[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 3 21:10:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe7d353b by security tracker role at 2022-06-03T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2022-32287
+ RESERVED
+CVE-2022-32286
+ RESERVED
+CVE-2022-32285
+ RESERVED
+CVE-2022-32279
+ RESERVED
+CVE-2022-32278
+ RESERVED
+CVE-2022-32277
+ RESERVED
+CVE-2022-32276
+ RESERVED
+CVE-2022-32275
+ RESERVED
+CVE-2022-31472
+ RESERVED
+CVE-2022-29521
+ RESERVED
+CVE-2022-29465
+ RESERVED
+CVE-2022-25958
+ RESERVED
+CVE-2022-1993
+ RESERVED
+CVE-2022-1992
+ RESERVED
+CVE-2022-1991 (A vulnerability classified as problematic has been found in Fast Food ...)
+ TODO: check
+CVE-2022-1990
+ RESERVED
+CVE-2022-1989
+ RESERVED
+CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/fa ...)
+ TODO: check
CVE-2022-32274
RESERVED
CVE-2022-32273
@@ -78,7 +114,7 @@ CVE-2022-32236
RESERVED
CVE-2022-32235
RESERVED
-CVE-2022-1987 [A heap-buffer-overflow in mobi_decode_infl in index.c]
+CVE-2022-1987 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...)
- libmobi 0.11+dfsg-1
NOTE: https://huntr.dev/bounties/e8197737-7557-443e-a59f-2a86e8dda75f/
NOTE: https://github.com/bfabiszewski/libmobi/commit/612562bc1ea38f1708b044e7a079c47a05b1291d (v0.11)
@@ -1298,8 +1334,8 @@ CVE-2022-1904
RESERVED
CVE-2022-1903
RESERVED
-CVE-2020-36528
- RESERVED
+CVE-2020-36528 (A vulnerability, which was classified as critical, was found in Platin ...)
+ TODO: check
CVE-2022-31763
RESERVED
CVE-2022-31762
@@ -1345,16 +1381,16 @@ CVE-2021-46812
RESERVED
CVE-2021-46811
RESERVED
-CVE-2020-36527
- RESERVED
-CVE-2020-36526
- RESERVED
-CVE-2020-36525
- RESERVED
-CVE-2020-36524
- RESERVED
-CVE-2020-36523
- RESERVED
+CVE-2020-36527 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2020-36526 (A vulnerability classified as problematic was found in Countdown Timer ...)
+ TODO: check
+CVE-2020-36525 (A vulnerability classified as problematic has been found in Linking. T ...)
+ TODO: check
+CVE-2020-36524 (A vulnerability was found in Refined Toolkit. It has been rated as pro ...)
+ TODO: check
+CVE-2020-36523 (A vulnerability was found in PlantUML 6.43. It has been declared as pr ...)
+ TODO: check
CVE-2022-31749
RESERVED
CVE-2022-31748
@@ -1363,7 +1399,7 @@ CVE-2022-31748
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748
CVE-2022-31747
RESERVED
- {DSA-5156-1}
+ {DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1386,7 +1422,7 @@ CVE-2022-31743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743
CVE-2022-31742
RESERVED
- {DSA-5156-1}
+ {DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1395,7 +1431,7 @@ CVE-2022-31742
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742
CVE-2022-31741
RESERVED
- {DSA-5156-1}
+ {DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1404,7 +1440,7 @@ CVE-2022-31741
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741
CVE-2022-31740
RESERVED
- {DSA-5156-1}
+ {DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1421,7 +1457,7 @@ CVE-2022-31739
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739
CVE-2022-31738
RESERVED
- {DSA-5156-1}
+ {DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1430,7 +1466,7 @@ CVE-2022-31738
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738
CVE-2022-31737
RESERVED
- {DSA-5156-1}
+ {DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -1439,7 +1475,7 @@ CVE-2022-31737
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737
CVE-2022-31736
RESERVED
- {DSA-5156-1}
+ {DSA-5156-1 DLA-3041-1 DLA-3040-1}
- firefox 101.0-1
- firefox-esr 91.10.0esr-1
- thunderbird 1:91.10.0-1
@@ -2689,6 +2725,7 @@ CVE-2022-1835
RESERVED
CVE-2022-1834
RESERVED
+ {DLA-3041-1}
- thunderbird 1:91.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834
CVE-2022-1833
@@ -2826,7 +2863,7 @@ CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub re
NOT-FOR-US: Trudesk
CVE-2022-1802
RESERVED
- {DSA-5143-1 DLA-3021-1}
+ {DSA-5143-1 DLA-3041-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
- thunderbird 1:91.10.0-1
@@ -3265,14 +3302,14 @@ CVE-2022-31030
RESERVED
CVE-2022-31029
RESERVED
-CVE-2022-31028
- RESERVED
+CVE-2022-31028 (MinIO is a multi-cloud object storage solution. Starting with version ...)
