[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 26 21:10:37 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce9f4063 by security tracker role at 2022-05-26T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2022-31749
+ RESERVED
+CVE-2022-31748
+ RESERVED
+CVE-2022-31747
+ RESERVED
+CVE-2022-31746
+ RESERVED
+CVE-2022-31745
+ RESERVED
+CVE-2022-31744
+ RESERVED
+CVE-2022-31743
+ RESERVED
+CVE-2022-31742
+ RESERVED
+CVE-2022-31741
+ RESERVED
+CVE-2022-31740
+ RESERVED
+CVE-2022-31739
+ RESERVED
+CVE-2022-31738
+ RESERVED
+CVE-2022-31737
+ RESERVED
+CVE-2022-31736
+ RESERVED
+CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...)
+ TODO: check
+CVE-2022-1898
+ RESERVED
+CVE-2022-1897
+ RESERVED
+CVE-2022-1896
+ RESERVED
+CVE-2022-1895
+ RESERVED
+CVE-2022-1894
+ RESERVED
+CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...)
+ TODO: check
CVE-2022-31733
RESERVED
CVE-2022-31732
@@ -242,22 +284,21 @@ CVE-2022-1889
RESERVED
CVE-2022-1888
RESERVED
-CVE-2021-4231
- RESERVED
+CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...)
+ TODO: check
CVE-2022-31619
RESERVED
CVE-2022-1887
RESERVED
-CVE-2022-1886
- RESERVED
+CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ TODO: check
CVE-2022-1885
RESERVED
CVE-2022-1884
RESERVED
CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...)
NOT-FOR-US: camptocamp/terraboard
-CVE-2022-1882
- RESERVED
+CVE-2022-1882 (A flaw use after free in the Linux kernel pipes functionality was foun ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1234,8 +1275,8 @@ CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User Se
NOT-FOR-US: Gitblit
CVE-2022-31266
RESERVED
-CVE-2022-31265
- RESERVED
+CVE-2022-31265 (The replay feature in the client in Wargaming World of Warships 0.11.4 ...)
+ TODO: check
CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via ...)
NOT-FOR-US: Solana rBPF
CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail ...)
@@ -2542,38 +2583,31 @@ CVE-2022-30793
RESERVED
CVE-2022-30790
RESERVED
-CVE-2022-30789
- RESERVED
+CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...)
- ntfs-3g <unfixed> (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
-CVE-2022-30788
- RESERVED
+CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...)
- ntfs-3g <unfixed> (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
-CVE-2022-30787
- RESERVED
+CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...)
- ntfs-3g <unfixed> (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
-CVE-2022-30786
- RESERVED
+CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_na ...)
- ntfs-3g <unfixed> (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
-CVE-2022-30785
- RESERVED
+CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...)
- ntfs-3g <unfixed> (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
-CVE-2022-30784
- RESERVED
+CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_v ...)
- ntfs-3g <unfixed> (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
-CVE-2022-30783
- RESERVED
+CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...)
- ntfs-3g <unfixed> (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58
@@ -3155,8 +3189,7 @@ CVE-2022-1666
RESERVED
CVE-2022-1665
RESERVED
-CVE-2022-1664 [directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar]
- RESERVED
+CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...)
{DSA-5147-1 DLA-3022-1}
- dpkg 1.21.8
NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b (1.21.8)
@@ -3327,8 +3360,8 @@ CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was discovered
TODO: check
CVE-2022-30517
RESERVED
-CVE-2022-30516
- RESERVED
+CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the doctor ...)
+ TODO: check
CVE-2022-30515
RESERVED
CVE-2022-30514
@@ -3343,8 +3376,8 @@ CVE-2022-30510
RESERVED
CVE-2022-30509
RESERVED
-CVE-2022-30508
- RESERVED
+CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...)
+ TODO: check
CVE-2022-30507
RESERVED
CVE-2022-30506
@@ -3359,8 +3392,8 @@ CVE-2022-30502
RESERVED
CVE-2022-30501
RESERVED
-CVE-2022-30500
- RESERVED
+CVE-2022-30500 (Jfinal cms 5.1.0 is vulnerable to SQL Injection. ...)
+ TODO: check
CVE-2022-30499
RESERVED
CVE-2022-30498
@@ -3369,12 +3402,12 @@ CVE-2022-30497
RESERVED
CVE-2022-30496
RESERVED
-CVE-2022-30495
- RESERVED
-CVE-2022-30494
- RESERVED
-CVE-2022-30493
- RESERVED
+CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name id param ...)
