[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 5 21:10:33 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8a24788 by security tracker role at 2022-07-05T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,59 @@
+CVE-2022-35230
+ RESERVED
+CVE-2022-35229
+ RESERVED
+CVE-2022-35228
+ RESERVED
+CVE-2022-35227
+ RESERVED
+CVE-2022-35226
+ RESERVED
+CVE-2022-35225
+ RESERVED
+CVE-2022-35224
+ RESERVED
+CVE-2022-35223
+ RESERVED
+CVE-2022-35222
+ RESERVED
+CVE-2022-35221
+ RESERVED
+CVE-2022-35220
+ RESERVED
+CVE-2022-35219
+ RESERVED
+CVE-2022-35218
+ RESERVED
+CVE-2022-35217
+ RESERVED
+CVE-2022-35216
+ RESERVED
+CVE-2022-2320
+ RESERVED
+CVE-2022-2319
+ RESERVED
+CVE-2022-2317
+ RESERVED
+CVE-2022-2316
+ RESERVED
+CVE-2022-2315
+ RESERVED
+CVE-2022-2314
+ RESERVED
+CVE-2022-2313
+ RESERVED
+CVE-2022-2312
+ RESERVED
+CVE-2022-2311
+ RESERVED
+CVE-2022-2310
+ RESERVED
+CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2022-2308
+ RESERVED
CVE-2022-2318 [linux:rose uaf]
+ RESERVED
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/07/03/2
NOTE: https://git.kernel.org/linus/9cc02ede696272c5271a401e4f27c262359bc2f6 (5.19-rc5)
@@ -606,12 +661,12 @@ CVE-2022-34917
RESERVED
CVE-2022-34916
RESERVED
-CVE-2022-2306
- RESERVED
+CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...)
+ TODO: check
CVE-2022-2305
RESERVED
-CVE-2022-2304
- RESERVED
+CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
+ TODO: check
CVE-2022-2303
RESERVED
CVE-2022-2302
@@ -800,14 +855,14 @@ CVE-2022-34881
RESERVED
CVE-2022-34880
RESERVED
-CVE-2022-34879
- RESERVED
-CVE-2022-34878
- RESERVED
-CVE-2022-34877
- RESERVED
-CVE-2022-34876
- RESERVED
+CVE-2022-34879 (Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time ...)
+ TODO: check
+CVE-2022-34878 (SQL Injection vulnerability in User Stats interface (/vicidial/user_st ...)
+ TODO: check
+CVE-2022-34877 (SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicid ...)
+ TODO: check
+CVE-2022-34876 (SQL Injection vulnerability in admin interface (/vicidial/admin.php) o ...)
+ TODO: check
CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker possesses ...)
{DSA-5174-1}
- gnupg2 2.2.35-3 (bug #1014157)
@@ -1828,7 +1883,7 @@ CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
NOTE: Crash in CLI tool, no security impact
CVE-2022-2209
RESERVED
-CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
+CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.516 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1
NOTE: https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (v8.2.5163)
@@ -3907,8 +3962,7 @@ CVE-2022-33760
RESERVED
CVE-2022-33759
RESERVED
-CVE-2022-2097
- RESERVED
+CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ...)
- openssl <unfixed>
NOTE: https://www.openssl.org/news/secadv/20220705.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93 (openssl-3.0.5)
@@ -3957,36 +4011,31 @@ CVE-2022-33746
RESERVED
CVE-2022-33745
RESERVED
-CVE-2022-33744
- RESERVED
+CVE-2022-33744 (Arm guests can cause Dom0 DoS via PV devices When mapping pages of gue ...)
- linux <unfixed>
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-406.html
-CVE-2022-33743
- RESERVED
+CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While addin ...)
- linux <unfixed>
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-405.html
-CVE-2022-33742
- RESERVED
+CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- linux <unfixed>
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
-CVE-2022-33741
- RESERVED
+CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- linux <unfixed>
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
-CVE-2022-33740
- RESERVED
+CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- linux <unfixed>
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
@@ -5355,8 +5404,8 @@ CVE-2022-33077
RESERVED
CVE-2022-33076
RESERVED
-CVE-2022-33075
- RESERVED
+CVE-2022-33075 (A stored cross-site scripting (XSS) vulnerability in the Add Classific ...)
+ TODO: check
CVE-2022-33074
RESERVED
CVE-2022-33073
@@ -8514,8 +8563,8 @@ CVE-2022-31838
RESERVED
CVE-2022-31837
RESERVED
-CVE-2022-31836
- RESERVED
+CVE-2022-31836 (The leafInfo.match() function in Beego v2.0.3 and below uses path.join ...)
+ TODO: check
CVE-2022-31835
RESERVED
CVE-2022-31834
@@ -8760,8 +8809,8 @@ CVE-2022-31772
RESERVED
CVE-2022-31771
RESERVED
-CVE-2022-31770
- RESERVED
+CVE-2022-31770 (IBM App Connect Enterprise Certified Container 4.2 could allow a user ...)
+ TODO: check
CVE-2022-31769 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow ...)
