[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 18 09:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6899bb47 by security tracker role at 2022-08-18T08:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2022-38396
+ RESERVED
+CVE-2022-38395
+ RESERVED
+CVE-2022-38393
+ RESERVED
+CVE-2022-2884
+ RESERVED
+CVE-2022-2883
+ RESERVED
+CVE-2022-2882
+ RESERVED
+CVE-2022-2881
+ RESERVED
+CVE-2022-2880
+ RESERVED
+CVE-2022-2879
+ RESERVED
+CVE-2022-2878
+ RESERVED
+CVE-2022-2877
+ RESERVED
+CVE-2022-2876
+ RESERVED
CVE-2022-6083 [freeciv modpack installer buffer overflow]
- freeciv <unfixed> (bug #1017579)
[bullseye] - freeciv <no-dsa> (Minor issue)
@@ -36,21 +60,18 @@ CVE-2022-38382
RESERVED
CVE-2022-38105
RESERVED
-CVE-2022-2870
- RESERVED
-CVE-2022-2869
- RESERVED
+CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...)
+ TODO: check
+CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...)
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
-CVE-2022-2868
- RESERVED
+CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...)
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1)
-CVE-2022-2867
- RESERVED
+CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...)
- tiff 4.4.0~rc1-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351
@@ -63,46 +84,56 @@ CVE-2022-2864
RESERVED
CVE-2022-2863
RESERVED
-CVE-2022-2862
- RESERVED
+CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0220. ...)
+ TODO: check
CVE-2022-2861
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2860
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2859
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2858
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2857
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2856
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2855
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2854
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2853
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-2852
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-38381
@@ -4148,8 +4179,8 @@ CVE-2022-35401
RESERVED
CVE-2022-2548
RESERVED
-CVE-2022-2547
- RESERVED
+CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...)
+ TODO: check
CVE-2022-36787
RESERVED
CVE-2022-36786
@@ -5601,10 +5632,10 @@ CVE-2022-36218
RESERVED
CVE-2022-36217
RESERVED
-CVE-2022-36216
- RESERVED
-CVE-2022-36215
- RESERVED
+CVE-2022-36216 (DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code exec ...)
+ TODO: check
+CVE-2022-36215 (DedeBIZ v6 was discovered to contain a remote code execution vulnerabi ...)
+ TODO: check
CVE-2022-36214
RESERVED
CVE-2022-36213
@@ -7064,24 +7095,24 @@ CVE-2022-35608
RESERVED
CVE-2022-35607
RESERVED
-CVE-2022-35606
- RESERVED
-CVE-2022-35605
- RESERVED
-CVE-2022-35604
- RESERVED
-CVE-2022-35603
- RESERVED
-CVE-2022-35602
- RESERVED
-CVE-2022-35601
- RESERVED
+CVE-2022-35606 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...)
+ TODO: check
+CVE-2022-35605 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...)
+ TODO: check
+CVE-2022-35604 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...)
+ TODO: check
+CVE-2022-35603 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...)
+ TODO: check
+CVE-2022-35602 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...)
+ TODO: check
+CVE-2022-35601 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...)
+ TODO: check
CVE-2022-35600
RESERVED
-CVE-2022-35599
- RESERVED
-CVE-2022-35598
- RESERVED
+CVE-2022-35599 (A SQL injection vulnerability in Stocks.java in sazanrjb InventoryMana ...)
+ TODO: check
+CVE-2022-35598 (A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb ...)
+ TODO: check
CVE-2022-35597
RESERVED
CVE-2022-35596
@@ -7244,8 +7275,8 @@ CVE-2022-35518 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has
NOT-FOR-US: WAVLINK
CVE-2022-35517 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...)
NOT-FOR-US: WAVLINK
-CVE-2022-35516
- RESERVED
+CVE-2022-35516 (DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code exec ...)
+ TODO: check
CVE-2022-35515
RESERVED
CVE-2022-35514
@@ -7823,16 +7854,16 @@ CVE-2022-33150
RESERVED
CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal addresses ...)
NOT-FOR-US: nocodb
-CVE-2022-2338
- RESERVED
-CVE-2022-2337
- RESERVED
-CVE-2022-2336
- RESERVED
-CVE-2022-2335
- RESERVED
-CVE-2022-2334
- RESERVED
+CVE-2022-2338 (Softing Secure Integration Server V1.22 is vulnerable to authenticatio ...)
