[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 15 21:10:32 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
69b1b4e4 by security tracker role at 2022-06-15T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-33758
+ RESERVED
+CVE-2022-33757
+ RESERVED
+CVE-2022-33756
+ RESERVED
+CVE-2022-33755
+ RESERVED
+CVE-2022-33754
+ RESERVED
+CVE-2022-33753
+ RESERVED
+CVE-2022-33752
+ RESERVED
+CVE-2022-33751
+ RESERVED
+CVE-2022-33750
+ RESERVED
+CVE-2022-33749
+ RESERVED
+CVE-2022-33748
+ RESERVED
+CVE-2022-33747
+ RESERVED
+CVE-2022-33746
+ RESERVED
+CVE-2022-33745
+ RESERVED
+CVE-2022-33744
+ RESERVED
+CVE-2022-33743
+ RESERVED
+CVE-2022-33742
+ RESERVED
+CVE-2022-33741
+ RESERVED
+CVE-2022-33740
+ RESERVED
+CVE-2022-33739
+ RESERVED
+CVE-2022-33738
+ RESERVED
+CVE-2022-33737
+ RESERVED
+CVE-2022-33736
+ RESERVED
+CVE-2022-33202
+ RESERVED
+CVE-2022-2088
+ RESERVED
+CVE-2022-2087 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
CVE-2022-33735
RESERVED
CVE-2022-33734
@@ -1199,8 +1253,7 @@ CVE-2022-33148
RESERVED
CVE-2022-33147
RESERVED
-CVE-2022-33140
- RESERVED
+CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...)
NOT-FOR-US: Apache NiFi
CVE-2022-33139
RESERVED
@@ -1496,10 +1549,10 @@ CVE-2022-32994
RESERVED
CVE-2022-32993
RESERVED
-CVE-2022-32992
- RESERVED
-CVE-2022-32991
- RESERVED
+CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...)
+ TODO: check
+CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...)
+ TODO: check
CVE-2022-32990
RESERVED
CVE-2022-32989
@@ -2501,8 +2554,8 @@ CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francois
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2022-32551
RESERVED
-CVE-2022-32550
- RESERVED
+CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...)
+ TODO: check
CVE-2022-32549
RESERVED
CVE-2022-32289
@@ -2575,16 +2628,16 @@ CVE-2022-2024
RESERVED
CVE-2022-2023
RESERVED
-CVE-2017-20050
- RESERVED
-CVE-2017-20049
- RESERVED
-CVE-2017-20048
- RESERVED
-CVE-2017-20047
- RESERVED
-CVE-2017-20046
- RESERVED
+CVE-2017-20050 (A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M30 ...)
+ TODO: check
+CVE-2017-20049 (A vulnerability, which was classified as critical, was found in AXIS P ...)
+ TODO: check
+CVE-2017-20048 (A vulnerability, which was classified as critical, has been found in A ...)
+ TODO: check
+CVE-2017-20047 (A vulnerability classified as problematic was found in AXIS P1204, P32 ...)
+ TODO: check
+CVE-2017-20046 (A vulnerability classified as problematic has been found in AXIS P1204 ...)
+ TODO: check
CVE-2022-32536
RESERVED
CVE-2022-32535
@@ -3151,14 +3204,14 @@ CVE-2022-32304
RESERVED
CVE-2022-32303
RESERVED
-CVE-2022-32302
- RESERVED
-CVE-2022-32301
- RESERVED
-CVE-2022-32300
- RESERVED
-CVE-2022-32299
- RESERVED
+CVE-2022-32302 (Theme Park Ticketing System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
+CVE-2022-32301 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2022-32300 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2022-32299 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
CVE-2022-32298
RESERVED
CVE-2022-32297
@@ -3678,22 +3731,22 @@ CVE-2022-1963
RESERVED
CVE-2021-4233
RESERVED
-CVE-2022-32158
- RESERVED
-CVE-2022-32157
- RESERVED
-CVE-2022-32156
- RESERVED
-CVE-2022-32155
- RESERVED
-CVE-2022-32154
- RESERVED
-CVE-2022-32153
- RESERVED
-CVE-2022-32152
- RESERVED
-CVE-2022-32151
- RESERVED
+CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 9.0 let client ...)
