[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 10 09:10:23 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf0aa6e3 by security tracker role at 2022-05-10T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-30526
+	RESERVED
+CVE-2022-30525
+	RESERVED
+CVE-2022-1646
+	RESERVED
+CVE-2022-1645
+	RESERVED
+CVE-2022-1644
+	RESERVED
+CVE-2022-1643
+	RESERVED
 CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextOutputD ...)
 	TODO: check
 CVE-2022-30523
@@ -417,8 +429,8 @@ CVE-2022-1623
 	RESERVED
 CVE-2022-1622
 	RESERVED
-CVE-2022-1621
-	RESERVED
+CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
+	TODO: check
 CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_ ...)
 	- admesh <unfixed> (bug #1010770)
 	[bullseye] - admesh <no-dsa> (Minor issue; can be fixed via point release)
@@ -11584,13 +11596,14 @@ CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log dir
 CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deplo ...)
 	NOT-FOR-US: Citrix
 CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error,  ...)
-	{DLA-2970-1}
+	{DSA-5133-1 DLA-2970-1}
 	- qemu 1:7.0+dfsg-1
 	[buster] - qemu <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
 	NOTE: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
 	NOTE: vulnerable code in buster in vhost_vsock_send_transport_reset
 CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was inadv ...)
+	{DSA-5133-1}
 	- qemu 1:7.0+dfsg-1
 	[buster] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
 	[stretch] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 not applied)
@@ -18927,12 +18940,14 @@ CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algo
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
 	NOT-FOR-US: Bromite
 CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	{DLA-2998-1}
 	- kicad 6.0.2+dfsg-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460
 	NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700
 	NOTE: https://gitlab.com/kicad/code/kicad/-/commit/54b20cb0492ee20eb9efaff478eaa51fe17b4ca3 (master)
 	NOTE: https://gitlab.com/kicad/code/kicad/-/commit/a7fbdfe9182fe075d1f36cf1f23432b28caf03b3 (6.0.2)
 CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	{DLA-2998-1}
 	- kicad 6.0.2+dfsg-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460
 	NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700
@@ -18991,6 +19006,7 @@ CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214)
 CVE-2022-0358
 	RESERVED
+	{DSA-5133-1}
 	- qemu 1:7.0+dfsg-1
 	[buster] - qemu <not-affected> (Vulnerable code not present)
 	[stretch] - qemu <not-affected> (virtiofsd added in 5.0)
@@ -19768,12 +19784,14 @@ CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17
 CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in  ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	{DLA-2998-1}
 	- kicad 6.0.2+dfsg-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453
 	NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719
 	NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2)
 	NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master)
 CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+	{DLA-2998-1}
 	- kicad 6.0.2+dfsg-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453
 	NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719
@@ -20040,10 +20058,10 @@ CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using t
 	- kibana <itp> (bug #700337)
 CVE-2022-23706
 	RESERVED
-CVE-2022-23705
-	RESERVED
-CVE-2022-23704
-	RESERVED
+CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
+	TODO: check
+CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...)
+	TODO: check
 CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
 	NOT-FOR-US: HPE
 CVE-2022-23702 (A potential security vulnerability has been identified in HPE Superdom ...)
@@ -21782,11 +21800,13 @@ CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to sin
 CVE-2021-44760 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-4207 (A flaw was found in the QXL display device emulation in QEMU. A double ...)
+	{DSA-5133-1}
 	- qemu 1:7.0+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036966
 	NOTE: https://starlabs.sg/advisories/22-4207/
 	NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895 (v7.0.0-rc4)
 CVE-2021-4206 (A flaw was found in the QXL display device emulation in QEMU. An integ ...)
+	{DSA-5133-1}
 	- qemu 1:7.0+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036998
 	NOTE: https://starlabs.sg/advisories/22-4206/
@@ -34169,8 +34189,8 @@ CVE-2021-43714
 	RESERVED
 CVE-2021-43713
 	RESERVED
-CVE-2021-43712
-	RESERVED
+CVE-2021-43712 (Stored XSS in Add New Employee Form in Sourcecodester Employee Daily T ...)
+	TODO: check
 CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2021-43710



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0aa6e3d8da4b961cd4a2cc6b19b72632e3da23

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0aa6e3d8da4b961cd4a2cc6b19b72632e3da23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220510/f01beb1c/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list