[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 17 09:10:30 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c45fec4 by security tracker role at 2022-08-17T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,81 @@
+CVE-2022-38391
+ RESERVED
+CVE-2022-38390
+ RESERVED
+CVE-2022-38389
+ RESERVED
+CVE-2022-38388
+ RESERVED
+CVE-2022-38387
+ RESERVED
+CVE-2022-38386
+ RESERVED
+CVE-2022-38385
+ RESERVED
+CVE-2022-38384
+ RESERVED
+CVE-2022-38383
+ RESERVED
+CVE-2022-38382
+ RESERVED
+CVE-2022-38105
+ RESERVED
+CVE-2022-2870
+ RESERVED
+CVE-2022-2869
+ RESERVED
+CVE-2022-2868
+ RESERVED
+CVE-2022-2867
+ RESERVED
+CVE-2022-2866
+ RESERVED
+CVE-2022-2865
+ RESERVED
+CVE-2022-2864
+ RESERVED
+CVE-2022-2863
+ RESERVED
+CVE-2022-2862
+ RESERVED
CVE-2022-2861
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2860
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2859
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2858
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2857
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2856
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2855
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2854
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2853
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2852
+ RESERVED
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-38381
@@ -67,16 +117,16 @@ CVE-2022-2849
RESERVED
CVE-2022-2848
RESERVED
-CVE-2022-2847
- RESERVED
-CVE-2022-2846
- RESERVED
+CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar Event ...)
+ TODO: check
CVE-2022-2845
RESERVED
-CVE-2022-2844
- RESERVED
-CVE-2022-2843
- RESERVED
+CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoPress ...)
+ TODO: check
+CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...)
+ TODO: check
CVE-2022-2842
RESERVED
CVE-2022-2841
@@ -97,19 +147,16 @@ CVE-2022-2835
- coredns <itp> (bug #880676)
CVE-2022-2834
RESERVED
-CVE-2022-2833 [Eternal loop in blender thumbnail extractor]
- RESERVED
+CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs. ...)
- blender <unfixed>
NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
NOTE: https://developer.blender.org/T99711
-CVE-2022-2832 [Null pointer reference in blender thumbnail extractor]
- RESERVED
+CVE-2022-2832 (When rendering with headless builds, show an error instead of crashing ...)
- blender <unfixed>
NOTE: https://developer.blender.org/T99706
NOTE: https://developer.blender.org/D15463
NOTE: https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c
-CVE-2022-2831 [Integer Overflow in blender thumbnail extractor]
- RESERVED
+CVE-2022-2831 (A loaded (and valid) image can be crafted such that an out-of-bounds r ...)
- blender <unfixed>
NOTE: https://developer.blender.org/T99705
NOTE: https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2
@@ -400,30 +447,30 @@ CVE-2022-38240
RESERVED
CVE-2022-38239
RESERVED
-CVE-2022-38238
- RESERVED
-CVE-2022-38237
- RESERVED
-CVE-2022-38236
- RESERVED
-CVE-2022-38235
- RESERVED
-CVE-2022-38234
- RESERVED
-CVE-2022-38233
- RESERVED
+CVE-2022-38238 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...)
+ TODO: check
+CVE-2022-38237 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...)
+ TODO: check
+CVE-2022-38236 (XPDF commit ffaf11c was discovered to contain a global-buffer overflow ...)
+ TODO: check
+CVE-2022-38235 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...)
+ TODO: check
+CVE-2022-38234 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...)
+ TODO: check
+CVE-2022-38233 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...)
+ TODO: check
CVE-2022-38232
RESERVED
-CVE-2022-38231
- RESERVED
-CVE-2022-38230
- RESERVED
-CVE-2022-38229
- RESERVED
-CVE-2022-38228
- RESERVED
-CVE-2022-38227
- RESERVED
+CVE-2022-38231 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...)
+ TODO: check
+CVE-2022-38230 (XPDF commit ffaf11c was discovered to contain a floating point excepti ...)