+ TODO: check
+CVE-2022-32157 (Splunk Enterprise deployment servers in versions before 9.0 allow unau ...)
+ TODO: check
+CVE-2022-32156 (In Splunk Enterprise and Universal Forwarder versions before 9.0, the ...)
+ TODO: check
+CVE-2022-32155 (In universal forwarder versions before 9.0, management services are av ...)
+ TODO: check
+CVE-2022-32154 (Dashboards in Splunk Enterprise versions before 9.0 might let an attac ...)
+ TODO: check
+CVE-2022-32153 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...)
+ TODO: check
+CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...)
+ TODO: check
+CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with Splun ...)
+ TODO: check
CVE-2022-32150
RESERVED
CVE-2022-32149
@@ -3736,8 +3789,8 @@ CVE-2022-1960
RESERVED
CVE-2022-1959
RESERVED
-CVE-2022-1958
- RESERVED
+CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...)
+ TODO: check
CVE-2022-1957
RESERVED
CVE-2022-1956
@@ -3826,8 +3879,8 @@ CVE-2022-32103
RESERVED
CVE-2022-32102
RESERVED
-CVE-2022-32101
- RESERVED
+CVE-2022-32101 (kkcms v1.3.7 was discovered to contain a SQL injection vulnerability v ...)
+ TODO: check
CVE-2022-32100
RESERVED
CVE-2022-32099
@@ -11449,8 +11502,8 @@ CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2022-29454
RESERVED
-CVE-2022-29453
- RESERVED
+CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google ...)
+ TODO: check
CVE-2022-29452
RESERVED
CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vul ...)
@@ -11471,18 +11524,18 @@ CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vul
NOT-FOR-US: WordPress plugin
CVE-2022-29443
RESERVED
-CVE-2022-29442
- RESERVED
-CVE-2022-29441
- RESERVED
-CVE-2022-29440
- RESERVED
-CVE-2022-29439
- RESERVED
-CVE-2022-29438
- RESERVED
-CVE-2022-29437
- RESERVED
+CVE-2022-29442 (Authenticated (subscriber or higher user role) Stored Cross-Site Scrip ...)
+ TODO: check
+CVE-2022-29441 (Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Fo ...)
+ TODO: check
+CVE-2022-29440 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
+ TODO: check
+CVE-2022-29439 (Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by Nex ...)
+ TODO: check
+CVE-2022-29438 (Authenticated (author or higher user role) Persistent Cross-Site Scrip ...)
+ TODO: check
+CVE-2022-29437 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Sl ...)
+ TODO: check
CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...)
@@ -11543,8 +11596,8 @@ CVE-2022-29408 (Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Di
NOT-FOR-US: WordPress plugin
CVE-2022-29407
RESERVED
-CVE-2022-29406
- RESERVED
+CVE-2022-29406 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
+ TODO: check
CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...)
NOT-FOR-US: Rebooter
CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...)
@@ -12236,8 +12289,8 @@ CVE-2022-1343 (The function `OCSP_basic_verify` verifies the signer certificate
- openssl <not-affected> (Only affects OpenSSL 3.0)
NOTE: https://www.openssl.org/news/secadv/20220503.txt
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a (openssl-3.0.3)
-CVE-2022-1342
- RESERVED
+CVE-2022-1342 (A lack of password masking in Devolutions Remote Desktop Manager allow ...)
+ TODO: check
CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...)
- bwm-ng 0.6.3-1 (unimportant)
NOTE: https://github.com/vgropp/bwm-ng/issues/26
@@ -16156,8 +16209,8 @@ CVE-2022-27861
RESERVED
CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-27859
- RESERVED
+CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...)