+ TODO: check
CVE-2022-31027
RESERVED
CVE-2022-31026
RESERVED
-CVE-2022-31025
- RESERVED
+CVE-2022-31025 (Discourse is an open source platform for community discussion. Prior t ...)
+ TODO: check
CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...)
TODO: check
CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions prior to ...)
@@ -6516,7 +6553,7 @@ CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/li
NOT-FOR-US: livehelperchat
CVE-2022-1529
RESERVED
- {DSA-5143-1 DLA-3021-1}
+ {DSA-5143-1 DLA-3041-1 DLA-3021-1}
- firefox 100.0.2-1
- firefox-esr 91.9.1esr-1
- thunderbird 1:91.10.0-1
@@ -14255,13 +14292,13 @@ CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a
[buster] - glewlwyd <no-dsa> (Minor issue)
NOTE: https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a (v2.6.2)
CVE-2022-29869 (cifs-utils through 6.14, with verbose logging, can cause an informatio ...)
- {DLA-3009-1}
+ {DSA-5157-1 DLA-3009-1}
- cifs-utils 2:6.14-1.1 (bug #1010818)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15026
NOTE: https://github.com/piastry/cifs-utils/pull/7
NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 (cifs-utils-6.15)
CVE-2022-27239 (In cifs-utils through 6.14, a stack-based buffer overflow when parsing ...)
- {DLA-3009-1}
+ {DSA-5157-1 DLA-3009-1}
- cifs-utils 2:6.14-1.1 (bug #1010818)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15025
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216
@@ -16370,8 +16407,8 @@ CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow w
NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html
CVE-2022-26494 (An XSS was identified in the Admin Web interface of PrimeKey SignServe ...)
NOT-FOR-US: PrimeKey SignServer
-CVE-2022-26493
- RESERVED
+CVE-2022-26493 (Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Si ...)
+ TODO: check
CVE-2022-26492
RESERVED
CVE-2022-26491 (An issue was discovered in Pidgin before 2.14.9. A remote attacker who ...)
@@ -21032,6 +21069,7 @@ CVE-2022-24861 (Databasir is a team-oriented relational database model document
CVE-2022-24860 (Databasir is a team-oriented relational database model document manage ...)
NOT-FOR-US: Databasir
CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
+ {DLA-3039-1}
- pypdf2 1.27.9-1 (bug #1009879)
NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
NOTE: https://github.com/py-pdf/PyPDF2/issues/329
@@ -41520,6 +41558,7 @@ CVE-2022-20798
CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...)
NOT-FOR-US: Cisco
CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...)
+ {DLA-3042-1}
- clamav 0.103.6+dfsg-1
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
@@ -41532,6 +41571,7 @@ CVE-2022-20793
RESERVED
CVE-2022-20792
RESERVED
+ {DLA-3042-1}
- clamav 0.103.6+dfsg-1
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
@@ -41549,6 +41589,7 @@ CVE-2022-20787 (A vulnerability in the web-based management interface of Cisco U
CVE-2022-20786 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2022-20785 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...)
+ {DLA-3042-1}
- clamav 0.103.6+dfsg-1
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
@@ -41580,11 +41621,13 @@ CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of
CVE-2022-20772
RESERVED
CVE-2022-20771 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...)
+ {DLA-3042-1}
- clamav 0.103.6+dfsg-1
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...)
+ {DLA-3042-1}
- clamav 0.103.6+dfsg-1
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
[buster] - clamav <no-dsa> (clamav is updated via -updates)
@@ -42783,26 +42826,26 @@ CVE-2021-42895
RESERVED
CVE-2021-42894
RESERVED
-CVE-2021-42893
- RESERVED
-CVE-2021-42892
- RESERVED
-CVE-2021-42891
- RESERVED
-CVE-2021-42890
- RESERVED
-CVE-2021-42889
- RESERVED
-CVE-2021-42888
- RESERVED
-CVE-2021-42887
- RESERVED
-CVE-2021-42886
- RESERVED
-CVE-2021-42885
- RESERVED
-CVE-2021-42884
- RESERVED
+CVE-2021-42893 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...)
+ TODO: check
+CVE-2021-42892 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet withou ...)
+ TODO: check
+CVE-2021-42891 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...)
+ TODO: check
+CVE-2021-42890 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...)
+ TODO: check
+CVE-2021-42889 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...)
+ TODO: check
+CVE-2021-42888 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...)
+ TODO: check
+CVE-2021-42887 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sen ...)
+ TODO: check
+CVE-2021-42886 (TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vuln ...)
+ TODO: check
+CVE-2021-42885 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...)
+ TODO: check
+CVE-2021-42884 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...)
+ TODO: check
CVE-2021-42883
RESERVED
CVE-2021-42882
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe7d353bfb3a7f92d1d089a0c1f4910df2d6ca69
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe7d353bfb3a7f92d1d089a0c1f4910df2d6ca69
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220603/202cf659/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list