[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 1 21:10:44 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35161e2d by security tracker role at 2022-09-01T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,187 @@
+CVE-2022-39159
+ RESERVED
+CVE-2022-39158
+ RESERVED
+CVE-2022-39157
+ RESERVED
+CVE-2022-39156
+ RESERVED
+CVE-2022-39155
+ RESERVED
+CVE-2022-39154
+ RESERVED
+CVE-2022-39153
+ RESERVED
+CVE-2022-39152
+ RESERVED
+CVE-2022-39151
+ RESERVED
+CVE-2022-39150
+ RESERVED
+CVE-2022-39149
+ RESERVED
+CVE-2022-39148
+ RESERVED
+CVE-2022-39147
+ RESERVED
+CVE-2022-39146
+ RESERVED
+CVE-2022-39145
+ RESERVED
+CVE-2022-39144
+ RESERVED
+CVE-2022-39143
+ RESERVED
+CVE-2022-39142
+ RESERVED
+CVE-2022-39141
+ RESERVED
+CVE-2022-39140
+ RESERVED
+CVE-2022-39139
+ RESERVED
+CVE-2022-39138
+ RESERVED
+CVE-2022-39137
+ RESERVED
+CVE-2022-39136
+ RESERVED
+CVE-2022-39135
+ RESERVED
+CVE-2022-39134
+ RESERVED
+CVE-2022-39133
+ RESERVED
+CVE-2022-39132
+ RESERVED
+CVE-2022-39131
+ RESERVED
+CVE-2022-39130
+ RESERVED
+CVE-2022-39129
+ RESERVED
+CVE-2022-39128
+ RESERVED
+CVE-2022-39127
+ RESERVED
+CVE-2022-39126
+ RESERVED
+CVE-2022-39125
+ RESERVED
+CVE-2022-39124
+ RESERVED
+CVE-2022-39123
+ RESERVED
+CVE-2022-39122
+ RESERVED
+CVE-2022-39121
+ RESERVED
+CVE-2022-39120
+ RESERVED
+CVE-2022-39119
+ RESERVED
+CVE-2022-39118
+ RESERVED
+CVE-2022-39117
+ RESERVED
+CVE-2022-39116
+ RESERVED
+CVE-2022-39115
+ RESERVED
+CVE-2022-39114
+ RESERVED
+CVE-2022-39113
+ RESERVED
+CVE-2022-39112
+ RESERVED
+CVE-2022-39111
+ RESERVED
+CVE-2022-39110
+ RESERVED
+CVE-2022-39109
+ RESERVED
+CVE-2022-39108
+ RESERVED
+CVE-2022-39107
+ RESERVED
+CVE-2022-39106
+ RESERVED
+CVE-2022-39105
+ RESERVED
+CVE-2022-39104
+ RESERVED
+CVE-2022-39103
+ RESERVED
+CVE-2022-39102
+ RESERVED
+CVE-2022-39101
+ RESERVED
+CVE-2022-39100
+ RESERVED
+CVE-2022-39099
+ RESERVED
+CVE-2022-39098
+ RESERVED
+CVE-2022-39097
+ RESERVED
+CVE-2022-39096
+ RESERVED
+CVE-2022-39095
+ RESERVED
+CVE-2022-39094
+ RESERVED
+CVE-2022-39093
+ RESERVED
+CVE-2022-39092
+ RESERVED
+CVE-2022-39091
+ RESERVED
+CVE-2022-39090
+ RESERVED
+CVE-2022-39089
+ RESERVED
+CVE-2022-39088
+ RESERVED
+CVE-2022-39087
+ RESERVED
+CVE-2022-39086
+ RESERVED
+CVE-2022-39085
+ RESERVED
+CVE-2022-39084
+ RESERVED
+CVE-2022-39083
+ RESERVED
+CVE-2022-39082
+ RESERVED
+CVE-2022-39081
+ RESERVED
+CVE-2022-39080
+ RESERVED
+CVE-2022-3082
+ RESERVED
+CVE-2022-3081
+ RESERVED
+CVE-2022-3080
+ RESERVED
+CVE-2022-3079
+ RESERVED
+CVE-2022-3078
+ RESERVED
+CVE-2022-3077
+ RESERVED
+CVE-2022-3076
+ RESERVED
+CVE-2022-3075
+ RESERVED
+CVE-2022-3074
+ RESERVED
+CVE-2022-3073
+ RESERVED
+CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
+ TODO: check
+CVE-2006-20001
+ RESERVED
CVE-2022-XXXX [wordpress 6.0.2]
- wordpress 6.0.2+dfsg1-1 (bug #1018863)
NOTE: https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/
@@ -9,6 +193,7 @@ CVE-2022-3070
RESERVED
CVE-2022-3071
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-39077
@@ -93,8 +278,7 @@ CVE-2022-3063
REJECTED
CVE-2022-3062
RESERVED
-CVE-2022-3061 [video: fbdev: i740fb: Error out if 'pixclock' equals zero]
- RESERVED
+CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...)
