[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 3 09:10:20 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49d2604c by security tracker role at 2022-05-03T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-30126
+ RESERVED
+CVE-2022-1553
+ RESERVED
+CVE-2022-1552
+ RESERVED
+CVE-2019-25060
+ RESERVED
CVE-2022-30125
RESERVED
CVE-2022-30124
@@ -595,6 +603,7 @@ CVE-2022-1517
RESERVED
CVE-2022-1516
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1 (unimportant)
NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1)
NOTE: CONFIG_X25 is not set in Debian
@@ -702,8 +711,8 @@ CVE-2022-29826
RESERVED
CVE-2022-29825
RESERVED
-CVE-2022-29824
- RESERVED
+CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...)
+ TODO: check
CVE-2022-29516
RESERVED
CVE-2022-29823
@@ -1511,6 +1520,7 @@ CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimco
CVE-2022-1428
RESERVED
CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free ...)
+ {DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -2350,6 +2360,7 @@ CVE-2022-1354
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/key/af ...)
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
CVE-2022-1352
@@ -4569,13 +4580,16 @@ CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitr
[stretch] - busybox <no-dsa> (Minor issue)
NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...)
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1)
CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux ker ...)
+ {DSA-5127-1}
- linux 5.17.3-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1)
CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...)
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE: https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1)
CVE-2022-28387
@@ -4590,8 +4604,8 @@ CVE-2022-28383
RESERVED
CVE-2022-28382
RESERVED
-CVE-2022-1214
- RESERVED
+CVE-2022-1214 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/li ...)
NOT-FOR-US: livehelperchat
CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby ...)
@@ -4613,7 +4627,7 @@ CVE-2022-1211 (A vulnerability classified as critical has been found in tildearr
- furnace <itp> (bug #1008592)
CVE-2022-28377
RESERVED
-CVE-2022-28376 (Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (kn ...)
+CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyon ...)
NOT-FOR-US: Verizon
CVE-2022-28375
RESERVED
@@ -4665,6 +4679,7 @@ CVE-2022-28358
CVE-2022-28357
RESERVED
CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found in ne ...)
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://git.kernel.org/linus/764f4eb6846f5475f1244767d24d25dd86528a4a
NOTE: https://www.openwall.com/lists/oss-security/2022/04/06/1
@@ -4757,10 +4772,12 @@ CVE-2022-1206
RESERVED
CVE-2022-1205
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4
CVE-2022-1204
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
CVE-2022-1203
@@ -4928,11 +4945,13 @@ CVE-2022-28281
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281
CVE-2022-1199
RESERVED
+ {DSA-5127-1}
- linux 5.16.18-1
[buster] - linux 4.19.235-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/5
CVE-2022-1198
RESERVED
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3
CVE-2022-1197
@@ -4948,6 +4967,7 @@ CVE-2022-1196
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1196
CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in driver ...)
+ {DSA-5127-1}
- linux 5.15.15-1
[buster] - linux 4.19.232-1
[stretch] - linux 4.9.303-1
@@ -5373,6 +5393,7 @@ CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are
NOT-FOR-US: Rockwell Automation
CVE-2022-1158
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5663,8 +5684,8 @@ CVE-2022-28120
RESERVED
CVE-2022-28119
RESERVED
-CVE-2022-28118
- RESERVED
+CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code via a c ...)
+ TODO: check
CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate ...)
NOT-FOR-US: Navigate CMS
CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
@@ -6766,6 +6787,7 @@ CVE-2022-1057
CVE-2021-46739
RESERVED
CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...)
+ {DSA-5127-1}
- linux 5.16.18-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
@@ -6872,6 +6894,7 @@ CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The p
NOTE: https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5
NOTE: Introduced by https://github.com/ClusterLabs/pcs/commit/8378cf1a81efc0cd421483234943057e2be0a8ed (v0.10)
CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s sound subs ...)
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4
@@ -7914,6 +7937,7 @@ CVE-2022-1017
RESERVED
CVE-2022-1016
RESERVED
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5
NOTE: Fixed by: https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d
@@ -9962,6 +9986,7 @@ CVE-2020-36517 (An information leak in Nabu Casa Home Assistant Operating System
CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. ...)