+ TODO: check
+CVE-2022-38229 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...)
+ TODO: check
+CVE-2022-38228 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...)
+ TODO: check
+CVE-2022-38227 (XPDF commit ffaf11c was discovered to contain a stack overflow via __a ...)
+ TODO: check
CVE-2022-38226
RESERVED
CVE-2022-38225
@@ -1555,8 +1602,8 @@ CVE-2022-37783
RESERVED
CVE-2022-37782
RESERVED
-CVE-2022-37781
- RESERVED
+CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __i ...)
+ TODO: check
CVE-2022-37780
RESERVED
CVE-2022-37779
@@ -2313,12 +2360,12 @@ CVE-2022-2677 (A vulnerability was found in SourceCodester Apartment Visitor Man
NOT-FOR-US: SourceCodester Apartment Visitor Management System
CVE-2022-2676 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
NOT-FOR-US: SourceCodester Electronic Medical Records System
-CVE-2022-37439
- RESERVED
-CVE-2022-37438
- RESERVED
-CVE-2022-37437
- RESERVED
+CVE-2022-37439 (In Splunk Enterprise and Universal Forwarder versions in the following ...)
+ TODO: check
+CVE-2022-37438 (In Splunk Enterprise versions in the following table, an authenticated ...)
+ TODO: check
+CVE-2022-37437 (When using Ingest Actions to configure a destination that resides on A ...)
+ TODO: check
CVE-2022-37436
RESERVED
CVE-2022-37435
@@ -2450,10 +2497,10 @@ CVE-2020-36570
RESERVED
CVE-2022-2663
RESERVED
-CVE-2022-2662
- RESERVED
-CVE-2022-2661
- RESERVED
+CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may allo ...)
+ TODO: check
+CVE-2022-2661 (Sequi PortBloque S has an improper authorization vulnerability, which ...)
+ TODO: check
CVE-2022-2660
RESERVED
CVE-2022-2659
@@ -2546,8 +2593,8 @@ CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp
NOT-FOR-US: Hestia Control Panel
CVE-2022-2635
RESERVED
-CVE-2022-37393
- RESERVED
+CVE-2022-37393 (Zimbra's sudo configuration permits the zimbra user to execute the zms ...)
+ TODO: check
CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...)
NOT-FOR-US: Digi ConnectPort X2D
CVE-2022-37392
@@ -5641,40 +5688,40 @@ CVE-2022-36157
RESERVED
CVE-2022-36156
RESERVED
-CVE-2022-36155
- RESERVED
+CVE-2022-36155 (tifig v0.2.2 was discovered to contain a resource allocation issue via ...)
+ TODO: check
CVE-2022-36154
RESERVED
-CVE-2022-36153
- RESERVED
-CVE-2022-36152
- RESERVED
-CVE-2022-36151
- RESERVED
-CVE-2022-36150
- RESERVED
-CVE-2022-36149
- RESERVED
-CVE-2022-36148
- RESERVED
+CVE-2022-36153 (tifig v0.2.2 was discovered to contain a segmentation violation via st ...)
+ TODO: check
+CVE-2022-36152 (tifig v0.2.2 was discovered to contain a memory leak via operator new[ ...)
+ TODO: check
+CVE-2022-36151 (tifig v0.2.2 was discovered to contain a segmentation violation via ge ...)
+ TODO: check
+CVE-2022-36150 (tifig v0.2.2 was discovered to contain a heap-buffer overflow via __as ...)
+ TODO: check
+CVE-2022-36149 (tifig v0.2.2 was discovered to contain a heap-use-after-free via temIn ...)
+ TODO: check
+CVE-2022-36148 (fdkaac commit 53fe239 was discovered to contain a floating point excep ...)