+ TODO: check
+CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first and las ...)
+ TODO: check
+CVE-2022-30493 (In oretnom23 Automotive Shop Management System v1.0, the product id pa ...)
+ TODO: check
CVE-2022-30492
RESERVED
CVE-2022-30491
@@ -3405,18 +3438,18 @@ CVE-2022-30479
RESERVED
CVE-2022-30478
RESERVED
-CVE-2022-30477
- RESERVED
-CVE-2022-30476
- RESERVED
-CVE-2022-30475
- RESERVED
-CVE-2022-30474
- RESERVED
-CVE-2022-30473
- RESERVED
-CVE-2022-30472
- RESERVED
+CVE-2022-30477 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...)
+ TODO: check
+CVE-2022-30476 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...)
+ TODO: check
+CVE-2022-30475 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...)
+ TODO: check
+CVE-2022-30474 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...)
+ TODO: check
+CVE-2022-30473 (Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffe ...)
+ TODO: check
+CVE-2022-30472 (Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer ...)
+ TODO: check
CVE-2022-30471
RESERVED
CVE-2022-30470
@@ -5629,10 +5662,10 @@ CVE-2022-29723
RESERVED
CVE-2022-29722
RESERVED
-CVE-2022-29721
- RESERVED
-CVE-2022-29720
- RESERVED
+CVE-2022-29721 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulner ...)
+ TODO: check
CVE-2022-29719
RESERVED
CVE-2022-29718
@@ -5693,34 +5726,34 @@ CVE-2022-29691
RESERVED
CVE-2022-29690
RESERVED
-CVE-2022-29689
- RESERVED
-CVE-2022-29688
- RESERVED
-CVE-2022-29687
- RESERVED
-CVE-2022-29686
- RESERVED
-CVE-2022-29685
- RESERVED
-CVE-2022-29684
- RESERVED
-CVE-2022-29683
- RESERVED
-CVE-2022-29682
- RESERVED
-CVE-2022-29681
- RESERVED
-CVE-2022-29680
- RESERVED
+CVE-2022-29689 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29688 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29687 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29686 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29685 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29684 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29683 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29682 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29681 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29680 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
CVE-2022-29679
RESERVED
CVE-2022-29678
RESERVED
CVE-2022-29677
RESERVED
-CVE-2022-29676
- RESERVED
+CVE-2022-29676 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-29675
RESERVED
CVE-2022-29674
@@ -5731,28 +5764,28 @@ CVE-2022-29672
RESERVED
CVE-2022-29671
RESERVED
-CVE-2022-29670
- RESERVED
-CVE-2022-29669
- RESERVED
+CVE-2022-29670 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29669 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-29668
RESERVED
-CVE-2022-29667
- RESERVED
-CVE-2022-29666
- RESERVED
-CVE-2022-29665
- RESERVED
-CVE-2022-29664
- RESERVED
-CVE-2022-29663
- RESERVED
-CVE-2022-29662
- RESERVED
-CVE-2022-29661
- RESERVED
-CVE-2022-29660
- RESERVED
+CVE-2022-29667 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29666 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29665 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29664 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29663 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29662 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2022-29661 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...)
+ TODO: check
+CVE-2022-29660 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2022-29659
RESERVED
CVE-2022-29658
@@ -7346,8 +7379,8 @@ CVE-2022-29093
RESERVED
CVE-2022-29092
RESERVED
-CVE-2022-29091
- RESERVED
+CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...)
+ TODO: check
CVE-2022-29090
RESERVED
CVE-2022-29089
@@ -7364,8 +7397,8 @@ CVE-2022-29084
RESERVED
CVE-2022-29083
RESERVED
-CVE-2022-29082
- RESERVED
+CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...)
+ TODO: check
CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-1331 (In four instances DMARS (All versions prior to v2.1.10.24) does not pr ...)
@@ -8481,8 +8514,8 @@ CVE-2022-1264
RESERVED
CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...)
NOT-FOR-US: D-Link Routers
-CVE-2022-1261
- RESERVED
+CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...)
+ TODO: check
CVE-2022-1260
RESERVED
CVE-2022-1259
@@ -11287,8 +11320,8 @@ CVE-2022-27778 [curl: removes wrong file on error]
NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/1
NOTE: https://curl.se/docs/CVE-2022-27778.html
NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1)
-CVE-2022-27777
- RESERVED
+CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5. ...)
