[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 7 21:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
03a74103 by security tracker role at 2022-06-07T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2022-32536
+ RESERVED
+CVE-2022-32535
+ RESERVED
+CVE-2022-32534
+ RESERVED
+CVE-2022-32533
+ RESERVED
+CVE-2022-32532
+ RESERVED
+CVE-2022-32531
+ RESERVED
+CVE-2022-2022 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...)
+ TODO: check
+CVE-2022-2021
+ RESERVED
+CVE-2022-2020 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2022-2019 (A vulnerability classified as critical was found in SourceCodester Pri ...)
+ TODO: check
+CVE-2022-2018 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2022-2017 (A vulnerability was found in SourceCodester Prison Management System 1 ...)
+ TODO: check
+CVE-2022-2016 (Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/ ...)
+ TODO: check
+CVE-2022-2015
+ RESERVED
+CVE-2022-2014
+ RESERVED
CVE-2022-32530
RESERVED
CVE-2022-32529
@@ -180,8 +210,8 @@ CVE-2022-30532
RESERVED
CVE-2022-29890
RESERVED
-CVE-2022-2000
- RESERVED
+CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1999
RESERVED
CVE-2022-1998
@@ -2918,8 +2948,8 @@ CVE-2022-31497
RESERVED
CVE-2022-31496
RESERVED
-CVE-2022-31495
- RESERVED
+CVE-2022-31495 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page ...)
+ TODO: check
CVE-2022-31494 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. ...)
TODO: check
CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. ...)
@@ -3346,8 +3376,8 @@ CVE-2022-31281
RESERVED
CVE-2022-31280
RESERVED
-CVE-2022-31279
- RESERVED
+CVE-2022-31279 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
+ TODO: check
CVE-2022-31278
RESERVED
CVE-2022-31277
@@ -3954,8 +3984,8 @@ CVE-2022-31033
RESERVED
CVE-2022-31032
RESERVED
-CVE-2022-31031
- RESERVED
+CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
CVE-2022-31030 (containerd is an open source container runtime. A bug was found in the ...)
- containerd 1.6.6~ds1-1
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
@@ -4335,88 +4365,88 @@ CVE-2022-30751
RESERVED
CVE-2022-30750
RESERVED
-CVE-2022-30749
- RESERVED
-CVE-2022-30748
- RESERVED
-CVE-2022-30747
- RESERVED
-CVE-2022-30746
- RESERVED
-CVE-2022-30745
- RESERVED
-CVE-2022-30744
- RESERVED
-CVE-2022-30743
- RESERVED
-CVE-2022-30742
- RESERVED
-CVE-2022-30741
- RESERVED
-CVE-2022-30740
- RESERVED
-CVE-2022-30739
- RESERVED
-CVE-2022-30738
- RESERVED
-CVE-2022-30737
- RESERVED
-CVE-2022-30736
- RESERVED
-CVE-2022-30735
- RESERVED
-CVE-2022-30734
- RESERVED
-CVE-2022-30733
- RESERVED
-CVE-2022-30732
- RESERVED
-CVE-2022-30731
- RESERVED
-CVE-2022-30730
- RESERVED
-CVE-2022-30729
- RESERVED
-CVE-2022-30728
- RESERVED
-CVE-2022-30727
- RESERVED
-CVE-2022-30726
- RESERVED
-CVE-2022-30725
- RESERVED
-CVE-2022-30724
- RESERVED
-CVE-2022-30723
- RESERVED
-CVE-2022-30722
- RESERVED
-CVE-2022-30721
- RESERVED
-CVE-2022-30720
- RESERVED
-CVE-2022-30719
- RESERVED
+CVE-2022-30749 (Improper access control vulnerability in Smart Things prior to 1.7.85. ...)
+ TODO: check
+CVE-2022-30748 (Unprotected dynamic receiver in Samsung Members prior to version 4.2.0 ...)
+ TODO: check
+CVE-2022-30747 (PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85. ...)
+ TODO: check
+CVE-2022-30746 (Missing caller check in Smart Things prior to version 1.7.85.12 allows ...)
+ TODO: check
+CVE-2022-30745 (Improper access control vulnerability in Quick Share prior to version ...)
+ TODO: check
+CVE-2022-30744 (DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to ve ...)