+ TODO: check
CVE-2022-36147
RESERVED
-CVE-2022-36146
- RESERVED
-CVE-2022-36145
- RESERVED
-CVE-2022-36144
- RESERVED
-CVE-2022-36143
- RESERVED
-CVE-2022-36142
- RESERVED
-CVE-2022-36141
- RESERVED
-CVE-2022-36140
- RESERVED
-CVE-2022-36139
- RESERVED
+CVE-2022-36146 (SWFMill commit 53d7690 was discovered to contain a memory allocation i ...)
+ TODO: check
+CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...)
+ TODO: check
+CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
+ TODO: check
+CVE-2022-36143 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
+ TODO: check
+CVE-2022-36142 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
+ TODO: check
+CVE-2022-36141 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...)
+ TODO: check
+CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...)
+ TODO: check
+CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...)
+ TODO: check
CVE-2022-36138
RESERVED
CVE-2022-36137
@@ -7212,86 +7259,86 @@ CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting
- zammad <itp> (bug #841355)
CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...)
- zammad <itp> (bug #841355)
-CVE-2022-35486
- RESERVED
-CVE-2022-35485
- RESERVED
-CVE-2022-35484
- RESERVED
-CVE-2022-35483
- RESERVED
-CVE-2022-35482
- RESERVED
-CVE-2022-35481
- RESERVED
+CVE-2022-35486 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35485 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35484 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35483 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35482 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35481 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
CVE-2022-35480
RESERVED
-CVE-2022-35479
- RESERVED
-CVE-2022-35478
- RESERVED
-CVE-2022-35477
- RESERVED
-CVE-2022-35476
- RESERVED
-CVE-2022-35475
- RESERVED
-CVE-2022-35474
- RESERVED
-CVE-2022-35473
- RESERVED
-CVE-2022-35472
- RESERVED
-CVE-2022-35471
- RESERVED
-CVE-2022-35470
- RESERVED
-CVE-2022-35469
- RESERVED
-CVE-2022-35468
- RESERVED
-CVE-2022-35467
- RESERVED
-CVE-2022-35466
- RESERVED
-CVE-2022-35465
- RESERVED
-CVE-2022-35464
- RESERVED
-CVE-2022-35463
- RESERVED
-CVE-2022-35462
- RESERVED
-CVE-2022-35461
- RESERVED
-CVE-2022-35460
- RESERVED
-CVE-2022-35459
- RESERVED
-CVE-2022-35458
- RESERVED
+CVE-2022-35479 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35478 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35477 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35476 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35475 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35474 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35473 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35472 (OTFCC v0.10.4 was discovered to contain a global overflow via /release ...)
+ TODO: check
+CVE-2022-35471 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35470 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35469 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...)
+ TODO: check
+CVE-2022-35468 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35467 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35466 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35465 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35464 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35463 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35462 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35461 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35460 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35459 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35458 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
CVE-2022-35457
RESERVED
-CVE-2022-35456
- RESERVED
-CVE-2022-35455
- RESERVED
-CVE-2022-35454
- RESERVED
-CVE-2022-35453
- RESERVED
-CVE-2022-35452
- RESERVED
-CVE-2022-35451
- RESERVED
-CVE-2022-35450
- RESERVED
-CVE-2022-35449
- RESERVED
-CVE-2022-35448
- RESERVED
-CVE-2022-35447
- RESERVED
+CVE-2022-35456 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35455 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35454 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35453 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35452 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35451 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35450 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35449 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35448 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
+CVE-2022-35447 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...)
+ TODO: check
CVE-2022-35446
RESERVED
CVE-2022-35445
@@ -7316,10 +7363,10 @@ CVE-2022-35436
RESERVED
CVE-2022-35435
RESERVED
-CVE-2022-35434
- RESERVED
-CVE-2022-35433
- RESERVED
+CVE-2022-35434 (jpeg-quantsmooth before commit 8879454 contained a floating point exce ...)
+ TODO: check
+CVE-2022-35433 (ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered ...)
