[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 19 09:10:25 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1feabe05 by security tracker role at 2022-07-19T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-35735
+	RESERVED
+CVE-2022-35728
+	RESERVED
+CVE-2022-35272
+	RESERVED
+CVE-2022-35245
+	RESERVED
+CVE-2022-35243
+	RESERVED
+CVE-2022-35241
+	RESERVED
+CVE-2022-35240
+	RESERVED
+CVE-2022-35236
+	RESERVED
+CVE-2022-34865
+	RESERVED
+CVE-2022-34862
+	RESERVED
+CVE-2022-34851
+	RESERVED
+CVE-2022-34844
+	RESERVED
+CVE-2022-34655
+	RESERVED
+CVE-2022-34651
+	RESERVED
+CVE-2022-33968
+	RESERVED
+CVE-2022-33962
+	RESERVED
+CVE-2022-33947
+	RESERVED
+CVE-2022-33203
+	RESERVED
+CVE-2022-32455
+	RESERVED
+CVE-2022-31473
+	RESERVED
+CVE-2022-30535
+	RESERVED
+CVE-2022-2466
+	RESERVED
+CVE-2022-2465
+	RESERVED
+CVE-2022-2464
+	RESERVED
+CVE-2022-2463
+	RESERVED
+CVE-2022-2462
+	RESERVED
+CVE-2022-2461
+	RESERVED
 CVE-2022-36277
 	RESERVED
 CVE-2022-36276
@@ -3310,12 +3364,12 @@ CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker pos
 	NOTE: https://dev.gnupg.org/T6027
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b
-CVE-2022-34875
-	RESERVED
-CVE-2022-34874
-	RESERVED
-CVE-2022-34873
-	RESERVED
+CVE-2022-34875 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-34874 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-34873 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
 CVE-2022-34872
 	RESERVED
 CVE-2022-34871
@@ -3999,30 +4053,30 @@ CVE-2022-34645
 	RESERVED
 CVE-2022-34644
 	RESERVED
-CVE-2022-34643
-	RESERVED
-CVE-2022-34642
-	RESERVED
-CVE-2022-34641
-	RESERVED
-CVE-2022-34640
-	RESERVED
-CVE-2022-34639
-	RESERVED
+CVE-2022-34643 (RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implemen ...)
+	TODO: check
+CVE-2022-34642 (The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59 ...)
+	TODO: check
+CVE-2022-34641 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom co ...)
+	TODO: check
+CVE-2022-34640 (The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf ...)
+	TODO: check
+CVE-2022-34639 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standa ...)
+	TODO: check
 CVE-2022-34638
 	RESERVED
-CVE-2022-34637
-	RESERVED
-CVE-2022-34636
-	RESERVED
-CVE-2022-34635
-	RESERVED
-CVE-2022-34634
-	RESERVED
-CVE-2022-34633
-	RESERVED
-CVE-2022-34632
-	RESERVED
+CVE-2022-34637 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an inc ...)
+	TODO: check
+CVE-2022-34636 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom co ...)
+	TODO: check
+CVE-2022-34635 (The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a9 ...)
+	TODO: check
+CVE-2022-34634 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted  ...)
+	TODO: check
+CVE-2022-34633 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted  ...)
+	TODO: check
+CVE-2022-34632 (Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discov ...)
+	TODO: check
 CVE-2022-34631
 	RESERVED
 CVE-2022-34630
@@ -5575,24 +5629,24 @@ CVE-2022-34037
 	RESERVED
 CVE-2022-34036
 	RESERVED
-CVE-2022-34035
-	RESERVED
+CVE-2022-34035 (HTMLDoc v1.9.12 and below was discovered to contain a heap overflow vi ...)
