[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 8 21:10:39 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
301fd0e5 by security tracker role at 2022-07-08T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,37 @@
+CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle ...)
+ TODO: check
+CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ dir ...)
+ TODO: check
+CVE-2022-35409
+ RESERVED
+CVE-2022-35408
+ RESERVED
+CVE-2022-35407
+ RESERVED
+CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If ...)
+ TODO: check
+CVE-2022-35405
+ RESERVED
+CVE-2022-35404
+ RESERVED
+CVE-2022-35403
+ RESERVED
+CVE-2022-35402
+ RESERVED
+CVE-2022-2353
+ RESERVED
+CVE-2022-2352
+ RESERVED
+CVE-2022-2351
+ RESERVED
+CVE-2022-2350
+ RESERVED
+CVE-2022-2349
+ RESERVED
+CVE-2022-2348
+ RESERVED
CVE-2022-2347 [Unchecked Download Size and Direction in U-Boot USB DFU]
+ RESERVED
- u-boot <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2
CVE-2022-35399
@@ -215,8 +248,8 @@ CVE-2020-36555
RESERVED
CVE-2020-36554
RESERVED
-CVE-2022-2343
- RESERVED
+CVE-2022-2343 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
+ TODO: check
CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
TODO: check
CVE-2022-2341
@@ -2826,8 +2859,8 @@ CVE-2022-34308
RESERVED
CVE-2022-34307
RESERVED
-CVE-2022-34306
- RESERVED
+CVE-2022-34306 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header in ...)
+ TODO: check
CVE-2022-34305 (In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 ...)
- tomcat9 <unfixed> (unimportant)
- tomcat8 <removed> (unimportant)
@@ -3248,10 +3281,10 @@ CVE-2022-2145 (Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowe
NOT-FOR-US: Cloudflare WARP client for Windows
CVE-2022-2144
RESERVED
-CVE-2022-34167
- RESERVED
-CVE-2022-34166
- RESERVED
+CVE-2022-34167 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-s ...)
+ TODO: check
+CVE-2022-34166 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scr ...)
+ TODO: check
CVE-2022-34165
RESERVED
CVE-2022-34164
@@ -3262,8 +3295,8 @@ CVE-2022-34162
RESERVED
CVE-2022-34161
RESERVED
-CVE-2022-34160
- RESERVED
+CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection ...)
+ TODO: check
CVE-2022-34159
RESERVED
CVE-2022-34158
@@ -5946,8 +5979,8 @@ CVE-2022-33013
RESERVED
CVE-2022-33012
RESERVED
-CVE-2022-33011
- RESERVED
+CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to perform a ...)
+ TODO: check
CVE-2022-33010
RESERVED
CVE-2022-33009 (A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 ...)
@@ -8370,8 +8403,8 @@ CVE-2022-32117
RESERVED
CVE-2022-32116
RESERVED
-CVE-2022-32115
- RESERVED
+CVE-2022-32115 (An issue in the isSVG() function of Known v1.2.2+2020061101 allows att ...)
+ TODO: check
CVE-2022-32114
RESERVED
CVE-2022-32113
@@ -9676,6 +9709,7 @@ CVE-2022-31628
CVE-2022-31627
RESERVED
CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...)
+ {DSA-5179-1}
- php8.1 8.1.7-1 (bug #1014533)
- php7.4 <removed>
- php7.3 <removed>
@@ -9685,6 +9719,7 @@ CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.
NOTE: Fixed in 7.4.30, 8.0.20, 8.1.7
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81719
CVE-2022-31625 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...)
+ {DSA-5179-1}
- php8.1 8.1.7-1 (bug #1014533)
- php7.4 <removed>
- php7.3 <removed>
@@ -10630,8 +10665,8 @@ CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allow
[buster] - dlt-daemon <no-dsa> (Minor issue)
NOTE: https://github.com/COVESA/dlt-daemon/pull/376
NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2
-CVE-2022-31290
- RESERVED
+CVE-2022-31290 (A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 ...)
+ TODO: check
CVE-2022-31289
REJECTED
CVE-2022-31288
@@ -12053,8 +12088,8 @@ CVE-2022-30854
RESERVED
CVE-2022-30853
RESERVED
-CVE-2022-30852
- RESERVED
+CVE-2022-30852 (Known v1.3.1 was discovered to contain an Insecure Direct Object Refer ...)
+ TODO: check
CVE-2022-30851
RESERVED
CVE-2022-30850
@@ -18527,10 +18562,10 @@ CVE-2022-28626
RESERVED
CVE-2022-28625
RESERVED
-CVE-2022-28624
- RESERVED
-CVE-2022-28623
- RESERVED
+CVE-2022-28624 (A potential security vulnerability has been identified in certain HPE ...)