+ TODO: check
CVE-2022-35432
RESERVED
CVE-2022-35431
@@ -8118,36 +8165,36 @@ CVE-2022-35116
RESERVED
CVE-2022-35115
RESERVED
-CVE-2022-35114
- RESERVED
-CVE-2022-35113
- RESERVED
+CVE-2022-35114 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...)
+ TODO: check
+CVE-2022-35113 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+ TODO: check
CVE-2022-35112
RESERVED
-CVE-2022-35111
- RESERVED
-CVE-2022-35110
- RESERVED
-CVE-2022-35109
- RESERVED
-CVE-2022-35108
- RESERVED
-CVE-2022-35107
- RESERVED
-CVE-2022-35106
- RESERVED
-CVE-2022-35105
- RESERVED
-CVE-2022-35104
- RESERVED
+CVE-2022-35111 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2022-35110 (SWFTools commit 772e55a2 was discovered to contain a memory leak via / ...)
+ TODO: check
+CVE-2022-35109 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+ TODO: check
+CVE-2022-35108 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...)
+ TODO: check
+CVE-2022-35107 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...)
+ TODO: check
+CVE-2022-35106 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...)
+ TODO: check
+CVE-2022-35105 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+ TODO: check
+CVE-2022-35104 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...)
+ TODO: check
CVE-2022-35103
RESERVED
CVE-2022-35102
RESERVED
-CVE-2022-35101
- RESERVED
-CVE-2022-35100
- RESERVED
+CVE-2022-35101 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...)
+ TODO: check
+CVE-2022-35100 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...)
+ TODO: check
CVE-2022-35099
RESERVED
CVE-2022-35098
@@ -8320,38 +8367,38 @@ CVE-2022-35015
RESERVED
CVE-2022-35014
RESERVED
-CVE-2022-35013
- RESERVED
-CVE-2022-35012
- RESERVED
-CVE-2022-35011
- RESERVED
-CVE-2022-35010
- RESERVED
-CVE-2022-35009
- RESERVED
-CVE-2022-35008
- RESERVED
-CVE-2022-35007
- RESERVED
+CVE-2022-35013 (PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at / ...)
+ TODO: check
+CVE-2022-35012 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35011 (PNGDec commit 8abf6be was discovered to contain a global buffer overfl ...)
+ TODO: check
+CVE-2022-35010 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...)
+ TODO: check
+CVE-2022-35009 (PNGDec commit 8abf6be was discovered to contain a memory allocation pr ...)
+ TODO: check
+CVE-2022-35008 (PNGDec commit 8abf6be was discovered to contain a stack overflow via / ...)
+ TODO: check
+CVE-2022-35007 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...)
+ TODO: check
CVE-2022-35006
RESERVED
CVE-2022-35005
RESERVED
-CVE-2022-35004
- RESERVED
-CVE-2022-35003
- RESERVED
-CVE-2022-35002
- RESERVED
+CVE-2022-35004 (JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT a ...)
+ TODO: check
+CVE-2022-35003 (JPEGDEC commit be4843c was discovered to contain a global buffer overf ...)
+ TODO: check
+CVE-2022-35002 (JPEGDEC commit be4843c was discovered to contain a segmentation fault ...)
+ TODO: check
CVE-2022-35001
RESERVED
-CVE-2022-35000
- RESERVED
-CVE-2022-34999
- RESERVED
-CVE-2022-34998
- RESERVED
+CVE-2022-35000 (JPEGDEC commit be4843c was discovered to contain a segmentation fault ...)
+ TODO: check
+CVE-2022-34999 (JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG ...)
+ TODO: check
+CVE-2022-34998 (JPEGDEC commit be4843c was discovered to contain a global buffer overf ...)
+ TODO: check
CVE-2022-34997
RESERVED
CVE-2022-34996
@@ -10486,20 +10533,20 @@ CVE-2022-34261 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and
NOT-FOR-US: Adobe
CVE-2022-34260 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...)