+ TODO: check
+CVE-2022-2337 (A crafted HTTP packet with a missing HTTP URI can create a denial-of-s ...)
+ TODO: check
+CVE-2022-2336 (Softing Secure Integration Server, edgeConnector, and edgeAggregator s ...)
+ TODO: check
+CVE-2022-2335 (A crafted HTTP packet with a -1 content-length header can create a den ...)
+ TODO: check
+CVE-2022-2334 (The application searches for a library dll that is not found. If an at ...)
+ TODO: check
CVE-2022-2333
RESERVED
CVE-2022-2332
@@ -8107,12 +8138,12 @@ CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business
NOT-FOR-US: SAP
CVE-2022-35167
RESERVED
-CVE-2022-35166
- RESERVED
-CVE-2022-35165
- RESERVED
-CVE-2022-35164
- RESERVED
+CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite loop via ...)
+ TODO: check
+CVE-2022-35165 (An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows at ...)
+ TODO: check
+CVE-2022-35164 (LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a ...)
+ TODO: check
CVE-2022-35163 (Complete Online Job Search System v1.0 was discovered to contain a cro ...)
NOT-FOR-US: Complete Online Job Search System
CVE-2022-35162 (Complete Online Job Search System v1.0 was discovered to contain a cro ...)
@@ -8131,22 +8162,22 @@ CVE-2022-35156
RESERVED
CVE-2022-35155
RESERVED
-CVE-2022-35154
- RESERVED
-CVE-2022-35153
- RESERVED
+CVE-2022-35154 (Shopro Mall System v1.3.8 was discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2022-35153 (FusionPBX 5.0.1 was discovered to contain a command injection vulnerab ...)
+ TODO: check
CVE-2022-35152
RESERVED
-CVE-2022-35151
- RESERVED
+CVE-2022-35151 (kkFileView v4.1.0 was discovered to contain multiple cross-site script ...)
+ TODO: check
CVE-2022-35150
RESERVED
CVE-2022-35149
RESERVED
-CVE-2022-35148
- RESERVED
-CVE-2022-35147
- RESERVED
+CVE-2022-35148 (maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain ...)
+ TODO: check
+CVE-2022-35147 (DoraCMS v2.18 and earlier allows attackers to bypass login authenticat ...)
+ TODO: check
CVE-2022-35146
RESERVED
CVE-2022-35145
@@ -8173,8 +8204,8 @@ CVE-2022-35135
RESERVED
CVE-2022-35134
RESERVED
-CVE-2022-35133
- RESERVED
+CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allo ...)
+ TODO: check
CVE-2022-35132
RESERVED
CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands via a cra ...)
@@ -8195,10 +8226,10 @@ CVE-2022-35124
RESERVED
CVE-2022-35123
RESERVED
-CVE-2022-35122
- RESERVED
-CVE-2022-35121
- RESERVED
+CVE-2022-35122 (An access control issue in Ecowitt GW1100 Series Weather Stations < ...)
+ TODO: check
+CVE-2022-35121 (Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
CVE-2022-35120
RESERVED
CVE-2022-35119
@@ -19509,8 +19540,8 @@ CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored Cro
NOT-FOR-US: Sticky Popup plugin for WordPress
CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Requ ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1748
- RESERVED
+CVE-2022-1748 (Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnecto ...)
+ TODO: check
CVE-2022-1747 (The authentication mechanism used by voters to activate a voting sessi ...)
NOT-FOR-US: Dominion
CVE-2022-1746 (The authentication mechanism used by poll workers to administer voting ...)
@@ -23798,7 +23829,7 @@ CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has
NOTE: https://github.com/gpac/gpac/issues/2173
NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a
CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...)
- {DSA-5208-1}
+ {DSA-5208-1 DLA-3074-1}
- epiphany-browser 42.2-1 (bug #1009959)
[stretch] - epiphany-browser <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106
@@ -24505,8 +24536,8 @@ CVE-2022-1375 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) h
NOT-FOR-US: Delta Electronics
CVE-2022-1374 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-1373
- RESERVED
+CVE-2022-1373 (The “restore configuration” feature of Softing Secure Inte ...)
