[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 6 21:10:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72997cd9 by security tracker role at 2022-07-06T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2022-35271
+ RESERVED
+CVE-2022-35270
+ RESERVED
+CVE-2022-35269
+ RESERVED
+CVE-2022-35268
+ RESERVED
+CVE-2022-35267
+ RESERVED
+CVE-2022-35266
+ RESERVED
+CVE-2022-35265
+ RESERVED
+CVE-2022-35264
+ RESERVED
+CVE-2022-35263
+ RESERVED
+CVE-2022-35262
+ RESERVED
+CVE-2022-35261
+ RESERVED
+CVE-2022-35260
+ RESERVED
+CVE-2022-35259
+ RESERVED
+CVE-2022-35258
+ RESERVED
+CVE-2022-35257
+ RESERVED
+CVE-2022-35256
+ RESERVED
+CVE-2022-35255
+ RESERVED
+CVE-2022-35254
+ RESERVED
+CVE-2022-35253
+ RESERVED
+CVE-2022-35252
+ RESERVED
+CVE-2022-35251
+ RESERVED
+CVE-2022-35250
+ RESERVED
+CVE-2022-35249
+ RESERVED
+CVE-2022-35248
+ RESERVED
+CVE-2022-35247
+ RESERVED
+CVE-2022-35246
+ RESERVED
+CVE-2022-34866
+ RESERVED
+CVE-2022-32765
+ RESERVED
+CVE-2022-2331
+ RESERVED
+CVE-2022-2330
+ RESERVED
+CVE-2022-2329
+ RESERVED
+CVE-2022-2328
+ RESERVED
+CVE-2022-2327
+ RESERVED
+CVE-2022-2326
+ RESERVED
CVE-2022-35234
RESERVED
CVE-2022-35233
@@ -16,12 +84,12 @@ CVE-2022-2323
RESERVED
CVE-2022-2322
RESERVED
-CVE-2022-2321 (Login Bruteforce attacks ...)
+CVE-2022-2321 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
NOT-FOR-US: Nakama
-CVE-2022-35230
- RESERVED
-CVE-2022-35229
- RESERVED
+CVE-2022-35230 (An authenticated user can create a link with reflected Javascript code ...)
+ TODO: check
+CVE-2022-35229 (An authenticated user can create a link with reflected Javascript code ...)
+ TODO: check
CVE-2022-35228
RESERVED
CVE-2022-35227
@@ -1676,14 +1744,14 @@ CVE-2022-34600
RESERVED
CVE-2022-34599
RESERVED
-CVE-2022-34598
- RESERVED
-CVE-2022-34597
- RESERVED
-CVE-2022-34596
- RESERVED
-CVE-2022-34595
- RESERVED
+CVE-2022-34598 (The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 por ...)
+ TODO: check
+CVE-2022-34597 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...)
+ TODO: check
+CVE-2022-34596 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injecti ...)
+ TODO: check
+CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injecti ...)
+ TODO: check
CVE-2022-34594
RESERVED
CVE-2022-34593
@@ -3322,8 +3390,8 @@ CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vuln
[bullseye] - linux 5.10.113-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1
NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5)
-CVE-2022-33980
- RESERVED
+CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, allowing ...)
+ TODO: check
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[stretch] - vim <postponed> (Minor issue)
@@ -4073,10 +4141,10 @@ CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33739 (CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing v ...)
NOT-FOR-US: CA Clarity
-CVE-2022-33738
- RESERVED
-CVE-2022-33737
- RESERVED
+CVE-2022-33738 (OpenVPN Access Server before 2.11 uses a weak random generator used to ...)
+ TODO: check
+CVE-2022-33737 (The OpenVPN Access Server installer creates a log file readable for ev ...)
+ TODO: check
CVE-2022-33736
RESERVED
CVE-2022-33202 (Authentication bypass vulnerability in the setup screen of L2Blocker(o ...)
@@ -6763,8 +6831,7 @@ CVE-2022-32535 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.
NOT-FOR-US: Bosch
CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and ...)
NOT-FOR-US: Bosch
-CVE-2022-32533
- RESERVED
+CVE-2022-32533 (** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficientl ...)
NOT-FOR-US: Apache Portals Jetspeed
CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...)