NOT-FOR-US: IBM
CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
@@ -10655,10 +10704,10 @@ CVE-2022-31119
RESERVED
CVE-2022-31118
RESERVED
-CVE-2022-31117
- RESERVED
-CVE-2022-31116
- RESERVED
+CVE-2022-31117 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
+ TODO: check
+CVE-2022-31116 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
+ TODO: check
CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of elasticsear ...)
TODO: check
CVE-2022-31114
@@ -10727,22 +10776,27 @@ CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers o
CVE-2022-31089 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Node parse-server
CVE-2022-31088 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ {DSA-5177-1}
- ldap-account-manager 8.0.1-1
NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4
NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0)
CVE-2022-31087 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ {DSA-5177-1}
- ldap-account-manager 8.0.1-1
NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p
NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0)
CVE-2022-31086 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ {DSA-5177-1}
- ldap-account-manager 8.0.1-1
NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q9pc-x84w-982x
NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0)
CVE-2022-31085 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ {DSA-5177-1}
- ldap-account-manager 8.0.1-1
NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j
NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0)
CVE-2022-31084 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
+ {DSA-5177-1}
- ldap-account-manager 8.0.1-1
NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw
NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0)
@@ -10925,8 +10979,8 @@ CVE-2022-31015 (Waitress is a Web Server Gateway Interface server for Python 2 a
NOTE: https://github.com/Pylons/waitress/issues/374
NOTE: https://github.com/Pylons/waitress/pull/377
TODO: double check, the problem seems to be introduced in version 2.1.0 only
-CVE-2022-31014
- RESERVED
+CVE-2022-31014 (Nextcloud server is an open source personal cloud server. Affected ver ...)
+ TODO: check
CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source messaging ...)
NOT-FOR-US: chat server for Vartalap
CVE-2022-31012
@@ -13014,7 +13068,7 @@ CVE-2022-30332
RESERVED
CVE-2022-30331
RESERVED
-CVE-2022-30330 (In the KeepKey firmware before 7.3.2, the bootloader can be exploited ...)
+CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...)
NOT-FOR-US: KeepKey firmware
CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. A ...)
NOT-FOR-US: TRENDnet
@@ -13178,10 +13232,10 @@ CVE-2022-30292 (Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due
NOTE: https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d
CVE-2022-30291
RESERVED
-CVE-2022-30290
- RESERVED
-CVE-2022-30289
- RESERVED
+CVE-2022-30290 (In OpenCTI through 5.2.4, a broken access control vulnerability has be ...)
+ TODO: check
+CVE-2022-30289 (A stored Cross-site Scripting (XSS) vulnerability was identified in th ...)
+ TODO: check
CVE-2022-30288 (** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL fragment spr ...)
NOT-FOR-US: Ruby gem agoo
CVE-2022-30287
@@ -24613,8 +24667,7 @@ CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper au
NOT-FOR-US: WordPress plugin
CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-26365
- RESERVED
+CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
- linux <unfixed>
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
@@ -28927,6 +28980,7 @@ CVE-2022-24853 (Metabase is an open source business intelligence and analytics a
CVE-2022-24852
RESERVED
CVE-2022-24851 (LDAP Account Manager (LAM) is an open source web frontend for managing ...)
+ {DSA-5177-1}
- ldap-account-manager 7.9.1-1
[stretch] - ldap-account-manager <no-dsa> (Minor issue)
NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v
@@ -42589,8 +42643,8 @@ CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boun
NOTE: Crash in CLI tool, negligible security impact
CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...)
NOT-FOR-US: Open-AudIT
-CVE-2021-44915
- RESERVED
+CVE-2021-44915 (Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerabi ...)
+ TODO: check
CVE-2021-44914
RESERVED
CVE-2021-44913
@@ -47533,8 +47587,8 @@ CVE-2021-43704
RESERVED
CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...)
NOT-FOR-US: zzcms
-CVE-2021-43702
- RESERVED
+CVE-2021-43702 (ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting ( ...)
+ TODO: check
CVE-2021-43701 (CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnera ...)
NOT-FOR-US: CSZ CMS
CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...)
@@ -50189,8 +50243,8 @@ CVE-2021-43118 (A Remote Command Injection vulnerability exists in DrayTek Vigor
NOT-FOR-US: DrayTek Vigor2960 devices
CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...)
NOT-FOR-US: fastadmin
-CVE-2021-43116
- RESERVED
+CVE-2021-43116 (An Access Control vulnerability exists in Nacos 2.0.3 in the access pr ...)
+ TODO: check
CVE-2021-43115
RESERVED
CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...)
@@ -124753,7 +124807,7 @@ CVE-2020-26734
RESERVED
CVE-2020-26733 (Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF H ...)
NOT-FOR-US: SKYWORTH GN542VF Hardware
-CVE-2020-26732 (Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for ...)
+CVE-2020-26732 (SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for ...)
NOT-FOR-US: Skyworth GN542VF Boa
CVE-2020-26731
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8a2478804ff179dded45861c33bd135d87bc1d9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8a2478804ff179dded45861c33bd135d87bc1d9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220705/cb4ab426/attachment.htm>
More information about the debian-security-tracker-commits
mailing list