[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 27 09:10:22 BST 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f137f91f by security tracker role at 2022-05-27T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2022-31763
+	RESERVED
+CVE-2022-31762
+	RESERVED
+CVE-2022-31761
+	RESERVED
+CVE-2022-31760
+	RESERVED
+CVE-2022-31759
+	RESERVED
+CVE-2022-31758
+	RESERVED
+CVE-2022-31757
+	RESERVED
+CVE-2022-31756
+	RESERVED
+CVE-2022-31755
+	RESERVED
+CVE-2022-31754
+	RESERVED
+CVE-2022-31753
+	RESERVED
+CVE-2022-31752
+	RESERVED
+CVE-2022-31751
+	RESERVED
+CVE-2022-31750
+	RESERVED
+CVE-2022-1902
+	RESERVED
+CVE-2022-1901
+	RESERVED
+CVE-2022-1900
+	RESERVED
+CVE-2021-46815
+	RESERVED
+CVE-2021-46814
+	RESERVED
+CVE-2021-46813
+	RESERVED
+CVE-2021-46812
+	RESERVED
+CVE-2021-46811
+	RESERVED
+CVE-2020-36527
+	RESERVED
+CVE-2020-36526
+	RESERVED
+CVE-2020-36525
+	RESERVED
+CVE-2020-36524
+	RESERVED
+CVE-2020-36523
+	RESERVED
 CVE-2022-31749
 	RESERVED
 CVE-2022-31748
@@ -214,8 +268,8 @@ CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffst
 	NOTE: https://sourceforge.net/p/sox/bugs/360/
 CVE-2022-31649
 	RESERVED
-CVE-2022-31648
-	RESERVED
+CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...)
+	TODO: check
 CVE-2022-31647
 	RESERVED
 CVE-2022-31646
@@ -2710,10 +2764,10 @@ CVE-2022-30703
 	RESERVED
 CVE-2022-30702
 	RESERVED
-CVE-2022-30701
-	RESERVED
-CVE-2022-30700
-	RESERVED
+CVE-2022-30701 (An uncontrolled search path element vulnerability in Trend Micro Apex  ...)
+	TODO: check
+CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
+	TODO: check
 CVE-2022-30699
 	RESERVED
 CVE-2022-30698
@@ -2779,8 +2833,8 @@ CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privile
 	- needrestart 3.6-1 (bug #1011154)
 	NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9
-CVE-2022-30687
-	RESERVED
+CVE-2022-30687 (Trend Micro Maximum Security 2022 is vulnerable to a link following vu ...)
+	TODO: check
 CVE-2022-30686
 	RESERVED
 CVE-2022-30685
@@ -3057,10 +3111,10 @@ CVE-2022-30587
 	RESERVED
 CVE-2022-30586
 	RESERVED
-CVE-2022-30585
-	RESERVED
-CVE-2022-30584
-	RESERVED
+CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an ...)
+	TODO: check
+CVE-2022-30584 (Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access ...)
+	TODO: check
 CVE-2022-30583
 	RESERVED
 CVE-2022-30582
@@ -5866,18 +5920,18 @@ CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211
 	NOT-FOR-US: TOTOLINK
 CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...)
 	NOT-FOR-US: TOTOLINK
-CVE-2022-29637
-	RESERVED
+CVE-2022-29637 (An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows at ...)
+	TODO: check
 CVE-2022-29636
 	RESERVED
 CVE-2022-29635
 	RESERVED
 CVE-2022-29634
 	RESERVED
-CVE-2022-29633
-	RESERVED
-CVE-2022-29632
-	RESERVED
+CVE-2022-29633 (An access control issue in Linglong v1.0 allows attackers to access th ...)
+	TODO: check
+CVE-2022-29632 (An arbitrary file upload vulnerability in the component /course/api/up ...)
+	TODO: check
 CVE-2022-29631
 	RESERVED
 CVE-2022-29630
@@ -9255,8 +9309,8 @@ CVE-2022-28396 (Apostrophe v3.16.1 was discovered to contain a remote code execu
 	NOT-FOR-US: Apostrophe CMS
 CVE-2022-28395
 	RESERVED
-CVE-2022-28394
-	RESERVED
+CVE-2022-28394 (EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) ...)
