[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 1 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83d83cd4 by security tracker role at 2022-07-01T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-34893
+ RESERVED
+CVE-2022-34892
+ RESERVED
+CVE-2022-34891
+ RESERVED
+CVE-2022-34890
+ RESERVED
+CVE-2022-34889
+ RESERVED
+CVE-2022-34888
+ RESERVED
+CVE-2022-34887
+ RESERVED
+CVE-2022-34886
+ RESERVED
+CVE-2022-34885
+ RESERVED
+CVE-2022-34884
+ RESERVED
+CVE-2022-34883
+ RESERVED
+CVE-2022-34882
+ RESERVED
+CVE-2022-34881
+ RESERVED
+CVE-2022-34880
+ RESERVED
+CVE-2022-34879
+ RESERVED
+CVE-2022-34878
+ RESERVED
+CVE-2022-34877
+ RESERVED
+CVE-2022-34876
+ RESERVED
CVE-2022-XXXX [vulnerable to status injection]
- gnupg2 2.2.35-3 (bug #1014157)
NOTE: https://dev.gnupg.org/T6027
@@ -150,8 +186,8 @@ CVE-2022-2259
RESERVED
CVE-2022-2258
RESERVED
-CVE-2022-2257
- RESERVED
+CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
+ TODO: check
CVE-2022-2256
RESERVED
CVE-2022-2255
@@ -1193,8 +1229,8 @@ CVE-2022-34464
RESERVED
CVE-2022-2198
RESERVED
-CVE-2022-2197
- RESERVED
+CVE-2022-2197 (By using a specific credential string, an attacker with network access ...)
+ TODO: check
CVE-2022-2196
RESERVED
CVE-2022-2195
@@ -3973,16 +4009,16 @@ CVE-2022-2084
RESERVED
CVE-2022-2083
RESERVED
-CVE-2022-33329
- RESERVED
-CVE-2022-33328
- RESERVED
-CVE-2022-33327
- RESERVED
-CVE-2022-33326
- RESERVED
-CVE-2022-33325
- RESERVED
+CVE-2022-33329 (Multiple command injection vulnerabilities exist in the web_server aja ...)
+ TODO: check
+CVE-2022-33328 (Multiple command injection vulnerabilities exist in the web_server aja ...)
+ TODO: check
+CVE-2022-33327 (Multiple command injection vulnerabilities exist in the web_server aja ...)
+ TODO: check
+CVE-2022-33326 (Multiple command injection vulnerabilities exist in the web_server aja ...)
+ TODO: check
+CVE-2022-33325 (Multiple command injection vulnerabilities exist in the web_server aja ...)
+ TODO: check
CVE-2022-33324
RESERVED
CVE-2022-33323
@@ -4003,12 +4039,12 @@ CVE-2022-33316
RESERVED
CVE-2022-33315
RESERVED
-CVE-2022-33314
- RESERVED
-CVE-2022-33313
- RESERVED
-CVE-2022-33312
- RESERVED
+CVE-2022-33314 (Multiple command injection vulnerabilities exist in the web_server act ...)
+ TODO: check
+CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_server act ...)
+ TODO: check
+CVE-2022-33312 (Multiple command injection vulnerabilities exist in the web_server act ...)
+ TODO: check
CVE-2022-33309
RESERVED
CVE-2022-33308
@@ -4211,10 +4247,10 @@ CVE-2022-33210
RESERVED
CVE-2022-33146 (Open redirect vulnerability in web2py versions prior to 2.22.5 allows ...)
- web2py <removed>
-CVE-2022-32585
- RESERVED
-CVE-2022-28127
- RESERVED
+CVE-2022-32585 (A command execution vulnerability exists in the clish art2 functionali ...)
+ TODO: check
+CVE-2022-28127 (A data removal vulnerability exists in the web_server /action/remove/ ...)
