[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 15 21:10:32 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69b1b4e4 by security tracker role at 2022-06-15T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-33758
+	RESERVED
+CVE-2022-33757
+	RESERVED
+CVE-2022-33756
+	RESERVED
+CVE-2022-33755
+	RESERVED
+CVE-2022-33754
+	RESERVED
+CVE-2022-33753
+	RESERVED
+CVE-2022-33752
+	RESERVED
+CVE-2022-33751
+	RESERVED
+CVE-2022-33750
+	RESERVED
+CVE-2022-33749
+	RESERVED
+CVE-2022-33748
+	RESERVED
+CVE-2022-33747
+	RESERVED
+CVE-2022-33746
+	RESERVED
+CVE-2022-33745
+	RESERVED
+CVE-2022-33744
+	RESERVED
+CVE-2022-33743
+	RESERVED
+CVE-2022-33742
+	RESERVED
+CVE-2022-33741
+	RESERVED
+CVE-2022-33740
+	RESERVED
+CVE-2022-33739
+	RESERVED
+CVE-2022-33738
+	RESERVED
+CVE-2022-33737
+	RESERVED
+CVE-2022-33736
+	RESERVED
+CVE-2022-33202
+	RESERVED
+CVE-2022-2088
+	RESERVED
+CVE-2022-2087 (A vulnerability, which was classified as problematic, was found in Sou ...)
+	TODO: check
+CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
 CVE-2022-33735
 	RESERVED
 CVE-2022-33734
@@ -1199,8 +1253,7 @@ CVE-2022-33148
 	RESERVED
 CVE-2022-33147
 	RESERVED
-CVE-2022-33140
-	RESERVED
+CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2022-33139
 	RESERVED
@@ -1496,10 +1549,10 @@ CVE-2022-32994
 	RESERVED
 CVE-2022-32993
 	RESERVED
-CVE-2022-32992
-	RESERVED
-CVE-2022-32991
-	RESERVED
+CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...)
+	TODO: check
+CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...)
+	TODO: check
 CVE-2022-32990
 	RESERVED
 CVE-2022-32989
@@ -2501,8 +2554,8 @@ CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francois
 	NOT-FOR-US: francoisjacquet/rosariosis
 CVE-2022-32551
 	RESERVED
-CVE-2022-32550
-	RESERVED
+CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...)
+	TODO: check
 CVE-2022-32549
 	RESERVED
 CVE-2022-32289
@@ -2575,16 +2628,16 @@ CVE-2022-2024
 	RESERVED
 CVE-2022-2023
 	RESERVED
-CVE-2017-20050
-	RESERVED
-CVE-2017-20049
-	RESERVED
-CVE-2017-20048
-	RESERVED
-CVE-2017-20047
-	RESERVED
-CVE-2017-20046
-	RESERVED
+CVE-2017-20050 (A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M30 ...)
+	TODO: check
+CVE-2017-20049 (A vulnerability, which was classified as critical, was found in AXIS P ...)
+	TODO: check
+CVE-2017-20048 (A vulnerability, which was classified as critical, has been found in A ...)
+	TODO: check
+CVE-2017-20047 (A vulnerability classified as problematic was found in AXIS P1204, P32 ...)
+	TODO: check
+CVE-2017-20046 (A vulnerability classified as problematic has been found in AXIS P1204 ...)
+	TODO: check
 CVE-2022-32536
 	RESERVED
 CVE-2022-32535
@@ -3151,14 +3204,14 @@ CVE-2022-32304
 	RESERVED
 CVE-2022-32303
 	RESERVED
-CVE-2022-32302
-	RESERVED
-CVE-2022-32301
-	RESERVED
-CVE-2022-32300
-	RESERVED
-CVE-2022-32299
-	RESERVED
+CVE-2022-32302 (Theme Park Ticketing System v1.0 was discovered to contain a SQL injec ...)
+	TODO: check
+CVE-2022-32301 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2022-32300 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2022-32299 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
 CVE-2022-32298
 	RESERVED
 CVE-2022-32297
@@ -3678,22 +3731,22 @@ CVE-2022-1963
 	RESERVED
 CVE-2021-4233
 	RESERVED
-CVE-2022-32158
-	RESERVED
-CVE-2022-32157
-	RESERVED
-CVE-2022-32156
-	RESERVED
-CVE-2022-32155
-	RESERVED
-CVE-2022-32154
-	RESERVED
-CVE-2022-32153
-	RESERVED
-CVE-2022-32152
-	RESERVED
-CVE-2022-32151
-	RESERVED
+CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 9.0 let client ...)
