[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 17 21:10:41 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ac8df6b by security tracker role at 2022-08-17T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-38392 (A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in appro ...)
+	TODO: check
+CVE-2022-2875
+	RESERVED
+CVE-2022-2874
+	RESERVED
+CVE-2022-2873
+	RESERVED
+CVE-2022-2872
+	RESERVED
+CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notr ...)
+	TODO: check
 CVE-2022-38391
 	RESERVED
 CVE-2022-38390
@@ -113,16 +125,16 @@ CVE-2022-2850 [SIGSEGV in sync_repl]
 	NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
 	NOTE: https://github.com/389ds/389-ds-base/issues/5418
 	NOTE: Results from an incomplete fix for CVE-2021-3514
-CVE-2022-2849
-	RESERVED
+CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
+	TODO: check
 CVE-2022-2848
 	RESERVED
 CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...)
 	NOT-FOR-US: SourceCodester Guest Management System
 CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar Event  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-2845
-	RESERVED
+CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217. ...)
+	TODO: check
 CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...)
@@ -750,8 +762,8 @@ CVE-2022-38152
 	RESERVED
 CVE-2022-38151
 	RESERVED
-CVE-2022-38149
-	RESERVED
+CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive Information ...)
+	TODO: check
 CVE-2022-38148
 	RESERVED
 CVE-2022-38147
@@ -2248,8 +2260,8 @@ CVE-2022-37461
 	RESERVED
 CVE-2022-37460
 	RESERVED
-CVE-2022-37459
-	RESERVED
+CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices before  ...)
+	TODO: check
 CVE-2022-37458
 	RESERVED
 CVE-2022-37457
@@ -5619,18 +5631,18 @@ CVE-2022-36193
 	RESERVED
 CVE-2022-36192
 	RESERVED
-CVE-2022-36191
-	RESERVED
-CVE-2022-36190
-	RESERVED
+CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...)
+	TODO: check
+CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...)
+	TODO: check
 CVE-2022-36189
 	RESERVED
 CVE-2022-36188
 	RESERVED
 CVE-2022-36187
 	RESERVED
-CVE-2022-36186
-	RESERVED
+CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...)
+	TODO: check
 CVE-2022-36185
 	RESERVED
 CVE-2022-36184
@@ -6141,7 +6153,8 @@ CVE-2022-35960
 	RESERVED
 CVE-2022-35959
 	RESERVED
-CVE-2022-35958 (Discourse is a 100% open source discussion platform. A malicious user  ...)
+CVE-2022-35958
+	REJECTED
 	NOT-FOR-US: Discourse
 CVE-2022-35957
 	RESERVED
@@ -8173,8 +8186,8 @@ CVE-2022-35119
 	RESERVED
 CVE-2022-35118 (PyroCMS v3.9 was discovered to contain multiple cross-site scripting ( ...)
 	NOT-FOR-US: PyroCMS
-CVE-2022-35117
-	RESERVED
+CVE-2022-35117 (Clinic's Patient Management System v1.0 was discovered to contain a cr ...)
+	TODO: check
 CVE-2022-35116
 	RESERVED
 CVE-2022-35115
@@ -14079,7 +14092,7 @@ CVE-2022-32817
 	RESERVED
 CVE-2022-32816 [A UI spoofing issue was addressed with improved UI handling]
 	RESERVED
-	{DSA-5211-1 DSA-5210-1}
+	{DSA-5211-1 DSA-5210-1 DLA-3073-1}
 	- webkit2gtk 2.36.6-1
 	- wpewebkit 2.36.6-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
@@ -14131,7 +14144,7 @@ CVE-2022-32793
 	RESERVED
 CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation]
 	RESERVED
-	{DSA-5211-1 DSA-5210-1}
+	{DSA-5211-1 DSA-5210-1 DLA-3073-1}
 	- webkit2gtk 2.36.6-1
 	- wpewebkit 2.36.6-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
@@ -18542,8 +18555,8 @@ CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflo
 	NOT-FOR-US: Solana rBPF
 CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail  ...)
 	- mastodon <itp> (bug #859741)
-CVE-2022-31262
-	RESERVED
+CVE-2022-31262 (An exploitable local privilege escalation vulnerability exists in GOG  ...)
+	TODO: check
 CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x throu ...)
 	NOT-FOR-US: Morpheus
 CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/radare2 ...)
@@ -21564,8 +21577,8 @@ CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02
 	NOT-FOR-US: Emerson
 CVE-2022-30263
 	RESERVED
-CVE-2022-30262
-	RESERVED
+CVE-2022-30262 (The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mish ...)
+	TODO: check
 CVE-2022-30261
 	RESERVED
 CVE-2022-30260
@@ -46169,8 +46182,8 @@ CVE-2022-22457
 	RESERVED
 CVE-2022-22456
 	RESERVED
-CVE-2022-22455
-	RESERVED
+CVE-2022-22455 (IBM Security Verify Governance Identity Manager 10.0 virtual appliance ...)
+	TODO: check
 CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally authentic ...)
 	NOT-FOR-US: IBM
 CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than expected cr ...)
@@ -49044,8 +49057,8 @@ CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executi
 	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45455
 	RESERVED
-CVE-2021-45454
-	RESERVED
+CVE-2021-45454 (Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 all ...)
+	TODO: check
 CVE-2021-45453
 	RESERVED
 CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac8df6b8e29f8ca995c58ec44fdc69c0f12e786

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac8df6b8e29f8ca995c58ec44fdc69c0f12e786
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220817/729e8434/attachment.htm>

More information about the debian-security-tracker-commits mailing list