[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 11 09:10:32 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1044b2cd by security tracker role at 2022-05-11T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2022-30548
+ RESERVED
+CVE-2022-30339
+ RESERVED
+CVE-2022-30338
+ RESERVED
+CVE-2022-30296
+ RESERVED
+CVE-2022-29919
+ RESERVED
+CVE-2022-29893
+ RESERVED
+CVE-2022-29887
+ RESERVED
+CVE-2022-29515
+ RESERVED
+CVE-2022-29508
+ RESERVED
+CVE-2022-29507
+ RESERVED
+CVE-2022-29478
+ RESERVED
+CVE-2022-29470
+ RESERVED
+CVE-2022-28693
+ RESERVED
+CVE-2022-27877
+ RESERVED
+CVE-2022-27808
+ RESERVED
+CVE-2022-26844
+ RESERVED
+CVE-2022-26374
+ RESERVED
+CVE-2022-26373
+ RESERVED
+CVE-2022-26344
+ RESERVED
+CVE-2022-25976
+ RESERVED
+CVE-2022-1670
+ RESERVED
+CVE-2022-1669
+ RESERVED
+CVE-2022-1668
+ RESERVED
+CVE-2022-1667
+ RESERVED
+CVE-2022-1666
+ RESERVED
+CVE-2022-1665
+ RESERVED
+CVE-2022-1664
+ RESERVED
+CVE-2022-1663
+ RESERVED
CVE-2022-30529
RESERVED
CVE-2022-30528
@@ -5,6 +61,7 @@ CVE-2022-30528
CVE-2022-30527
RESERVED
CVE-2022-1662
+ RESERVED
NOT-FOR-US: Red Hat convert2rhel
CVE-2022-1661
RESERVED
@@ -692,8 +749,8 @@ CVE-2022-30280
RESERVED
CVE-2022-30279
RESERVED
-CVE-2022-30278
- RESERVED
+CVE-2022-30278 (A vulnerability in Black Duck Hub’s embedded MadCap Flare docume ...)
+ TODO: check
CVE-2022-30277
RESERVED
CVE-2022-30276
@@ -1074,16 +1131,16 @@ CVE-2022-30132
RESERVED
CVE-2022-30131
RESERVED
-CVE-2022-30130
- RESERVED
-CVE-2022-30129
- RESERVED
+CVE-2022-30130 (.NET Framework Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-30128
RESERVED
CVE-2022-30127
RESERVED
-CVE-2022-1567
- RESERVED
+CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called wp-js.php with ...)
+ TODO: check
CVE-2022-1566
RESERVED
CVE-2022-1565
@@ -1932,8 +1989,8 @@ CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_f
NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2)
CVE-2022-1506
RESERVED
-CVE-2022-1505
- RESERVED
+CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...)
+ TODO: check
CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...)
NOT-FOR-US: microweber
CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 does not redact an SSH k ...)
@@ -2096,8 +2153,8 @@ CVE-2022-1477
- chromium 101.0.4951.41-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1476
- RESERVED
+CVE-2022-1476 (The All-in-One WP Migration plugin for WordPress is vulnerable to arbi ...)
+ TODO: check
CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg 5.0.1 and in pre ...)
{DSA-5124-1}
- ffmpeg 7:4.4.2-1
@@ -2185,8 +2242,8 @@ CVE-2022-1465
RESERVED
CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the ...)
NOT-FOR-US: Go Git Service
-CVE-2022-1463
- RESERVED
+CVE-2022-1463 (The Booking Calendar plugin for WordPress is vulnerable to PHP Object ...)
+ TODO: check
CVE-2022-1462
RESERVED
CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...)
@@ -2593,8 +2650,8 @@ CVE-2022-1455
RESERVED
CVE-2022-1454
RESERVED
-CVE-2022-1453
- RESERVED
+CVE-2022-1453 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...)
+ TODO: check
CVE-2022-1452 (Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function i ...)
- radare2 <unfixed>
NOTE: https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6
@@ -2628,8 +2685,8 @@ CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior
NOTE: https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5
CVE-2022-1443
RESERVED
-CVE-2022-1442
- RESERVED
+CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive information di ...)
+ TODO: check
CVE-2022-29598
RESERVED
CVE-2022-29597
@@ -2696,8 +2753,8 @@ CVE-2022-1433
RESERVED
CVE-2022-1432
RESERVED
-CVE-2022-1431
- RESERVED
+CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-1430
RESERVED
CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...)