+	TODO: check
+CVE-2022-32157 (Splunk Enterprise deployment servers in versions before 9.0 allow unau ...)
+	TODO: check
+CVE-2022-32156 (In Splunk Enterprise and Universal Forwarder versions before 9.0, the  ...)
+	TODO: check
+CVE-2022-32155 (In universal forwarder versions before 9.0, management services are av ...)
+	TODO: check
+CVE-2022-32154 (Dashboards in Splunk Enterprise versions before 9.0 might let an attac ...)
+	TODO: check
+CVE-2022-32153 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...)
+	TODO: check
+CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...)
+	TODO: check
+CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with Splun ...)
+	TODO: check
 CVE-2022-32150
 	RESERVED
 CVE-2022-32149
@@ -3736,8 +3789,8 @@ CVE-2022-1960
 	RESERVED
 CVE-2022-1959
 	RESERVED
-CVE-2022-1958
-	RESERVED
+CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...)
+	TODO: check
 CVE-2022-1957
 	RESERVED
 CVE-2022-1956
@@ -3826,8 +3879,8 @@ CVE-2022-32103
 	RESERVED
 CVE-2022-32102
 	RESERVED
-CVE-2022-32101
-	RESERVED
+CVE-2022-32101 (kkcms v1.3.7 was discovered to contain a SQL injection vulnerability v ...)
+	TODO: check
 CVE-2022-32100
 	RESERVED
 CVE-2022-32099
@@ -11449,8 +11502,8 @@ CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29454
 	RESERVED
-CVE-2022-29453
-	RESERVED
+CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google  ...)
+	TODO: check
 CVE-2022-29452
 	RESERVED
 CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vul ...)
@@ -11471,18 +11524,18 @@ CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vul
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29443
 	RESERVED
-CVE-2022-29442
-	RESERVED
-CVE-2022-29441
-	RESERVED
-CVE-2022-29440
-	RESERVED
-CVE-2022-29439
-	RESERVED
-CVE-2022-29438
-	RESERVED
-CVE-2022-29437
-	RESERVED
+CVE-2022-29442 (Authenticated (subscriber or higher user role) Stored Cross-Site Scrip ...)
+	TODO: check
+CVE-2022-29441 (Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Fo ...)
+	TODO: check
+CVE-2022-29440 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
+	TODO: check
+CVE-2022-29439 (Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by Nex ...)
+	TODO: check
+CVE-2022-29438 (Authenticated (author or higher user role) Persistent Cross-Site Scrip ...)
+	TODO: check
+CVE-2022-29437 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Sl ...)
+	TODO: check
 CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...)
@@ -11543,8 +11596,8 @@ CVE-2022-29408 (Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Di
 	NOT-FOR-US: WordPress plugin
 CVE-2022-29407
 	RESERVED
-CVE-2022-29406
-	RESERVED
+CVE-2022-29406 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
+	TODO: check
 CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...)
 	NOT-FOR-US: Rebooter
 CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...)
@@ -12236,8 +12289,8 @@ CVE-2022-1343 (The function `OCSP_basic_verify` verifies the signer certificate
 	- openssl <not-affected> (Only affects OpenSSL 3.0)
 	NOTE: https://www.openssl.org/news/secadv/20220503.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a (openssl-3.0.3)
-CVE-2022-1342
-	RESERVED
+CVE-2022-1342 (A lack of password masking in Devolutions Remote Desktop Manager allow ...)
+	TODO: check
 CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...)
 	- bwm-ng 0.6.3-1 (unimportant)
 	NOTE: https://github.com/vgropp/bwm-ng/issues/26
@@ -16156,8 +16209,8 @@ CVE-2022-27861
 	RESERVED
 CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-27859
-	RESERVED
+CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
+	TODO: check
 CVE-2022-27858
 	RESERVED
 CVE-2022-27857
@@ -33369,8 +33422,8 @@ CVE-2022-22446
 	RESERVED
 CVE-2022-22445
 	RESERVED
-CVE-2022-22444
-	RESERVED
+CVE-2022-22444 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploi ...)
