[Git][security-tracker-team/security-tracker][master] automatic update

Sat May 14 09:10:25 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb2a81f2 by security tracker role at 2022-05-14T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2022-1716
+	RESERVED
 CVE-2022-30703
 	RESERVED
 CVE-2022-30702
@@ -220,10 +222,10 @@ CVE-2022-1704
 	RESERVED
 CVE-2022-1703
 	RESERVED
-CVE-2022-1702
-	RESERVED
-CVE-2022-1701
-	RESERVED
+CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...)
+	TODO: check
+CVE-2022-1701 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...)
+	TODO: check
 CVE-2022-1700
 	RESERVED
 CVE-2022-30616
@@ -7670,6 +7672,7 @@ CVE-2022-28046
 CVE-2022-28045
 	RESERVED
 CVE-2022-28044 (Irzip v0.640 was discovered to contain a heap memory corruption via th ...)
+	{DLA-3005-1}
 	- lrzip 0.650-1
 	NOTE: https://github.com/ckolivas/lrzip/issues/216
 	NOTE: Fixed by: https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 (v0.650)
@@ -13419,12 +13422,12 @@ CVE-2022-25867
 	RESERVED
 CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to Command I ...)
 	NOT-FOR-US: git-php
-CVE-2022-25865
-	RESERVED
+CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to Command In ...)
+	TODO: check
 CVE-2022-25863
 	RESERVED
-CVE-2022-25862
-	RESERVED
+CVE-2022-25862 (This affects the package sds from 0.0.0. The library could be tricked  ...)
+	TODO: check
 CVE-2022-25861
 	RESERVED
 CVE-2022-25860
@@ -13652,8 +13655,8 @@ CVE-2022-21192
 	RESERVED
 CVE-2022-21191
 	RESERVED
-CVE-2022-21190
-	RESERVED
+CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...)
+	TODO: check
 CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...)
 	NOT-FOR-US: dexie
 CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...)
@@ -16559,10 +16562,10 @@ CVE-2022-24833 (PrivateBin is minimalist, open source online pastebin clone wher
 	NOT-FOR-US: PrivateBin
 CVE-2022-24832 (GoCD is an open source a continuous delivery server. The bundled gocd- ...)
 	NOT-FOR-US: GoCD
-CVE-2022-24831
-	RESERVED
-CVE-2022-24830
-	RESERVED
+CVE-2022-24831 (OpenClinica is an open source software for Electronic Data Capture (ED ...)
+	TODO: check
+CVE-2022-24830 (OpenClinica is an open source software for Electronic Data Capture (ED ...)
+	TODO: check
 CVE-2022-24829 (Garden is an automation platform for Kubernetes development and testin ...)
 	NOT-FOR-US: Garden
 CVE-2022-24828 (Composer is a dependency manager for the PHP programming language. Int ...)
@@ -26221,10 +26224,10 @@ CVE-2021-4191 (An issue has been discovered in GitLab CE/EE affecting versions 1
 	NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/
 CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...)
 	NOT-FOR-US: Netgear
-CVE-2022-22282
-	RESERVED
-CVE-2022-22281
-	RESERVED
+CVE-2022-22282 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...)
+	TODO: check
+CVE-2022-22281 (A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender W ...)
+	TODO: check
 CVE-2022-22280
 	RESERVED
 CVE-2022-22279 (** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file r ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb2a81f29cf9ed3426ac8cb2c10aaf07abf08158

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb2a81f29cf9ed3426ac8cb2c10aaf07abf08158
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220514/4b2e1428/attachment.htm>