@@ -2860,8 +2917,8 @@ CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-wr
NOT-FOR-US: Amazon AWS amazon-ssm-agent
CVE-2022-29526
RESERVED
-CVE-2022-1417
- RESERVED
+CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...)
+ TODO: check
CVE-2022-1416
RESERVED
CVE-2022-1415
@@ -3217,24 +3274,24 @@ CVE-2022-29401
RESERVED
CVE-2022-29400
RESERVED
-CVE-2022-29399
- RESERVED
-CVE-2022-29398
- RESERVED
-CVE-2022-29397
- RESERVED
-CVE-2022-29396
- RESERVED
-CVE-2022-29395
- RESERVED
-CVE-2022-29394
- RESERVED
-CVE-2022-29393
- RESERVED
-CVE-2022-29392
- RESERVED
-CVE-2022-29391
- RESERVED
+CVE-2022-29399 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29398 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29397 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29396 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29395 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29394 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29393 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29392 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
+CVE-2022-29391 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...)
+ TODO: check
CVE-2022-29390
RESERVED
CVE-2022-29389
@@ -3871,106 +3928,106 @@ CVE-2022-29153 (HashiCorp Consul and Consul Enterprise through 2022-04-12 allow
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...)
NOT-FOR-US: Ericom
-CVE-2022-29151
- RESERVED
-CVE-2022-29150
- RESERVED
+CVE-2022-29151 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...)
+ TODO: check
+CVE-2022-29150 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...)
+ TODO: check
CVE-2022-29149
RESERVED
-CVE-2022-29148
- RESERVED
+CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-29147
RESERVED
CVE-2022-29146
RESERVED
-CVE-2022-29145
- RESERVED
+CVE-2022-29145 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...)
+ TODO: check
CVE-2022-29144
RESERVED
CVE-2022-29143
RESERVED
-CVE-2022-29142
- RESERVED
-CVE-2022-29141
- RESERVED
-CVE-2022-29140
- RESERVED
-CVE-2022-29139
- RESERVED
-CVE-2022-29138
- RESERVED
-CVE-2022-29137
- RESERVED
+CVE-2022-29142 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-29141 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-29140 (Windows Print Spooler Information Disclosure Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-29139 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-29138 (Windows Clustered Shared Volume Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-29137 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
CVE-2022-29136
RESERVED
-CVE-2022-29135
- RESERVED
-CVE-2022-29134
- RESERVED
-CVE-2022-29133
- RESERVED
-CVE-2022-29132
- RESERVED
-CVE-2022-29131
- RESERVED
-CVE-2022-29130
- RESERVED
-CVE-2022-29129
- RESERVED
-CVE-2022-29128
- RESERVED
-CVE-2022-29127
- RESERVED
-CVE-2022-29126
- RESERVED
-CVE-2022-29125
- RESERVED
+CVE-2022-29135 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...)
+ TODO: check
+CVE-2022-29134 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-29133 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-29132 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-29131 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-29130 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-29129 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-29128 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-29127 (BitLocker Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-29126 (Tablet Windows User Interface Application Core Elevation of Privilege ...)
+ TODO: check
+CVE-2022-29125 (Windows Push Notifications Apps Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-29124
RESERVED
-CVE-2022-29123
- RESERVED
-CVE-2022-29122
- RESERVED
-CVE-2022-29121
- RESERVED
-CVE-2022-29120
- RESERVED
+CVE-2022-29123 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-29122 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-29121 (Windows WLAN AutoConfig Service Denial of Service Vulnerability. ...)
+ TODO: check
+CVE-2022-29120 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-29119
RESERVED
CVE-2022-29118
RESERVED
-CVE-2022-29117
- RESERVED
-CVE-2022-29116
- RESERVED
-CVE-2022-29115
- RESERVED
-CVE-2022-29114
- RESERVED
-CVE-2022-29113
- RESERVED
-CVE-2022-29112
- RESERVED
+CVE-2022-29117 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...)
+ TODO: check
+CVE-2022-29116 (Windows Kernel Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-29115 (Windows Fax Service Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-29114 (Windows Print Spooler Information Disclosure Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-29113 (Windows Digital Media Receiver Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-29112 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
CVE-2022-29111
RESERVED
-CVE-2022-29110
- RESERVED
-CVE-2022-29109
- RESERVED
-CVE-2022-29108
- RESERVED
-CVE-2022-29107
- RESERVED
-CVE-2022-29106
- RESERVED
-CVE-2022-29105
- RESERVED
-CVE-2022-29104
- RESERVED
-CVE-2022-29103
- RESERVED
-CVE-2022-29102
- RESERVED
+CVE-2022-29110 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-29109 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...)