+ TODO: check
CVE-2022-27858
RESERVED
CVE-2022-27857
@@ -33369,8 +33422,8 @@ CVE-2022-22446
RESERVED
CVE-2022-22445
RESERVED
-CVE-2022-22444
- RESERVED
+CVE-2022-22444 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploi ...)
+ TODO: check
CVE-2022-22443 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
CVE-2022-22442
@@ -45013,8 +45066,8 @@ CVE-2022-20827
RESERVED
CVE-2022-20826
RESERVED
-CVE-2022-20825
- RESERVED
+CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2022-20824
RESERVED
CVE-2022-20823
@@ -45025,12 +45078,12 @@ CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software
NOT-FOR-US: Cisco
CVE-2022-20820
RESERVED
-CVE-2022-20819
- RESERVED
+CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2022-20818
RESERVED
-CVE-2022-20817
- RESERVED
+CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...)
+ TODO: check
CVE-2022-20816
RESERVED
CVE-2022-20815
@@ -45069,8 +45122,8 @@ CVE-2022-20800
RESERVED
CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2022-20798
- RESERVED
+CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco ...)
+ TODO: check
CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...)
NOT-FOR-US: Cisco
CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...)
@@ -45214,14 +45267,14 @@ CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service
NOT-FOR-US: Cisco
CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...)
NOT-FOR-US: Cisco
-CVE-2022-20736
- RESERVED
+CVE-2022-20736 (A vulnerability in the web-based management interface of Cisco AppDyna ...)
+ TODO: check
CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
NOT-FOR-US: Cisco
-CVE-2022-20733
- RESERVED
+CVE-2022-20733 (A vulnerability in the login page of Cisco Identity Services Engine (I ...)
+ TODO: check
CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...)
NOT-FOR-US: Cisco
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
@@ -45363,8 +45416,8 @@ CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...)
NOT-FOR-US: Cisco
-CVE-2022-20664
- RESERVED
+CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure Email ...)
+ TODO: check
CVE-2022-20663
RESERVED
CVE-2022-20662
@@ -46774,8 +46827,8 @@ CVE-2021-42734
RESERVED
CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...)
NOT-FOR-US: Adobe
-CVE-2021-42732
- RESERVED
+CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788) ...)
+ TODO: check
CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
NOT-FOR-US: Adobe
CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...)
@@ -48078,8 +48131,8 @@ CVE-2022-20235
RESERVED
CVE-2022-20234
RESERVED
-CVE-2022-20233
- RESERVED
+CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...)
+ TODO: check
CVE-2022-20232
RESERVED
CVE-2022-20231
@@ -48124,209 +48177,203 @@ CVE-2022-20212
RESERVED
CVE-2022-20211
RESERVED
-CVE-2022-20210
- RESERVED
-CVE-2022-20209
- RESERVED
-CVE-2022-20208
- RESERVED
-CVE-2022-20207
- RESERVED
-CVE-2022-20206
- RESERVED
-CVE-2022-20205
- RESERVED
-CVE-2022-20204
- RESERVED
+CVE-2022-20210 (The UE and the EMM communicate with each other using NAS messages. Whe ...)
+ TODO: check
+CVE-2022-20209 (In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possi ...)
+ TODO: check
+CVE-2022-20208 (In parseRecursively of cppbor_parse.cpp, there is a possible out of bo ...)
+ TODO: check
+CVE-2022-20207 (In static definitions of GattServiceConfig.java, there is a possible p ...)
+ TODO: check
+CVE-2022-20206 (In setPackageOrComponentEnabled of NotificationManagerService.java, th ...)
+ TODO: check
+CVE-2022-20205 (In isFileUri of FileUtil.java, there is a possible way to bypass the c ...)
+ TODO: check
+CVE-2022-20204 (In registerRemoteBugreportReceivers of DevicePolicyManagerService.java ...)
+ TODO: check
CVE-2022-20203
RESERVED
-CVE-2022-20202
- RESERVED
-CVE-2022-20201
- RESERVED
-CVE-2022-20200
- RESERVED
+CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, ...)
+ TODO: check
+CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a possible out of ...)
