[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 31 09:10:31 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4002b5de by security tracker role at 2022-08-31T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-39048
+ RESERVED
+CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...)
+ TODO: check
+CVE-2022-3067
+ RESERVED
+CVE-2022-3066
+ RESERVED
CVE-2022-3065
RESERVED
CVE-2022-3064
@@ -73,70 +81,91 @@ CVE-2022-3060
CVE-2022-3059
RESERVED
CVE-2022-3058
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3057
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3056
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3055
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3054
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3053
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3052
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3051
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3050
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3049
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3048
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3047
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3046
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3045
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3044
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3043
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3042
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3041
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3040
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3039
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3038
+ RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3037
- RESERVED
+CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0321. ...)
+ TODO: check
CVE-2022-3036
RESERVED
CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
@@ -1872,7 +1901,7 @@ CVE-2022-2877
RESERVED
CVE-2022-2876 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester
-CVE-2022-39047 [freeciv modpack installer buffer overflow]
+CVE-2022-39047 (Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vu ...)
- freeciv <unfixed> (bug #1017579)
[bullseye] - freeciv <no-dsa> (Minor issue)
[buster] - freeciv <no-dsa> (Minor issue)
@@ -5113,10 +5142,10 @@ CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer o
NOT-FOR-US: Tenda
CVE-2022-37174
RESERVED
-CVE-2022-37173
- RESERVED
-CVE-2022-37172
- RESERVED
+CVE-2022-37173 (An issue in the installer of gvim 9.0.0000 allows authenticated attack ...)
+ TODO: check
+CVE-2022-37172 (Incorrect access control in the install directory (C:\msys64) of Msys2 ...)
+ TODO: check
CVE-2022-37171
RESERVED
CVE-2022-37170
@@ -6186,16 +6215,16 @@ CVE-2022-36751
RESERVED
CVE-2022-36750 (Clinic's Patient Management System v1.0 is vulnerable to SQL injection ...)
NOT-FOR-US: Clinic's Patient Management System
-CVE-2022-36749
- RESERVED
-CVE-2022-36748
- RESERVED
-CVE-2022-36747
- RESERVED
-CVE-2022-36746
- RESERVED
-CVE-2022-36745
- RESERVED
+CVE-2022-36749 (RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2022-36748 (PicUploader v2.6.3 was discovered to contain a cross-site scripting (X ...)
+ TODO: check
+CVE-2022-36747 (Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vu ...)
+ TODO: check
+CVE-2022-36746 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
+CVE-2022-36745 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
CVE-2022-36744
RESERVED
CVE-2022-36743
@@ -6214,18 +6243,18 @@ CVE-2022-36737
RESERVED
CVE-2022-36736
RESERVED
-CVE-2022-36735
- RESERVED
-CVE-2022-36734
- RESERVED
-CVE-2022-36733
- RESERVED
-CVE-2022-36732
- RESERVED
-CVE-2022-36731
- RESERVED
-CVE-2022-36730
- RESERVED
+CVE-2022-36735 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36734 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36733 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36732 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36731 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-36730 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-36729 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Library Management System
CVE-2022-36728 (Library Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -6370,8 +6399,8 @@ CVE-2022-36659
RESERVED
CVE-2022-36658
RESERVED
-CVE-2022-36657
- RESERVED
+CVE-2022-36657 (Library Management System v1.0 was discovered to contain a cross-site ...)
+ TODO: check
CVE-2022-36656
RESERVED
CVE-2022-36655
@@ -6554,16 +6583,16 @@ CVE-2022-36567
RESERVED
CVE-2022-36566
RESERVED
-CVE-2022-36565
- RESERVED
-CVE-2022-36564
- RESERVED
-CVE-2022-36563
- RESERVED
-CVE-2022-36562
- RESERVED
-CVE-2022-36561
- RESERVED
+CVE-2022-36565 (Incorrect access control in the install directory (C:\Wamp64) of Wamp ...)
