[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 3 09:10:20 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49d2604c by security tracker role at 2022-05-03T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-30126
+	RESERVED
+CVE-2022-1553
+	RESERVED
+CVE-2022-1552
+	RESERVED
+CVE-2019-25060
+	RESERVED
 CVE-2022-30125
 	RESERVED
 CVE-2022-30124
@@ -595,6 +603,7 @@ CVE-2022-1517
 	RESERVED
 CVE-2022-1516
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.17.3-1 (unimportant)
 	NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1)
 	NOTE: CONFIG_X25 is not set in Debian
@@ -702,8 +711,8 @@ CVE-2022-29826
 	RESERVED
 CVE-2022-29825
 	RESERVED
-CVE-2022-29824
-	RESERVED
+CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...)
+	TODO: check
 CVE-2022-29516
 	RESERVED
 CVE-2022-29823
@@ -1511,6 +1520,7 @@ CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimco
 CVE-2022-1428
 	RESERVED
 CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free  ...)
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -2350,6 +2360,7 @@ CVE-2022-1354
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
 CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/key/af ...)
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
 CVE-2022-1352
@@ -4569,13 +4580,16 @@ CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitr
 	[stretch] - busybox <no-dsa> (Minor issue)
 	NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
 CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...)
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1)
 CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux ker ...)
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1)
 CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...)
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	NOTE: https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1)
 CVE-2022-28387
@@ -4590,8 +4604,8 @@ CVE-2022-28383
 	RESERVED
 CVE-2022-28382
 	RESERVED
-CVE-2022-1214
-	RESERVED
+CVE-2022-1214 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+	TODO: check
 CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/li ...)
 	NOT-FOR-US: livehelperchat
 CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby ...)
@@ -4613,7 +4627,7 @@ CVE-2022-1211 (A vulnerability classified as critical has been found in tildearr
 	- furnace <itp> (bug #1008592)
 CVE-2022-28377
 	RESERVED
-CVE-2022-28376 (Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (kn ...)
+CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyon ...)
 	NOT-FOR-US: Verizon
 CVE-2022-28375
 	RESERVED
@@ -4665,6 +4679,7 @@ CVE-2022-28358
 CVE-2022-28357
 	RESERVED
 CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found in ne ...)
+	{DSA-5127-1}
 	- linux 5.16.18-1
 	NOTE: https://git.kernel.org/linus/764f4eb6846f5475f1244767d24d25dd86528a4a
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/06/1
@@ -4757,10 +4772,12 @@ CVE-2022-1206
 	RESERVED
 CVE-2022-1205
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4
 CVE-2022-1204
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
 CVE-2022-1203
@@ -4928,11 +4945,13 @@ CVE-2022-28281
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281
 CVE-2022-1199
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.16.18-1
 	[buster] - linux 4.19.235-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/5
 CVE-2022-1198
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.16.18-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3
 CVE-2022-1197
@@ -4948,6 +4967,7 @@ CVE-2022-1196
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1196
 CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in driver ...)
+	{DSA-5127-1}
 	- linux 5.15.15-1
 	[buster] - linux 4.19.232-1
 	[stretch] - linux 4.9.303-1
@@ -5373,6 +5393,7 @@ CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are
 	NOT-FOR-US: Rockwell Automation
 CVE-2022-1158
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5663,8 +5684,8 @@ CVE-2022-28120
 	RESERVED
 CVE-2022-28119
 	RESERVED
-CVE-2022-28118
-	RESERVED
+CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code via a c ...)
+	TODO: check
 CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate  ...)
 	NOT-FOR-US: Navigate CMS
 CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
@@ -6766,6 +6787,7 @@ CVE-2022-1057
 CVE-2021-46739
 	RESERVED
 CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...)
+	{DSA-5127-1}
 	- linux 5.16.18-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
@@ -6872,6 +6894,7 @@ CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The p
 	NOTE: https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5
 	NOTE: Introduced by https://github.com/ClusterLabs/pcs/commit/8378cf1a81efc0cd421483234943057e2be0a8ed (v0.10)
 CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound subs ...)