+ TODO: check
CVE-2022-27776 [Auth/cookie leak on redirect]
RESERVED
- curl 7.83.0-1 (bug #1010252)
@@ -13806,8 +13839,8 @@ CVE-2022-26867
RESERVED
CVE-2022-26866
RESERVED
-CVE-2022-26865
- RESERVED
+CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...)
+ TODO: check
CVE-2022-26864
RESERVED
CVE-2022-26863
@@ -13822,8 +13855,8 @@ CVE-2022-26859
RESERVED
CVE-2022-26858
RESERVED
-CVE-2022-26857
- RESERVED
+CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an imprope ...)
+ TODO: check
CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...)
NOT-FOR-US: EMC
CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect d ...)
@@ -14276,17 +14309,17 @@ CVE-2022-26693
RESERVED
CVE-2022-26692
RESERVED
-CVE-2022-26691
- RESERVED
+CVE-2022-26691 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-5149-1}
- cups <unfixed> (bug #1011769)
NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 (v2.4.2)
NOTE: Followup (fix comment): https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1
-CVE-2022-26690
- RESERVED
+CVE-2022-26690 (Description: A race condition was addressed with additional validation ...)
+ TODO: check
CVE-2022-26689
RESERVED
-CVE-2022-26688
- RESERVED
+CVE-2022-26688 (An issue in the handling of symlinks was addressed with improved valid ...)
+ TODO: check
CVE-2022-26687
RESERVED
CVE-2022-26686
@@ -20672,24 +20705,24 @@ CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path travers
NOT-FOR-US: EMC
CVE-2022-24423 (Dell EMC iDRAC8 versions 2.81.81 and earlier contain a denial of servi ...)
NOT-FOR-US: EMC
-CVE-2022-24422
- RESERVED
+CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, con ...)
+ TODO: check
CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2022-24419 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
-CVE-2022-24418
- RESERVED
-CVE-2022-24417
- RESERVED
+CVE-2022-24418 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
+CVE-2022-24417 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ TODO: check
CVE-2022-24416 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
-CVE-2022-24414
- RESERVED
+CVE-2022-24414 (Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is expos ...)
+ TODO: check
CVE-2022-24413 (Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-t ...)
NOT-FOR-US: Dell PowerScale OneFS
CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling ...)
@@ -27495,16 +27528,16 @@ CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher all
NOT-FOR-US: Rancher
CVE-2022-22677
RESERVED
-CVE-2022-22676
- RESERVED
-CVE-2022-22675
- RESERVED
-CVE-2022-22674
- RESERVED
-CVE-2022-22673
- RESERVED
-CVE-2022-22672
- RESERVED
+CVE-2022-22676 (An event handler validation issue in the XPC Services API was addresse ...)
+ TODO: check
+CVE-2022-22675 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2022-22674 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
+ TODO: check
+CVE-2022-22673 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2022-22672 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
CVE-2022-22671 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
CVE-2022-22670 (An access issue was addressed with improved access restrictions. This ...)
@@ -27521,10 +27554,10 @@ CVE-2022-22665 (A logic issue was addressed with improved validation. This issue
NOT-FOR-US: Apple
CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2022-22663
- RESERVED
-CVE-2022-22662
- RESERVED
+CVE-2022-22663 (This issue was addressed with improved checks to prevent unauthorized ...)
+ TODO: check
+CVE-2022-22662 (A cookie management issue was addressed with improved state management ...)
+ TODO: check
CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...)
NOT-FOR-US: Apple
CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...)
@@ -27639,8 +27672,8 @@ CVE-2022-22618 (This issue was addressed with improved checks. This issue is fix
NOT-FOR-US: Apple
CVE-2022-22617 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
-CVE-2022-22616
- RESERVED
+CVE-2022-22616 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2022-22615 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2022-22614 (A use after free issue was addressed with improved memory management. ...)
@@ -27721,10 +27754,9 @@ CVE-2022-22579 (An information disclosure issue was addressed with improved stat
NOT-FOR-US: Apple
CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
-CVE-2022-22577
- RESERVED
-CVE-2022-22576 [OAUTH2 bearer bypass in connection re-use]
- RESERVED
+CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that co ...)
+ TODO: check
+CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...)
- curl 7.83.0-1 (bug #1010295)
NOTE: https://curl.se/docs/CVE-2022-22576.html
NOTE: Fixed by: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425 (curl-7_83_0)
@@ -33219,16 +33251,16 @@ CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding secur
NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2
CVE-2022-21832
RESERVED
-CVE-2022-21831
- RESERVED
+CVE-2022-21831 (A code injection vulnerability exists in the Active Storage >= v5.2 ...)