+ TODO: check
+CVE-2022-36564 (Incorrect access control in the install directory (C:\Strawberry) of S ...)
+ TODO: check
+CVE-2022-36563 (Incorrect access control in the install directory (C:\RailsInstaller) ...)
+ TODO: check
+CVE-2022-36562 (Incorrect access control in the install directory (C:\Ruby31-x64) of R ...)
+ TODO: check
+CVE-2022-36561 (XPDF v4.0.4 was discovered to contain a segmentation violation via the ...)
+ TODO: check
CVE-2022-36560 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...)
NOT-FOR-US: Seiko SkyBridge MB-A200
CVE-2022-36559 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...)
@@ -12388,10 +12417,10 @@ CVE-2022-34377
RESERVED
CVE-2022-34376
RESERVED
-CVE-2022-34375
- RESERVED
-CVE-2022-34374
- RESERVED
+CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal vulnerabi ...)
+ TODO: check
+CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command injection in ...)
+ TODO: check
CVE-2022-34373
RESERVED
CVE-2022-34372
@@ -12402,8 +12431,8 @@ CVE-2022-34370
RESERVED
CVE-2022-34369
RESERVED
-CVE-2022-34368
- RESERVED
+CVE-2022-34368 (Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0. ...)
+ TODO: check
CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5 ...)
NOT-FOR-US: Dell
CVE-2022-34366
@@ -13720,8 +13749,8 @@ CVE-2022-33937
RESERVED
CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerab ...)
NOT-FOR-US: EMC
-CVE-2022-33935
- RESERVED
+CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a ...)
+ TODO: check
CVE-2022-33934
RESERVED
CVE-2022-33933
@@ -20809,8 +20838,8 @@ CVE-2022-31234 (Dell EMC PowerStore, contain(s) an Improper Restriction of Exces
NOT-FOR-US: Dell
CVE-2022-31233
RESERVED
-CVE-2022-31232
- RESERVED
+CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a Command-Injectio ...)
+ TODO: check
CVE-2022-31231
RESERVED
CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky c ...)
@@ -31699,14 +31728,14 @@ CVE-2022-27565
RESERVED
CVE-2022-27564
RESERVED
-CVE-2022-27563
- RESERVED
+CVE-2022-27563 (An unauthenticated user can overload a part of HCL VersionVault Expres ...)
+ TODO: check
CVE-2022-27562
RESERVED
CVE-2022-27561
RESERVED
-CVE-2022-27560
- RESERVED
+CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials. ...)
+ TODO: check
CVE-2022-27559
RESERVED
CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks vulnera ...)
@@ -36807,7 +36836,7 @@ CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monit
CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...)
- dolibarr <removed>
CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows ...)
- {DLA-3045-1}
+ {DLA-3089-1 DLA-3045-1}
- php-horde-mime-viewer 2.2.4+debian0-1
NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/
NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28
@@ -39555,42 +39584,42 @@ CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to
NOT-FOR-US: Combodi
CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference]
RESERVED
- {DSA-5209-1}
+ {DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference]
RESERVED
- {DSA-5209-1}
+ {DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference]
RESERVED
- {DSA-5209-1}
+ {DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access]
RESERVED
- {DSA-5209-1}
+ {DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously]
RESERVED
- {DSA-5209-1}
+ {DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1)
CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access]
RESERVED
- {DSA-5209-1}
+ {DSA-5209-1 DLA-3088-1}
- net-snmp 5.9.3+dfsg-1 (bug #1016139)
NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3)
NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1)
@@ -96010,8 +96039,8 @@ CVE-2021-29866
RESERVED
CVE-2021-29865 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...)
NOT-FOR-US: IBM
-CVE-2021-29864
- RESERVED
+CVE-2021-29864 (IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attac ...)
+ TODO: check
CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...)
NOT-FOR-US: IBM
CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4002b5de0fddadec6735d37afd3fd6ad447ba1b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4002b5de0fddadec6735d37afd3fd6ad447ba1b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220831/799f55aa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list