NOT-FOR-US: Node urijs
CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...)
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://git.kernel.org/linus/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
CVE-2022-26486
@@ -14272,8 +14297,8 @@ CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not menti
NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
NOTE: CVE is specifically about --mirror documentation not mentioning the availability
NOTE: of deleted content.
-CVE-2022-24974
- RESERVED
+CVE-2022-24974 (Links may not be rewritten according to policy in some specially forma ...)
+ TODO: check
CVE-2022-24973
RESERVED
CVE-2022-24972
@@ -14461,8 +14486,8 @@ CVE-2022-24899
RESERVED
CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...)
NOT-FOR-US: Xwiki
-CVE-2022-24897
- RESERVED
+CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...)
+ TODO: check
CVE-2022-24896
RESERVED
CVE-2022-24895
@@ -18783,10 +18808,10 @@ CVE-2022-23725
RESERVED
CVE-2022-23724
RESERVED
-CVE-2022-23723
- RESERVED
-CVE-2022-23722
- RESERVED
+CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...)
+ TODO: check
+CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...)
+ TODO: check
CVE-2022-23721
RESERVED
CVE-2022-23720
@@ -21574,6 +21599,7 @@ CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not
NOT-FOR-US: WordPress plugin
CVE-2022-0168
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -23959,6 +23985,7 @@ CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to
CVE-2021-45985
RESERVED
CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux kernel's c ...)
+ {DSA-5127-1}
- linux 5.15.15-1
NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
@@ -26678,8 +26705,7 @@ CVE-2021-4140
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140
CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
NOT-FOR-US: Pimcore
-CVE-2021-4138
- RESERVED
+CVE-2021-4138 (Improved Host header checks to reject requests not sent to a well-know ...)
- geckodriver <itp> (bug #989456)
CVE-2022-22053
RESERVED
@@ -34946,8 +34972,8 @@ CVE-2022-20769
RESERVED
CVE-2022-20768
RESERVED
-CVE-2022-20767
- RESERVED
+CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...)
+ TODO: check
CVE-2022-20766
RESERVED
CVE-2022-20765
@@ -34960,14 +34986,14 @@ CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD
NOT-FOR-US: Cisco
CVE-2022-20761 (A vulnerability in the integrated wireless access point (AP) packet pr ...)
NOT-FOR-US: Cisco
-CVE-2022-20760
- RESERVED
-CVE-2022-20759
- RESERVED
+CVE-2022-20760 (A vulnerability in the DNS inspection handler of Cisco Adaptive Securi ...)
+ TODO: check
+CVE-2022-20759 (A vulnerability in the web services interface for remote access VPN fe ...)
+ TODO: check
CVE-2022-20758 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
NOT-FOR-US: Cisco
-CVE-2022-20757
- RESERVED
+CVE-2022-20757 (A vulnerability in the connection handling function in Cisco Firepower ...)
+ TODO: check
CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity Services Engin ...)
NOT-FOR-US: Cisco
CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management interface ...)
@@ -34978,36 +35004,36 @@ CVE-2022-20753
RESERVED
CVE-2022-20752
RESERVED
-CVE-2022-20751
- RESERVED
+CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...)
+ TODO: check
CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
NOT-FOR-US: Cisco
CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
NOT-FOR-US: Cisco Small Business RV Series Routers
-CVE-2022-20748
- RESERVED
+CVE-2022-20748 (A vulnerability in the local malware analysis process of Cisco Firepow ...)
+ TODO: check
CVE-2022-20747 (A vulnerability in the History API of Cisco SD-WAN vManage Software co ...)
NOT-FOR-US: Cisco
-CVE-2022-20746
- RESERVED
-CVE-2022-20745
- RESERVED
-CVE-2022-20744
- RESERVED
-CVE-2022-20743
- RESERVED
-CVE-2022-20742
- RESERVED
+CVE-2022-20746 (A vulnerability in the TCP proxy functionality of Cisco Firepower Thre ...)
+ TODO: check
+CVE-2022-20745 (A vulnerability in the web services interface for remote access VPN fe ...)
