[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 18 09:10:24 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c256aaee by security tracker role at 2022-05-18T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...)
+	TODO: check
+CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...)
+	TODO: check
+CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...)
+	TODO: check
+CVE-2022-1775
+	RESERVED
+CVE-2022-1774
+	RESERVED
+CVE-2022-1773
+	RESERVED
+CVE-2022-1772
+	RESERVED
+CVE-2022-1771
+	RESERVED
+CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...)
+	TODO: check
 CVE-2022-30973
 	RESERVED
 CVE-2022-1770
@@ -744,7 +762,7 @@ CVE-2021-4228
 CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...)
 	NOT-FOR-US: HashiCorp
 CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...)
-	{DSA-5137-1}
+	{DSA-5137-1 DLA-3013-1}
 	- needrestart 3.6-1 (bug #1011154)
 	NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9
@@ -2544,12 +2562,12 @@ CVE-2022-30056
 	RESERVED
 CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that ...)
 	NOT-FOR-US: Prime95
-CVE-2022-30054
-	RESERVED
-CVE-2022-30053
-	RESERVED
-CVE-2022-30052
-	RESERVED
+CVE-2022-30054 (In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerab ...)
+	TODO: check
+CVE-2022-30053 (In Toll Tax Management System 1.0, the id parameter appears to be vuln ...)
+	TODO: check
+CVE-2022-30052 (In Home Clean Service System 1.0, the password parameter is vulnerable ...)
+	TODO: check
 CVE-2022-30051
 	RESERVED
 CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...)
@@ -2562,8 +2580,8 @@ CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection v
 	NOT-FOR-US: Mingsoft MCMS
 CVE-2022-30046
 	RESERVED
-CVE-2022-30045
-	RESERVED
+CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+	TODO: check
 CVE-2022-30044
 	RESERVED
 CVE-2022-30043
@@ -4413,10 +4431,10 @@ CVE-2022-29438
 	RESERVED
 CVE-2022-29437
 	RESERVED
-CVE-2022-29436
-	RESERVED
-CVE-2022-29435
-	RESERVED
+CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...)
+	TODO: check
+CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...)
+	TODO: check
 CVE-2022-29434
 	RESERVED
 CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS)  ...)
@@ -4832,20 +4850,20 @@ CVE-2022-1364
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2022-1363
 	RESERVED
-CVE-2022-1362
-	RESERVED
-CVE-2022-1361
-	RESERVED
-CVE-2022-1360
-	RESERVED
-CVE-2022-1359
-	RESERVED
-CVE-2022-1358
-	RESERVED
-CVE-2022-1357
-	RESERVED
-CVE-2022-1356
-	RESERVED
+CVE-2022-1362 (The affected On-Premise cnMaestro is vulnerable inside a specific rout ...)
+	TODO: check
+CVE-2022-1361 (The affected On-Premise cnMaestro is vulnerable to a pre-auth data exf ...)
+	TODO: check
+CVE-2022-1360 (The affected On-Premise cnMaestro is vulnerable to execution of code o ...)
+	TODO: check
+CVE-2022-1359 (The affected On-Premise cnMaestro is vulnerable to an arbitrary file-w ...)
+	TODO: check
+CVE-2022-1358 (The affected On-Premise is vulnerable to data exfiltration through imp ...)
+	TODO: check
+CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attacker t ...)
+	TODO: check
+CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...)
+	TODO: check
 CVE-2022-1355
 	RESERVED
 	- tiff 4.3.0-8 (bug #1011160)
@@ -5064,8 +5082,8 @@ CVE-2022-29176 (Rubygems is a package registry used to supply software for the R
 	TODO: check
 CVE-2022-29175
 	REJECTED
-CVE-2022-29174
-	RESERVED
+CVE-2022-29174 (countly-server is the server-side part of Countly, a product analytics ...)
+	TODO: check
 CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf do ...)
 	- golang-github-endophage-gotuf <removed>
 	[stretch] - golang-github-endophage-gotuf <not-affected> (Vulnerable code not present)
@@ -5092,8 +5110,7 @@ CVE-2022-29164 (Argo Workflows is an open source container-native workflow engin
 	NOT-FOR-US: Argo Workflows
 CVE-2022-29163
 	RESERVED
-CVE-2022-29162
-	RESERVED
+CVE-2022-29162 (runc is a CLI tool for spawning and running containers on Linux accord ...)
 	- runc <unfixed>
 	[stretch] - runc <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/12/1
@@ -6603,10 +6620,10 @@ CVE-2022-28619
 	RESERVED
 CVE-2022-28618
 	RESERVED
-CVE-2022-28617
-	RESERVED
-CVE-2022-28616
-	RESERVED
+CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in  ...)
+	TODO: check
+CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
+	TODO: check
 CVE-2022-28615
 	RESERVED
 CVE-2022-28614
@@ -7854,8 +7871,7 @@ CVE-2022-28194 (NVIDIA Jetson Linux Driver Package contains a vulnerability in t
 	NOT-FOR-US: NVIDIA Jetson Linux Driver Package
 CVE-2022-28193 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...)