+ TODO: check
CVE-2022-2082
RESERVED
CVE-2022-2081
@@ -4464,18 +4500,18 @@ CVE-2022-33089
RESERVED
CVE-2022-33088
RESERVED
-CVE-2022-33087
- RESERVED
+CVE-2022-33087 (A stack overflow in the function DM_ In fillobjbystr() of TP-Link Arch ...)
+ TODO: check
CVE-2022-33086
RESERVED
-CVE-2022-33085
- RESERVED
+CVE-2022-33085 (ESPCMS P8 was discovered to contain an authenticated remote code execu ...)
+ TODO: check
CVE-2022-33084
RESERVED
CVE-2022-33083
RESERVED
-CVE-2022-33082
- RESERVED
+CVE-2022-33082 (An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10 ...)
+ TODO: check
CVE-2022-33081
RESERVED
CVE-2022-33080
@@ -4681,8 +4717,8 @@ CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30
NOTE: NOTE: Crash in GUI application, no security impact
CVE-2022-32989
RESERVED
-CVE-2022-32988
- RESERVED
+CVE-2022-32988 (Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1. ...)
+ TODO: check
CVE-2022-32987 (Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=man ...)
NOT-FOR-US: Simple Bakery Shop Management System
CVE-2022-32986
@@ -6383,8 +6419,8 @@ CVE-2022-32298
RESERVED
CVE-2022-32297
RESERVED
-CVE-2022-32295
- RESERVED
+CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra re ...)
+ TODO: check
CVE-2022-32294
RESERVED
CVE-2022-32293
@@ -9744,8 +9780,8 @@ CVE-2022-31117
RESERVED
CVE-2022-31116
RESERVED
-CVE-2022-31115
- RESERVED
+CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of elasticsear ...)
+ TODO: check
CVE-2022-31114
RESERVED
CVE-2022-31113
@@ -19337,8 +19373,8 @@ CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversa
NOT-FOR-US: Mendelson OFTP2
CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can result i ...)
NOT-FOR-US: ControlUp Real-Time Agent
-CVE-2022-27904
- RESERVED
+CVE-2022-27904 (The Automox Agent installation package before 37 on macOS allows an un ...)
+ TODO: check
CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...)
NOT-FOR-US: EVE-NG Professional
CVE-2022-27902
@@ -32233,8 +32269,8 @@ CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs.
NOT-FOR-US: LG
CVE-2022-23726
RESERVED
-CVE-2022-23725
- RESERVED
+CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set permissions on ...)
+ TODO: check
CVE-2022-23724 (Use of static encryption key material allows forging an authentication ...)
NOT-FOR-US: pingidentity
CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...)
@@ -32243,14 +32279,14 @@ CVE-2022-23722 (When a password reset mechanism is configured to use the Authent
NOT-FOR-US: pingidentity
CVE-2022-23721
RESERVED
-CVE-2022-23720
- RESERVED
-CVE-2022-23719
- RESERVED
-CVE-2022-23718
- RESERVED
-CVE-2022-23717
- RESERVED
+CVE-2022-23720 (PingID Windows Login prior to 2.8 does not alert or halt operation if ...)
+ TODO: check
+CVE-2022-23719 (PingID Windows Login prior to 2.8 does not authenticate communication ...)
+ TODO: check
+CVE-2022-23718 (PingID Windows Login prior to 2.8 uses known vulnerable components tha ...)
+ TODO: check
+CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of service ...)
+ TODO: check
CVE-2022-23716
RESERVED
CVE-2022-23715
@@ -53356,8 +53392,8 @@ CVE-2021-41997
RESERVED
CVE-2021-41996
RESERVED
-CVE-2021-41995
- RESERVED
+CVE-2021-41995 (A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerab ...)
+ TODO: check
CVE-2021-41994 (A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerabl ...)
NOT-FOR-US: pingidentity
CVE-2021-41993 (A misconfiguration of RSA in PingID Android app prior to 1.19 is vulne ...)