+	TODO: check
 CVE-2022-34034
 	RESERVED
-CVE-2022-34033
-	RESERVED
-CVE-2022-34032
-	RESERVED
-CVE-2022-34031
-	RESERVED
-CVE-2022-34030
-	RESERVED
-CVE-2022-34029
-	RESERVED
-CVE-2022-34028
-	RESERVED
-CVE-2022-34027
-	RESERVED
+CVE-2022-34033 (HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_h ...)
+	TODO: check
+CVE-2022-34032 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation in ...)
+	TODO: check
+CVE-2022-34031 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...)
+	TODO: check
+CVE-2022-34030 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...)
+	TODO: check
+CVE-2022-34029 (Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via n ...)
+	TODO: check
+CVE-2022-34028 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...)
+	TODO: check
+CVE-2022-34027 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation vi ...)
+	TODO: check
 CVE-2022-34026
 	RESERVED
 CVE-2022-34025
@@ -9112,8 +9166,8 @@ CVE-2022-2032
 	RESERVED
 CVE-2022-2031
 	RESERVED
-CVE-2022-2030
-	RESERVED
+CVE-2022-2030 (A directory traversal vulnerability caused by specific character seque ...)
+	TODO: check
 CVE-2022-2029 (Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra ...)
 	NOT-FOR-US: kromitgmbh/titra
 CVE-2022-2028 (Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/t ...)
@@ -12181,8 +12235,8 @@ CVE-2022-31571 (The akashtalole/python-flask-restful-api repository through 2019
 	TODO: check
 CVE-2022-31570 (The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 o ...)
 	TODO: check
-CVE-2022-31569 (The RipudamanKaushikDal/projects repository through 2022-04-03 on GitH ...)
-	TODO: check
+CVE-2022-31569
+	REJECTED
 CVE-2022-31568 (The Rexians/rex-web repository through 2022-06-05 on GitHub allows abs ...)
 	TODO: check
 CVE-2022-31567 (The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute ...)
@@ -15107,8 +15161,8 @@ CVE-2022-1648
 	RESERVED
 CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-30526
-	RESERVED
+CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI command ...)
+	TODO: check
 CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...)
 	NOT-FOR-US: Zyxel
 CVE-2022-1646 (The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sa ...)
@@ -20372,36 +20426,36 @@ CVE-2022-28685
 	RESERVED
 CVE-2022-28684
 	RESERVED
-CVE-2022-28683
-	RESERVED
-CVE-2022-28682
-	RESERVED
-CVE-2022-28681
-	RESERVED
-CVE-2022-28680
-	RESERVED
-CVE-2022-28679
-	RESERVED
-CVE-2022-28678
-	RESERVED
-CVE-2022-28677
-	RESERVED
-CVE-2022-28676
-	RESERVED
-CVE-2022-28675
-	RESERVED
-CVE-2022-28674
-	RESERVED
-CVE-2022-28673
-	RESERVED
-CVE-2022-28672
-	RESERVED
-CVE-2022-28671
-	RESERVED
-CVE-2022-28670
-	RESERVED
-CVE-2022-28669
-	RESERVED
+CVE-2022-28683 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28682 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28681 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-28680 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28679 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28678 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28677 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28676 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28675 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28674 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28673 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28672 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28671 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2022-28670 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2022-28669 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2022-28668
 	RESERVED
 CVE-2022-28667
@@ -390146,8 +390200,8 @@ CVE-2015-7984 (Multiple cross-site request forgery (CSRF) vulnerabilities in Hor
 	NOTE: https://www.htbridge.com/advisory/HTB23272
 	NOTE: https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae
 	NOTE: http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html
-CVE-2015-8031
-	RESERVED
+CVE-2015-8031 (Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE ...)
+	TODO: check
 CVE-2015-8030 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execu ...)
 	NOT-FOR-US: SAP
 CVE-2015-8029 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1feabe05c4240dfb9097172c0fb2e769c04ec60e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1feabe05c4240dfb9097172c0fb2e769c04ec60e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220719/ac0b873b/attachment.htm>

More information about the debian-security-tracker-commits mailing list