+ TODO: check
+CVE-2022-30743 (Improper privilege management vulnerability in Samsung Account prior t ...)
+ TODO: check
+CVE-2022-30742 (Sensitive information exposure vulnerability in FmmExtraOperation of F ...)
+ TODO: check
+CVE-2022-30741 (Sensitive information exposure vulnerability in SimChangeAlertManger o ...)
+ TODO: check
+CVE-2022-30740 (Improper auto-fill algorithm in Samsung Internet prior to version 17.0 ...)
+ TODO: check
+CVE-2022-30739 (Improper privilege management vulnerability in Samsung Account prior t ...)
+ TODO: check
+CVE-2022-30738 (Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows ...)
+ TODO: check
+CVE-2022-30737 (Implicit Intent hijacking vulnerability in Samsung Account prior to ve ...)
+ TODO: check
+CVE-2022-30736 (Improper privilege management vulnerability in Samsung Account prior t ...)
+ TODO: check
+CVE-2022-30735 (Improper privilege management vulnerability in Samsung Account prior t ...)
+ TODO: check
+CVE-2022-30734 (Sensitive information exposure in Sign-out log in Samsung Account prio ...)
+ TODO: check
+CVE-2022-30733 (Sensitive information exposure in Sign-in log in Samsung Account prior ...)
+ TODO: check
+CVE-2022-30732 (Exposure of Sensitive Information vulnerability in Samsung Account pri ...)
+ TODO: check
+CVE-2022-30731 (Improper access control vulnerability in My Files prior to version 13. ...)
+ TODO: check
+CVE-2022-30730 (Improper authorization in Samsung Pass prior to 1.0.00.33 allows physi ...)
+ TODO: check
+CVE-2022-30729 (Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2 ...)
+ TODO: check
+CVE-2022-30728 (Information exposure vulnerability in ScanPool prior to SMR Jun-2022 R ...)
+ TODO: check
+CVE-2022-30727 (Improper handling of insufficient permissions vulnerability in addAppP ...)
+ TODO: check
+CVE-2022-30726 (Unprotected component vulnerability in DeviceSearchTrampoline in SecSe ...)
+ TODO: check
+CVE-2022-30725 (Broadcasting Intent including the BluetoothDevice object without prope ...)
+ TODO: check
+CVE-2022-30724 (Broadcasting Intent including the BluetoothDevice object without prope ...)
+ TODO: check
+CVE-2022-30723 (Broadcasting Intent including the BluetoothDevice object without prope ...)
+ TODO: check
+CVE-2022-30722 (Implicit Intent hijacking vulnerability in Samsung Account prior to SM ...)
+ TODO: check
+CVE-2022-30721 (Improper input validation check logic vulnerability in libsmkvextracto ...)
+ TODO: check
+CVE-2022-30720 (Improper input validation check logic vulnerability in libsmkvextracto ...)
+ TODO: check
+CVE-2022-30719 (Improper input validation check logic vulnerability in libsmkvextracto ...)
+ TODO: check
CVE-2022-30718
RESERVED
-CVE-2022-30717
- RESERVED
-CVE-2022-30716
- RESERVED
-CVE-2022-30715
- RESERVED
-CVE-2022-30714
- RESERVED
-CVE-2022-30713
- RESERVED
-CVE-2022-30712
- RESERVED
-CVE-2022-30711
- RESERVED
-CVE-2022-30710
- RESERVED
-CVE-2022-30709
- RESERVED
+CVE-2022-30717 (Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allo ...)
+ TODO: check
+CVE-2022-30716 (Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast pri ...)
+ TODO: check
+CVE-2022-30715 (Improper access control vulnerability in DofViewer prior to SMR Jun-20 ...)
+ TODO: check
+CVE-2022-30714 (Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2 ...)
+ TODO: check
+CVE-2022-30713 (Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 ...)
+ TODO: check
+CVE-2022-30712 (Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 ...)
+ TODO: check
+CVE-2022-30711 (Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 R ...)
+ TODO: check
+CVE-2022-30710 (Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 ...)
+ TODO: check
+CVE-2022-30709 (Improper input validation check logic vulnerability in SECRIL prior to ...)
