[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 2 09:10:37 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97ab104b by security tracker role at 2022-09-02T08:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,102 @@
-CVE-2022-39189 [KVM instruction emulation doesn't clear KVM_VCPU_PREEMPTED, breaking guest's TLB flushing]
+CVE-2022-39197
+ RESERVED
+CVE-2022-39196
+ RESERVED
+CVE-2022-39195
+ RESERVED
+CVE-2022-39194 (An issue was discovered in the MediaWiki through 1.38.2. The community ...)
+ TODO: check
+CVE-2022-39193
+ RESERVED
+CVE-2022-39192
+ RESERVED
+CVE-2022-39191
+ RESERVED
+CVE-2022-39190 (An issue was discovered in net/netfilter/nf_tables_api.c in the Linux ...)
+ TODO: check
+CVE-2022-39187
+ RESERVED
+CVE-2022-39186
+ RESERVED
+CVE-2022-39185
+ RESERVED
+CVE-2022-39184
+ RESERVED
+CVE-2022-39183
+ RESERVED
+CVE-2022-39182
+ RESERVED
+CVE-2022-39181
+ RESERVED
+CVE-2022-39180
+ RESERVED
+CVE-2022-39179
+ RESERVED
+CVE-2022-39178
+ RESERVED
+CVE-2022-39177 (BlueZ before 5.59 allows physically proximate attackers to cause a den ...)
+ TODO: check
+CVE-2022-39176 (BlueZ before 5.59 allows physically proximate attackers to obtain sens ...)
+ TODO: check
+CVE-2022-39175
+ RESERVED
+CVE-2022-39174
+ RESERVED
+CVE-2022-39173
+ RESERVED
+CVE-2022-39172
+ RESERVED
+CVE-2022-39171
+ RESERVED
+CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...)
+ TODO: check
+CVE-2022-39169
+ RESERVED
+CVE-2022-39168
+ RESERVED
+CVE-2022-39167
+ RESERVED
+CVE-2022-39166
+ RESERVED
+CVE-2022-39165
+ RESERVED
+CVE-2022-39164
+ RESERVED
+CVE-2022-39163
+ RESERVED
+CVE-2022-39162
+ RESERVED
+CVE-2022-39161
+ RESERVED
+CVE-2022-39160
+ RESERVED
+CVE-2022-3093
+ RESERVED
+CVE-2022-3092
+ RESERVED
+CVE-2022-3091
+ RESERVED
+CVE-2022-3090
+ RESERVED
+CVE-2022-3089
+ RESERVED
+CVE-2022-3088
+ RESERVED
+CVE-2022-3087
+ RESERVED
+CVE-2022-3086
+ RESERVED
+CVE-2022-3085
+ RESERVED
+CVE-2022-3084
+ RESERVED
+CVE-2022-3083
+ RESERVED
+CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...)
- linux 5.19.6-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
NOTE: https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
-CVE-2022-39188 [unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry]
+CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linux kern ...)
- linux 5.19.6-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
NOTE: https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg@mail.gmail.com/
@@ -175,8 +269,7 @@ CVE-2022-3080
RESERVED
CVE-2022-3079
RESERVED
-CVE-2022-3078 [media: vidtv: Check for null return of vzalloc]
- RESERVED
+CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6. There is ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -2424,13 +2517,13 @@ CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs.
NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
NOTE: https://developer.blender.org/T99711
NOTE: Hang in CLI tool, no security impact
-CVE-2022-2832 (When rendering with headless builds, show an error instead of crashing ...)
+CVE-2022-2832 (A flaw was found in Blender 3.3.0. A null pointer dereference exists i ...)
- blender <unfixed> (unimportant)
NOTE: https://developer.blender.org/T99706
NOTE: https://developer.blender.org/D15463
NOTE: https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c
NOTE: Debian binary packages not build with WITH_HEADLESS
-CVE-2022-2831 (A loaded (and valid) image can be crafted such that an out-of-bounds r ...)