+ TODO: check
+CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible leak of ho ...)
+ TODO: check
CVE-2022-20199
RESERVED
-CVE-2022-20198
- RESERVED
-CVE-2022-20197
- RESERVED
-CVE-2022-20196
- RESERVED
-CVE-2022-20195
- RESERVED
-CVE-2022-20194
- RESERVED
-CVE-2022-20193
- RESERVED
-CVE-2022-20192
- RESERVED
-CVE-2022-20191
- RESERVED
-CVE-2022-20190
- RESERVED
+CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out o ...)
+ TODO: check
+CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start foreground ...)
+ TODO: check
+CVE-2022-20196 (In gallery3d and photos, there is a possible permission bypass due to ...)
+ TODO: check
+CVE-2022-20195 (In the keystore library, there is a possible prevention of access to s ...)
+ TODO: check
+CVE-2022-20194 (In onCreate of ChooseLockGeneric.java, there is a possible permission ...)
+ TODO: check
+CVE-2022-20193 (In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a ...)
+ TODO: check
+CVE-2022-20192 (In grantEmbeddedWindowFocus of WindowManagerService.java, there is a p ...)
+ TODO: check
+CVE-2022-20191 (Product: AndroidVersions: Android kernelAndroid ID: A-209324757Referen ...)
+ TODO: check
+CVE-2022-20190 (Product: AndroidVersions: Android kernelAndroid ID: A-208744915Referen ...)
+ TODO: check
CVE-2022-20189
RESERVED
-CVE-2022-20188
- RESERVED
+CVE-2022-20188 (Product: AndroidVersions: Android kernelAndroid ID: A-207254598Referen ...)
+ TODO: check
CVE-2022-20187
RESERVED
-CVE-2022-20186
- RESERVED
-CVE-2022-20185
- RESERVED
-CVE-2022-20184
- RESERVED
-CVE-2022-20183
- RESERVED
-CVE-2022-20182
- RESERVED
-CVE-2022-20181
- RESERVED
+CVE-2022-20186 (In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbi ...)
+ TODO: check
+CVE-2022-20185 (In TBD of TBD, there is a possible use after free bug. This could lead ...)
+ TODO: check
+CVE-2022-20184 (Product: AndroidVersions: Android kernelAndroid ID: A-209153114Referen ...)
+ TODO: check
+CVE-2022-20183 (In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out ...)
+ TODO: check
+CVE-2022-20182 (In handle_ramdump of pixel_loader.c, there is a possible way to create ...)
+ TODO: check
+CVE-2022-20181 (Product: AndroidVersions: Android kernelAndroid ID: A-210936609Referen ...)
+ TODO: check
CVE-2022-20180
RESERVED
-CVE-2022-20179
- RESERVED
-CVE-2022-20178
- RESERVED
-CVE-2022-20177
- RESERVED
-CVE-2022-20176
- RESERVED
-CVE-2022-20175
- RESERVED
-CVE-2022-20174
- RESERVED
-CVE-2022-20173
- RESERVED
-CVE-2022-20172
- RESERVED
-CVE-2022-20171
- RESERVED
-CVE-2022-20170
- RESERVED
-CVE-2022-20169
- RESERVED
-CVE-2022-20168
- RESERVED
-CVE-2022-20167
- RESERVED
-CVE-2022-20166
- RESERVED
+CVE-2022-20179 (Product: AndroidVersions: Android kernelAndroid ID: A-211683760Referen ...)
+ TODO: check
+CVE-2022-20178 (In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is ...)
+ TODO: check
+CVE-2022-20177 (Product: AndroidVersions: Android kernelAndroid ID: A-209906686Referen ...)
+ TODO: check
+CVE-2022-20176 (In auth_store of sjtag-driver.c, there is a possible read of uninitial ...)
+ TODO: check
+CVE-2022-20175 (Product: AndroidVersions: Android kernelAndroid ID: A-209252491Referen ...)
+ TODO: check
+CVE-2022-20174 (In exynos_secEnv_init of mach-gs101.c, there is a possible out of boun ...)