+ TODO: check
+CVE-2022-29108 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-29107 (Microsoft Office Security Feature Bypass Vulnerability. ...)
+ TODO: check
+CVE-2022-29106 (Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerabili ...)
+ TODO: check
+CVE-2022-29105 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ TODO: check
+CVE-2022-29104 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-29103 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ TODO: check
+CVE-2022-29102 (Windows Failover Cluster Information Disclosure Vulnerability. ...)
+ TODO: check
CVE-2022-29101
RESERVED
CVE-2022-29100
@@ -4020,6 +4077,7 @@ CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alva
CVE-2022-1329 (The Elementor Website Builder plugin for WordPress is vulnerable to un ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions starting f ...)
+ {DLA-2999-1}
- mutt 2.2.3-1 (bug #1009734)
[bullseye] - mutt <no-dsa> (Minor issue)
[buster] - mutt <no-dsa> (Minor issue)
@@ -5369,8 +5427,8 @@ CVE-2022-28603
RESERVED
CVE-2022-28602
RESERVED
-CVE-2022-28601
- RESERVED
+CVE-2022-28601 (A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA ...)
+ TODO: check
CVE-2022-28600
RESERVED
CVE-2022-28599 (A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1 ...)
@@ -5960,8 +6018,8 @@ CVE-2022-28343
RESERVED
CVE-2022-28342
RESERVED
-CVE-2022-1209
- RESERVED
+CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to open redirec ...)
+ TODO: check
CVE-2022-1208
RESERVED
CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ...)
@@ -9547,8 +9605,8 @@ CVE-2021-46710
RESERVED
CVE-2022-27169
RESERVED
-CVE-2022-27167
- RESERVED
+CVE-2022-27167 (Privilege escalation vulnerability in Windows products of ESET, spol. ...)
+ TODO: check
CVE-2022-27166
RESERVED
CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...)
@@ -10142,42 +10200,42 @@ CVE-2022-26942
RESERVED
CVE-2022-26941
RESERVED
-CVE-2022-26940
- RESERVED
-CVE-2022-26939
- RESERVED
-CVE-2022-26938
- RESERVED
-CVE-2022-26937
- RESERVED
-CVE-2022-26936
- RESERVED
-CVE-2022-26935
- RESERVED
-CVE-2022-26934
- RESERVED
-CVE-2022-26933
- RESERVED
-CVE-2022-26932
- RESERVED
-CVE-2022-26931
- RESERVED
-CVE-2022-26930
- RESERVED
+CVE-2022-26940 (Remote Desktop Protocol Client Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-26939 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-26938 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-26937 (Windows Network File System Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-26936 (Windows Server Service Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-26935 (Windows WLAN AutoConfig Service Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-26934 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
+CVE-2022-26933 (Windows NTFS Information Disclosure Vulnerability. ...)
+ TODO: check
+CVE-2022-26932 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
+ TODO: check
+CVE-2022-26931 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-26930 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ TODO: check
CVE-2022-26929
RESERVED
CVE-2022-26928
RESERVED
-CVE-2022-26927
- RESERVED
-CVE-2022-26926
- RESERVED
-CVE-2022-26925
- RESERVED
+CVE-2022-26927 (Windows Graphics Component Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-26926 (Windows Address Book Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-26925 (Windows LSA Spoofing Vulnerability. ...)
+ TODO: check
CVE-2022-26924 (YARP Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-26923
- RESERVED
+CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-26922
RESERVED
CVE-2022-26921 (Visual Studio Code Elevation of Privilege Vulnerability. ...)
@@ -10196,8 +10254,8 @@ CVE-2022-26915 (Windows Secure Channel Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26914 (Win32k Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-26913
- RESERVED
+CVE-2022-26913 (Windows Authentication Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-26911 (Skype for Business Information Disclosure Vulnerability. ...)
@@ -11305,8 +11363,7 @@ CVE-2022-26477
RESERVED
CVE-2022-0867
RESERVED
-CVE-2022-0866
- RESERVED
+CVE-2022-0866 (This is a concurrency issue that can result in the wrong caller princi ...)
- wildfly <itp> (bug #752018)
CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cau ...)