- linux 5.18.2-1
NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
CVE-2022-39043
@@ -161,86 +345,107 @@ CVE-2022-3059
RESERVED
CVE-2022-3058
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3057
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3056
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3055
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3054
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3053
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3052
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3051
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3050
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3049
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3048
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3047
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3046
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3045
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3044
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3043
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3042
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3041
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3040
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3039
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3038
RESERVED
+ {DSA-5223-1}
- chromium 105.0.5195.52-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. ...)
@@ -760,8 +965,8 @@ CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28719
NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9
-CVE-2022-38790
- RESERVED
+CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting ( ...)
+ TODO: check
CVE-2022-38789
RESERVED
CVE-2022-38788
@@ -884,8 +1089,7 @@ CVE-2022-2998
RESERVED
CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. ...)
- snipe-it <itp> (bug #1005172)
-CVE-2022-2996 [missing server certificate verification]
- RESERVED
+CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...)
- python-scciclient <unfixed> (bug #1018213)
NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12)
CVE-2022-2995
@@ -2813,7 +3017,7 @@ CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3
NOTE: https://github.com/wolfSSL/wolfssl/pull/5468
CVE-2022-38151
RESERVED
-CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive Information ...)
+CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose ...)
NOT-FOR-US: Consul Template
CVE-2022-38148
RESERVED
@@ -2987,8 +3191,8 @@ CVE-2022-37328
RESERVED
CVE-2022-36798
RESERVED
-CVE-2022-36796
- RESERVED
+CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
+ TODO: check
CVE-2022-36793
RESERVED
CVE-2022-36791
@@ -3013,14 +3217,14 @@ CVE-2022-36383
RESERVED
CVE-2022-36376
RESERVED
-CVE-2022-36373
- RESERVED
+CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...)
+ TODO: check
CVE-2022-36365
RESERVED
CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin &l ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36355
- RESERVED
+CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
+ TODO: check
CVE-2022-36352
RESERVED
CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -4446,8 +4650,8 @@ CVE-2022-37437 (When using Ingest Actions to configure a destination that reside
NOT-FOR-US: Splunk
CVE-2022-37436
RESERVED
-CVE-2022-37435
- RESERVED
+CVE-2022-37435 (Apache ShenYu Admin has insecure permissions, which may allow low-priv ...)
+ TODO: check
CVE-2022-37433
RESERVED
CVE-2022-37432
@@ -6642,8 +6846,8 @@ CVE-2022-36585
RESERVED
CVE-2022-36584
RESERVED
-CVE-2022-36583
- RESERVED
+CVE-2022-36583 (DedeCMS V5.7.97 was discovered to contain multiple cross-site scriptin ...)
+ TODO: check
CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...)
NOT-FOR-US: Garage Management System
CVE-2022-36581 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...)
@@ -8098,14 +8302,14 @@ CVE-2022-36057
RESERVED
CVE-2022-36056
RESERVED
-CVE-2022-36055
- RESERVED
-CVE-2022-36054
- RESERVED
-CVE-2022-36053
- RESERVED
-CVE-2022-36052
- RESERVED
+CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...)
+ TODO: check
+CVE-2022-36054 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
+CVE-2022-36053 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
+CVE-2022-36052 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ TODO: check
CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**A ...)
TODO: check
CVE-2022-36050
@@ -11397,9 +11601,9 @@ CVE-2022-34771 (Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API
NOT-FOR-US: Tabit
CVE-2022-34770 (Tabit - sensitive information disclosure. Several APIs on the web syst ...)
NOT-FOR-US: Tabit
-CVE-2022-34769 (Michlol - rashim web interface Insecure direct object references (IDOR ...)
+CVE-2022-34769 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...)
NOT-FOR-US: Michlol
-CVE-2022-34768 (Supersmart.me - Walk Through Performing unauthorized actions on other ...)
+CVE-2022-34768 (insert HTML / js code inside input how to get to the vulnerable input ...)
NOT-FOR-US: Supersmart.me
CVE-2022-34767 (Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone t ...)
NOT-FOR-US: ALLNET
@@ -16591,8 +16795,8 @@ CVE-2022-32744 (A flaw was found in Samba. The KDC accepts kpasswd requests encr
- samba 2:4.16.4+dfsg-1 (bug #1016449)
[buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html
-CVE-2022-32743
- RESERVED
+CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for the dNSH ...)
+ TODO: check
CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not correctly ...)
{DSA-5205-1}
- samba 2:4.16.4+dfsg-1 (bug #1016449)
@@ -29981,8 +30185,7 @@ CVE-2022-28201 [mediawiki: Title::newMainPage() goes into an infinite recursion
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, ...)
NOT-FOR-US: NVIDIA
-CVE-2022-28199
- RESERVED
+CVE-2022-28199 (NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DP ...)
{DSA-5222-1}
- dpdk <unfixed>
[buster] - dpdk <not-affected> (Vulnerable code introduced later)
@@ -40995,9 +41198,9 @@ CVE-2021-46673
RESERVED
CVE-2021-46672
RESERVED
-CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...)