+ TODO: check
+CVE-2022-20173 (Product: AndroidVersions: Android kernelAndroid ID: A-207116951Referen ...)
+ TODO: check
+CVE-2022-20172 (In onbind of ShannonRcsService.java, there is a possible access to pro ...)
+ TODO: check
+CVE-2022-20171 (Product: AndroidVersions: Android kernelAndroid ID: A-215565667Referen ...)
+ TODO: check
+CVE-2022-20170 (Product: AndroidVersions: Android kernelAndroid ID: A-209421931Referen ...)
+ TODO: check
+CVE-2022-20169 (Product: AndroidVersions: Android kernelAndroid ID: A-211162353Referen ...)
+ TODO: check
+CVE-2022-20168 (Product: AndroidVersions: Android kernelAndroid ID: A-210594998Referen ...)
+ TODO: check
+CVE-2022-20167 (Product: AndroidVersions: Android kernelAndroid ID: A-204956204Referen ...)
+ TODO: check
+CVE-2022-20166 (In various methods of kernel base drivers, there is a possible out of ...)
- linux 5.10.4-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
NOTE: https://git.kernel.org/linus/aa838896d87af561a33ecefea1caa4c15a68bc47 (5.10-rc1)
-CVE-2022-20165
- RESERVED
-CVE-2022-20164
- RESERVED
+CVE-2022-20165 (In asn1_parse of asn1.c, there is a possible out of bounds read due to ...)
+ TODO: check
+CVE-2022-20164 (Product: AndroidVersions: Android kernelAndroid ID: A-204891956Referen ...)
+ TODO: check
CVE-2022-20163
RESERVED
-CVE-2022-20162
- RESERVED
+CVE-2022-20162 (In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds r ...)
+ TODO: check
CVE-2022-20161
RESERVED
-CVE-2022-20160
- RESERVED
-CVE-2022-20159
- RESERVED
+CVE-2022-20160 (Product: AndroidVersions: Android kernelAndroid ID: A-210083655Referen ...)
+ TODO: check
+CVE-2022-20159 (In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a pos ...)
+ TODO: check
CVE-2022-20158
RESERVED
CVE-2022-20157
RESERVED
-CVE-2022-20156
- RESERVED
-CVE-2022-20155
- RESERVED
-CVE-2022-20154
- RESERVED
+CVE-2022-20156 (In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code ...)
+ TODO: check
+CVE-2022-20155 (In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-tr ...)
+ TODO: check
+CVE-2022-20154 (In lock_sock_nested of sock.c, there is a possible use after free due ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8)
-CVE-2022-20153
- RESERVED
+CVE-2022-20153 (In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-afte ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.113-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
NOTE: https://git.kernel.org/linus/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (5.13-rc1)
-CVE-2022-20152
- RESERVED
-CVE-2022-20151
- RESERVED
+CVE-2022-20152 (In the TitanM chip, there is a possible out of bounds write due to a m ...)
+ TODO: check
+CVE-2022-20151 (Product: AndroidVersions: Android kernelAndroid ID: A-210712565Referen ...)
+ TODO: check
CVE-2022-20150
RESERVED
-CVE-2022-20149
- RESERVED
-CVE-2022-20148
- RESERVED
+CVE-2022-20149 (Product: AndroidVersions: Android kernelAndroid ID: A-211685939Referen ...)
+ TODO: check
+CVE-2022-20148 (In TBD of TBD, there is a possible use-after-free due to a race condit ...)
- linux 5.15.3-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01
-CVE-2022-20147
- RESERVED
-CVE-2022-20146
- RESERVED
-CVE-2022-20145
- RESERVED
-CVE-2022-20144
- RESERVED
-CVE-2022-20143
- RESERVED
-CVE-2022-20142
- RESERVED
-CVE-2022-20141
- RESERVED
+CVE-2022-20147 (In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out ...)
+ TODO: check
+CVE-2022-20146 (In uploadFile of FileUploadServiceImpl.java, there is a possible incor ...)