{DSA-5108-1}
@@ -17081,8 +17138,8 @@ CVE-2022-24468 (Azure Site Recovery Remote Code Execution Vulnerability. This CV
NOT-FOR-US: Microsoft
CVE-2022-24467 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
NOT-FOR-US: Microsoft
-CVE-2022-24466
- RESERVED
+CVE-2022-24466 (Windows Hyper-V Security Feature Bypass Vulnerability. ...)
+ TODO: check
CVE-2022-24465 (Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-24464 (.NET and Visual Studio Denial of Service Vulnerability. ...)
@@ -21619,8 +21676,8 @@ CVE-2022-23281 (Windows Common Log File System Driver Information Disclosure Vul
NOT-FOR-US: Microsoft
CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-23279
- RESERVED
+CVE-2022-23279 (Windows ALPC Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-23278 (Microsoft Defender for Endpoint Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23277 (Microsoft Exchange Server Remote Code Execution Vulnerability. ...)
@@ -21637,14 +21694,14 @@ CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This
NOT-FOR-US: Microsoft
CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
NOT-FOR-US: Microsoft
-CVE-2022-23270
- RESERVED
+CVE-2022-23270 (Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23268 (Windows Hyper-V Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-23267
- RESERVED
+CVE-2022-23267 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...)
+ TODO: check
CVE-2022-23266 (Microsoft Defender for IoT Elevation of Privilege Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-23265 (Microsoft Defender for IoT Remote Code Execution Vulnerability. ...)
@@ -23796,8 +23853,8 @@ CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...
NOT-FOR-US: Microsoft
CVE-2022-22714
RESERVED
-CVE-2022-22713
- RESERVED
+CVE-2022-22713 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ TODO: check
CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-22711
@@ -28100,24 +28157,24 @@ CVE-2022-22021
RESERVED
CVE-2022-22020
RESERVED
-CVE-2022-22019
- RESERVED
+CVE-2022-22019 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-22018
RESERVED
-CVE-2022-22017
- RESERVED
-CVE-2022-22016
- RESERVED
-CVE-2022-22015
- RESERVED
-CVE-2022-22014
- RESERVED
-CVE-2022-22013
- RESERVED
-CVE-2022-22012
- RESERVED
-CVE-2022-22011
- RESERVED
+CVE-2022-22017 (Remote Desktop Client Remote Code Execution Vulnerability. ...)
+ TODO: check
+CVE-2022-22016 (Windows PlayToManager Elevation of Privilege Vulnerability. ...)
+ TODO: check
+CVE-2022-22015 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ TODO: check
+CVE-2022-22014 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-22013 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-22012 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...)
+ TODO: check
+CVE-2022-22011 (Windows Graphics Component Information Disclosure Vulnerability. This ...)
+ TODO: check
CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2022-22009 (Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is un ...)
@@ -28182,8 +28239,8 @@ CVE-2022-21980
RESERVED
CVE-2022-21979
RESERVED
-CVE-2022-21978
- RESERVED
+CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege Vulnerability. ...)
+ TODO: check
CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability. This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2022-21976
@@ -28194,8 +28251,8 @@ CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Executio
NOT-FOR-US: Microsoft
CVE-2022-21973 (Windows Media Center Update Denial of Service Vulnerability. ...)
NOT-FOR-US: Microsoft
-CVE-2022-21972
- RESERVED
+CVE-2022-21972 (Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. ...)
+ TODO: check
CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
NOT-FOR-US: Microsoft
CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
@@ -39431,26 +39488,26 @@ CVE-2022-20123
RESERVED
CVE-2022-20122
RESERVED
-CVE-2022-20121
- RESERVED
-CVE-2022-20120
- RESERVED
-CVE-2022-20119
- RESERVED
-CVE-2022-20118
- RESERVED
-CVE-2022-20117
- RESERVED
-CVE-2022-20116
- RESERVED
-CVE-2022-20115
- RESERVED
-CVE-2022-20114
- RESERVED
-CVE-2022-20113
- RESERVED
-CVE-2022-20112
- RESERVED
+CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...)
+ TODO: check
+CVE-2022-20120 (Product: AndroidVersions: Android kernelAndroid ID: A-203213034Referen ...)
+ TODO: check
+CVE-2022-20119 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...)
+ TODO: check
+CVE-2022-20118 (In ion_ioctl and related functions of ion.c, there is a possible use a ...)
