[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 26 21:10:35 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
41a3cb91 by security tracker role at 2022-07-26T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2022-36787
+ RESERVED
+CVE-2022-36786
+ RESERVED
+CVE-2022-36785
+ RESERVED
+CVE-2022-36784
+ RESERVED
+CVE-2022-36783
+ RESERVED
+CVE-2022-36782
+ RESERVED
+CVE-2022-36781
+ RESERVED
+CVE-2022-36780
+ RESERVED
+CVE-2022-36779
+ RESERVED
+CVE-2022-36778
+ RESERVED
+CVE-2022-36777
+ RESERVED
+CVE-2022-36776
+ RESERVED
+CVE-2022-36775
+ RESERVED
+CVE-2022-36774
+ RESERVED
+CVE-2022-36773
+ RESERVED
+CVE-2022-36772
+ RESERVED
+CVE-2022-36771
+ RESERVED
+CVE-2022-36770
+ RESERVED
+CVE-2022-36769
+ RESERVED
+CVE-2022-36768
+ RESERVED
+CVE-2022-2546
+ RESERVED
+CVE-2022-2545
+ RESERVED
+CVE-2022-2544
+ RESERVED
+CVE-2022-2543
+ RESERVED
+CVE-2022-2542
+ RESERVED
+CVE-2022-2541
+ RESERVED
+CVE-2022-2540
+ RESERVED
+CVE-2022-2539
+ RESERVED
+CVE-2022-2538
+ RESERVED
CVE-2022-XXXX [spip: security issues from 4.1.5 release]
- spip 4.1.5+dfsg-1
[bullseye] - spip 3.2.11-3+deb11u5
@@ -754,15 +812,15 @@ CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the
NOT-FOR-US: Scooter Beyond Compare
CVE-2022-36413
RESERVED
-CVE-2022-36412
- RESERVED
+CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests ...)
+ TODO: check
CVE-2022-36411
RESERVED
CVE-2022-36410
RESERVED
CVE-2022-36409
RESERVED
-CVE-2022-36408 (PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attacke ...)
+CVE-2022-36408 (PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.7 allows remote attacke ...)
NOT-FOR-US: PrestaShop
CVE-2022-36398
RESERVED
@@ -1454,8 +1512,8 @@ CVE-2022-36163
RESERVED
CVE-2022-36162
RESERVED
-CVE-2022-36161
- RESERVED
+CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
CVE-2022-36160
RESERVED
CVE-2022-36159
@@ -2672,8 +2730,8 @@ CVE-2022-35641
RESERVED
CVE-2022-35640
RESERVED
-CVE-2022-35639
- RESERVED
+CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do no ...)
+ TODO: check
CVE-2022-35638
RESERVED
CVE-2022-35637
@@ -3505,8 +3563,8 @@ CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user
NOT-FOR-US: IBM
CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains hard-coded crede ...)
NOT-FOR-US: IBM
-CVE-2022-35286
- RESERVED
+CVE-2022-35286 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...)
+ TODO: check
CVE-2022-35285 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...)
NOT-FOR-US: IBM
CVE-2022-35284 (IBM Security Verify Information Queue 10.0.2 could disclose sensitive ...)
@@ -3709,6 +3767,7 @@ CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of se
CVE-2022-2308
RESERVED
CVE-2022-2318 (There are use-after-free vulnerabilities caused by timer handler in ne ...)
+ {DSA-5191-1}
- linux 5.18.14-1
NOTE: https://www.openwall.com/lists/oss-security/2022/07/03/2
NOTE: https://git.kernel.org/linus/9cc02ede696272c5271a401e4f27c262359bc2f6 (5.19-rc5)
@@ -4160,14 +4219,14 @@ CVE-2022-34993
RESERVED
CVE-2022-34992
RESERVED
-CVE-2022-34991
- RESERVED
+CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected cross-site ...)
+ TODO: check
CVE-2022-34990
RESERVED
-CVE-2022-34989
- RESERVED
-CVE-2022-34988
- RESERVED
+CVE-2022-34989 (Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2022-34988 (Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross ...)
+ TODO: check
CVE-2022-34987
RESERVED
CVE-2022-34986
@@ -4307,6 +4366,7 @@ CVE-2022-34920
CVE-2022-34919
RESERVED
CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A type con ...)