 	NOT-FOR-US: NVIDIA Jetson Linux Driver Package
-CVE-2022-28192
-	RESERVED
+CVE-2022-28192 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
 	- nvidia-graphics-drivers <unfixed> (bug #1011140)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7869,8 +7885,7 @@ CVE-2022-28192
 	[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28191
-	RESERVED
+CVE-2022-28191 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
 	- nvidia-graphics-drivers <unfixed> (bug #1011140)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7880,18 +7895,17 @@ CVE-2022-28191
 	[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28190
-	RESERVED
-CVE-2022-28189
-	RESERVED
-CVE-2022-28188
-	RESERVED
-CVE-2022-28187
-	RESERVED
-CVE-2022-28186
-	RESERVED
-CVE-2022-28185
-	RESERVED
+CVE-2022-28190 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2022-28189 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2022-28188 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2022-28187 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2022-28186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2022-28185 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers <unfixed> (bug #1011140)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7910,8 +7924,7 @@ CVE-2022-28185
 	[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28184
-	RESERVED
+CVE-2022-28184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers <unfixed> (bug #1011140)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7921,8 +7934,7 @@ CVE-2022-28184
 	[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28183
-	RESERVED
+CVE-2022-28183 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers <unfixed> (bug #1011140)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7932,10 +7944,9 @@ CVE-2022-28183
 	[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28182
-	RESERVED
-CVE-2022-28181
-	RESERVED
+CVE-2022-28182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the  ...)
+	TODO: check
+CVE-2022-28181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
 	- nvidia-graphics-drivers <unfixed> (bug #1011140)
 	[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8257,8 +8268,8 @@ CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting a
 	- gitlab <unfixed>
 CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-1118
-	RESERVED
+CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbenc ...)
+	TODO: check
 CVE-2022-1117
 	RESERVED
 	NOT-FOR-US: fapolicyd
@@ -10674,8 +10685,8 @@ CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s vi
 	[stretch] - linux <not-affected> (ulnerable code not present)
 	NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6)
 	NOTE: CONFIG_VHOST_VDPA not set in Debian
-CVE-2022-0997
-	RESERVED
+CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...)
+	TODO: check
 CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...)
 	- 389-ds-base 2.0.15-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
@@ -18734,20 +18745,20 @@ CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57,
 	NOT-FOR-US: SAP
 CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...)
 	NOT-FOR-US: SAP
-CVE-2022-24394
-	RESERVED
-CVE-2022-24393
-	RESERVED
-CVE-2022-24392
-	RESERVED
-CVE-2022-24391
-	RESERVED
-CVE-2022-24390
-	RESERVED
-CVE-2022-24389
-	RESERVED
-CVE-2022-24388
-	RESERVED
+CVE-2022-24394 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
+	TODO: check
+CVE-2022-24393 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
+	TODO: check
+CVE-2022-24392 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
+	TODO: check
+CVE-2022-24391 (Vulnerability in Fidelis Network and Deception CommandPost enables SQL ...)
+	TODO: check
+CVE-2022-24390 (Vulnerability in rconfig “remote_text_file” enables an att ...)
+	TODO: check
+CVE-2022-24389 (Vulnerability in rconfig “cert_utils” enables an attacker  ...)
+	TODO: check
+CVE-2022-24388 (Vulnerability in rconfig “date” enables an attacker with u ...)
+	TODO: check
 CVE-2022-24387 (With administrator or admin privileges the application can be tricked  ...)
 	NOT-FOR-US: SmarterTrack
 CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...)
@@ -18765,8 +18776,8 @@ CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remov
 	NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/
 	NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4)
 	NOTE: CONFIG_MMC_MOXART is not set in Debian.
-CVE-2022-0486
-	RESERVED
+CVE-2022-0486 (Improper file permissions in the CommandPost, Collector, Sensor, and S ...)
+	TODO: check
 CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image]
 	RESERVED
 	- libnbd 1.10.5-1 (bug #1005307)
@@ -21567,8 +21578,8 @@ CVE-2022-23708 (A flaw was discovered in Elasticsearch 7.17.0’s upgrade as
 	- elasticsearch <removed>
 CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...)
 	- kibana <itp> (bug #700337)
-CVE-2022-23706
-	RESERVED
+CVE-2022-23706 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...)
+	TODO: check
 CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...)
 	NOT-FOR-US: HPE
 CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...)
@@ -59247,8 +59258,8 @@ CVE-2021-35251 (Sensitive information could be displayed when a detailed technic
 	NOT-FOR-US: Solarwinds
 CVE-2021-35250 (A researcher reported a Directory Transversal Vulnerability in Serv-U  ...)
 	NOT-FOR-US: Serv-U
-CVE-2021-35249
-	RESERVED
+CVE-2021-35249 (This broken access control vulnerability pertains specifically to a do ...)
+	TODO: check
 CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
 	NOT-FOR-US: SolarWinds
 CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c256aaee6efb4d35fc646fffbf7421e178d8f850

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c256aaee6efb4d35fc646fffbf7421e178d8f850
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220518/93cc5484/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list