[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 30 09:10:20 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b346db6 by security tracker role at 2022-07-30T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2022-37037
+ RESERVED
+CVE-2022-37036
+ RESERVED
+CVE-2022-37035
+ RESERVED
+CVE-2022-37034
+ RESERVED
+CVE-2022-37033
+ RESERVED
+CVE-2022-37032
+ RESERVED
+CVE-2022-37031
+ RESERVED
+CVE-2022-37030
+ RESERVED
+CVE-2022-37029
+ RESERVED
+CVE-2022-37028
+ RESERVED
+CVE-2022-37027
+ RESERVED
+CVE-2022-37026
+ RESERVED
+CVE-2022-37025
+ RESERVED
+CVE-2022-37024
+ RESERVED
+CVE-2022-2588
+ RESERVED
+CVE-2022-2587
+ RESERVED
+CVE-2022-2586
+ RESERVED
+CVE-2022-2585
+ RESERVED
+CVE-2022-2584
+ RESERVED
+CVE-2022-2583
+ RESERVED
+CVE-2022-2582
+ RESERVED
+CVE-2021-4239
+ RESERVED
+CVE-2021-4238
+ RESERVED
+CVE-2021-4237
+ RESERVED
+CVE-2021-4236
+ RESERVED
+CVE-2021-4235
+ RESERVED
+CVE-2020-36569
+ RESERVED
+CVE-2020-36568
+ RESERVED
+CVE-2020-36567
+ RESERVED
+CVE-2020-36566
+ RESERVED
+CVE-2020-36565
+ RESERVED
+CVE-2020-36564
+ RESERVED
+CVE-2020-36563
+ RESERVED
+CVE-2019-25075
+ RESERVED
+CVE-2019-25074
+ RESERVED
+CVE-2019-25073
+ RESERVED
+CVE-2016-15005
+ RESERVED
CVE-2022-37023
RESERVED
CVE-2022-37022
@@ -1274,8 +1348,8 @@ CVE-2022-36449
RESERVED
CVE-2022-36448
RESERVED
-CVE-2022-36447
- RESERVED
+CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. ...)
+ TODO: check
CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a U ...)
- webmin <removed>
CVE-2022-36445
@@ -1448,8 +1522,8 @@ CVE-2022-36386
RESERVED
CVE-2022-36379
RESERVED
-CVE-2022-36378
- RESERVED
+CVE-2022-36378 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...)
+ TODO: check
CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36371
@@ -1577,8 +1651,8 @@ CVE-2022-36338
RESERVED
CVE-2022-36337
RESERVED
-CVE-2022-36336
- RESERVED
+CVE-2022-36336 (A link following vulnerability in the scanning function of Trend Micro ...)
+ TODO: check
CVE-2022-36297
RESERVED
CVE-2022-36286
@@ -2823,8 +2897,7 @@ CVE-2022-35865
RESERVED
CVE-2022-35864
RESERVED
-CVE-2022-2414
- RESERVED
+CVE-2022-2414 (Access to external entities when parsing XML documents can lead to XML ...)
- dogtag-pki <unfixed> (bug #1014957)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676
NOTE: https://github.com/dogtagpki/pki/pull/4021
@@ -4293,8 +4366,8 @@ CVE-2022-2327 (io_uring use work_flags to determine which identity need to grab
CVE-2022-2326
RESERVED
- gitlab <unfixed>
-CVE-2022-35234
- RESERVED
+CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...)
+ TODO: check
CVE-2022-35233
RESERVED
CVE-2022-35232
@@ -4305,10 +4378,10 @@ CVE-2022-33896
RESERVED
CVE-2022-2325
RESERVED
-CVE-2022-2324
- RESERVED
-CVE-2022-2323
- RESERVED
+CVE-2022-2324 (Improperly Implemented Security Check vulnerability in the SonicWall H ...)
+ TODO: check
+CVE-2022-2323 (Improper neutralization of special elements used in a user input allow ...)
+ TODO: check
CVE-2022-2322
RESERVED
CVE-2022-2321 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
@@ -6135,18 +6208,18 @@ CVE-2022-34533
RESERVED
CVE-2022-34532
RESERVED
-CVE-2022-34531
- RESERVED
+CVE-2022-34531 (DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE ...)
+ TODO: check
CVE-2022-34530
RESERVED
CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...)
NOT-FOR-US: WASM3
-CVE-2022-34528
- RESERVED
-CVE-2022-34527
- RESERVED
-CVE-2022-34526
- RESERVED
+CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stack over ...)
+ TODO: check
+CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a command in ...)