@@ -77266,8 +77302,8 @@ CVE-2021-32430
RESERVED
CVE-2021-32429
RESERVED
-CVE-2021-32428
- RESERVED
+CVE-2021-32428 (SQL Injection vulnerability in viaviwebtech Android EBook App (Books A ...)
+ TODO: check
CVE-2021-32427
RESERVED
CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...)
@@ -433408,7 +433444,7 @@ CVE-2013-7255 (Open redirect vulnerability in Opsview before 4.4.2 allows remote
CVE-2013-7254 (Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allow ...)
NOT-FOR-US: Ops View
CVE-2013-7253
- RESERVED
+ REJECTED
CVE-2013-7252 (kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ...)
- kde-runtime 4:4.12.2-1
[wheezy] - kde-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
@@ -435485,8 +435521,7 @@ CVE-2014-0159 (Buffer overflow in the GetStatistics64 remote procedure call (RPC
CVE-2014-0157 (Cross-site scripting (XSS) vulnerability in the Horizon Orchestration ...)
- horizon 2013.2.3-1 (bug #744019)
[wheezy] - horizon <not-affected> (Vulnerable code not present)
-CVE-2014-0156
- RESERVED
+CVE-2014-0156 (Awesome spawn contains OS command injection vulnerability, which allow ...)
NOT-FOR-US: ManageIQ / AwesomeSpawn module
CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel t ...)
- linux 3.14.4-1 (low)
@@ -435824,8 +435859,7 @@ CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kern
- linux-2.6 <not-affected> (Only affects 2.6.38 and later)
NOTE: http://article.gmane.org/gmane.linux.kernel.cifs/9401
NOTE: upstream fix 5d81de8e8667da7135d3a32a964087c0faf5483f included in v3.14-rc4
-CVE-2014-0068
- RESERVED
+CVE-2014-0068 (It was reported that watchman in openshift node-utils creates /var/run ...)
NOT-FOR-US: OpenShift
CVE-2014-0067 (The "make check" command for the test suites in PostgreSQL 9.3.3 and e ...)
{DSA-2865-1 DSA-2864-1 DLA-0019-1}
@@ -437129,7 +437163,7 @@ CVE-2013-6500
CVE-2013-6499
REJECTED
CVE-2013-6498
- RESERVED
+ REJECTED
CVE-2013-6497 (clamscan in ClamAV before 0.98.5, when using -a option, allows remote ...)
{DLA-95-1}
- clamav 0.98.5+dfsg-1
@@ -437230,7 +437264,7 @@ CVE-2013-6472 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58699
CVE-2013-6471
- RESERVED
+ REJECTED
CVE-2013-6470 (The default configuration in the standalone controller quickstack mani ...)
NOT-FOR-US: openstack foreman-installer
CVE-2013-6469 (JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remo ...)
@@ -437247,7 +437281,7 @@ CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a de
CVE-2013-6465 (Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbe ...)
NOT-FOR-US: JBPM KIE Workbench
CVE-2013-6464
- RESERVED
+ REJECTED
CVE-2013-6463
REJECTED
CVE-2013-6462 (Stack-based buffer overflow in the bdfReadCharacters function in bitma ...)
@@ -437412,7 +437446,7 @@ CVE-2013-6424 (Integer underflow in the xTrapezoidValid macro in render/picture.
NOTE: in pixman: http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c
NOTE: Mark the first post-wheezy xorg-server as a pseudo fixed version
CVE-2013-6423
- RESERVED
+ REJECTED
CVE-2013-6422 (The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling di ...)
{DSA-2824-1}
- curl 7.34.0-1
@@ -437557,7 +437591,7 @@ CVE-2013-6391 (The ec2tokens API in OpenStack Identity (Keystone) before Havana
[wheezy] - keystone <not-affected> (vulnerable code not present)
NOTE: https://launchpad.net/bugs/1242597
CVE-2013-6390
- RESERVED
+ REJECTED
CVE-2013-6389 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...)
