[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffe6c2d8 by security tracker role at 2022-06-11T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1568,14 +1568,14 @@ CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitra
 	NOT-FOR-US: Real Player
 CVE-2022-32290
 	RESERVED
-CVE-2017-20040
-	RESERVED
-CVE-2017-20039
-	RESERVED
-CVE-2017-20038
-	RESERVED
-CVE-2017-20037
-	RESERVED
+CVE-2017-20040 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...)
+	TODO: check
+CVE-2017-20039 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...)
+	TODO: check
+CVE-2017-20038 (A vulnerability was found in SICUNET Access Controller 0.32-05z and cl ...)
+	TODO: check
+CVE-2017-20037 (A vulnerability has been found in SICUNET Access Controller 0.32-05z a ...)
+	TODO: check
 CVE-2017-20036 (A vulnerability, which was classified as problematic, was found in PHP ...)
 	- phplist <itp> (bug #612288)
 CVE-2017-20035 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -1906,11 +1906,13 @@ CVE-2022-1976
 	RESERVED
 CVE-2022-1975 [NFC: netlink: fix sleep in atomic bug when firmware download timeout]
 	RESERVED
+	{DSA-5161-1}
 	- linux 5.17.11-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/2
 	NOTE: https://git.kernel.org/linus/4071bf121d59944d5cd2238de0642f3d7995a997 (5.18-rc6)
 CVE-2022-1974
 	RESERVED
+	{DSA-5161-1}
 	- linux 5.17.11-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1
 	NOTE: https://git.kernel.org/linus/da5c0f119203ad9728920456a0f52a6d850c01cd (5.18-rc6)
@@ -1923,6 +1925,7 @@ CVE-2022-1973 [fs/ntfs3: Fix invalid free in log_replay]
 	NOTE: https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1)
 CVE-2022-1972
 	RESERVED
+	{DSA-5161-1}
 	- linux 5.18.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1949,6 +1952,7 @@ CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 CVE-2022-1967
 	RESERVED
 CVE-2022-1966 (A use-after-free vulnerability was found in the Linux kernel's Netfilt ...)
+	{DSA-5161-1}
 	- linux 5.18.2-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/31/1
 	NOTE: https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd
@@ -3740,6 +3744,7 @@ CVE-2022-1853
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1852 [KVM: x86: avoid calling x86 emulator without a decoded instruction]
 	RESERVED
+	{DSA-5161-1}
 	- linux 5.18.2-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5186,6 +5191,7 @@ CVE-2022-1791
 CVE-2022-1790
 	RESERVED
 CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in a call  ...)
+	{DSA-5161-1}
 	- linux 5.17.11-1
 	NOTE: https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76
 CVE-2022-1788
@@ -5193,6 +5199,7 @@ CVE-2022-1788
 CVE-2022-1787
 	RESERVED
 CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_uring s ...)
+	{DSA-5161-1}
 	- linux 5.14.6-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -5541,6 +5548,7 @@ CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/d
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-1729 [perf: Fix sys_perf_event_open() race against self]
 	RESERVED
+	{DSA-5161-1}
 	- linux 5.17.11-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/20/2
 	NOTE: https://git.kernel.org/linus/3ac6487e584a1eb54071dbe1212e05b884136704
@@ -5937,8 +5945,8 @@ CVE-2022-30782 (Openmoney API through 2020-06-29 uses the JavaScript Math.random
 	NOT-FOR-US: Openmoney
 CVE-2022-30781 (Gitea before 1.16.7 does not escape git fetch remote. ...)
 	- gitea <removed>
-CVE-2022-30780
-	RESERVED
+CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a den ...)
+	TODO: check
 CVE-2022-30779 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
 	TODO: check, issue seems to be in src:guzzle, check details
 CVE-2022-30778 (Laravel 9.1.8, when processing attacker-controlled data for deserializ ...)
@@ -11366,6 +11374,7 @@ CVE-2022-28895 (A command injection vulnerability in the component /setnetworkse
 CVE-2022-28894
 	RESERVED
 CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xp ...)
+	{DSA-5161-1}
 	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -16182,6 +16191,7 @@ CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to pr
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1012
 	RESERVED
+	{DSA-5161-1}
 	- linux 5.17.11-1
 	NOTE: https://git.kernel.org/linus/b2d057560b8107c633b39aabe517ff9d93f285e3 (5.18-rc6)
 CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s FUSE files ...)
@@ -18484,6 +18494,7 @@ CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt, which
 CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository microwebe ...)
 	NOT-FOR-US: microweber (whmcs_plugin)
 CVE-2022-0854 (A memory leak flaw was found in the Linux kernel’s DMA subsystem ...)
+	{DSA-5161-1}
 	- linux 5.17.3-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058395
 	NOTE: https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e (5.17-rc6)
@@ -24329,6 +24340,7 @@ CVE-2022-0496
 CVE-2022-0495
 	RESERVED
 CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...)
+	{DSA-5161-1}
 	- linux 5.16.14-1
 	NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5)
 CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not properly val ...)
@@ -38579,8 +38591,8 @@ CVE-2021-44268
 	RESERVED
 CVE-2021-44267
 	RESERVED
-CVE-2021-44266
-	RESERVED
+CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the mo ...)
+	TODO: check
 CVE-2021-44265
 	RESERVED
 CVE-2021-44264
@@ -40729,6 +40741,7 @@ CVE-2022-21501
 CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage Proxies).  ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21499 (KGDB and KDB allow read and write access to kernel memory, and thus sh ...)
+	{DSA-5161-1}
 	- linux 5.17.11-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -48968,8 +48981,8 @@ CVE-2021-41740
 	RESERVED
 CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica Proxy 4. ...)
 	NOT-FOR-US: Artica Web Proxy
-CVE-2021-41738
-	RESERVED
+CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerb ...)
+	TODO: check
 CVE-2021-41737
 	RESERVED
 	- faust <unfixed>
@@ -49514,8 +49527,8 @@ CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exi
 	NOT-FOR-US: D-Link
 CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...)
 	NOT-FOR-US: D-Link
-CVE-2021-41502
-	RESERVED
+CVE-2021-41502 (An issue was discovered in Subrion CMS v4.2.1 There is a stored cross- ...)
+	TODO: check
 CVE-2021-41501
 	RESERVED
 CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe6c2d81ad8ca23cead30184688e443fc416456

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe6c2d81ad8ca23cead30184688e443fc416456
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220611/6095cf9c/attachment-0001.htm>