+ TODO: check
+CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploi ...)
+ TODO: check
CVE-2022-28622 (A potential security vulnerability has been identified in HPE StoreOnc ...)
NOT-FOR-US: HPE
CVE-2022-28621 (A remote disclosure of sensitive information vulnerability was discove ...)
@@ -33634,7 +33669,7 @@ CVE-2022-23746
RESERVED
CVE-2022-23745
RESERVED
-CVE-2022-23744 (Check Point Endpoint Security Client E83 through E86 before E86.50 doe ...)
+CVE-2022-23744 (Check Point Endpoint before version E86.50 failed to protect against s ...)
TODO: check
CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...)
NOT-FOR-US: Check Point ZoneAlarm
@@ -38191,8 +38226,8 @@ CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user
NOT-FOR-US: IBM
CVE-2022-22477
RESERVED
-CVE-2022-22476
- RESERVED
+CVE-2022-22476 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and ...)
+ TODO: check
CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 thr ...)
NOT-FOR-US: IBM
CVE-2022-22474 (IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsv ...)
@@ -38213,12 +38248,12 @@ CVE-2022-22467
RESERVED
CVE-2022-22466
RESERVED
-CVE-2022-22465
- RESERVED
-CVE-2022-22464
- RESERVED
-CVE-2022-22463
- RESERVED
+CVE-2022-22465 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...)
+ TODO: check
+CVE-2022-22464 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...)
+ TODO: check
+CVE-2022-22463 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...)
+ TODO: check
CVE-2022-22462
RESERVED
CVE-2022-22461
@@ -38403,8 +38438,8 @@ CVE-2022-22372
RESERVED
CVE-2022-22371
RESERVED
-CVE-2022-22370
- RESERVED
+CVE-2022-22370 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 ...)
+ TODO: check
CVE-2022-22369
RESERVED
CVE-2022-22368 (IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cry ...)
@@ -376894,7 +376929,7 @@ CVE-2015-8821 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.
CVE-2015-8820 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-8819
- RESERVED
+ REJECTED
CVE-2016-2841 (The ne2000_receive function in the NE2000 NIC emulation support (hw/ne ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-1 (bug #817181)
@@ -388664,7 +388699,7 @@ CVE-2015-7801 (Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attac
- optipng 0.7.5-1
[wheezy] - optipng 0.6.4-1+deb7u1
CVE-2015-7800
- RESERVED
+ REJECTED
CVE-2015-7799 (The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel ...)
{DSA-3426-1 DLA-360-1}
- linux 4.2.6-2
@@ -394581,11 +394616,11 @@ CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenS
CVE-2015-5599 (Multiple SQL injection vulnerabilities in upload.php in the Powerplay ...)
NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5598
- RESERVED
+ REJECTED
CVE-2015-5597
- RESERVED
+ REJECTED
CVE-2015-5596
- RESERVED
+ REJECTED
CVE-2015-5595 (Cross-site request forgery (CSRF) vulnerability in admin.php in Zenpho ...)
NOT-FOR-US: Zenphoto
CVE-2015-5594 (The sanitize_string function in ZenPhoto before 1.4.9 utilized the htm ...)
@@ -395350,7 +395385,7 @@ CVE-2015-5330 (ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x bef
CVE-2015-5329 (The TripleO Heat templates (tripleo-heat-templates), as used in Red Ha ...)
- tripleo-heat-templates 5.2.0-1 (bug #851396)
CVE-2015-5328
- RESERVED
+ REJECTED
CVE-2015-5327 (Out-of-bounds memory read in the x509_decode_time function in x509_cer ...)
- linux <not-affected> (Only affected 4.3-rc1 onwards)
- linux-2.6 <not-affected> (Only affected 4.3-rc1 onwards)
@@ -398244,7 +398279,7 @@ CVE-2015-4334 (The default configuration of SGOS in Blue Coat ProxySG before 6.2
CVE-2015-4333
RESERVED
CVE-2015-4332
- RESERVED
+ REJECTED
CVE-2015-4331 (Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authen ...)
NOT-FOR-US: Cisco Prime Infrastructure
CVE-2015-4330 (A local file script in Cisco TelePresence Video Communication Server ( ...)