+	TODO: check
 CVE-2022-22443 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
 	NOT-FOR-US: IBM
 CVE-2022-22442
@@ -45013,8 +45066,8 @@ CVE-2022-20827
 	RESERVED
 CVE-2022-20826
 	RESERVED
-CVE-2022-20825
-	RESERVED
+CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...)
+	TODO: check
 CVE-2022-20824
 	RESERVED
 CVE-2022-20823
@@ -45025,12 +45078,12 @@ CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software
 	NOT-FOR-US: Cisco
 CVE-2022-20820
 	RESERVED
-CVE-2022-20819
-	RESERVED
+CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
 CVE-2022-20818
 	RESERVED
-CVE-2022-20817
-	RESERVED
+CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...)
+	TODO: check
 CVE-2022-20816
 	RESERVED
 CVE-2022-20815
@@ -45069,8 +45122,8 @@ CVE-2022-20800
 	RESERVED
 CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20798
-	RESERVED
+CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco  ...)
+	TODO: check
 CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure  ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...)
@@ -45214,14 +45267,14 @@ CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service
 	NOT-FOR-US: Cisco
 CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20736
-	RESERVED
+CVE-2022-20736 (A vulnerability in the web-based management interface of Cisco AppDyna ...)
+	TODO: check
 CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20733
-	RESERVED
+CVE-2022-20733 (A vulnerability in the login page of Cisco Identity Services Engine (I ...)
+	TODO: check
 CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
@@ -45363,8 +45416,8 @@ CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface o
 	NOT-FOR-US: Cisco
 CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20664
-	RESERVED
+CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure Email  ...)
+	TODO: check
 CVE-2022-20663
 	RESERVED
 CVE-2022-20662
@@ -46774,8 +46827,8 @@ CVE-2021-42734
 	RESERVED
 CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...)
 	NOT-FOR-US: Adobe
-CVE-2021-42732
-	RESERVED
+CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788) ...)
+	TODO: check
 CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
 	NOT-FOR-US: Adobe
 CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
@@ -48078,8 +48131,8 @@ CVE-2022-20235
 	RESERVED
 CVE-2022-20234
 	RESERVED
-CVE-2022-20233
-	RESERVED
+CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...)
+	TODO: check
 CVE-2022-20232
 	RESERVED
 CVE-2022-20231
@@ -48124,209 +48177,203 @@ CVE-2022-20212
 	RESERVED
 CVE-2022-20211
 	RESERVED
-CVE-2022-20210
-	RESERVED
-CVE-2022-20209
-	RESERVED
-CVE-2022-20208
-	RESERVED
-CVE-2022-20207
-	RESERVED
-CVE-2022-20206
-	RESERVED
-CVE-2022-20205
-	RESERVED
-CVE-2022-20204
-	RESERVED
+CVE-2022-20210 (The UE and the EMM communicate with each other using NAS messages. Whe ...)
+	TODO: check
+CVE-2022-20209 (In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possi ...)
+	TODO: check
+CVE-2022-20208 (In parseRecursively of cppbor_parse.cpp, there is a possible out of bo ...)
+	TODO: check
+CVE-2022-20207 (In static definitions of GattServiceConfig.java, there is a possible p ...)
+	TODO: check
+CVE-2022-20206 (In setPackageOrComponentEnabled of NotificationManagerService.java, th ...)
+	TODO: check
+CVE-2022-20205 (In isFileUri of FileUtil.java, there is a possible way to bypass the c ...)
+	TODO: check
+CVE-2022-20204 (In registerRemoteBugreportReceivers of DevicePolicyManagerService.java ...)
+	TODO: check
 CVE-2022-20203
 	RESERVED
-CVE-2022-20202
-	RESERVED
-CVE-2022-20201
-	RESERVED
-CVE-2022-20200
-	RESERVED
+CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, ...)
+	TODO: check
+CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a possible out of ...)
+	TODO: check
+CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible leak of ho ...)