- shiro <unfixed>
@@ -7160,14 +7227,14 @@ CVE-2022-32388
RESERVED
CVE-2022-32387
RESERVED
-CVE-2022-32386
- RESERVED
-CVE-2022-32385
- RESERVED
+CVE-2022-32386 (Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow vi ...)
+ TODO: check
+CVE-2022-32385 (Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allo ...)
+ TODO: check
CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...)
NOT-FOR-US: Tenda
-CVE-2022-32383
- RESERVED
+CVE-2022-32383 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...)
+ TODO: check
CVE-2022-32382
RESERVED
CVE-2022-32381 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...)
@@ -7350,8 +7417,8 @@ CVE-2022-32292
RESERVED
CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...)
NOT-FOR-US: Real Player
-CVE-2022-32290
- RESERVED
+CVE-2022-32290 (The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorre ...)
+ TODO: check
CVE-2017-20040 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...)
NOT-FOR-US: SICUNET Access Controller
CVE-2017-20039 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...)
@@ -10707,22 +10774,22 @@ CVE-2022-31133
RESERVED
CVE-2022-31132
RESERVED
-CVE-2022-31131
- RESERVED
+CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...)
+ TODO: check
CVE-2022-31130
RESERVED
-CVE-2022-31129
- RESERVED
+CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, manipulat ...)
+ TODO: check
CVE-2022-31128
RESERVED
-CVE-2022-31127
- RESERVED
-CVE-2022-31126
- RESERVED
-CVE-2022-31125
- RESERVED
-CVE-2022-31124
- RESERVED
+CVE-2022-31127 (NextAuth.js is a complete open source authentication solution for Next ...)
+ TODO: check
+CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...)
+ TODO: check
+CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...)
+ TODO: check
+CVE-2022-31124 (openssh_key_parser is an open source Python package providing utilitie ...)
+ TODO: check
CVE-2022-31123
RESERVED
CVE-2022-31122
@@ -10755,8 +10822,8 @@ CVE-2022-31113 (Canarytokens is an open source tool which helps track activity a
NOT-FOR-US: thinkst/canarytokens
CVE-2022-31112 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Node parse-server
-CVE-2022-31111
- RESERVED
+CVE-2022-31111 (Frontier is Substrate's Ethereum compatibility layer. In affected vers ...)
+ TODO: check
CVE-2022-31110 (RSSHub is an open source, extensible RSS feed generator. In commits pr ...)
NOT-FOR-US: RSSHub
CVE-2022-31109
@@ -11533,8 +11600,8 @@ CVE-2022-30931 (Employee Leaves Management System (ELMS) V 2.1 is vulnerable to
NOT-FOR-US: Employee Leaves Management System (ELMS)
CVE-2022-30930 (Tourism Management System Version: V 3.2 is affected by: Cross Site Re ...)
NOT-FOR-US: Tourism Management System Version
-CVE-2022-30929
- RESERVED
+CVE-2022-30929 (Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed ...)
+ TODO: check
CVE-2022-30928
RESERVED
CVE-2022-30927 (A SQL injection vulnerability exists in Simple Task Scheduling System ...)
@@ -12177,8 +12244,8 @@ CVE-2022-30621
RESERVED
CVE-2022-30620
RESERVED
-CVE-2022-30619
- RESERVED
+CVE-2022-30619 (Editable SQL Queries behind Base64 encoding sending from the Client-Si ...)
+ TODO: check
CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...)
NOT-FOR-US: Strapi
CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...)
@@ -12309,8 +12376,8 @@ CVE-2022-30593
RESERVED
CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...)
NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC)
-CVE-2022-30591
- RESERVED
+CVE-2022-30591 (** DISPUTED ** quic-go through 0.27.0 allows remote attackers to cause ...)
+ TODO: check
CVE-2022-30590
RESERVED
CVE-2022-30589
@@ -14508,7 +14575,7 @@ CVE-2022-29860
RESERVED
CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for ...)
NOT-FOR-US: SDK for Ameba1
-CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 allows XSS. ...)
+CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 is vulnerable to imprope ...)