+ {DSA-5191-1}
- linux 5.18.14-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3
@@ -5134,8 +5194,8 @@ CVE-2022-34661
RESERVED
CVE-2022-34660
RESERVED
-CVE-2022-2225
- RESERVED
+CVE-2022-2225 (By using warp-cli subcommands (disable-ethernet, disable-wifi), it was ...)
+ TODO: check
CVE-2022-2224 (The WordPress plugin Gallery for Social Photo is vulnerable to Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2223 (The WordPress plugin Image Slider is vulnerable to Cross-Site Request ...)
@@ -6754,8 +6814,8 @@ CVE-2022-34069
RESERVED
CVE-2022-34068
RESERVED
-CVE-2022-34067
- RESERVED
+CVE-2022-34067 (Warehouse Management System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-34066 (The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to cont ...)
NOT-FOR-US: Texercise package in PyPI
CVE-2022-34065 (The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contai ...)
@@ -7709,18 +7769,20 @@ CVE-2022-33747
RESERVED
CVE-2022-33746
RESERVED
-CVE-2022-33745
- RESERVED
+CVE-2022-33745 (insufficient TLB flush for x86 PV guests in shadow mode For migration ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://xenbits.xen.org/xsa/advisory-408.html
CVE-2022-33744 (Arm guests can cause Dom0 DoS via PV devices When mapping pages of gue ...)
+ {DSA-5191-1}
- linux 5.18.14-1
NOTE: https://xenbits.xen.org/xsa/advisory-406.html
CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While addin ...)
+ {DSA-5191-1}
- linux 5.18.14-1
NOTE: https://xenbits.xen.org/xsa/advisory-405.html
CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
+ {DSA-5191-1}
- linux 5.18.14-1
- xen <unfixed>
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -7728,6 +7790,7 @@ CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
+ {DSA-5191-1}
- linux 5.18.14-1
- xen <unfixed>
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -7735,6 +7798,7 @@ CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-403.html
CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
+ {DSA-5191-1}
- linux 5.18.14-1
- xen <unfixed>
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -12234,8 +12298,8 @@ CVE-2022-31881
RESERVED
CVE-2022-31880
RESERVED
-CVE-2022-31879
- RESERVED
+CVE-2022-31879 (Online Fire Reporting System 1.0 is vulnerable to SQL Injection via th ...)
+ TODO: check
CVE-2022-31878
RESERVED
CVE-2022-31877
@@ -16268,8 +16332,7 @@ CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.
NOT-FOR-US: WordPress plugin
CVE-2022-1672 (The Insights from Google PageSpeed WordPress plugin before 4.0.7 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1671
- RESERVED
+CVE-2022-1671 (A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/r ...)
- linux 5.17.3-1
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -16373,8 +16436,7 @@ CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary co
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/10/1
-CVE-2022-1651
- RESERVED
+CVE-2022-1651 (A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in ...)
- linux 5.17.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -16391,8 +16453,8 @@ CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in rada
- radare2 <unfixed> (bug #1014478)
NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449
NOTE: https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1
-CVE-2022-1648
- RESERVED
+CVE-2022-1648 (Pandora FMS v7.0NG.760 and below allows a relative path traversal in F ...)
+ TODO: check
CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI command ...)
@@ -28515,6 +28577,7 @@ CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper au
CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information record relat ...)
+ {DSA-5191-1}
- linux 5.18.14-1
- xen <unfixed>
[bullseye] - xen <ignored> (Too intrusive too backport)
@@ -41795,8 +41858,8 @@ CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user t
NOT-FOR-US: IBM
CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...)
NOT-FOR-US: IBM
-CVE-2022-22412
- RESERVED
+CVE-2022-22412 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...)
+ TODO: check
CVE-2022-22411
RESERVED
CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could allow an a ...)
@@ -49999,8 +50062,8 @@ CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affect
NOT-FOR-US: USOC
CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...)
NOT-FOR-US: Discourse
-CVE-2021-43959
- RESERVED
+CVE-2021-43959 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ TODO: check
CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 4.8.9 al ...)
NOT-FOR-US: Atlassian
CVE-2021-43957 (Affected versions of Atlassian Fisheye & Crucible allowed remote a ...)
@@ -79044,6 +79107,7 @@ CVE-2021-33656 (When setting font with malicous data by ioctl cmd PIO_FONT,kerne
- linux 5.14.6-1
NOTE: https://git.kernel.org/linus/ff2047fb755d4415ec3c70ac799889371151796d (v5.12-rc1)
CVE-2021-33655 (When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO, ...)