+	TODO: check
 CVE-2022-20199
 	RESERVED
-CVE-2022-20198
-	RESERVED
-CVE-2022-20197
-	RESERVED
-CVE-2022-20196
-	RESERVED
-CVE-2022-20195
-	RESERVED
-CVE-2022-20194
-	RESERVED
-CVE-2022-20193
-	RESERVED
-CVE-2022-20192
-	RESERVED
-CVE-2022-20191
-	RESERVED
-CVE-2022-20190
-	RESERVED
+CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out o ...)
+	TODO: check
+CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start foreground ...)
+	TODO: check
+CVE-2022-20196 (In gallery3d and photos, there is a possible permission bypass due to  ...)
+	TODO: check
+CVE-2022-20195 (In the keystore library, there is a possible prevention of access to s ...)
+	TODO: check
+CVE-2022-20194 (In onCreate of ChooseLockGeneric.java, there is a possible permission  ...)
+	TODO: check
+CVE-2022-20193 (In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a ...)
+	TODO: check
+CVE-2022-20192 (In grantEmbeddedWindowFocus of WindowManagerService.java, there is a p ...)
+	TODO: check
+CVE-2022-20191 (Product: AndroidVersions: Android kernelAndroid ID: A-209324757Referen ...)
+	TODO: check
+CVE-2022-20190 (Product: AndroidVersions: Android kernelAndroid ID: A-208744915Referen ...)
+	TODO: check
 CVE-2022-20189
 	RESERVED
-CVE-2022-20188
-	RESERVED
+CVE-2022-20188 (Product: AndroidVersions: Android kernelAndroid ID: A-207254598Referen ...)
+	TODO: check
 CVE-2022-20187
 	RESERVED
-CVE-2022-20186
-	RESERVED
-CVE-2022-20185
-	RESERVED
-CVE-2022-20184
-	RESERVED
-CVE-2022-20183
-	RESERVED
-CVE-2022-20182
-	RESERVED
-CVE-2022-20181
-	RESERVED
+CVE-2022-20186 (In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbi ...)
+	TODO: check
+CVE-2022-20185 (In TBD of TBD, there is a possible use after free bug. This could lead ...)
+	TODO: check
+CVE-2022-20184 (Product: AndroidVersions: Android kernelAndroid ID: A-209153114Referen ...)
+	TODO: check
+CVE-2022-20183 (In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out ...)
+	TODO: check
+CVE-2022-20182 (In handle_ramdump of pixel_loader.c, there is a possible way to create ...)
+	TODO: check
+CVE-2022-20181 (Product: AndroidVersions: Android kernelAndroid ID: A-210936609Referen ...)
+	TODO: check
 CVE-2022-20180
 	RESERVED
-CVE-2022-20179
-	RESERVED
-CVE-2022-20178
-	RESERVED
-CVE-2022-20177
-	RESERVED
-CVE-2022-20176
-	RESERVED
-CVE-2022-20175
-	RESERVED
-CVE-2022-20174
-	RESERVED
-CVE-2022-20173
-	RESERVED
-CVE-2022-20172
-	RESERVED
-CVE-2022-20171
-	RESERVED
-CVE-2022-20170
-	RESERVED
-CVE-2022-20169
-	RESERVED
-CVE-2022-20168
-	RESERVED
-CVE-2022-20167
-	RESERVED
-CVE-2022-20166
-	RESERVED
+CVE-2022-20179 (Product: AndroidVersions: Android kernelAndroid ID: A-211683760Referen ...)
+	TODO: check
+CVE-2022-20178 (In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is ...)
+	TODO: check
+CVE-2022-20177 (Product: AndroidVersions: Android kernelAndroid ID: A-209906686Referen ...)
+	TODO: check
+CVE-2022-20176 (In auth_store of sjtag-driver.c, there is a possible read of uninitial ...)
+	TODO: check
+CVE-2022-20175 (Product: AndroidVersions: Android kernelAndroid ID: A-209252491Referen ...)
+	TODO: check
+CVE-2022-20174 (In exynos_secEnv_init of mach-gs101.c, there is a possible out of boun ...)
+	TODO: check
+CVE-2022-20173 (Product: AndroidVersions: Android kernelAndroid ID: A-207116951Referen ...)
+	TODO: check
+CVE-2022-20172 (In onbind of ShannonRcsService.java, there is a possible access to pro ...)
+	TODO: check
+CVE-2022-20171 (Product: AndroidVersions: Android kernelAndroid ID: A-215565667Referen ...)