NOT-FOR-US: Silverstripe CMS
CVE-2022-29857
RESERVED
@@ -17295,8 +17362,8 @@ CVE-2022-28937 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue
NOT-FOR-US: FISCO-BCOS
CVE-2022-28936 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...)
NOT-FOR-US: FISCO-BCOS
-CVE-2022-28935
- RESERVED
+CVE-2022-28935 (Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20 ...)
+ TODO: check
CVE-2022-28934
RESERVED
CVE-2022-28933
@@ -24480,8 +24547,8 @@ CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some
NOT-FOR-US: Zyxel
CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...)
NOT-FOR-US: Zyxel
-CVE-2022-26348
- RESERVED
+CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via Windows Regis ...)
+ TODO: check
CVE-2022-26347
RESERVED
CVE-2022-26339
@@ -24490,8 +24557,8 @@ CVE-2022-26123
RESERVED
CVE-2022-26087
RESERVED
-CVE-2022-26078
- RESERVED
+CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service attack ...)
+ TODO: check
CVE-2022-26058
RESERVED
CVE-2022-26055
@@ -28239,20 +28306,20 @@ CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Pac
NOT-FOR-US: LibreNMS
CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...)
NOT-FOR-US: LibreNMS
-CVE-2021-46687
- RESERVED
+CVE-2021-46687 (JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable t ...)
+ TODO: check
CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...)
NOT-FOR-US: JFrog Artifactory
CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Con ...)
NOT-FOR-US: JFrog Artifactory
-CVE-2021-45721
- RESERVED
+CVE-2021-45721 (JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to ...)
+ TODO: check
CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...)
NOT-FOR-US: JFrog Artifactory
CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable t ...)
NOT-FOR-US: JFrog Artifactory
-CVE-2021-23163
- RESERVED
+CVE-2021-23163 (JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable t ...)
+ TODO: check
CVE-2022-25146 (The Remote App module in Liferay Portal through v7.4.3.8 and Liferay D ...)
NOT-FOR-US: Liferay
CVE-2022-25145
@@ -31348,14 +31415,14 @@ CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered
NOT-FOR-US: Tenda routers
CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
NOT-FOR-US: Tenda routers
-CVE-2022-24141
- RESERVED
-CVE-2022-24140
- RESERVED
-CVE-2022-24139
- RESERVED
-CVE-2022-24138
- RESERVED
+CVE-2022-24141 (The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to d ...)
+ TODO: check
+CVE-2022-24140 (IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, ...)
+ TODO: check
+CVE-2022-24139 (In IOBit Advanced System Care (AscService.exe) 15, an attacker with SE ...)
+ TODO: check
+CVE-2022-24138 (IOBit Advanced System Care (Asc.exe) 15 and Action Download Center bot ...)
+ TODO: check
CVE-2022-24137
RESERVED
CVE-2022-24136 (Hospital Management System v1.0 is affected by an unrestricted upload ...)
@@ -33324,10 +33391,10 @@ CVE-2022-23716
RESERVED
CVE-2022-23715
RESERVED
-CVE-2022-23714
- RESERVED
-CVE-2022-23713
- RESERVED
+CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the ransomw ...)
+ TODO: check
+CVE-2022-23713 (A cross-site-scripting (XSS) vulnerability was discovered in the Vega ...)
+ TODO: check
CVE-2022-23712 (A Denial of Service flaw was discovered in Elasticsearch. Using this v ...)
- elasticsearch <removed>
CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information related t ...)
@@ -35233,10 +35300,10 @@ CVE-2022-23175
RESERVED
CVE-2022-23174
RESERVED
-CVE-2022-23173
- RESERVED
-CVE-2022-23172
- RESERVED
+CVE-2022-23173 (this vulnerability affect user that even not allowed to access via the ...)
+ TODO: check
+CVE-2022-23172 (An attacker can access to "Forgot my password" button, as soon as he p ...)
+ TODO: check
CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...)
NOT-FOR-US: AtlasVPN
CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML External E ...)
@@ -37136,8 +37203,8 @@ CVE-2022-22683
RESERVED
CVE-2022-22682
RESERVED
-CVE-2022-22681
- RESERVED
+CVE-2022-22681 (Session fixation vulnerability in access control management in Synolog ...)