+ TODO: check
CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 ...)
NOT-FOR-US: Rocket.Chat.Livechat
CVE-2022-21829
RESERVED
CVE-2022-21828 (A user with high privilege access to the Incapptic Connect web console ...)
NOT-FOR-US: Ivanti
-CVE-2022-21827
- RESERVED
+CVE-2022-21827 (An improper privilege vulnerability has been discovered in Citrix Gate ...)
+ TODO: check
CVE-2022-21826
RESERVED
CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...)
@@ -39802,8 +39834,8 @@ CVE-2022-20823
RESERVED
CVE-2022-20822
RESERVED
-CVE-2022-20821
- RESERVED
+CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software could ...)
+ TODO: check
CVE-2022-20820
RESERVED
CVE-2022-20819
@@ -39826,8 +39858,8 @@ CVE-2022-20811
RESERVED
CVE-2022-20810
RESERVED
-CVE-2022-20809
- RESERVED
+CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...)
+ TODO: check
CVE-2022-20808
RESERVED
CVE-2022-20807
@@ -41188,10 +41220,10 @@ CVE-2021-42862
RESERVED
CVE-2021-42861
RESERVED
-CVE-2021-42860
- RESERVED
-CVE-2021-42859
- RESERVED
+CVE-2021-42860 (A stack buffer overflow exists in Mini-XML v3.2. When inputting an unf ...)
+ TODO: check
+CVE-2021-42859 (A memory leak issue was discovered in Mini-XML v3.2 that could cause a ...)
+ TODO: check
CVE-2021-42858
RESERVED
CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...)
@@ -41653,8 +41685,8 @@ CVE-2021-42694 (** DISPUTED ** An issue was discovered in the character definiti
NOT-FOR-US: Unicode spec
CVE-2021-42693
RESERVED
-CVE-2021-42692
- RESERVED
+CVE-2021-42692 (There is a stack-overflow vulnerability in tinytoml v0.4 that can caus ...)
+ TODO: check
CVE-2021-42691
RESERVED
CVE-2021-42690
@@ -48923,8 +48955,8 @@ CVE-2021-40319
RESERVED
CVE-2021-40318
RESERVED
-CVE-2021-40317
- RESERVED
+CVE-2021-40317 (Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.p ...)
+ TODO: check
CVE-2021-40316
RESERVED
CVE-2021-40315
@@ -49468,7 +49500,7 @@ CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When aud
CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...)
NOT-FOR-US: PrimeKey
CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...)
- {DSA-4983-1}
+ {DSA-4983-1 DLA-3027-1}
- neutron 2:18.1.0-3 (bug #993398)
NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2
NOTE: https://launchpad.net/bugs/1939733
@@ -50310,7 +50342,8 @@ CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a possibl
NOT-FOR-US: Android
CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way to clea ...)
NOT-FOR-US: Android
-CVE-2021-39705 (In getNotificationTag of LegacyVoicemailNotifier.java, there is a poss ...)
+CVE-2021-39705
+ REJECTED
NOT-FOR-US: Android
CVE-2021-39704 (In deleteNotificationChannelGroup of NotificationManagerService.java, ...)
NOT-FOR-US: Android
@@ -63534,8 +63567,8 @@ CVE-2021-34362 (A command injection vulnerability has been reported to affect QN
NOT-FOR-US: QNAP
CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
NOT-FOR-US: QNAP
-CVE-2021-34360
- RESERVED
+CVE-2021-34360 (A cross-site request forgery (CSRF) vulnerability has been reported to ...)
+ TODO: check
CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
NOT-FOR-US: QNAP
CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...)
@@ -66845,12 +66878,12 @@ CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in Philips
NOT-FOR-US: Philips Vue PACS
CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...)
NOT-FOR-US: Philips
-CVE-2021-33016
- RESERVED
+CVE-2021-33016 (An attacker can gain full access (read/write/delete) to sensitive fold ...)
+ TODO: check
CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
NOT-FOR-US: Cscape
-CVE-2021-33014
- RESERVED
+CVE-2021-33014 (An attacker can gain VxWorks Shell after login due to hard-coded crede ...)
+ TODO: check
CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...)
NOT-FOR-US: mySCADA myPRO
CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...)