+ TODO: check
+CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...)
+ TODO: check
CVE-2022-34525
RESERVED
CVE-2022-34524
@@ -6210,8 +6283,8 @@ CVE-2022-34498
RESERVED
CVE-2022-34497
RESERVED
-CVE-2022-34496
- RESERVED
+CVE-2022-34496 (Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upl ...)
+ TODO: check
CVE-2022-34495 (rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel be ...)
- linux 5.18.5-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -9627,8 +9700,8 @@ CVE-2022-33160
RESERVED
CVE-2022-33159
RESERVED
-CVE-2022-33158
- RESERVED
+CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulner ...)
+ TODO: check
CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 a ...)
NOT-FOR-US: TYPO3 extension
CVE-2022-33156 (The matomo_integration (aka Matomo Integration) extension before 1.3.2 ...)
@@ -18326,8 +18399,8 @@ CVE-2022-30085
RESERVED
CVE-2022-30084
RESERVED
-CVE-2022-30083
- RESERVED
+CVE-2022-30083 (EllieGrid Android Application version 3.4.1 is vulnerable to Code Inje ...)
+ TODO: check
CVE-2022-30082
RESERVED
CVE-2022-30081
@@ -18838,7 +18911,7 @@ CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Sp
NOTE: https://comsec.ethz.ch/research/microarch/retbleed/
NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
-CVE-2022-29900 (AMD microprocessor families 15h to 18h are affected by a new Spectre v ...)
+CVE-2022-29900 (Mis-trained branch predictions for return instructions may allow arbit ...)
{DSA-5184-1}
- linux 5.18.14-1
- xen <unfixed>
@@ -24897,12 +24970,12 @@ CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be u
NOT-FOR-US: Autodesk
CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 20 ...)
NOT-FOR-US: Autodesk
-CVE-2022-27866
- RESERVED
-CVE-2022-27865
- RESERVED
-CVE-2022-27864
- RESERVED
+CVE-2022-27866 (A maliciously crafted TIFF file when consumed through DesignReview.exe ...)
+ TODO: check
+CVE-2022-27865 (A maliciously crafted TGA or PCX file may be used to write beyond the ...)
+ TODO: check
+CVE-2022-27864 (A Double Free vulnerability allows remote attackers to execute arbitra ...)
+ TODO: check
CVE-2022-27186
RESERVED
CVE-2022-27177 (A Python format string issue leading to information disclosure and pot ...)
@@ -40226,14 +40299,14 @@ CVE-2022-23006
RESERVED
CVE-2022-23005
RESERVED
-CVE-2022-23004
- RESERVED
-CVE-2022-23003
- RESERVED
-CVE-2022-23002
- RESERVED
-CVE-2022-23001
- RESERVED
+CVE-2022-23004 (When computing a shared secret or point multiplication on the NIST P-2 ...)
+ TODO: check
+CVE-2022-23003 (When computing a shared secret or point multiplication on the NIST P-2 ...)
+ TODO: check
+CVE-2022-23002 (When compressing or decompressing a point on the NIST P-256 elliptic c ...)
+ TODO: check
+CVE-2022-23001 (When compressing or decompressing elliptic curve points using the Swee ...)
+ TODO: check
CVE-2022-23000 (The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a ...)
NOT-FOR-US: Western Digital
CVE-2022-22999 (Western Digital My Cloud devices are vulnerable to a cross side script ...)
@@ -43380,8 +43453,8 @@ CVE-2022-22282 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earli
NOT-FOR-US: SonicWall
CVE-2022-22281 (A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender W ...)
NOT-FOR-US: SonicWall
-CVE-2022-22280
- RESERVED
+CVE-2022-22280 (Improper Neutralization of Special Elements used in an SQL Command lea ...)
+ TODO: check
CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file r ...)
NOT-FOR-US: Sonicwall
CVE-2022-22278 (A vulnerability in SonicOS CFS (Content filtering service) returns a l ...)
@@ -95182,8 +95255,8 @@ CVE-2021-27787
RESERVED
CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to perform cross ...)
NOT-FOR-US: HCL
-CVE-2021-27785
- RESERVED
+CVE-2021-27785 (HCL Commerce's Remote Store server could allow a local attacker to obt ...)
+ TODO: check
CVE-2021-27784
RESERVED
CVE-2021-27783 (User generated PPKG file for Bulk Enroll may have unencrypted sensitiv ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b346db6c076e9834a1f3e979b4f933ef51b4bf2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b346db6c076e9834a1f3e979b4f933ef51b4bf2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220730/c9d2fb0b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list