[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jun 27 09:10:26 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a822f0ef by security tracker role at 2022-06-27T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-34659
+	RESERVED
+CVE-2022-34647
+	RESERVED
+CVE-2022-34646
+	RESERVED
+CVE-2022-34345
+	RESERVED
+CVE-2022-34157
+	RESERVED
+CVE-2022-33964
+	RESERVED
+CVE-2022-33946
+	RESERVED
+CVE-2022-33190
+	RESERVED
+CVE-2022-32971
+	RESERVED
+CVE-2022-32579
+	RESERVED
+CVE-2022-31476
+	RESERVED
+CVE-2022-30692
+	RESERVED
+CVE-2022-29514
+	RESERVED
+CVE-2022-27168
+	RESERVED
+CVE-2022-2214
+	RESERVED
+CVE-2022-2213
+	RESERVED
+CVE-2022-2212
+	RESERVED
 CVE-2022-34645
 	RESERVED
 CVE-2022-34644
@@ -311,6 +345,7 @@ CVE-2022-34494 (rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/1680939e9ecf7764fba8689cfb3429c2fe2bb23c (5.19-rc1)
 CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
+	RESERVED
 	- libguestfs <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
 	TODO: check, upstream references
@@ -330,8 +365,8 @@ CVE-2022-34491 (In the RSS extension for MediaWiki through 1.38.1, when the $wgR
 	NOT-FOR-US: MediaWiki RSS extension
 CVE-2022-34490
 	RESERVED
-CVE-2022-2206
-	RESERVED
+CVE-2022-2206 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+	TODO: check
 CVE-2022-34486
 	RESERVED
 CVE-2022-27637
@@ -2364,8 +2399,8 @@ CVE-2022-33737
 	RESERVED
 CVE-2022-33736
 	RESERVED
-CVE-2022-33202
-	RESERVED
+CVE-2022-33202 (Authentication bypass vulnerability in the setup screen of L2Blocker(o ...)
+	TODO: check
 CVE-2022-2088
 	RESERVED
 CVE-2022-2087 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -3431,8 +3466,8 @@ CVE-2022-33211
 	RESERVED
 CVE-2022-33210
 	RESERVED
-CVE-2022-33146
-	RESERVED
+CVE-2022-33146 (Open redirect vulnerability in web2py versions prior to 2.22.5 allows  ...)
+	TODO: check
 CVE-2022-32585
 	RESERVED
 CVE-2022-28127
@@ -3610,7 +3645,7 @@ CVE-2022-33126
 	RESERVED
 CVE-2022-33125
 	RESERVED
-CVE-2022-33124 (aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can ...)
+CVE-2022-33124 (** DISPUTED ** AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 UR ...)
 	TODO: check
 CVE-2022-33123
 	RESERVED
@@ -9663,7 +9698,7 @@ CVE-2022-30934
 CVE-2022-30933
 	RESERVED
 CVE-2022-30932
-	RESERVED
+	REJECTED
 CVE-2022-30931 (Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross  ...)
 	NOT-FOR-US: Employee Leaves Management System (ELMS)
 CVE-2022-30930 (Tourism Management System Version: V 3.2 is affected by: Cross Site Re ...)
@@ -13429,6 +13464,7 @@ CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE:
 	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0
 	NOTE: Issue exists because of an incomplete fix for CVE-2019-3839
 CVE-2022-29599 (In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...)
+	{DLA-3059-1}
 	- maven-shared-utils 3.3.4-1 (bug #1012314)
 	NOTE: https://github.com/apache/maven-shared-utils/pull/40
 	NOTE: https://issues.apache.org/jira/browse/MSHARED-297
@@ -82191,7 +82227,7 @@ CVE-2021-30283 (Possible denial of service due to improper handling of debug reg
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30281 (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, Snapdragon Co ...)
+CVE-2021-30281 (Possible unauthorized access to secure space due to improper check of  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2021-30280
 	RESERVED
@@ -165045,8 +165081,8 @@ CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows i
 	NOT-FOR-US: Patriot Viper RGB Driver
 CVE-2020-9755
 	RESERVED
-CVE-2020-9754
-	RESERVED
+CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to  ...)
+	TODO: check
 CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...)
 	NOT-FOR-US: Whale Browser
 CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822f0ef3f2949e0730a4a2149dfafdbc909aef9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822f0ef3f2949e0730a4a2149dfafdbc909aef9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220627/9fb88dad/attachment.htm>