+	{DSA-5127-1}
 	- linux 5.16.18-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4
@@ -7914,6 +7937,7 @@ CVE-2022-1017
 	RESERVED
 CVE-2022-1016
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.16.18-1
 	NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5
 	NOTE: Fixed by: https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d
@@ -9962,6 +9986,7 @@ CVE-2020-36517 (An information leak in Nabu Casa Home Assistant Operating System
 CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. ...)
 	NOT-FOR-US: Node urijs
 CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...)
+	{DSA-5127-1}
 	- linux 5.16.18-1
 	NOTE: https://git.kernel.org/linus/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
 CVE-2022-26486
@@ -14272,8 +14297,8 @@ CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not menti
 	NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
 	NOTE: CVE is specifically about --mirror documentation not mentioning the availability
 	NOTE: of deleted content.
-CVE-2022-24974
-	RESERVED
+CVE-2022-24974 (Links may not be rewritten according to policy in some specially forma ...)
+	TODO: check
 CVE-2022-24973
 	RESERVED
 CVE-2022-24972
@@ -14461,8 +14486,8 @@ CVE-2022-24899
 	RESERVED
 CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...)
 	NOT-FOR-US: Xwiki
-CVE-2022-24897
-	RESERVED
+CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...)
+	TODO: check
 CVE-2022-24896
 	RESERVED
 CVE-2022-24895
@@ -18783,10 +18808,10 @@ CVE-2022-23725
 	RESERVED
 CVE-2022-23724
 	RESERVED
-CVE-2022-23723
-	RESERVED
-CVE-2022-23722
-	RESERVED
+CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...)
+	TODO: check
+CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...)
+	TODO: check
 CVE-2022-23721
 	RESERVED
 CVE-2022-23720
@@ -21574,6 +21599,7 @@ CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0168
 	RESERVED
+	{DSA-5127-1}
 	- linux 5.17.3-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -23959,6 +23985,7 @@ CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to
 CVE-2021-45985
 	RESERVED
 CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux kernel's c ...)
+	{DSA-5127-1}
 	- linux 5.15.15-1
 	NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
@@ -26678,8 +26705,7 @@ CVE-2021-4140
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140
 CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
 	NOT-FOR-US: Pimcore
-CVE-2021-4138
-	RESERVED
+CVE-2021-4138 (Improved Host header checks to reject requests not sent to a well-know ...)
 	- geckodriver <itp> (bug #989456)
 CVE-2022-22053
 	RESERVED
@@ -34946,8 +34972,8 @@ CVE-2022-20769
 	RESERVED
 CVE-2022-20768
 	RESERVED
-CVE-2022-20767
-	RESERVED
+CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
+	TODO: check
 CVE-2022-20766
 	RESERVED
 CVE-2022-20765
@@ -34960,14 +34986,14 @@ CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD
 	NOT-FOR-US: Cisco
 CVE-2022-20761 (A vulnerability in the integrated wireless access point (AP) packet pr ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20760
-	RESERVED
-CVE-2022-20759
-	RESERVED
+CVE-2022-20760 (A vulnerability in the DNS inspection handler of Cisco Adaptive Securi ...)
+	TODO: check
+CVE-2022-20759 (A vulnerability in the web services interface for remote access VPN fe ...)
+	TODO: check
 CVE-2022-20758 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20757
-	RESERVED
+CVE-2022-20757 (A vulnerability in the connection handling function in Cisco Firepower ...)
+	TODO: check
 CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity Services Engin ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management interface ...)
@@ -34978,36 +35004,36 @@ CVE-2022-20753
 	RESERVED
 CVE-2022-20752
 	RESERVED
-CVE-2022-20751
-	RESERVED
+CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...)
+	TODO: check
 CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340,  ...)
 	NOT-FOR-US: Cisco Small Business RV Series Routers
-CVE-2022-20748
-	RESERVED
+CVE-2022-20748 (A vulnerability in the local malware analysis process of Cisco Firepow ...)
+	TODO: check
 CVE-2022-20747 (A vulnerability in the History API of Cisco SD-WAN vManage Software co ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20746
-	RESERVED
-CVE-2022-20745
-	RESERVED
-CVE-2022-20744
-	RESERVED
-CVE-2022-20743
-	RESERVED
-CVE-2022-20742
-	RESERVED
+CVE-2022-20746 (A vulnerability in the TCP proxy functionality of Cisco Firepower Thre ...)