+	TODO: check
+CVE-2022-20170 (Product: AndroidVersions: Android kernelAndroid ID: A-209421931Referen ...)
+	TODO: check
+CVE-2022-20169 (Product: AndroidVersions: Android kernelAndroid ID: A-211162353Referen ...)
+	TODO: check
+CVE-2022-20168 (Product: AndroidVersions: Android kernelAndroid ID: A-210594998Referen ...)
+	TODO: check
+CVE-2022-20167 (Product: AndroidVersions: Android kernelAndroid ID: A-204956204Referen ...)
+	TODO: check
+CVE-2022-20166 (In various methods of kernel base drivers, there is a possible out of  ...)
 	- linux 5.10.4-1
 	NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
 	NOTE: https://git.kernel.org/linus/aa838896d87af561a33ecefea1caa4c15a68bc47 (5.10-rc1)
-CVE-2022-20165
-	RESERVED
-CVE-2022-20164
-	RESERVED
+CVE-2022-20165 (In asn1_parse of asn1.c, there is a possible out of bounds read due to ...)
+	TODO: check
+CVE-2022-20164 (Product: AndroidVersions: Android kernelAndroid ID: A-204891956Referen ...)
+	TODO: check
 CVE-2022-20163
 	RESERVED
-CVE-2022-20162
-	RESERVED
+CVE-2022-20162 (In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds r ...)
+	TODO: check
 CVE-2022-20161
 	RESERVED
-CVE-2022-20160
-	RESERVED
-CVE-2022-20159
-	RESERVED
+CVE-2022-20160 (Product: AndroidVersions: Android kernelAndroid ID: A-210083655Referen ...)
+	TODO: check
+CVE-2022-20159 (In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a pos ...)
+	TODO: check
 CVE-2022-20158
 	RESERVED
 CVE-2022-20157
 	RESERVED
-CVE-2022-20156
-	RESERVED
-CVE-2022-20155
-	RESERVED
-CVE-2022-20154
-	RESERVED
+CVE-2022-20156 (In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code  ...)
+	TODO: check
+CVE-2022-20155 (In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-tr ...)
+	TODO: check
+CVE-2022-20154 (In lock_sock_nested of sock.c, there is a possible use after free due  ...)
 	- linux 5.15.15-1
 	[bullseye] - linux 5.10.92-1
 	[buster] - linux 4.19.232-1
 	NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
 	NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8)
-CVE-2022-20153
-	RESERVED
+CVE-2022-20153 (In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-afte ...)
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.113-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
 	NOTE: https://git.kernel.org/linus/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (5.13-rc1)
-CVE-2022-20152
-	RESERVED
-CVE-2022-20151
-	RESERVED
+CVE-2022-20152 (In the TitanM chip, there is a possible out of bounds write due to a m ...)
+	TODO: check
+CVE-2022-20151 (Product: AndroidVersions: Android kernelAndroid ID: A-210712565Referen ...)
+	TODO: check
 CVE-2022-20150
 	RESERVED
-CVE-2022-20149
-	RESERVED
-CVE-2022-20148
-	RESERVED
+CVE-2022-20149 (Product: AndroidVersions: Android kernelAndroid ID: A-211685939Referen ...)
+	TODO: check
+CVE-2022-20148 (In TBD of TBD, there is a possible use-after-free due to a race condit ...)
 	- linux 5.15.3-1
 	NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
-CVE-2022-20147
-	RESERVED
-CVE-2022-20146
-	RESERVED
-CVE-2022-20145
-	RESERVED
-CVE-2022-20144
-	RESERVED
-CVE-2022-20143
-	RESERVED
-CVE-2022-20142
-	RESERVED
-CVE-2022-20141
-	RESERVED
+CVE-2022-20147 (In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out  ...)
+	TODO: check
+CVE-2022-20146 (In uploadFile of FileUploadServiceImpl.java, there is a possible incor ...)
+	TODO: check
+CVE-2022-20145 (In startLegacyVpnPrivileged of Vpn.java, there is a possible way to re ...)
+	TODO: check
+CVE-2022-20144 (In multiple functions of AvatarPhotoController.java, there is a possib ...)