+ TODO: check
+CVE-2022-20117 (In (TBD) of (TBD), there is a possible way to decrypt local data encry ...)
+ TODO: check
+CVE-2022-20116 (In onEntryUpdated of OngoingCallController.kt, it is possible to launc ...)
+ TODO: check
+CVE-2022-20115 (In broadcastServiceStateChanged of TelephonyRegistry.java, there is a ...)
+ TODO: check
+CVE-2022-20114 (In placeCall of TelecomManager.java, there is a possible way for an ap ...)
+ TODO: check
+CVE-2022-20113 (In mPreference of DefaultUsbConfigurationPreferenceController.java, th ...)
+ TODO: check
+CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, there ...)
+ TODO: check
CVE-2021-42523
RESERVED
CVE-2021-42522
@@ -40839,28 +40896,26 @@ CVE-2021-42040 (An issue was discovered in MediaWiki through 1.36.2. A parser fu
NOT-FOR-US: Loops MediaWiki extension
CVE-2021-3865
RESERVED
-CVE-2022-20011
- RESERVED
-CVE-2022-20010
- RESERVED
-CVE-2022-20009
- RESERVED
+CVE-2022-20011 (In getArray of NotificationManagerService.java , there is a possible l ...)
+ TODO: check
+CVE-2022-20010 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...)
+ TODO: check
+CVE-2022-20009 (In various functions of the USB gadget subsystem, there is a possible ...)
NOTE: CVE-2022-20009 duplicate of CVE-2022-25375 and CVE-2022-25258, Android CNA contacted
-CVE-2022-20008
- RESERVED
+CVE-2022-20008 (In mmc_blk_read_single of block.c, there is a possible way to read ker ...)
- linux 5.16.11-1
[bullseye] - linux 5.10.103-1
[buster] - linux 4.19.232-1
NOTE: https://source.android.com/security/bulletin/2022-05-01
NOTE: https://git.kernel.org/linus/54309fde1a352ad2674ebba004a79f7d20b9f037 (5.17-rc5)
-CVE-2022-20007
- RESERVED
-CVE-2022-20006
- RESERVED
-CVE-2022-20005
- RESERVED
-CVE-2022-20004
- RESERVED
+CVE-2022-20007 (In startActivityForAttachedApplicationIfNeeded of RootWindowContainer. ...)
+ TODO: check
+CVE-2022-20006 (In several functions of KeyguardServiceWrapper.java and related files, ...)
+ TODO: check
+CVE-2022-20005 (In validateApkInstallLocked of PackageInstallerSession.java, there is ...)
+ TODO: check
+CVE-2022-20004 (In checkSlicePermission of SliceManagerService.java, it is possible to ...)
+ TODO: check
CVE-2022-20003
RESERVED
CVE-2022-20002 (In incfs, there is a possible way of mounting on arbitrary paths due t ...)
@@ -46586,8 +46641,8 @@ CVE-2021-39740 (In Messaging, there is a possible way to bypass attachment restr
NOT-FOR-US: Android
CVE-2021-39739 (In ArrayMap, there is a possible leak of the content of SMS messages d ...)
NOT-FOR-US: Android
-CVE-2021-39738
- RESERVED
+CVE-2021-39738 (In CarSetings, there is a possible to pair BT device bypassing user's ...)
+ TODO: check
CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID: A-208229524Referen ...)
NOT-FOR-US: Pixel
CVE-2021-39736 (In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_peri ...)
@@ -46669,8 +46724,8 @@ CVE-2021-39702 (In onCreate of RequestManageCredentials.java, there is a possibl
NOT-FOR-US: Android
CVE-2021-39701 (In serviceConnection of ControlsProviderLifecycleManager.kt, there is ...)
NOT-FOR-US: Android
-CVE-2021-39700
- RESERVED
+CVE-2021-39700 (In the policies of adbd.te, there was a logic error which caused the C ...)
+ TODO: check
CVE-2021-39699
RESERVED
CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory corrupt ...)
@@ -46736,8 +46791,8 @@ CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a con
NOT-FOR-US: Android
CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2021-39670
- RESERVED
+CVE-2021-39670 (In setStream of WallpaperManager.java, there is a possible way to caus ...)
+ TODO: check
CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...)
NOT-FOR-US: Android
CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1044b2cd87ff5a4f3e0e185d1f50636c0a783294
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1044b2cd87ff5a4f3e0e185d1f50636c0a783294
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220511/f72cd1d7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list