{DSA-2804-1}
- drupal7 7.24-1
@@ -439250,7 +439284,7 @@ CVE-2013-5685
CVE-2013-5684
RESERVED
CVE-2013-5683
- RESERVED
+ REJECTED
CVE-2013-5682
RESERVED
CVE-2013-5681
@@ -441875,9 +441909,9 @@ CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in vir
- linux-2.6 <removed>
[wheezy] - linux 3.2.54-1
CVE-2013-4586
- RESERVED
+ REJECTED
CVE-2013-4585
- RESERVED
+ REJECTED
CVE-2013-4584 (Perdition before 2.2 may have weak security when handling outbound con ...)
- perdition 2.1-1 (low; bug #729028)
[wheezy] - perdition <no-dsa> (Minor issue)
@@ -441954,8 +441988,7 @@ CVE-2013-4563 (The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the L
CVE-2013-4562 (The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store t ...)
- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
NOTE: https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7
-CVE-2013-4561
- RESERVED
+CVE-2013-4561 (In a openshift node, there is a cron job to update mcollective facts t ...)
NOT-FOR-US: OpenShift
CVE-2013-4560 (Use-after-free vulnerability in lighttpd before 1.4.33 allows remote a ...)
{DSA-2795-1}
@@ -442227,7 +442260,7 @@ CVE-2013-4508 (lighttpd before 1.4.34, when SNI is enabled, configures weak SSL
CVE-2013-4507 (Cross-site scripting (XSS) vulnerability in CollectiveAccess Providenc ...)
NOT-FOR-US: CollectiveAccess
CVE-2013-4506
- RESERVED
+ REJECTED
CVE-2013-4505 (The is_this_legal function in mod_dontdothat for Apache Subversion 1.4 ...)
- subversion 1.7.14-1 (bug #730541; unimportant)
NOTE: Not built in the binary packages
@@ -442267,7 +442300,7 @@ CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_l
- xen 4.4.0-1
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4493
- RESERVED
+ REJECTED
CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n ...)
{DSA-2830-1}
- ruby-i18n 0.6.9-1
@@ -442374,7 +442407,7 @@ CVE-2013-4466 (Buffer overflow in the dane_query_tlsa function in the DANE libra
CVE-2013-4465 (Unrestricted file upload vulnerability in the avatar upload functional ...)
NOT-FOR-US: Simple Machines Forum
CVE-2013-4464
- RESERVED
+ REJECTED
CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...)
- nova 2013.2-3 (low; bug #728605)
[wheezy] - nova <no-dsa> (Minor issue)
@@ -442399,7 +442432,7 @@ CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in sysdep
CVE-2013-4457 (The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent ...)
NOT-FOR-US: Cocaine rubygem
CVE-2013-4456
- RESERVED
+ REJECTED
CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions for /e ...)
NOT-FOR-US: Katello
CVE-2013-4454 (WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypas ...)
@@ -442871,7 +442904,7 @@ CVE-2013-4324 (spice-gtk 0.14, and possibly other versions, invokes the polkit a
- spice-gtk 0.21-0nocelt1 (low)
[wheezy] - spice-gtk <no-dsa> (Minor issue)
CVE-2013-4323
- RESERVED
+ REJECTED
CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...)
{DSA-3530-1 DSA-2897-1 DLA-91-1}
- tomcat6 6.0.39
@@ -443112,7 +443145,7 @@ CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in th
CVE-2013-4253
RESERVED
CVE-2013-4252
- RESERVED
+ REJECTED
CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temp ...)
{DLA-26-1}
- python-scipy 0.12.0-3 (bug #726093)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d83cd49bd08d7653aea80fc85302912e86fb7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d83cd49bd08d7653aea80fc85302912e86fb7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/6e4c1101/attachment.htm>
More information about the debian-security-tracker-commits
mailing list