+ TODO: check
+CVE-2022-20744 (A vulnerability in the input protection mechanisms of Cisco Firepower ...)
+ TODO: check
+CVE-2022-20743 (A vulnerability in the web management interface of Cisco Firepower Man ...)
+ TODO: check
+CVE-2022-20742 (A vulnerability in an IPsec VPN library of Cisco Adaptive Security App ...)
+ TODO: check
CVE-2022-20741 (A vulnerability in the web-based management interface of the Network D ...)
NOT-FOR-US: Cisco
-CVE-2022-20740
- RESERVED
+CVE-2022-20740 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
CVE-2022-20739 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
NOT-FOR-US: Cisco
CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...)
NOT-FOR-US: Cisco
-CVE-2022-20737
- RESERVED
+CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...)
+ TODO: check
CVE-2022-20736
RESERVED
CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
@@ -35020,10 +35046,10 @@ CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco V
NOT-FOR-US: Cisco
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...)
NOT-FOR-US: Cisco
-CVE-2022-20730
- RESERVED
-CVE-2022-20729
- RESERVED
+CVE-2022-20730 (A vulnerability in the Security Intelligence feed feature of Cisco Fir ...)
+ TODO: check
+CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Softwar ...)
+ TODO: check
CVE-2022-20728
RESERVED
CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...)
@@ -35050,8 +35076,8 @@ CVE-2022-20717 (A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Rou
NOT-FOR-US: Cisco
CVE-2022-20716 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
NOT-FOR-US: Cisco
-CVE-2022-20715
- RESERVED
+CVE-2022-20715 (A vulnerability in the remote access SSL VPN features of Cisco Adaptiv ...)
+ TODO: check
CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus line ca ...)
NOT-FOR-US: Cisco
CVE-2022-20713
@@ -35227,12 +35253,12 @@ CVE-2022-20631
RESERVED
CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...)
NOT-FOR-US: Cisco
-CVE-2022-20629
- RESERVED
-CVE-2022-20628
- RESERVED
-CVE-2022-20627
- RESERVED
+CVE-2022-20629 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20628 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2022-20627 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2022-20626
RESERVED
CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS ...)
@@ -37022,16 +37048,16 @@ CVE-2021-42534 (The affected product’s web application does not properly n
NOT-FOR-US: Trane
CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a double free ...)
NOT-FOR-US: Adobe
-CVE-2021-42532
- RESERVED
-CVE-2021-42531
- RESERVED
-CVE-2021-42530
- RESERVED
-CVE-2021-42529
- RESERVED
-CVE-2021-42528
- RESERVED
+CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ TODO: check
+CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ TODO: check
+CVE-2021-42530 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ TODO: check
+CVE-2021-42529 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ TODO: check
+CVE-2021-42528 (XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer derefe ...)
+ TODO: check
CVE-2021-42527 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
NOT-FOR-US: Adobe
CVE-2021-42526 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
@@ -52458,8 +52484,8 @@ CVE-2021-36846 (Authenticated (admin or higher user role) Stored Cross-Site Scri
NOT-FOR-US: WordPress plugin
CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36844
- RESERVED
+CVE-2021-36844 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36842
@@ -117253,16 +117279,16 @@ CVE-2020-23623
RESERVED
CVE-2020-23622
RESERVED
-CVE-2020-23621
- RESERVED
-CVE-2020-23620
- RESERVED
+CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS Managem ...)
+ TODO: check
+CVE-2020-23620 (The Java Remote Management Interface of all versions of Orlansoft ERP ...)
+ TODO: check
CVE-2020-23619
RESERVED
-CVE-2020-23618
- RESERVED
-CVE-2020-23617
- RESERVED
+CVE-2020-23618 (A reflected cross site scripting (XSS) vulnerability in Xtend Voice Lo ...)
+ TODO: check
+CVE-2020-23617 (A cross site scripting (XSS) vulnerability in the error page of Totoli ...)
+ TODO: check
CVE-2020-23616
RESERVED
CVE-2020-23615
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d2604caf72bf091128d3f2008518c986fb9660
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d2604caf72bf091128d3f2008518c986fb9660
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220503/1264178a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list