+ TODO: check
CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
NOT-FOR-US: Synology
CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
@@ -37226,7 +37293,7 @@ CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checkin
CVE-2022-22663 (This issue was addressed with improved checks to prevent unauthorized ...)
NOT-FOR-US: Apple
CVE-2022-22662 (A cookie management issue was addressed with improved state management ...)
- RESERVED
+ {DSA-5116-1 DSA-5115-1}
- webkit2gtk 2.36.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.36.0-2
@@ -44833,56 +44900,56 @@ CVE-2022-21789
RESERVED
CVE-2022-21788
RESERVED
-CVE-2022-21787
- RESERVED
-CVE-2022-21786
- RESERVED
-CVE-2022-21785
- RESERVED
-CVE-2022-21784
- RESERVED
-CVE-2022-21783
- RESERVED
-CVE-2022-21782
- RESERVED
-CVE-2022-21781
- RESERVED
-CVE-2022-21780
- RESERVED
-CVE-2022-21779
- RESERVED
+CVE-2022-21787 (In audio DSP, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-21786 (In audio DSP, there is a possible memory corruption due to improper ca ...)
+ TODO: check
+CVE-2022-21785 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21784 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21783 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21782 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21781 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21780 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2022-21779 (In WLAN driver, there is a possible out of bounds write due to a missi ...)
+ TODO: check
CVE-2022-21778
RESERVED
-CVE-2022-21777
- RESERVED
-CVE-2022-21776
- RESERVED
-CVE-2022-21775
- RESERVED
-CVE-2022-21774
- RESERVED
-CVE-2022-21773
- RESERVED
-CVE-2022-21772
- RESERVED
-CVE-2022-21771
- RESERVED
-CVE-2022-21770
- RESERVED
-CVE-2022-21769
- RESERVED
-CVE-2022-21768
- RESERVED
-CVE-2022-21767
- RESERVED
-CVE-2022-21766
- RESERVED
-CVE-2022-21765
- RESERVED
-CVE-2022-21764
- RESERVED
-CVE-2022-21763
- RESERVED
+CVE-2022-21777 (In Autoboot, there is a possible permission bypass due to a missing pe ...)
+ TODO: check
+CVE-2022-21776 (In MDP, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
+CVE-2022-21775 (In sched driver, there is a possible use after free due to improper lo ...)
+ TODO: check
+CVE-2022-21774 (In TEEI driver, there is a possible use after free due to a race condi ...)
+ TODO: check
+CVE-2022-21773 (In TEEI driver, there is a possible use after free due to a race condi ...)
+ TODO: check
+CVE-2022-21772 (In TEEI driver, there is a possible type confusion due to a race condi ...)
+ TODO: check
+CVE-2022-21771 (In GED driver, there is a possible use after free due to a race condit ...)
+ TODO: check
+CVE-2022-21770 (In sound driver, there is a possible information disclosure due to sym ...)
+ TODO: check
+CVE-2022-21769 (In CCCI, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
+CVE-2022-21768 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-21767 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2022-21766 (In CCCI, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
+CVE-2022-21765 (In CCCI, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
+CVE-2022-21764 (In telecom service, there is a possible information disclosure due to ...)
+ TODO: check
+CVE-2022-21763 (In telecom service, there is a possible information disclosure due to ...)
+ TODO: check
CVE-2022-21762 (In apusys driver, there is a possible system crash due to an integer o ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2022-21761 (In apusys driver, there is a possible system crash due to an integer o ...)
@@ -44919,8 +44986,8 @@ CVE-2022-21746 (In imgsensor, there is a possible out of bounds read due to a mi
NOT-FOR-US: MediaTek driver for Android
CVE-2022-21745 (In WIFI Firmware, there is a possible memory corruption due to a use a ...)
NOT-FOR-US: MediaTek driver for Android
-CVE-2022-21744
- RESERVED
+CVE-2022-21744 (In Modem 2G RR, there is a possible out of bounds write due to a missi ...)
+ TODO: check
CVE-2022-21743 (In ion, there is a possible use after free due to an integer overflow. ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...)
@@ -47547,6 +47614,7 @@ CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android app
CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...)
NOT-FOR-US: Intel
CVE-2022-21151 (Processor optimization removal or modification of security-critical co ...)