+	TODO: check
+CVE-2022-20143 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
+	TODO: check
+CVE-2022-20142 (In createFromParcel of GeofenceHardwareRequestParcelable.java, there i ...)
+	TODO: check
+CVE-2022-20141 (In ip_check_mc_rcu of igmp.c, there is a possible use after free due t ...)
 	- linux 5.14.6-1
 	[bullseye] - linux 5.10.70-1
 	[buster] - linux 4.19.208-1
 	[stretch] - linux 4.9.290-1
 	NOTE: https://source.android.com/security/bulletin/2022-06-01
 	NOTE: https://git.kernel.org/linus/23d2b94043ca8835bd1e67749020e839f396a1c2 (5.15-rc1)
-CVE-2022-20140
-	RESERVED
+CVE-2022-20140 (In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds wri ...)
+	TODO: check
 CVE-2022-20139
 	RESERVED
-CVE-2022-20138
-	RESERVED
-CVE-2022-20137
-	RESERVED
+CVE-2022-20138 (In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.ja ...)
+	TODO: check
+CVE-2022-20137 (In onCreateContextMenu of NetworkProviderSettings.java, there is a pos ...)
+	TODO: check
 CVE-2022-20136
 	RESERVED
-CVE-2022-20135
-	RESERVED
-CVE-2022-20134
-	RESERVED
-CVE-2022-20133
-	RESERVED
-CVE-2022-20132
-	RESERVED
+CVE-2022-20135 (In writeToParcel of GateKeeperResponse.java, there is a possible parce ...)
+	TODO: check
+CVE-2022-20134 (In readArguments of CallSubjectDialog.java, there is a possible way to ...)
+	TODO: check
+CVE-2022-20133 (In setDiscoverableTimeout of AdapterService.java, there is a possible  ...)
+	TODO: check
+CVE-2022-20132 (In lg_probe and related functions of hid-lg.c and other USB HID files, ...)
 	- linux 5.15.15-1
 	[bullseye] - linux 5.10.92-1
 	[buster] - linux 4.19.232-1
 	[stretch] - linux 4.9.303-1
 	NOTE: https://source.android.com/security/bulletin/2022-06-01
-CVE-2022-20131
-	RESERVED
-CVE-2022-20130
-	RESERVED
-CVE-2022-20129
-	RESERVED
+CVE-2022-20131 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out  ...)
+	TODO: check
+CVE-2022-20130 (In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible  ...)
+	TODO: check
+CVE-2022-20129 (In registerPhoneAccount of PhoneAccountRegistrar.java, there is a poss ...)
+	TODO: check
 CVE-2022-20128
 	RESERVED
-CVE-2022-20127
-	RESERVED
-CVE-2022-20126
-	RESERVED
-CVE-2022-20125
-	RESERVED
-CVE-2022-20124
-	RESERVED
-CVE-2022-20123
-	RESERVED
+CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...)
+	TODO: check
+CVE-2022-20126 (In setScanMode of AdapterService.java, there is a possible way to enab ...)
+	TODO: check
+CVE-2022-20125 (In GBoard, there is a possible way to bypass factory reset protections ...)
+	TODO: check
+CVE-2022-20124 (In deletePackageX of DeletePackageHelper.java, there is a possible way ...)
+	TODO: check
+CVE-2022-20123 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
+	TODO: check
 CVE-2022-20122
 	RESERVED
 CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...)
@@ -50751,8 +50798,8 @@ CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosy
 	NOT-FOR-US: Sourcecodester
 CVE-2021-41673
 	RESERVED
-CVE-2021-41672
-	RESERVED
+CVE-2021-41672 (PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection i ...)
+	TODO: check
 CVE-2021-41671
 	RESERVED
 CVE-2021-41670
@@ -51356,8 +51403,8 @@ CVE-2021-41415
 	RESERVED
 CVE-2021-41414
 	RESERVED
-CVE-2021-41413
-	RESERVED
+CVE-2021-41413 (ok-file-formats master 2021-9-12 is affected by a buffer overflow in o ...)
+	TODO: check
 CVE-2021-41412
 	RESERVED
 CVE-2021-41411
@@ -52570,8 +52617,8 @@ CVE-2021-40942
 	RESERVED
 CVE-2021-40941
 	RESERVED
-CVE-2021-40940
-	RESERVED
+CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...)