+ TODO: check
+CVE-2022-20145 (In startLegacyVpnPrivileged of Vpn.java, there is a possible way to re ...)
+ TODO: check
+CVE-2022-20144 (In multiple functions of AvatarPhotoController.java, there is a possib ...)
+ TODO: check
+CVE-2022-20143 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...)
+ TODO: check
+CVE-2022-20142 (In createFromParcel of GeofenceHardwareRequestParcelable.java, there i ...)
+ TODO: check
+CVE-2022-20141 (In ip_check_mc_rcu of igmp.c, there is a possible use after free due t ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
[stretch] - linux 4.9.290-1
NOTE: https://source.android.com/security/bulletin/2022-06-01
NOTE: https://git.kernel.org/linus/23d2b94043ca8835bd1e67749020e839f396a1c2 (5.15-rc1)
-CVE-2022-20140
- RESERVED
+CVE-2022-20140 (In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds wri ...)
+ TODO: check
CVE-2022-20139
RESERVED
-CVE-2022-20138
- RESERVED
-CVE-2022-20137
- RESERVED
+CVE-2022-20138 (In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.ja ...)
+ TODO: check
+CVE-2022-20137 (In onCreateContextMenu of NetworkProviderSettings.java, there is a pos ...)
+ TODO: check
CVE-2022-20136
RESERVED
-CVE-2022-20135
- RESERVED
-CVE-2022-20134
- RESERVED
-CVE-2022-20133
- RESERVED
-CVE-2022-20132
- RESERVED
+CVE-2022-20135 (In writeToParcel of GateKeeperResponse.java, there is a possible parce ...)
+ TODO: check
+CVE-2022-20134 (In readArguments of CallSubjectDialog.java, there is a possible way to ...)
+ TODO: check
+CVE-2022-20133 (In setDiscoverableTimeout of AdapterService.java, there is a possible ...)
+ TODO: check
+CVE-2022-20132 (In lg_probe and related functions of hid-lg.c and other USB HID files, ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
[stretch] - linux 4.9.303-1
NOTE: https://source.android.com/security/bulletin/2022-06-01
-CVE-2022-20131
- RESERVED
-CVE-2022-20130
- RESERVED
-CVE-2022-20129
- RESERVED
+CVE-2022-20131 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...)
+ TODO: check
+CVE-2022-20130 (In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible ...)
+ TODO: check
+CVE-2022-20129 (In registerPhoneAccount of PhoneAccountRegistrar.java, there is a poss ...)
+ TODO: check
CVE-2022-20128
RESERVED
-CVE-2022-20127
- RESERVED
-CVE-2022-20126
- RESERVED
-CVE-2022-20125
- RESERVED
-CVE-2022-20124
- RESERVED
-CVE-2022-20123
- RESERVED
+CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...)
+ TODO: check
+CVE-2022-20126 (In setScanMode of AdapterService.java, there is a possible way to enab ...)
+ TODO: check
+CVE-2022-20125 (In GBoard, there is a possible way to bypass factory reset protections ...)
+ TODO: check
+CVE-2022-20124 (In deletePackageX of DeletePackageHelper.java, there is a possible way ...)
+ TODO: check
+CVE-2022-20123 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
+ TODO: check
CVE-2022-20122
RESERVED
CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...)
@@ -50751,8 +50798,8 @@ CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosy
NOT-FOR-US: Sourcecodester
CVE-2021-41673
RESERVED
-CVE-2021-41672
- RESERVED
+CVE-2021-41672 (PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection i ...)
+ TODO: check
CVE-2021-41671
RESERVED
CVE-2021-41670
@@ -51356,8 +51403,8 @@ CVE-2021-41415
RESERVED
CVE-2021-41414
RESERVED
-CVE-2021-41413
- RESERVED
+CVE-2021-41413 (ok-file-formats master 2021-9-12 is affected by a buffer overflow in o ...)