@@ -398646,7 +398681,7 @@ CVE-2015-4171 (strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Clie
- strongswan 5.3.1-1
NOTE: https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-(cve-2015-4171).html
CVE-2015-4169
- RESERVED
+ REJECTED
CVE-2015-4168
RESERVED
CVE-2015-4166 (Cloudera Key Trustee Server before 5.4.3 does not store keys synchrono ...)
@@ -398893,9 +398928,9 @@ CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access t
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-128.html
CVE-2015-4102
- RESERVED
+ REJECTED
CVE-2015-4101
- RESERVED
+ REJECTED
CVE-2015-4100 (Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated use ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: https://puppet.com/security/cve/CVE-2015-4100
@@ -400899,7 +400934,7 @@ CVE-2015-3379 (The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x
CVE-2015-3378 (Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3 ...)
NOT-FOR-US: Drupal Views module
CVE-2015-3377
- RESERVED
+ REJECTED
CVE-2015-3376 (Cross-site scripting (XSS) vulnerability in the Quizzler module before ...)
NOT-FOR-US: Quizzler module for Drupal
CVE-2015-3375 (Cross-site request forgery (CSRF) vulnerability in the Shibboleth Auth ...)
@@ -401257,19 +401292,19 @@ CVE-2015-3268 (Cross-site scripting (XSS) vulnerability in the DisplayEntityFiel
CVE-2015-3267 (Cross-site scripting (XSS) vulnerability in the 404 error page in Red ...)
NOT-FOR-US: JBoss Operations Network
CVE-2015-3266
- RESERVED
+ REJECTED
CVE-2015-3265
- RESERVED
+ REJECTED
CVE-2015-3264
- RESERVED
+ REJECTED
CVE-2015-3263
- RESERVED
+ REJECTED
CVE-2015-3262
- RESERVED
+ REJECTED
CVE-2015-3261
- RESERVED
+ REJECTED
CVE-2015-3260
- RESERVED
+ REJECTED
CVE-2015-3259 (Stack-based buffer overflow in the xl command line utility in Xen 4.1. ...)
{DSA-3414-1}
- xen 4.6.0-1 (low; bug #795721)
@@ -403282,7 +403317,7 @@ CVE-2015-2687 (OpenStack Compute (nova) Icehouse, Juno and Havana when live migr
CVE-2015-2673 (The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in ...)
NOT-FOR-US: WP EasyCart plugin for Wordpress
CVE-2015-2671
- RESERVED
+ REJECTED
CVE-2015-2670
REJECTED
CVE-2015-2669
@@ -404625,7 +404660,7 @@ CVE-2015-2238 (Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21
CVE-2015-2237 (Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) ...)
NOT-FOR-US: Betster
CVE-2015-2236
- RESERVED
+ REJECTED
CVE-2015-2235
REJECTED
CVE-2015-2234 (Race condition in Lenovo System Update (formerly ThinkVantage System U ...)
@@ -405579,7 +405614,7 @@ CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmp
[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
CVE-2015-1871
- RESERVED
+ REJECTED
CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-re ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1869 (The default event handling scripts in Automatic Bug Reporting Tool (AB ...)
@@ -405717,7 +405752,7 @@ CVE-2015-1838 (modules/serverdensity_device.py in SaltStack before 2014.7.4 does
- salt <not-affected> (Vulnerable code only present in experimental version; introduced in 2014.7.0)
NOTE: https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
CVE-2015-1837
- RESERVED
+ REJECTED
CVE-2015-1836 (Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before ...)
NOT-FOR-US: Apache HBase
CVE-2015-1835 (Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an appl ...)
@@ -412739,9 +412774,9 @@ CVE-2015-0282 (GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signatur
- gnutls28 <not-affected> (Fixed in 3.1.0)
NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-1
CVE-2015-0281
- RESERVED
+ REJECTED
CVE-2015-0280
- RESERVED
+ REJECTED
CVE-2015-0279 (JBoss RichFaces before 4.5.4 allows remote attackers to inject express ...)
NOT-FOR-US: RichFaces
CVE-2015-0278 (libuv before 0.10.34 does not properly drop group privileges, which al ...)
@@ -412815,7 +412850,7 @@ CVE-2015-0258 (Multiple incomplete blacklist vulnerabilities in the avatar uploa
CVE-2015-0257 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses wea ...)
NOT-FOR-US: ovirt / RHEV
CVE-2015-0256
- RESERVED
+ REJECTED
CVE-2015-0255 (X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x be ...)
{DSA-3160-1 DLA-218-1}
- xorg-server 2:1.16.4-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301fd0e56b184539a239c39f7cb331105ddece28
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/301fd0e56b184539a239c39f7cb331105ddece28
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220708/7125e022/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list