+ TODO: check
CVE-2022-1372 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
NOT-FOR-US: Delta Electronics
CVE-2022-1371 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...)
@@ -25944,10 +25975,10 @@ CVE-2022-28754 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.202
NOT-FOR-US: Zoom
CVE-2022-28753 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 ...)
NOT-FOR-US: Zoom
-CVE-2022-28752
- RESERVED
-CVE-2022-28751
- RESERVED
+CVE-2022-28752 (Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are ...)
+ TODO: check
+CVE-2022-28751 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) bef ...)
+ TODO: check
CVE-2022-28750 (Zoom On-Premise Meeting Connector Zone Controller (ZC) before version ...)
NOT-FOR-US: Zoom
CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 ...)
@@ -28788,8 +28819,8 @@ CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby p
NOTE: https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f
CVE-2022-1070
RESERVED
-CVE-2022-1069
- RESERVED
+CVE-2022-1069 (A crafted HTTP packet with a large content-length header can create a ...)
+ TODO: check
CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to ...)
NOT-FOR-US: Modbus Tools Modbus Slave
CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...)
@@ -41558,10 +41589,10 @@ CVE-2022-23767
RESERVED
CVE-2022-23766
RESERVED
-CVE-2022-23765
- RESERVED
-CVE-2022-23764
- RESERVED
+CVE-2022-23765 (This vulnerability occured by sending a malicious POST request to a sp ...)
+ TODO: check
+CVE-2022-23764 (The vulnerability causing from insufficient verification procedures fo ...)
+ TODO: check
CVE-2022-23763 (Origin validation error vulnerability in NeoRS’s ActiveX moudle ...)
NOT-FOR-US: NeoRS for Windows
CVE-2022-23762
@@ -41594,8 +41625,8 @@ CVE-2022-23749
RESERVED
CVE-2022-23748
RESERVED
-CVE-2022-23747
- RESERVED
+CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory access can ...)
+ TODO: check
CVE-2022-23746
RESERVED
CVE-2022-23745 (A potential memory corruption issue was found in Capsule Workspace And ...)
@@ -50323,13 +50354,13 @@ CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code ex
CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...)
NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- {DSA-5042-1}
+ {DSA-5042-1 DLA-3074-1}
- epiphany-browser 41.2-1
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- {DSA-5042-1}
+ {DSA-5042-1 DLA-3074-1}
- epiphany-browser 41.2-1
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
@@ -50342,7 +50373,7 @@ CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x b
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- {DSA-5042-1}
+ {DSA-5042-1 DLA-3074-1}
- epiphany-browser 41.2-1
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
@@ -93278,10 +93309,10 @@ CVE-2021-30073
RESERVED
CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...)
NOT-FOR-US: D-Link
-CVE-2021-30071
- RESERVED
-CVE-2021-30070
- RESERVED
+CVE-2021-30071 (A cross-site scripting (XSS) vulnerability in /admin/list_key.html of ...)
+ TODO: check
+CVE-2021-30070 (An issue was discovered in HestiaCP before v1.3.5. Attackers are able ...)
+ TODO: check
CVE-2021-30069
RESERVED
CVE-2021-30068
@@ -101814,8 +101845,8 @@ CVE-2021-26641
RESERVED
CVE-2021-26640
RESERVED
-CVE-2021-26639
- RESERVED
+CVE-2021-26639 (This vulnerability is caused by the lack of validation of input values ...)
+ TODO: check
CVE-2021-26638 (Improper Authentication vulnerability in S&D smarthome(smartcare) ...)
NOT-FOR-US: SmartHome Android app
CVE-2021-26637 (There is no account authentication and permission check logic in the f ...)
@@ -161676,8 +161707,7 @@ CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvnccli
NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
CVE-2020-14395
RESERVED
-CVE-2020-14394 [infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c]
- RESERVED
+CVE-2020-14394 (An infinite loop flaw was found in the USB xHCI controller emulation o ...)
- qemu <unfixed> (bug #979677)
[bullseye] - qemu <postponed> (Minor issue)
[buster] - qemu <postponed> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6899bb47dc7aeea65e6c3f33ac9a91210b6a0781
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6899bb47dc7aeea65e6c3f33ac9a91210b6a0781
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220818/888dfb8a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list