[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 23 09:10:22 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
885c9f3f by security tracker role at 2022-07-23T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...)
+ TODO: check
+CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...)
+ TODO: check
+CVE-2022-36413
+ RESERVED
+CVE-2022-36412
+ RESERVED
+CVE-2022-36411
+ RESERVED
+CVE-2022-36410
+ RESERVED
+CVE-2022-36409
+ RESERVED
+CVE-2022-36408 (PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attacke ...)
+ TODO: check
+CVE-2022-36398
+ RESERVED
+CVE-2022-36396
+ RESERVED
+CVE-2022-36395
+ RESERVED
+CVE-2022-36377
+ RESERVED
+CVE-2022-36374
+ RESERVED
+CVE-2022-36287
+ RESERVED
+CVE-2022-36278
+ RESERVED
+CVE-2022-34855
+ RESERVED
+CVE-2022-34153
+ RESERVED
+CVE-2022-34147
+ RESERVED
+CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
+ TODO: check
+CVE-2022-2522
+ RESERVED
+CVE-2022-2521
+ RESERVED
+CVE-2022-2520
+ RESERVED
+CVE-2022-2519
+ RESERVED
+CVE-2022-2518
+ RESERVED
+CVE-2022-2517
+ RESERVED
+CVE-2022-2516
+ RESERVED
+CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 allows ...)
+ TODO: check
CVE-2022-36407
RESERVED
CVE-2022-36389
@@ -5634,6 +5688,7 @@ CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1
CVE-2022-2166
RESERVED
CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...)
+ {DSA-5188-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.16+8-1
- openjdk-17 17.0.4+8-1
@@ -5850,14 +5905,14 @@ CVE-2022-34117
RESERVED
CVE-2022-34116
RESERVED
-CVE-2022-34115
- RESERVED
-CVE-2022-34114
- RESERVED
-CVE-2022-34113
- RESERVED
-CVE-2022-34112
- RESERVED
+CVE-2022-34115 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2022-34114 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2022-34113 (An issue in the component /api/plugin/upload of Dataease v1.11.1 allow ...)
+ TODO: check
+CVE-2022-34112 (An access control issue in the component /api/plugin/uninstall Dataeas ...)
+ TODO: check
CVE-2022-34111
RESERVED
CVE-2022-34110
@@ -22710,126 +22765,106 @@ CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE
- gitlab <unfixed>
CVE-2022-1147
RESERVED
-CVE-2022-1146
- RESERVED
+CVE-2022-1146 (Inappropriate implementation in Resource Timing in Google Chrome prior ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1145
- RESERVED
+CVE-2022-1145 (Use after free in Extensions in Google Chrome prior to 100.0.4896.60 a ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1144
- RESERVED
+CVE-2022-1144 (Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowe ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1143
- RESERVED
+CVE-2022-1143 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1142
- RESERVED
+CVE-2022-1142 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1141
- RESERVED
+CVE-2022-1141 (Use after free in File Manager in Google Chrome prior to 100.0.4896.60 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1140
RESERVED
-CVE-2022-1139
- RESERVED
+CVE-2022-1139 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1138
- RESERVED
+CVE-2022-1138 (Inappropriate implementation in Web Cursor in Google Chrome prior to 1 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1137
- RESERVED
+CVE-2022-1137 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1136
- RESERVED
+CVE-2022-1136 (Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 al ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1135
- RESERVED
+CVE-2022-1135 (Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.6 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1134
- RESERVED
+CVE-2022-1134 (Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1133
- RESERVED
+CVE-2022-1133 (Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1132
- RESERVED
+CVE-2022-1132 (Inappropriate implementation in Virtual Keyboard in Google Chrome on C ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1131
- RESERVED
+CVE-2022-1131 (Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allo ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1130
- RESERVED
+CVE-2022-1130 (Insufficient validation of trust input in WebOTP in Google Chrome on A ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1129
- RESERVED
+CVE-2022-1129 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1128
- RESERVED
+CVE-2022-1128 (Inappropriate implementation in Web Share API in Google Chrome on Wind ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1127
- RESERVED
+CVE-2022-1127 (Use after free in QR Code Generator in Google Chrome prior to 100.0.48 ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1126
RESERVED
-CVE-2022-1125
- RESERVED
+CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60 allo ...)
{DSA-5112-1}
- chromium 100.0.4896.60-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -23493,8 +23528,7 @@ CVE-2022-1097
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-1097
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1097
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1097
-CVE-2022-1096
- RESERVED
+CVE-2022-1096 (Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a ...)
{DSA-5110-1}
- chromium 99.0.4844.84-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -28967,8 +29001,8 @@ CVE-2022-25761
RESERVED
CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...)
NOT-FOR-US: accesslog Nodejs module
-CVE-2022-25759
- RESERVED
+CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to Remote Cod ...)
+ TODO: check
CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...)
- node-scss-tokenizer <itp> (bug #885456)
CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via ...)
@@ -49844,10 +49878,12 @@ CVE-2022-21543 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
CVE-2022-21542 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2022-21541 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5188-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.16+8-1
- openjdk-17 17.0.4+8-1
CVE-2022-21540 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5188-1}
- openjdk-8 <unfixed>
- openjdk-11 11.0.16+8-1
- openjdk-17 17.0.4+8-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/885c9f3ff9f1822d2bd9fda307202ebe9060cdea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/885c9f3ff9f1822d2bd9fda307202ebe9060cdea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220723/7269fc5f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list