)
+ TODO: check
CVE-2022-25792 (A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...)
NOT-FOR-US: Autodesk
CVE-2022-25791 (A Memory Corruption vulnerability for DWF and DWFX files in Autodesk A ...)
@@ -33673,8 +33809,7 @@ CVE-2022-25769
RESERVED
CVE-2022-25768
RESERVED
-CVE-2022-25763
- RESERVED
+CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...)
- trafficserver 9.1.3+ds-1
CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...)
NOT-FOR-US: InHand Networks InRouter302
@@ -34623,7 +34758,7 @@ CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c i
NOTE: https://github.com/szymonh/rndis-co
NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
-CVE-2022-25374 (HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Infor ...)
+CVE-2022-25374 (HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v2 ...)
NOT-FOR-US: HashiCorp Terraform Enterprise
CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in ...)
NOT-FOR-US: Zoho ManageEngine
@@ -36955,17 +37090,17 @@ CVE-2022-24689 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5.
NOT-FOR-US: DSK DSKNet
CVE-2022-24688 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The T ...)
NOT-FOR-US: DSK DSKNet
-CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, a ...)
+CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, a ...)
- consul <unfixed> (bug #1006487)
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
- nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
-CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1 ...)
+CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow i ...)
- nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
NOTE: https://github.com/hashicorp/nomad/issues/12038
-CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
+CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and ...)
- nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
NOTE: https://github.com/hashicorp/nomad/issues/12039
@@ -42315,8 +42450,8 @@ CVE-2022-0229 (The miniOrange's Google Authenticator WordPress plugin before 5.5
NOT-FOR-US: WordPress plugin
CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-46304
- RESERVED
+CVE-2021-46304 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
+ TODO: check
CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
{DSA-5050-1}
- linux 5.15.15-1
@@ -45150,8 +45285,8 @@ CVE-2022-22492
RESERVED
CVE-2022-22491
RESERVED
-CVE-2022-22490
- RESERVED
+CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...)
+ TODO: check
CVE-2022-22489
RESERVED
CVE-2022-22488
@@ -45308,8 +45443,8 @@ CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vul
NOT-FOR-US: IBM
CVE-2022-22412 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...)
NOT-FOR-US: IBM
-CVE-2022-22411
- RESERVED
+CVE-2022-22411 (IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an a ...)
+ TODO: check
CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could allow an a ...)
NOT-FOR-US: IBM
CVE-2022-22409
@@ -45392,8 +45527,8 @@ CVE-2022-22371
RESERVED
CVE-2022-22370 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 ...)
NOT-FOR-US: IBM
-CVE-2022-22369
- RESERVED
+CVE-2022-22369 (IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwri ...)
+ TODO: check
CVE-2022-22368 (IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cry ...)
NOT-FOR-US: IBM
CVE-2022-22367 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 co ...)
@@ -46415,8 +46550,8 @@ CVE-2022-0030
RESERVED
CVE-2022-0029
RESERVED
-CVE-2022-0028
- RESERVED
+CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...)
+ TODO: check
CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...)
NOT-FOR-US: Palo Alto Networks software
CVE-2022-0026 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...)
@@ -56770,8 +56905,8 @@ CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2022-20915
RESERVED
-CVE-2022-20914
- RESERVED
+CVE-2022-20914 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...)
+ TODO: check
CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...)
NOT-FOR-US: Cisco
CVE-2022-20912 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -56860,14 +56995,14 @@ CVE-2022-20871
RESERVED
CVE-2022-20870
RESERVED
-CVE-2022-20869
- RESERVED
+CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ TODO: check
CVE-2022-20868
RESERVED
CVE-2022-20867
RESERVED
-CVE-2022-20866
- RESERVED
+CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running Cisco A ...)