NOT-FOR-US: Adobe
-CVE-2022-34259
- RESERVED
-CVE-2022-34258
- RESERVED
-CVE-2022-34257
- RESERVED
-CVE-2022-34256
- RESERVED
-CVE-2022-34255
- RESERVED
-CVE-2022-34254
- RESERVED
-CVE-2022-34253
- RESERVED
+CVE-2022-34259 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
+CVE-2022-34258 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
+CVE-2022-34257 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
+CVE-2022-34256 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
+CVE-2022-34255 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
+CVE-2022-34254 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
+CVE-2022-34253 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...)
+ TODO: check
CVE-2022-34252 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
NOT-FOR-US: Adobe InCopy
CVE-2022-34251 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...)
@@ -14005,6 +14052,7 @@ CVE-2022-32817
RESERVED
CVE-2022-32816 [A UI spoofing issue was addressed with improved UI handling]
RESERVED
+ {DSA-5211-1 DSA-5210-1}
- webkit2gtk 2.36.6-1
- wpewebkit 2.36.6-1
NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
@@ -14056,6 +14104,7 @@ CVE-2022-32793
RESERVED
CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation]
RESERVED
+ {DSA-5211-1 DSA-5210-1}
- webkit2gtk 2.36.6-1
- wpewebkit 2.36.6-1
NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
@@ -23745,8 +23794,8 @@ CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in
NOT-FOR-US: WordPress plugin
CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...)
NOT-FOR-US: yetiforcecrm
-CVE-2022-1410
- RESERVED
+CVE-2022-1410 (OS Command Injection vulnerability in the db_optimize component of Dev ...)
+ TODO: check
CVE-2022-1409 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1408 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before ...)
@@ -23789,12 +23838,12 @@ CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize i
NOT-FOR-US: ASDA-Soft
CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...)
NOT-FOR-US: ASDA-Soft
-CVE-2022-1401
- RESERVED
-CVE-2022-1400
- RESERVED
-CVE-2022-1399
- RESERVED
+CVE-2022-1401 (Improper Access Control vulnerability in the /Exago/WrImageResource.ad ...)
+ TODO: check
+CVE-2022-1400 (Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi ...)
+ TODO: check
+CVE-2022-1399 (An Argument Injection or Modification vulnerability in the "Change Sec ...)
+ TODO: check
CVE-2022-1398 (The External Media without Import WordPress plugin through 1.1.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1397 (API Privilege Escalation in GitHub repository alextselegidis/easyappoi ...)
@@ -34464,8 +34513,8 @@ CVE-2022-25801 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and
NOT-FOR-US: Best Practical RT for Incident Response
CVE-2022-25800 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...)
NOT-FOR-US: Best Practical RT for Incident Response
-CVE-2022-25799
- RESERVED
+CVE-2022-25799 (An open redirect vulnerability exists in CERT/CC VINCE software prior ...)
+ TODO: check
CVE-2022-25798
RESERVED
CVE-2022-25797 (A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 m ...)
@@ -62568,8 +62617,8 @@ CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_sch
NOT-FOR-US: ACCEL-PPP
CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...)
NOT-FOR-US: Django Unicorn, different from src:unicorn
-CVE-2021-42052
- RESERVED
+CVE-2021-42052 (IPESA e-Flow 3.3.6 allows path traversal for reading any file within t ...)
+ TODO: check
CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...)
NOT-FOR-US: AbanteCart
CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...)
@@ -70190,12 +70239,12 @@ CVE-2021-39089
RESERVED
CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege esc ...)
NOT-FOR-US: IBM
-CVE-2021-39087
- RESERVED
-CVE-2021-39086
- RESERVED
-CVE-2021-39085
- RESERVED
+CVE-2021-39087 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...)
+ TODO: check
+CVE-2021-39086 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1 ...)
+ TODO: check
+CVE-2021-39085 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...)
+ TODO: check
CVE-2021-39084
RESERVED
CVE-2021-39083
@@ -70294,8 +70343,8 @@ CVE-2021-39037
RESERVED
CVE-2021-39036
RESERVED
-CVE-2021-39035
- RESERVED
+CVE-2021-39035 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...)