+ {DSA-5191-1}
- linux 5.18.14-1
NOTE: https://git.kernel.org/linus/086ff84617185393a0bbf25830c4f36412a7d3f4 (5.19-rc7)
CVE-2021-33654 (When performing the initialization operation of the Split operator, if ...)
@@ -79537,70 +79601,70 @@ CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injec
NOT-FOR-US: COVID19 Testing Management System
CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...)
NOT-FOR-US: COVID19 Testing Management System
-CVE-2021-33468
- RESERVED
-CVE-2021-33467
- RESERVED
-CVE-2021-33466
- RESERVED
-CVE-2021-33465
- RESERVED
-CVE-2021-33464
- RESERVED
-CVE-2021-33463
- RESERVED
-CVE-2021-33462
- RESERVED
-CVE-2021-33461
- RESERVED
-CVE-2021-33460
- RESERVED
-CVE-2021-33459
- RESERVED
-CVE-2021-33458
- RESERVED
-CVE-2021-33457
- RESERVED
-CVE-2021-33456
- RESERVED
-CVE-2021-33455
- RESERVED
-CVE-2021-33454
- RESERVED
-CVE-2021-33453
- RESERVED
-CVE-2021-33452
- RESERVED
-CVE-2021-33451
- RESERVED
-CVE-2021-33450
- RESERVED
-CVE-2021-33449
- RESERVED
-CVE-2021-33448
- RESERVED
-CVE-2021-33447
- RESERVED
-CVE-2021-33446
- RESERVED
-CVE-2021-33445
- RESERVED
-CVE-2021-33444
- RESERVED
-CVE-2021-33443
- RESERVED
-CVE-2021-33442
- RESERVED
-CVE-2021-33441
- RESERVED
-CVE-2021-33440
- RESERVED
-CVE-2021-33439
- RESERVED
-CVE-2021-33438
- RESERVED
-CVE-2021-33437
- RESERVED
+CVE-2021-33468 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...)
+ TODO: check
+CVE-2021-33467 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...)
+ TODO: check
+CVE-2021-33466 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33465 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33464 (An issue was discovered in yasm version 1.3.0. There is a heap-buffer- ...)
+ TODO: check
+CVE-2021-33463 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33462 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...)
+ TODO: check
+CVE-2021-33461 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...)
+ TODO: check
+CVE-2021-33460 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33459 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33458 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33457 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33456 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33455 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33454 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
+ TODO: check
+CVE-2021-33453 (An issue was discovered in lrzip version 0.641. There is a use-after-f ...)
+ TODO: check
+CVE-2021-33452 (An issue was discovered in NASM version 2.16rc0. There are memory leak ...)
+ TODO: check
+CVE-2021-33451 (An issue was discovered in lrzip version 0.641. There are memory leaks ...)
+ TODO: check
+CVE-2021-33450 (An issue was discovered in NASM version 2.16rc0. There are memory leak ...)
+ TODO: check
+CVE-2021-33449 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33448 (An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 ...)
+ TODO: check
+CVE-2021-33447 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33446 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33445 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33444 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33443 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33442 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33441 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33440 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33439 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33438 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
+CVE-2021-33437 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...)
+ TODO: check
CVE-2021-33436 (NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from lo ...)
NOT-FOR-US: NoMachine
CVE-2021-33435
@@ -113422,11 +113486,11 @@ CVE-2021-20613 (Improper initialization vulnerability in MELSEC-F series FX3U-EN
NOT-FOR-US: Mitsubishi
CVE-2021-20612 (Lack of administrator control over security vulnerability in MELSEC-F ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...)
+CVE-2021-20611 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
NOT-FOR-US: Mitsubishi
-CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...)
+CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
NOT-FOR-US: Mitsubishi
@@ -188565,7 +188629,7 @@ CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak sl
NOTE: Fixed upstream in 18.08.9, 19.05.5
NOTE: The example file is installed as well in Debian as 0644 and slurmdbd.conf
NOTE: not directly installed by the slurmdbd binary package.
-CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion during a l ...)
+CVE-2017-18640 (The Alias feature in SnakeYAML before 1.26 allows entity expansion dur ...)
- snakeyaml 1.25+ds-3 (bug #952683)
[buster] - snakeyaml <no-dsa> (Minor issue)
[stretch] - snakeyaml <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41a3cb91afb3b32c721478eb2dd4b4cff0951e1e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41a3cb91afb3b32c721478eb2dd4b4cff0951e1e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220726/bbc43314/attachment.htm>
More information about the debian-security-tracker-commits
mailing list