+	TODO: check
+CVE-2022-20745 (A vulnerability in the web services interface for remote access VPN fe ...)
+	TODO: check
+CVE-2022-20744 (A vulnerability in the input protection mechanisms of Cisco Firepower  ...)
+	TODO: check
+CVE-2022-20743 (A vulnerability in the web management interface of Cisco Firepower Man ...)
+	TODO: check
+CVE-2022-20742 (A vulnerability in an IPsec VPN library of Cisco Adaptive Security App ...)
+	TODO: check
 CVE-2022-20741 (A vulnerability in the web-based management interface of the Network D ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20740
-	RESERVED
+CVE-2022-20740 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+	TODO: check
 CVE-2022-20739 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20737
-	RESERVED
+CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...)
+	TODO: check
 CVE-2022-20736
 	RESERVED
 CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
@@ -35020,10 +35046,10 @@ CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco V
 	NOT-FOR-US: Cisco
 CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20730
-	RESERVED
-CVE-2022-20729
-	RESERVED
+CVE-2022-20730 (A vulnerability in the Security Intelligence feed feature of Cisco Fir ...)
+	TODO: check
+CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Softwar ...)
+	TODO: check
 CVE-2022-20728
 	RESERVED
 CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
@@ -35050,8 +35076,8 @@ CVE-2022-20717 (A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Rou
 	NOT-FOR-US: Cisco
 CVE-2022-20716 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20715
-	RESERVED
+CVE-2022-20715 (A vulnerability in the remote access SSL VPN features of Cisco Adaptiv ...)
+	TODO: check
 CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus line ca ...)
 	NOT-FOR-US: Cisco
 CVE-2022-20713
@@ -35227,12 +35253,12 @@ CVE-2022-20631
 	RESERVED
 CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...)
 	NOT-FOR-US: Cisco
-CVE-2022-20629
-	RESERVED
-CVE-2022-20628
-	RESERVED
-CVE-2022-20627
-	RESERVED
+CVE-2022-20629 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20628 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2022-20627 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2022-20626
 	RESERVED
 CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS  ...)
@@ -37022,16 +37048,16 @@ CVE-2021-42534 (The affected product’s web application does not properly n
 	NOT-FOR-US: Trane
 CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a double free ...)
 	NOT-FOR-US: Adobe
-CVE-2021-42532
-	RESERVED
-CVE-2021-42531
-	RESERVED
-CVE-2021-42530
-	RESERVED
-CVE-2021-42529
-	RESERVED
-CVE-2021-42528
-	RESERVED
+CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+	TODO: check
+CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+	TODO: check
+CVE-2021-42530 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+	TODO: check
+CVE-2021-42529 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+	TODO: check
+CVE-2021-42528 (XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer derefe ...)
+	TODO: check
 CVE-2021-42527 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
 	NOT-FOR-US: Adobe
 CVE-2021-42526 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
@@ -52458,8 +52484,8 @@ CVE-2021-36846 (Authenticated (admin or higher user role) Stored Cross-Site Scri
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-36844
-	RESERVED
+CVE-2021-36844 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+	TODO: check
 CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-36842
@@ -117253,16 +117279,16 @@ CVE-2020-23623
 	RESERVED
 CVE-2020-23622
 	RESERVED
-CVE-2020-23621
-	RESERVED
-CVE-2020-23620
-	RESERVED
+CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS Managem ...)
+	TODO: check
+CVE-2020-23620 (The Java Remote Management Interface of all versions of Orlansoft ERP  ...)
+	TODO: check
 CVE-2020-23619
 	RESERVED
-CVE-2020-23618
-	RESERVED
-CVE-2020-23617
-	RESERVED
+CVE-2020-23618 (A reflected cross site scripting (XSS) vulnerability in Xtend Voice Lo ...)
+	TODO: check
+CVE-2020-23617 (A cross site scripting (XSS) vulnerability in the error page of Totoli ...)
+	TODO: check
 CVE-2020-23616
 	RESERVED
 CVE-2020-23615



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d2604caf72bf091128d3f2008518c986fb9660

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d2604caf72bf091128d3f2008518c986fb9660
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220503/1264178a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list