+	TODO: check
 CVE-2021-40939
 	RESERVED
 CVE-2021-40938
@@ -52633,8 +52680,8 @@ CVE-2021-40912
 	RESERVED
 CVE-2021-40911
 	RESERVED
-CVE-2021-40910
-	RESERVED
+CVE-2021-40910 (There is a reflective cross-site scripting (XSS) vulnerability in the  ...)
+	TODO: check
 CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...)
@@ -53096,8 +53143,8 @@ CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.0
 	NOT-FOR-US: Adobe
 CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
 	NOT-FOR-US: Adobe
-CVE-2021-40727
-	RESERVED
+CVE-2021-40727 (Access of Memory Location After End of Buffer (CWE-788 ...)
+	TODO: check
 CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
 	NOT-FOR-US: Adobe
 CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
@@ -54436,8 +54483,8 @@ CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within t
 	NOT-FOR-US: GibbonEdu/core
 CVE-2021-40213
 	RESERVED
-CVE-2021-40212
-	RESERVED
+CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.2152 ...)
+	TODO: check
 CVE-2021-40211
 	RESERVED
 CVE-2021-40210
@@ -55371,8 +55418,8 @@ CVE-2021-39822
 	RESERVED
 CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
 	NOT-FOR-US: Adobe
-CVE-2021-39820
-	RESERVED
+CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...)
+	TODO: check
 CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
@@ -55399,8 +55446,8 @@ CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, the
 	NOT-FOR-US: Android
 CVE-2021-39807 (In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2021-39806
-	RESERVED
+CVE-2021-39806 (In closef of label_backends_android.c, there is a possible way to corr ...)
+	TODO: check
 CVE-2021-39805 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
 	NOT-FOR-US: Android
 CVE-2021-39804 (In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a m ...)
@@ -55645,8 +55692,8 @@ CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible
 	NOT-FOR-US: Android
 CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...)
 	NOT-FOR-US: Android
-CVE-2021-39691
-	RESERVED
+CVE-2021-39691 (In WindowManager, there is a possible tapjacking attack due to an inco ...)
+	TODO: check
 CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...)
 	NOT-FOR-US: Android
 CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...)
@@ -55805,7 +55852,7 @@ CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a
 	NOT-FOR-US: Android
 CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
 	NOT-FOR-US: Android
-CVE-2021-39624 (In Package Manger, there is a possible permanent denial of service due ...)
+CVE-2021-39624 (In PackageManager, there is a possible permanent denial of service due ...)
 	NOT-FOR-US: Android
 CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
 	NOT-FOR-US: Android
@@ -62753,8 +62800,8 @@ CVE-2021-36903
 	RESERVED
 CVE-2021-36902
 	RESERVED
-CVE-2021-36901
-	RESERVED
+CVE-2021-36901 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phi ...)
+	TODO: check
 CVE-2021-36900
 	RESERVED
 CVE-2021-36899
@@ -72133,8 +72180,7 @@ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0
 	NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67)
 	NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67)
 	NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67)
-CVE-2021-33036
-	RESERVED
+CVE-2021-33036 (In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2. ...)
 	- hadoop <itp> (bug #793644)
 CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as  ...)
 	- libreoffice 1:4.3.1-1
@@ -119504,7 +119550,7 @@ CVE-2020-27070
 	RESERVED
 CVE-2020-27069
 	RESERVED
-CVE-2020-27068 (In the nl80211_policy policy of nl80211.c, there is a possible out of  ...)
+CVE-2020-27068 (Product: AndroidVersions: Android kernelAndroid ID: A-127973231Referen ...)
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	[stretch] - linux 4.9.228-1
@@ -231379,8 +231425,8 @@ CVE-2019-4577
 	RESERVED
 CVE-2019-4576 (IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA d ...)
 	NOT-FOR-US: IBM
-CVE-2019-4575
-	RESERVED
+CVE-2019-4575 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
+	TODO: check
 CVE-2019-4574
 	RESERVED
 CVE-2019-4573



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69b1b4e4f9e87e2aa6f9cb48eb8082ce4ff80564

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69b1b4e4f9e87e2aa6f9cb48eb8082ce4ff80564
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220615/def2e09c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list