+ TODO: check
CVE-2021-41412
RESERVED
CVE-2021-41411
@@ -52570,8 +52617,8 @@ CVE-2021-40942
RESERVED
CVE-2021-40941
RESERVED
-CVE-2021-40940
- RESERVED
+CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...)
+ TODO: check
CVE-2021-40939
RESERVED
CVE-2021-40938
@@ -52633,8 +52680,8 @@ CVE-2021-40912
RESERVED
CVE-2021-40911
RESERVED
-CVE-2021-40910
- RESERVED
+CVE-2021-40910 (There is a reflective cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...)
NOT-FOR-US: Sourcecodester
CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...)
@@ -53096,8 +53143,8 @@ CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.0
NOT-FOR-US: Adobe
CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
NOT-FOR-US: Adobe
-CVE-2021-40727
- RESERVED
+CVE-2021-40727 (Access of Memory Location After End of Buffer (CWE-788 ...)
+ TODO: check
CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
NOT-FOR-US: Adobe
CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
@@ -54436,8 +54483,8 @@ CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within t
NOT-FOR-US: GibbonEdu/core
CVE-2021-40213
RESERVED
-CVE-2021-40212
- RESERVED
+CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.2152 ...)
+ TODO: check
CVE-2021-40211
RESERVED
CVE-2021-40210
@@ -55371,8 +55418,8 @@ CVE-2021-39822
RESERVED
CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
NOT-FOR-US: Adobe
-CVE-2021-39820
- RESERVED
+CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...)
+ TODO: check
CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
@@ -55399,8 +55446,8 @@ CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, the
NOT-FOR-US: Android
CVE-2021-39807 (In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2021-39806
- RESERVED
+CVE-2021-39806 (In closef of label_backends_android.c, there is a possible way to corr ...)
+ TODO: check
CVE-2021-39805 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
NOT-FOR-US: Android
CVE-2021-39804 (In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a m ...)
@@ -55645,8 +55692,8 @@ CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible
NOT-FOR-US: Android
CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...)
NOT-FOR-US: Android
-CVE-2021-39691
- RESERVED
+CVE-2021-39691 (In WindowManager, there is a possible tapjacking attack due to an inco ...)
+ TODO: check
CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...)
@@ -55805,7 +55852,7 @@ CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a
NOT-FOR-US: Android
CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
NOT-FOR-US: Android
-CVE-2021-39624 (In Package Manger, there is a possible permanent denial of service due ...)
+CVE-2021-39624 (In PackageManager, there is a possible permanent denial of service due ...)
NOT-FOR-US: Android
CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
NOT-FOR-US: Android
@@ -62753,8 +62800,8 @@ CVE-2021-36903
RESERVED
CVE-2021-36902
RESERVED
-CVE-2021-36901
- RESERVED
+CVE-2021-36901 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phi ...)
+ TODO: check
CVE-2021-36900
RESERVED
CVE-2021-36899
@@ -72133,8 +72180,7 @@ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0
NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67)
NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67)
NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67)
-CVE-2021-33036
- RESERVED
+CVE-2021-33036 (In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2. ...)
- hadoop <itp> (bug #793644)
CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...)
- libreoffice 1:4.3.1-1
@@ -119504,7 +119550,7 @@ CVE-2020-27070
RESERVED
CVE-2020-27069
RESERVED
-CVE-2020-27068 (In the nl80211_policy policy of nl80211.c, there is a possible out of ...)
+CVE-2020-27068 (Product: AndroidVersions: Android kernelAndroid ID: A-127973231Referen ...)
- linux 5.5.13-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
@@ -231379,8 +231425,8 @@ CVE-2019-4577
RESERVED
CVE-2019-4576 (IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA d ...)
NOT-FOR-US: IBM
-CVE-2019-4575
- RESERVED
+CVE-2019-4575 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
+ TODO: check
CVE-2019-4574
RESERVED
CVE-2019-4573
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69b1b4e4f9e87e2aa6f9cb48eb8082ce4ff80564
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69b1b4e4f9e87e2aa6f9cb48eb8082ce4ff80564
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220615/def2e09c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list