+	TODO: check
 CVE-2022-28393
 	RESERVED
 CVE-2022-28392
@@ -14177,88 +14231,88 @@ CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior t
 	[stretch] - mruby <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276/
 	NOTE: https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa
-CVE-2022-26776
-	RESERVED
-CVE-2022-26775
-	RESERVED
-CVE-2022-26774
-	RESERVED
-CVE-2022-26773
-	RESERVED
-CVE-2022-26772
-	RESERVED
-CVE-2022-26771
-	RESERVED
-CVE-2022-26770
-	RESERVED
-CVE-2022-26769
-	RESERVED
-CVE-2022-26768
-	RESERVED
-CVE-2022-26767
-	RESERVED
-CVE-2022-26766
-	RESERVED
-CVE-2022-26765
-	RESERVED
-CVE-2022-26764
-	RESERVED
-CVE-2022-26763
-	RESERVED
+CVE-2022-26776 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2022-26775 (An integer overflow was addressed with improved input validation. This ...)
+	TODO: check
+CVE-2022-26774 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2022-26773 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2022-26772 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2022-26771 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2022-26770 (An out-of-bounds read issue was addressed with improved input validati ...)
+	TODO: check
+CVE-2022-26769 (A memory corruption issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2022-26768 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2022-26767 (The issue was addressed with additional permissions checks. This issue ...)
+	TODO: check
+CVE-2022-26766 (A certificate parsing issue was addressed with improved checks. This i ...)
+	TODO: check
+CVE-2022-26765 (A race condition was addressed with improved state handling. This issu ...)
+	TODO: check
+CVE-2022-26764 (A memory corruption issue was addressed with improved validation. This ...)
+	TODO: check
+CVE-2022-26763 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
 CVE-2022-26762
 	RESERVED
-CVE-2022-26761
-	RESERVED
+CVE-2022-26761 (A memory corruption issue was addressed with improved memory handling. ...)
+	TODO: check
 CVE-2022-26760
 	RESERVED
 CVE-2022-26759
 	RESERVED
 CVE-2022-26758
 	RESERVED
-CVE-2022-26757
-	RESERVED
-CVE-2022-26756
-	RESERVED
-CVE-2022-26755
-	RESERVED
-CVE-2022-26754
-	RESERVED
-CVE-2022-26753
-	RESERVED
-CVE-2022-26752
-	RESERVED
-CVE-2022-26751
-	RESERVED
-CVE-2022-26750
-	RESERVED
-CVE-2022-26749
-	RESERVED
-CVE-2022-26748
-	RESERVED
-CVE-2022-26747
-	RESERVED
-CVE-2022-26746
-	RESERVED
-CVE-2022-26745
-	RESERVED
-CVE-2022-26744
-	RESERVED
-CVE-2022-26743
-	RESERVED
-CVE-2022-26742
-	RESERVED
-CVE-2022-26741
-	RESERVED
-CVE-2022-26740
-	RESERVED
-CVE-2022-26739
-	RESERVED
-CVE-2022-26738
-	RESERVED
-CVE-2022-26737
-	RESERVED
-CVE-2022-26736
-	RESERVED
+CVE-2022-26757 (A use after free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2022-26755 (This issue was addressed with improved environment sanitization. This  ...)
+	TODO: check
+CVE-2022-26754 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2022-26753 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2022-26752 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2022-26751 (A memory corruption issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2022-26750 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2022-26749 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2022-26748 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2022-26747 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2022-26746 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2022-26745 (A memory corruption issue was addressed with improved validation. This ...)
+	TODO: check
+CVE-2022-26744 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2022-26743 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2022-26742 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2022-26741 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2022-26740 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2022-26739 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2022-26738 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2022-26737 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2022-26736 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
 CVE-2022-26735
 	RESERVED
 CVE-2022-26734
@@ -14267,88 +14321,88 @@ CVE-2022-26733
 	RESERVED
 CVE-2022-26732
 	RESERVED
-CVE-2022-26731
-	RESERVED
+CVE-2022-26731 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
 CVE-2022-26730
 	RESERVED
 CVE-2022-26729
 	RESERVED
-CVE-2022-26728
-	RESERVED
-CVE-2022-26727
-	RESERVED
-CVE-2022-26726
-	RESERVED
-CVE-2022-26725
-	RESERVED
-CVE-2022-26724
-	RESERVED
-CVE-2022-26723
-	RESERVED
-CVE-2022-26722
-	RESERVED
-CVE-2022-26721
-	RESERVED
-CVE-2022-26720
-	RESERVED
+CVE-2022-26728 (This issue was addressed with improved entitlements. This issue is fix ...)