+CVE-2013-20004 (A flaw was found in StarWind iSCSI target. StarWind service does not l ...)
NOT-FOR-US: StarWind
-CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustio ...)
+CVE-2007-20001 (A flaw was found in StarWind iSCSI target. An attacker could script st ...)
NOT-FOR-US: StarWind
CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All versions < ...)
NOT-FOR-US: Siemens
@@ -43431,7 +43634,7 @@ CVE-2022-23860
RESERVED
CVE-2022-23859
RESERVED
-CVE-2022-23858 (In StarWind Command Center before V2 build 6021, an authenticated read ...)
+CVE-2022-23858 (A flaw was found in the REST API. An improperly handled REST API call ...)
NOT-FOR-US: StarWind Command Center
CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to ...)
NOT-FOR-US: Navidrome
@@ -53032,8 +53235,8 @@ CVE-2021-45029 (Groovy Code Injection & SpEL Injection which lead to Remote
NOT-FOR-US: Apache ShenYu
CVE-2021-45028
RESERVED
-CVE-2021-45027
- RESERVED
+CVE-2021-45027 (An arbitrary file download vulnerability in Oliver v5 Library Server V ...)
+ TODO: check
CVE-2021-45026 (ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2 ...)
NOT-FOR-US: ASG technologies
CVE-2021-45025 (ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform ...)
@@ -66276,8 +66479,8 @@ CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the Net
NOT-FOR-US: Veritas NetBackup
CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
NOT-FOR-US: SAS/Intrnet
-CVE-2021-3826
- RESERVED
+CVE-2021-3826 (Heap/stack buffer overflow in the dlang_lname function in d-demangle.c ...)
+ TODO: check
CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...)
NOT-FOR-US: Tad Web
CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...)
@@ -121940,31 +122143,29 @@ CVE-2020-35537 (In gcc, a crafted input source file could cause g++ to crash dur
TODO: check
CVE-2020-35536 (In gcc, an internal compiler error in match_reload function at lra-con ...)
TODO: check
-CVE-2020-35535
- RESERVED
-CVE-2020-35534
- RESERVED
-CVE-2020-35533
- RESERVED
-CVE-2020-35532
- RESERVED
-CVE-2020-35531
- RESERVED
-CVE-2020-35530
- RESERVED
+CVE-2020-35535 (In LibRaw, there is an out-of-bounds read vulnerability within the "Li ...)
+ TODO: check
+CVE-2020-35534 (In LibRaw, there is a memory corruption vulnerability within the "crxF ...)
+ TODO: check
+CVE-2020-35533 (In LibRaw, an out-of-bounds read vulnerability exists within the "LibR ...)
+ TODO: check
+CVE-2020-35532 (In LibRaw, an out-of-bounds read vulnerability exists within the "simp ...)
+ TODO: check
+CVE-2020-35531 (In LibRaw, an out-of-bounds read vulnerability exists within the get_h ...)
+ TODO: check
+CVE-2020-35530 (In LibRaw, there is an out-of-bounds write vulnerability within the "n ...)
+ TODO: check
CVE-2020-35529
- RESERVED
+ REJECTED
CVE-2020-35528
- RESERVED
-CVE-2020-35527 [Out of bounds access during table rename]
- RESERVED
+ REJECTED
+CVE-2020-35527 (In SQLite 3.31.1, there is an out of bounds access problem through ALT ...)
- sqlite3 3.32.0-1
NOTE: https://www.sqlite.org/src/info/c431b3fd8fd0f6a6
NOTE: https://github.com/sqlite/sqlite/commit/0990c415f65d2556a5e4122cbe5727d500411aeb (version-3.32.0)
CVE-2020-35526
- RESERVED
-CVE-2020-35525 [Null pointer derreference in src/select.c]
- RESERVED
+ REJECTED
+CVE-2020-35525 (In SQlite 3.31.1, a potential null pointer derreference was found in t ...)
- sqlite3 3.32.0-1
NOTE: https://www.sqlite.org/src/info/a67cf5b7d37d5b14
NOTE: https://github.com/sqlite/sqlite/commit/5f69512404cd2e5153ddf90ea277fbba6dd58ab7 (version-3.32.0)
@@ -132657,8 +132858,7 @@ CVE-2020-27786 (A flaw was found in the Linux kernel’s implementation of M
NOTE: https://git.kernel.org/linus/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
CVE-2020-27785
REJECTED
-CVE-2020-27784 [usb: gadget: function: printer: fix use-after-free in __lock_acquire]
- RESERVED
+CVE-2020-27784 (A vulnerability was found in the Linux kernel, where accessing a deall ...)
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/e8d5f92b8d30bb4ade76494490c3c065e12411b1 (5.10-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35161e2d47ac1bce32321c744bbc2d76aeb01459
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35161e2d47ac1bce32321c744bbc2d76aeb01459
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220901/4e846920/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list