+ TODO: check
CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
NOT-FOR-US: IBM
CVE-2021-39033 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...)
@@ -161642,8 +161691,7 @@ CVE-2020-14381 (A flaw was found in the Linux kernel’s futex implementatio
NOTE: https://git.kernel.org/linus/8019ad13ef7f64be44d4f892af9c840179009254
CVE-2020-14380 (An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. ...)
NOT-FOR-US: Red Hat Satellite
-CVE-2020-14379
- RESERVED
+CVE-2020-14379 (A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can ...)
NOT-FOR-US: Red Hat AMQ broker
CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...)
- dpdk 19.11.5-1 (bug #971269)
@@ -161913,12 +161961,12 @@ CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind ser
[buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436
-CVE-2020-14322
- RESERVED
-CVE-2020-14321
- RESERVED
-CVE-2020-14320
- RESERVED
+CVE-2020-14322 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to l ...)
+ TODO: check
+CVE-2020-14321 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course ...)
+ TODO: check
+CVE-2020-14320 (In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task ...)
+ TODO: check
CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...)
NOT-FOR-US: AMQ Online
CVE-2020-14318 (A flaw was found in the way samba handled file and directory permissio ...)
@@ -173028,8 +173076,7 @@ CVE-2020-10729 (A flaw was found in the use of insufficiently random values in A
NOTE: https://github.com/ansible/ansible/pull/67429/
NOTE: https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6
NOTE: Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0)
-CVE-2020-10728
- RESERVED
+CVE-2020-10728 (A flaw was found in automationbroker/apb container in versions up to a ...)
NOT-FOR-US: automationbroker/apb
CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...)
NOT-FOR-US: ApacheMQ Artemis
@@ -173095,8 +173142,7 @@ CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's
- linux 5.6.14-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
-CVE-2020-10710
- RESERVED
+CVE-2020-10710 (A flaw was found where the Plaintext Candlepin password is disclosed w ...)
NOT-FOR-US: foreman-installer
CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...)
- ansible-awx <itp> (bug #908763)
@@ -197177,10 +197223,10 @@ CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to unde
NOTE: https://issues.redhat.com/browse/UNDERTOW-1464
NOTE: https://issues.redhat.com/browse/UNDERTOW-1671
NOTE: https://github.com/undertow-io/undertow/pull/871
-CVE-2020-1756
- RESERVED
-CVE-2020-1755
- RESERVED
+CVE-2020-1756 (In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input es ...)
+ TODO: check
+CVE-2020-1755 (In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For heade ...)
+ TODO: check
CVE-2020-1754 (In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the gra ...)
- moodle <removed>
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
@@ -597511,7 +597557,8 @@ CVE-2001-1132 (Mailman 2.0.x before 2.0.6 allows remote attackers to gain access
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to ex ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-1121 (DEPRECATED. This entry has been deprecated. It is a duplicate of CVE ...)
+CVE-2001-1121
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrit ...)
NOT-FOR-US: Data pre-dating the Security Tracker
@@ -599176,7 +599223,8 @@ CVE-2000-0747 (The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linu
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0745 (admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administr ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2000-0744 (DEPRECATED. This entry has been deprecated. It is a duplicate of CVE ...)
+CVE-2000-0744
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0743 (Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows re ...)
NOT-FOR-US: Data pre-dating the Security Tracker
@@ -601347,7 +601395,8 @@ CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users
NOT-FOR-US: AIX
CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...)
NOT-FOR-US: AIX
-CVE-1999-0335 (DEPRECATED. This entry has been deprecated. It is a duplicate of CVE ...)
+CVE-1999-0335
+ REJECTED
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local ...)
NOT-FOR-US: Data pre-dating the Security Tracker
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c45fec4080a405d87f912c5fc9d8968f7ad86aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c45fec4080a405d87f912c5fc9d8968f7ad86aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220817/9b56c7e8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list