+	TODO: check
+CVE-2022-26727 (This issue was addressed with improved entitlements. This issue is fix ...)
+	TODO: check
+CVE-2022-26726 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2022-26725 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2022-26724 (An authentication issue was addressed with improved state management.  ...)
+	TODO: check
+CVE-2022-26723 (A memory corruption issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2022-26722 (A memory initialization issue was addressed. This issue is fixed in Se ...)
+	TODO: check
+CVE-2022-26721 (A memory initialization issue was addressed. This issue is fixed in Se ...)
+	TODO: check
+CVE-2022-26720 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
 CVE-2022-26719
 	RESERVED
-CVE-2022-26718
-	RESERVED
+CVE-2022-26718 (An out-of-bounds read issue was addressed with improved input validati ...)
+	TODO: check
 CVE-2022-26717
 	RESERVED
 CVE-2022-26716
 	RESERVED
-CVE-2022-26715
-	RESERVED
-CVE-2022-26714
-	RESERVED
+CVE-2022-26715 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2022-26714 (A memory corruption issue was addressed with improved validation. This ...)
+	TODO: check
 CVE-2022-26713
 	RESERVED
-CVE-2022-26712
-	RESERVED
-CVE-2022-26711
-	RESERVED
+CVE-2022-26712 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2022-26711 (An integer overflow issue was addressed with improved input validation ...)
+	TODO: check
 CVE-2022-26710
 	RESERVED
 CVE-2022-26709
 	RESERVED
-CVE-2022-26708
-	RESERVED
+CVE-2022-26708 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
 CVE-2022-26707
 	RESERVED
-CVE-2022-26706
-	RESERVED
+CVE-2022-26706 (An access issue was addressed with additional sandbox restrictions on  ...)
+	TODO: check
 CVE-2022-26705
 	RESERVED
-CVE-2022-26704
-	RESERVED
-CVE-2022-26703
-	RESERVED
-CVE-2022-26702
-	RESERVED
-CVE-2022-26701
-	RESERVED
+CVE-2022-26704 (A validation issue existed in the handling of symlinks and was address ...)
+	TODO: check
+CVE-2022-26703 (An authorization issue was addressed with improved state management. T ...)
+	TODO: check
+CVE-2022-26702 (A use after free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2022-26701 (A race condition was addressed with improved locking. This issue is fi ...)
+	TODO: check
 CVE-2022-26700
 	RESERVED
 CVE-2022-26699
 	RESERVED
-CVE-2022-26698
-	RESERVED
-CVE-2022-26697
-	RESERVED
+CVE-2022-26698 (An out-of-bounds read issue was addressed with improved bounds checkin ...)
+	TODO: check
+CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input validati ...)
+	TODO: check
 CVE-2022-26696
 	RESERVED
 CVE-2022-26695
 	RESERVED
-CVE-2022-26694
-	RESERVED
-CVE-2022-26693
-	RESERVED
+CVE-2022-26694 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2022-26693 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
 CVE-2022-26692
 	RESERVED
 CVE-2022-26691 (A logic issue was addressed with improved state management. This issue ...)
-	{DSA-5149-1}
+	{DSA-5149-1 DLA-3029-1}
 	- cups 2.4.2-1 (bug #1011769)
 	NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 (v2.4.2)
 	NOTE: Followup (fix comment): https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1
@@ -20857,6 +20911,7 @@ CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl f
 CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not properly val ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...)
+	{DLA-3028-1}
 	- atftp 0.7.git20210915-1 (bug #1004974)
 	[bullseye] - atftp 0.7.git20120829-3.3+deb11u2
 	[buster] - atftp 0.7.git20120829-3.2~deb10u3
@@ -78933,10 +78988,10 @@ CVE-2021-28511
 	RESERVED
 CVE-2021-28510
 	RESERVED
-CVE-2021-28509
-	RESERVED
-CVE-2021-28508
-	RESERVED
+CVE-2021-28509 (This advisory documents the impact of an internally found vulnerabilit ...)
+	TODO: check
+CVE-2021-28508 (This advisory documents the impact of an internally found vulnerabilit ...)
+	TODO: check
 CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under certa ...)
 	NOT-FOR-US: Arista
 CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f137f91f622872fdd76f417708d8dae4fda9f29c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f137f91f622872fdd76f417708d8dae4fda9f29c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220527/dbf10688/attachment.htm>


More information about the debian-security-tracker-commits mailing list