+ TODO: check
CVE-2022-29888
RESERVED
CVE-2022-25932
@@ -4924,8 +4954,8 @@ CVE-2022-1710
RESERVED
CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1708
- RESERVED
+CVE-2022-1708 (A vulnerability was found in CRI-O that causes memory or disk space ex ...)
+ TODO: check
CVE-2022-1707
RESERVED
CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs are acces ...)
@@ -8342,8 +8372,8 @@ CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository
NOTE: https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b
CVE-2022-29565
RESERVED
-CVE-2022-29564
- RESERVED
+CVE-2022-29564 (Jamf Private Access before 2022-05-16 has Incorrect Access Control, in ...)
+ TODO: check
CVE-2022-29563
RESERVED
CVE-2022-29562
@@ -10458,8 +10488,8 @@ CVE-2022-28797
RESERVED
CVE-2022-28795 (A vulnerability within the Avira Password Manager Browser Extensions p ...)
NOT-FOR-US: Avira Password Manager Browser Extensions
-CVE-2022-28794
- RESERVED
+CVE-2022-28794 (Sensitive information exposure in low-battery dumpstate log prior to S ...)
+ TODO: check
CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker, improper ...)
NOT-FOR-US: Samsung
CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to version ...)
@@ -17029,7 +17059,7 @@ CVE-2022-26528
RESERVED
CVE-2022-26527
RESERVED
-CVE-2022-26526 (Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 ...)
+CVE-2022-26526 (Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Min ...)
NOT-FOR-US: Anaconda Python
CVE-2022-26525
RESERVED
@@ -20177,8 +20207,8 @@ CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated rem
NOT-FOR-US: WatchGuard
CVE-2022-25362
RESERVED
-CVE-2022-25361
- RESERVED
+CVE-2022-25361 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...)
+ TODO: check
CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...)
NOT-FOR-US: WatchGuard
CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...)
@@ -58380,8 +58410,8 @@ CVE-2021-37591
RESERVED
CVE-2021-37590
RESERVED
-CVE-2021-37589
- RESERVED
+CVE-2021-37589 (Virtua Cobranca before 12R allows SQL Injection on the login page. ...)
+ TODO: check
CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...)
NOT-FOR-US: Charm
CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...)
@@ -79502,6 +79532,7 @@ CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.1
CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...)
- foreman <itp> (bug #663101)
CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...)
+ {DLA-3047-1}
- avahi <unfixed> (bug #984938)
[bullseye] - avahi <no-dsa> (Minor issue)
[buster] - avahi <no-dsa> (Minor issue)
@@ -83192,8 +83223,8 @@ CVE-2021-27788
RESERVED
CVE-2021-27787
RESERVED
-CVE-2021-27786
- RESERVED
+CVE-2021-27786 (Cross-origin resource sharing (CORS) enables browsers to perform cross ...)
+ TODO: check
CVE-2021-27785
RESERVED
CVE-2021-27784
@@ -85678,6 +85709,7 @@ CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query be
CVE-2021-26721
RESERVED
CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...)
+ {DLA-3047-1}
- avahi 0.8-4
[buster] - avahi 0.7-4+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2
@@ -97328,6 +97360,7 @@ CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::deco
NOTE: librecad bundles libdxfrw
NOTE: https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0
CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...)
+ {DLA-3046-1}
- cloudcompare <unfixed> (bug #1010347)
[bullseye] - cloudcompare <no-dsa> (Minor issue)
[buster] - cloudcompare <no-dsa> (Minor issue)
@@ -213488,10 +213521,10 @@ CVE-2019-10001
RESERVED
CVE-2019-10000
RESERVED
-CVE-2019-9972
- RESERVED
-CVE-2019-9971
- RESERVED
+CVE-2019-9972 (PhoneSystem Terminal in 3CX Phone System (Debian based installation) 1 ...)
+ TODO: check
+CVE-2019-9971 (PhoneSystem Terminal in 3CX Phone System (Debian based installation) 1 ...)
+ TODO: check
CVE-2019-9970 (Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal ...)
- signal-desktop <itp> (bug #842943)
CVE-2019-9969 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a74103c0e234da8a8cc2618e0503dd0703debc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a74103c0e234da8a8cc2618e0503dd0703debc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220607/436409f2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list