[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 10 21:10:32 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7a6c0a3 by security tracker role at 2022-06-10T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2022-32979
+ RESERVED
+CVE-2022-32978 (There is an assertion failure in SingleComponentLSScan::ParseMCU in si ...)
+ TODO: check
+CVE-2022-32977
+ RESERVED
+CVE-2022-32976
+ RESERVED
+CVE-2022-32975
+ RESERVED
+CVE-2022-32974
+ RESERVED
+CVE-2022-32973
+ RESERVED
+CVE-2022-32972
+ RESERVED
+CVE-2022-32969
+ RESERVED
+CVE-2022-32968
+ RESERVED
+CVE-2022-32967
+ RESERVED
+CVE-2022-32966
+ RESERVED
+CVE-2022-32965
+ RESERVED
+CVE-2022-32964
+ RESERVED
+CVE-2022-32963
+ RESERVED
+CVE-2022-32962
+ RESERVED
+CVE-2022-32961
+ RESERVED
+CVE-2022-32960
+ RESERVED
+CVE-2022-32959
+ RESERVED
+CVE-2022-32958
+ RESERVED
+CVE-2022-32588
+ RESERVED
+CVE-2022-32281
+ RESERVED
+CVE-2022-2053
+ RESERVED
+CVE-2022-2052
+ RESERVED
+CVE-2022-2051
+ RESERVED
+CVE-2022-2050
+ RESERVED
CVE-2022-32957
RESERVED
CVE-2022-32956
@@ -782,8 +834,8 @@ CVE-2022-32565
RESERVED
CVE-2022-32564
RESERVED
-CVE-2022-32563
- RESERVED
+CVE-2022-32563 (An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Ad ...)
+ TODO: check
CVE-2022-32562
RESERVED
CVE-2022-32561
@@ -1502,22 +1554,22 @@ CVE-2017-20038
RESERVED
CVE-2017-20037
RESERVED
-CVE-2017-20036
- RESERVED
-CVE-2017-20035
- RESERVED
-CVE-2017-20034
- RESERVED
-CVE-2017-20033
- RESERVED
-CVE-2017-20032
- RESERVED
-CVE-2017-20031
- RESERVED
-CVE-2017-20030
- RESERVED
-CVE-2017-20029
- RESERVED
+CVE-2017-20036 (A vulnerability, which was classified as problematic, was found in PHP ...)
+ TODO: check
+CVE-2017-20035 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2017-20034 (A vulnerability classified as problematic was found in PHPList 3.2.6. ...)
+ TODO: check
+CVE-2017-20033 (A vulnerability classified as problematic has been found in PHPList 3. ...)
+ TODO: check
+CVE-2017-20032 (A vulnerability was found in PHPList 3.2.6. It has been rated as criti ...)
+ TODO: check
+CVE-2017-20031 (A vulnerability was found in PHPList 3.2.6. It has been declared as pr ...)
+ TODO: check
+CVE-2017-20030 (A vulnerability was found in PHPList 3.2.6. It has been classified as ...)
+ TODO: check
+CVE-2017-20029 (A vulnerability was found in PHPList 3.2.6 and classified as critical. ...)
+ TODO: check
CVE-2017-20028 (A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been c ...)
NOT-FOR-US: HumHub
CVE-2017-20027 (A vulnerability was found in HumHub up to 1.0.1 and classified as prob ...)
@@ -2860,8 +2912,8 @@ CVE-2022-31790
RESERVED
CVE-2022-31789
RESERVED
-CVE-2022-31788
- RESERVED
+CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...)
+ TODO: check
CVE-2022-31787
RESERVED
CVE-2022-31786
@@ -2904,8 +2956,8 @@ CVE-2022-31771
RESERVED
CVE-2022-31770
RESERVED
-CVE-2022-31769
- RESERVED
+CVE-2022-31769 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow ...)
+ TODO: check
CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
NOT-FOR-US: IBM
CVE-2022-31767
@@ -4091,8 +4143,8 @@ CVE-2022-31404
RESERVED
CVE-2022-31403
RESERVED
-CVE-2022-31402
- RESERVED
+CVE-2022-31402 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vul ...)
+ TODO: check
CVE-2022-31401
RESERVED
CVE-2022-31400
@@ -4321,18 +4373,18 @@ CVE-2022-31289
RESERVED
CVE-2022-31288
RESERVED
-CVE-2022-31287
- RESERVED
+CVE-2022-31287 (An issue was discovered in Bento4 v1.2. There is an allocation size re ...)