@@ -72125,40 +72158,40 @@ CVE-2021-31012
REJECTED
CVE-2021-31011
REJECTED
-CVE-2021-31010
- REJECTED
-CVE-2021-31009
- REJECTED
-CVE-2021-31008
- REJECTED
-CVE-2021-31007
- REJECTED
-CVE-2021-31006
- REJECTED
-CVE-2021-31005
- REJECTED
-CVE-2021-31004
- REJECTED
+CVE-2021-31010 (A deserialization issue was addressed through improved validation. Thi ...)
+ TODO: check
+CVE-2021-31009 (Multiple issues were addressed by removing HDF5. This issue is fixed i ...)
+ TODO: check
+CVE-2021-31008 (A type confusion issue was addressed with improved memory handling. Th ...)
+ TODO: check
+CVE-2021-31007 (Description: A permissions issue was addressed with improved validatio ...)
+ TODO: check
+CVE-2021-31006 (Description: A permissions issue was addressed with improved validatio ...)
+ TODO: check
+CVE-2021-31005 (Description: A logic issue was addressed with improved state managemen ...)
+ TODO: check
+CVE-2021-31004 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
CVE-2021-31003
REJECTED
CVE-2021-31002
REJECTED
-CVE-2021-31001
- REJECTED
-CVE-2021-31000
- REJECTED
-CVE-2021-30999
- REJECTED
-CVE-2021-30998
- REJECTED
-CVE-2021-30997
- REJECTED
+CVE-2021-31001 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
+CVE-2021-31000 (A permissions issue was addressed with improved validation. This issue ...)
+ TODO: check
+CVE-2021-30999 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2021-30998 (A S/MIME issue existed in the handling of encrypted email. This issue ...)
+ TODO: check
+CVE-2021-30997 (A S/MIME issue existed in the handling of encrypted email. This issue ...)
+ TODO: check
CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
-CVE-2021-30994
- REJECTED
+CVE-2021-30994 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...)
@@ -72225,8 +72258,8 @@ CVE-2021-30964 (An inherited permissions issue was addressed with additional res
NOT-FOR-US: Apple
CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
-CVE-2021-30962
- REJECTED
+CVE-2021-30962 (A memory initialization issue was addressed with improved memory handl ...)
+ TODO: check
CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...)
@@ -72237,8 +72270,8 @@ CVE-2021-30958 (An out-of-bounds read was addressed with improved input validati
NOT-FOR-US: Apple
CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
-CVE-2021-30956
- REJECTED
+CVE-2021-30956 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ TODO: check
CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
@@ -72277,10 +72310,10 @@ CVE-2021-30946 (A logic issue was addressed with improved restrictions. This iss
NOT-FOR-US: Apple
CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2021-30944
- REJECTED
-CVE-2021-30943
- REJECTED
+CVE-2021-30944 (Description: A logic issue was addressed with improved state managemen ...)
+ TODO: check
+CVE-2021-30943 (An issue in the handling of group membership was resolved with improve ...)
+ TODO: check
CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...)
NOT-FOR-US: Apple
CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...)
@@ -72307,8 +72340,8 @@ CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handl
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.34.4-1
NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
-CVE-2021-30933
- REJECTED
+CVE-2021-30933 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)
NOT-FOR-US: Apple
CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...)
@@ -157970,6 +158003,7 @@ CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are
CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...)
NOT-FOR-US: PACTware
CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...)
+ {DLA-3024-1}
- python-django 2:2.2.11-1 (low; bug #953102)
[buster] - python-django 1:1.11.29-1~deb10u1
[jessie] - python-django <not-affected> (Vulnerable code introduced later)
@@ -202275,6 +202309,7 @@ CVE-2019-13034
CVE-2016-10761 (Logitech Unifying devices before 2016-02-26 allow keystroke injection, ...)
NOT-FOR-US: Logitech
CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...)
+ {DLA-3025-1}
- irssi 1.2.1-1 (low; bug #931264)
[buster] - irssi 1.2.0-2+deb10u1
[jessie] - irssi <not-affected> (vulnerable sasl code is not present)
@@ -224126,6 +224161,7 @@ CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-09
CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...)
NOT-FOR-US: Ubiquiti Networks UniFi Video
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...)
+ {DLA-3026-1}
- filezilla 3.45.1-1 (low; bug #928282)
[buster] - filezilla 3.39.0-2+deb10u1
[jessie] - filezilla <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce9f4063b6be3608ed9fa14b1061f0f40b365b5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce9f4063b6be3608ed9fa14b1061f0f40b365b5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220526/db9702b7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list