+ TODO: check
CVE-2022-20865
RESERVED
CVE-2022-20864
@@ -56894,8 +57029,8 @@ CVE-2022-20854
RESERVED
CVE-2022-20853
RESERVED
-CVE-2022-20852
- RESERVED
+CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
+ TODO: check
CVE-2022-20851
RESERVED
CVE-2022-20850
@@ -56914,10 +57049,10 @@ CVE-2022-20844
RESERVED
CVE-2022-20843
RESERVED
-CVE-2022-20842
- RESERVED
-CVE-2022-20841
- RESERVED
+CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ TODO: check
+CVE-2022-20841 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ TODO: check
CVE-2022-20840
RESERVED
CVE-2022-20839
@@ -56944,8 +57079,8 @@ CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Devi
NOT-FOR-US: Cisco
CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software for Adap ...)
NOT-FOR-US: Cisco
-CVE-2022-20827
- RESERVED
+CVE-2022-20827 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ TODO: check
CVE-2022-20826
RESERVED
CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...)
@@ -56958,16 +57093,16 @@ CVE-2022-20822
RESERVED
CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software could ...)
NOT-FOR-US: Cisco
-CVE-2022-20820
- RESERVED
+CVE-2022-20820 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
+ TODO: check
CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2022-20818
RESERVED
CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...)
NOT-FOR-US: Cisco
-CVE-2022-20816
- RESERVED
+CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20814
@@ -57020,8 +57155,7 @@ CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco TelePresence
NOT-FOR-US: Cisco
CVE-2022-20793
RESERVED
-CVE-2022-20792
- RESERVED
+CVE-2022-20792 (A vulnerability in the regex module used by the signature database loa ...)
{DLA-3042-1}
- clamav 0.103.6+dfsg-1
[bullseye] - clamav 0.103.6+dfsg-0+deb11u1
@@ -57195,8 +57329,8 @@ CVE-2022-20715 (A vulnerability in the remote access SSL VPN features of Cisco A
NOT-FOR-US: Cisco
CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus line ca ...)
NOT-FOR-US: Cisco
-CVE-2022-20713
- RESERVED
+CVE-2022-20713 (A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco ...)
+ TODO: check
CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
NOT-FOR-US: Cisco Small Business RV Series Routers
CVE-2022-20711 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
@@ -74186,8 +74320,7 @@ CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
-CVE-2021-37150
- RESERVED
+CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
- trafficserver 9.1.3+ds-1
CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
{DSA-5153-1}
@@ -102500,7 +102633,7 @@ CVE-2021-25981 (In Talkyard, regular versions v0.2021.20 through v0.2021.33 and
NOT-FOR-US: Talkyard
CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...)
NOT-FOR-US: Talkyard
-CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...)
+CVE-2021-25979 (Apostrophe CMS versions prior to 3.3.1 did not invalidate existing log ...)
NOT-FOR-US: Apostrophe CMS
CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stor ...)
NOT-FOR-US: Apostrophe CMS
@@ -225595,7 +225728,7 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag
NOT-FOR-US: Joomla!
CVE-2019-10944
RESERVED
-CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+CVE-2019-10943 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
NOT-FOR-US: Siemens
CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
@@ -264727,9 +264860,9 @@ CVE-2018-16559 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All
NOT-FOR-US: Siemens
CVE-2018-16558 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All versio ...)
NOT-FOR-US: Siemens
-CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
+CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 DP V7 CPU family ...)
NOT-FOR-US: Siemens
-CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
+CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 DP V7 CPU family ...)
NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All versions < ...)
NOT-FOR-US: Siemens
@@ -306969,7 +307102,7 @@ CVE-2017-17531 (gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before l
- global 6.6.1-1 (unimportant; bug #884912)
[stretch] - global 6.5.6-2+deb9u1
NOTE: https://sources.debian.org/src/global/4.8.6-2/gozilla/gozilla.c/#L269
-CVE-2017-17530 (common/help.c in Geomview 1.9.5 does not validate strings before launc ...)
+CVE-2017-17530 (** DISPUTED ** common/help.c in Geomview 1.9.5 does not validate strin ...)
- geomview <unfixed> (unimportant)
NOTE: https://sources.debian.org/src/geomview/1.9.5-1/src/bin/geomview/common/help.c/?hl=51#L83
CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9370d2197f0c6554fd66206ce7d0068cbb8e1960
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9370d2197f0c6554fd66206ce7d0068cbb8e1960
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220811/6c5b8013/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list