+ TODO: check
CVE-2022-31286
RESERVED
-CVE-2022-31285
- RESERVED
+CVE-2022-31285 (An issue was discovered in Bento4 1.2. The allocator is out of memory ...)
+ TODO: check
CVE-2022-31284
RESERVED
CVE-2022-31283
RESERVED
-CVE-2022-31282
- RESERVED
+CVE-2022-31282 (Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation ...)
+ TODO: check
CVE-2022-31281
RESERVED
CVE-2022-31280
@@ -6169,10 +6221,10 @@ CVE-2022-30613
RESERVED
CVE-2022-30612
RESERVED
-CVE-2022-30611
- RESERVED
-CVE-2022-30610
- RESERVED
+CVE-2022-30611 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...)
+ TODO: check
+CVE-2022-30610 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...)
+ TODO: check
CVE-2022-30609
RESERVED
CVE-2022-30608
@@ -8097,8 +8149,8 @@ CVE-2022-29950 (** DISPUTED ** Experian Hunter 1.16 allows remote authenticated
NOT-FOR-US: Experian Hunter
CVE-2022-29949
RESERVED
-CVE-2022-29948
- RESERVED
+CVE-2022-29948 (Due to an insecure design, the Lepin EP-KP001 flash drive through KP00 ...)
+ TODO: check
CVE-2022-29947 (Woodpecker before 0.15.1 allows XSS via build logs because web/src/com ...)
- woodpecker <itp> (bug #1008934)
CVE-2022-29946
@@ -15281,8 +15333,8 @@ CVE-2022-27504
RESERVED
CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects ...)
NOT-FOR-US: Citrix
-CVE-2022-27502
- RESERVED
+CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privil ...)
+ TODO: check
CVE-2022-27501
RESERVED
CVE-2022-27500
@@ -31558,8 +31610,8 @@ CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could a
NOT-FOR-US: IBM
CVE-2022-22480
RESERVED
-CVE-2022-22479
- RESERVED
+CVE-2022-22479 (IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerabl ...)
+ TODO: check
CVE-2022-22478
RESERVED
CVE-2022-22477
@@ -31664,8 +31716,8 @@ CVE-2022-22428
RESERVED
CVE-2022-22427 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
-CVE-2022-22426
- RESERVED
+CVE-2022-22426 (IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could ...)
+ TODO: check
CVE-2022-22425
RESERVED
CVE-2022-22424
@@ -37455,8 +37507,8 @@ CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog v
NOT-FOR-US: emlog
CVE-2021-44583
RESERVED
-CVE-2021-44582
- RESERVED
+CVE-2021-44582 (A Privilege Escalation vulnerability exists in Sourcecodester Money Tr ...)
+ TODO: check
CVE-2021-44581 (An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the i ...)
NOT-FOR-US: Kreado Kreasfero CMS
CVE-2021-44580
@@ -39057,8 +39109,8 @@ CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerabi
NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
-CVE-2021-44117
- RESERVED
+CVE-2021-44117 (A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLigh ...)
+ TODO: check
CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...)
NOT-FOR-US: Anchor CMS
CVE-2021-44115
@@ -44793,8 +44845,8 @@ CVE-2021-3896
REJECTED
CVE-2021-42812
RESERVED
-CVE-2021-42811
- RESERVED
+CVE-2021-42811 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...)
NOT-FOR-US: Thales SafeNet Agent
CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...)
@@ -63060,7 +63112,7 @@ CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operan
NOT-FOR-US: keystone engine
CVE-2020-36404 (Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl& ...)
NOT-FOR-US: keystone engine
-CVE-2020-36403 (HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_pa ...)
+CVE-2020-36403 (HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_f ...)
- htslib 1.11-1
[buster] - htslib <no-dsa> (Minor issue)
[stretch] - htslib <not-affected> (Vulnerable code added later)
@@ -118726,7 +118778,7 @@ CVE-2020-26666
CVE-2020-26665
RESERVED
CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...)
- {DSA-4834-1}
+ {DSA-4834-1 DLA-3050-1}
- vlc 3.0.12-1 (low; bug #979676)
NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c (3.0.12)
NOTE: https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt
@@ -249049,8 +249101,8 @@ CVE-2018-17242
RESERVED
CVE-2018-17241
RESERVED
-CVE-2018-17240
- RESERVED
+CVE-2018-17240 (There is a memory dump vulnerability on Netwave IP camera devices at / ...)
+ TODO: check
CVE-2018-17239
RESERVED
CVE-2018-17238
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a6c0a3f43c477682edb176b12f621ac7917913
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7a6c0a3f43c477682edb176b12f621ac7917913
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220610/a1f7fb03/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list