[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 24 09:10:32 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d7e26f1 by security tracker role at 2022-08-24T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2022-38730
+	RESERVED
+CVE-2022-38729
+	RESERVED
+CVE-2022-38728
+	RESERVED
+CVE-2022-38727
+	RESERVED
+CVE-2022-38726
+	RESERVED
+CVE-2022-38725
+	RESERVED
+CVE-2022-38724
+	RESERVED
+CVE-2022-38723
+	RESERVED
+CVE-2022-38722
+	RESERVED
+CVE-2022-38721
+	RESERVED
+CVE-2022-38720
+	RESERVED
+CVE-2022-38719
+	RESERVED
+CVE-2022-38718
+	RESERVED
+CVE-2022-38717
+	RESERVED
+CVE-2022-2977
+	RESERVED
+CVE-2022-2976
+	RESERVED
+CVE-2022-2975
+	RESERVED
+CVE-2022-2974
+	RESERVED
+CVE-2020-36601
+	RESERVED
+CVE-2020-36600
+	RESERVED
 CVE-2022-38714
 	RESERVED
 CVE-2022-38713
@@ -218,8 +258,7 @@ CVE-2022-2940
 	RESERVED
 CVE-2022-2939
 	RESERVED
-CVE-2022-2938
-	RESERVED
+CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure Stal ...)
 	- linux 5.16.7-1
 	[bullseye] - linux 5.10.103-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -721,8 +760,8 @@ CVE-2022-2900
 	RESERVED
 CVE-2022-38464
 	RESERVED
-CVE-2022-38463
-	RESERVED
+CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS ...)
+	TODO: check
 CVE-2022-38462
 	RESERVED
 CVE-2022-38450
@@ -1749,8 +1788,8 @@ CVE-2022-38145
 	RESERVED
 CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...)
 	NOT-FOR-US: JetBrains TeamCity
-CVE-2022-38132
-	RESERVED
+CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...)
+	TODO: check
 CVE-2022-38131
 	RESERVED
 CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
@@ -3418,8 +3457,8 @@ CVE-2022-37420
 	RESERVED
 CVE-2022-37419
 	RESERVED
-CVE-2022-37418
-	RESERVED
+CVE-2022-37418 (The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia,  ...)
+	TODO: check
 CVE-2022-37417
 	RESERVED
 CVE-2022-37416 (Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory  ...)
@@ -3748,8 +3787,8 @@ CVE-2022-37307
 	RESERVED
 CVE-2022-37306
 	RESERVED
-CVE-2022-37305
-	RESERVED
+CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicle ...)
+	TODO: check
 CVE-2022-36426
 	RESERVED
 CVE-2022-36397
@@ -4759,8 +4798,8 @@ CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux ker
 	- linux 5.18.16-1
 	NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
 	NOTE: Fixed by: https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
-CVE-2022-36945
-	RESERVED
+CVE-2022-36945 (The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicle ...)
+	TODO: check
 CVE-2022-36944
 	RESERVED
 CVE-2022-36797
@@ -18359,8 +18398,7 @@ CVE-2022-31678
 	RESERVED
 CVE-2022-31677
 	RESERVED
-CVE-2022-31676
-	RESERVED
+CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege es ...)
 	- open-vm-tools <unfixed> (bug #1018012)
 	NOTE: Fixed by: https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745 (stable-12.1.0)
 	NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2022-31676.patch/1205-Properly-check-authorization-on-incoming-guestOps-re.patch
@@ -35108,8 +35146,8 @@ CVE-2022-25906
 	RESERVED
 CVE-2022-25904
 	RESERVED
-CVE-2022-25903
-	RESERVED
+CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...)
+	TODO: check
 CVE-2022-25902
 	RESERVED
 CVE-2022-25901
@@ -35346,8 +35384,8 @@ CVE-2022-24377
 	RESERVED
 CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...)
 	NOT-FOR-US: Node git-promise
-CVE-2022-24375
-	RESERVED
+CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...)
+	TODO: check
 CVE-2022-24373
 	RESERVED
 CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...)
@@ -54822,8 +54860,7 @@ CVE-2021-3998 [Unexpected return value from realpath() for too long results]
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5
 	NOTE: introduced in 2.33 by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c6e0b0b5b0b7922cdf0dce2af671e0c7e500df95
-CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]
-	RESERVED
+CVE-2021-3997 (A flaw was found in systemd. An uncontrolled recursion in systemd-tmpf ...)
 	- systemd 250.2-1 (bug #1003467)
 	[bullseye] - systemd 247.3-7
 	[buster] - systemd <ignored> (Minor issue; not exploitable before upstream commit e535840)
@@ -54838,8 +54875,7 @@ CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]
 	NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
 CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...)
 	NOT-FOR-US: Wazuh
-CVE-2021-3996
-	RESERVED
+CVE-2021-3996 (A logic error was found in the libmount library of util-linux in the f ...)
 	{DSA-5055-1}
 	- util-linux 2.37.3-1
 	[buster] - util-linux <not-affected> (Vulnerable code introduced later)
@@ -54848,8 +54884,7 @@ CVE-2021-3996
 	NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b (v2.37.3)
 	NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
-CVE-2021-3995
-	RESERVED
+CVE-2021-3995 (A logic error was found in the libmount library of util-linux in the f ...)
 	{DSA-5055-1}
 	- util-linux 2.37.3-1
 	[buster] - util-linux <not-affected> (Vulnerable code introduced later)
@@ -55088,8 +55123,7 @@ CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate respon
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7
 CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	NOT-FOR-US: kimai2
-CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
-	RESERVED
+CVE-2021-3975 (A use-after-free flaw was found in libvirt. The qemuMonitorUnregister( ...)
 	- libvirt 7.6.0-1
 	[bullseye] - libvirt <no-dsa> (Minor issue)
 	[buster] - libvirt <no-dsa> (Minor issue)
@@ -59623,8 +59657,7 @@ CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain
 	- rpki-client 7.5-1
 	NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
 	NOTE: https://github.com/NLnetLabs/routinator/pull/665
-CVE-2021-3917
-	RESERVED
+CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the Ignition ...)
 	NOT-FOR-US: coreos-installer
 CVE-2021-43171
 	RESERVED
@@ -120702,9 +120735,9 @@ CVE-2020-35517 (A flaw was found in qemu. A host privilege escalation issue was
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/22/1
 CVE-2020-35516
-	RESERVED
+	REJECTED
 CVE-2020-35515
-	RESERVED
+	REJECTED
 CVE-2020-35514 (An insecure modification flaw in the /etc/kubernetes/kubeconfig file w ...)
 	NOT-FOR-US: OpenShift
 CVE-2020-35513 (A flaw incorrect umask during file or directory modification in the Li ...)
@@ -120721,8 +120754,8 @@ CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch <
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)
 	NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)
-CVE-2020-35511
-	RESERVED
+CVE-2020-35511 (A global buffer overflow was discovered in pngcheck function in pngche ...)
+	TODO: check
 CVE-2020-35510 (A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redha ...)
 	- libjboss-remoting-java <removed>
 CVE-2020-35509 (A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7e26f12a350e767c48466d1e6150baea0f4adc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7e26f12a350e767c48466d1e6150baea0f4adc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220824/532638e6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list