+ {DSA-5178-1}
- intel-microcode 3.20220510.1 (bug #1010947)
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
@@ -47958,7 +48026,7 @@ CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow
NOT-FOR-US: Intel
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html
CVE-2022-21166 (Incomplete cleanup in specific special register write operations for s ...)
- {DSA-5173-1 DLA-3065-1}
+ {DSA-5178-1 DSA-5173-1 DLA-3065-1}
- intel-microcode 3.20220510.1
- linux 5.18.5-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -47966,12 +48034,13 @@ CVE-2022-21166 (Incomplete cleanup in specific special register write operations
NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21127 (Incomplete cleanup in specific special register read operations for so ...)
+ {DSA-5178-1}
- intel-microcode 3.20220510.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SRBDS-Update
NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some Intel(R) ...)
- {DSA-5173-1 DLA-3065-1}
+ {DSA-5178-1 DSA-5173-1 DLA-3065-1}
- intel-microcode 3.20220510.1
- linux 5.18.5-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -47979,7 +48048,7 @@ CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some In
NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some Intel(R) Proc ...)
- {DSA-5173-1 DLA-3065-1}
+ {DSA-5178-1 DSA-5173-1 DLA-3065-1}
- intel-microcode 3.20220510.1
- linux 5.18.5-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
@@ -53452,10 +53521,10 @@ CVE-2022-20085 (In netdiag, there is a possible symbolic link following due to a
NOT-FOR-US: MediaTek driver for Android
CVE-2022-20084 (In telephony, there is a possible way to disable receiving emergency b ...)
NOT-FOR-US: MediaTek driver for Android
-CVE-2022-20083
- RESERVED
-CVE-2022-20082
- RESERVED
+CVE-2022-20083 (In Modem 2G/3G CC, there is a possible out of bounds write due to a mi ...)
+ TODO: check
+CVE-2022-20082 (In GPU, there is a possible use after free due to a race condition. Th ...)
+ TODO: check
CVE-2022-20081 (In A-GPS, there is a possible man in the middle attack due to improper ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2022-20080 (In SUB2AF, there is a possible memory corruption due to a race conditi ...)
@@ -63576,24 +63645,21 @@ CVE-2021-3698 (A flaw was found in Cockpit in versions prior to 260 in the way i
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
NOTE: Needs sssd 2.6.1
NOTE: https://cockpit-project.org/blog/cockpit-260.html
-CVE-2021-3697
- RESERVED
+CVE-2021-3697 (A crafted JPEG image may lead the JPEG reader to underflow its data po ...)
- grub2 2.06-3
[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2021-3696
- RESERVED
+CVE-2021-3696 (A heap out-of-bounds write may heppen during the handling of Huffman t ...)
- grub2 2.06-3
[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2021-3695
- RESERVED
+CVE-2021-3695 (A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write ...)
- grub2 2.06-3
[bullseye] - grub2 <no-dsa> (Minor issue, fix via point release)
[buster] - grub2 <no-dsa> (Minor issue, fix via point release)
@@ -65126,8 +65192,8 @@ CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access contro
NOT-FOR-US: Docker Desktop on Windows
CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...)
NOT-FOR-US: aaPanel
-CVE-2021-37839
- RESERVED
+CVE-2021-37839 (Apache Superset up to 1.5.1 allowed for authenticated users to access ...)
+ TODO: check
CVE-2021-3674
RESERVED
CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...)
@@ -80454,14 +80520,14 @@ CVE-2021-31681
RESERVED
CVE-2021-31680
RESERVED
-CVE-2021-31679
- RESERVED
-CVE-2021-31678
- RESERVED
-CVE-2021-31677
- RESERVED
-CVE-2021-31676
- RESERVED
+CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...)
+ TODO: check
+CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...)
+ TODO: check
+CVE-2021-31677 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...)
+ TODO: check
+CVE-2021-31676 (A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CS ...)
+ TODO: check
CVE-2021-31675
RESERVED
CVE-2021-31674 (Cyclos 4 PRO 4.14.7 and before does not validate user input at error i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72997cd9041e276d614feb70f65ca1d0a256abe8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72997cd9041e276d614feb70f65ca1d0a256abe8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220706/f2f5fd41/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list