+CVE-2022-2831 (A flaw was found in Blender 3.3.0. An interger overflow in source/blen ...)
- blender 3.2.2+dfsg-1
[bullseye] - blender <no-dsa> (Minor issue)
NOTE: https://developer.blender.org/T99705
@@ -2875,8 +2968,7 @@ CVE-2022-2808
RESERVED
CVE-2022-2807
RESERVED
-CVE-2022-2806
- RESERVED
+CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the RHV a ...)
NOT-FOR-US: ovirt-log-collector
CVE-2022-2805
RESERVED
@@ -2980,8 +3072,8 @@ CVE-2022-2766 (A vulnerability was found in SourceCodester Loan Management Syste
NOT-FOR-US: SourceCodester Loan Management System
CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1.0. I ...)
NOT-FOR-US: SourceCodester Company Website CMS
-CVE-2022-2764
- RESERVED
+CVE-2022-2764 (A flaw was found in Undertow. Denial of service can be achieved as Und ...)
+ TODO: check
CVE-2022-2763
RESERVED
CVE-2022-2762
@@ -3050,12 +3142,12 @@ CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatab
NOT-FOR-US: Keysight Sensor Management Server
CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...)
NOT-FOR-US: Keysight Sensor Management Server
-CVE-2022-38128
- RESERVED
-CVE-2022-38127
- RESERVED
-CVE-2022-38126
- RESERVED
+CVE-2022-38128 (An infinite loop may be triggered in display_debug_abbrev() function i ...)
+ TODO: check
+CVE-2022-38127 (A NULL pointer dereference in the read_and_display_attr_value() functi ...)
+ TODO: check
+CVE-2022-38126 (Assertion fail in the display_debug_names() function in binutils/dwarf ...)
+ TODO: check
CVE-2022-38125
RESERVED
CVE-2022-38124
@@ -3269,11 +3361,9 @@ CVE-2022-2741
RESERVED
CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...)
NOT-FOR-US: SourceCodester Company Website CMS
-CVE-2022-2739
- RESERVED
+CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...)
NOT-FOR-US: Red Hat specific release error
-CVE-2022-2738
- RESERVED
+CVE-2022-2738 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...)
NOT-FOR-US: Red Hat specific release error
CVE-2022-2737
RESERVED
@@ -4104,8 +4194,8 @@ CVE-2022-37681 (Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and
NOT-FOR-US: Hitachi Kokusai Electric Inc ISnex HC-IP9100HD
CVE-2022-37680 (An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP910 ...)
NOT-FOR-US: Hitachi
-CVE-2022-37679
- RESERVED
+CVE-2022-37679 (Miniblog.Core v1.0 was discovered to contain a cross-site scripting (X ...)
+ TODO: check
CVE-2022-37678
RESERVED
CVE-2022-37677
@@ -4798,8 +4888,7 @@ CVE-2020-36571
RESERVED
CVE-2020-36570
RESERVED
-CVE-2022-2663
- RESERVED
+CVE-2022-2663 (An issue was found in the Linux kernel in nf_conntrack_irc where the m ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/08/30/1
CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may allo ...)
@@ -4885,8 +4974,7 @@ CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x be
NOTE: https://bugs.launchpad.net/ossa/+bug/1981813
NOTE: https://review.opendev.org/c/openstack/nova/+/849985
NOTE: https://review.opendev.org/c/openstack/nova/+/850003
-CVE-2022-2639
- RESERVED
+CVE-2022-2639 (An integer coercion error was found in the openvswitch kernel module. ...)
- linux 5.17.6-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -5454,7 +5542,7 @@ CVE-2022-37179
RESERVED
CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection vulnera ...)
NOT-FOR-US: 72crm
-CVE-2022-37177 (HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cry ...)
+CVE-2022-37177 (** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Brok ...)
NOT-FOR-US: HireVue Hiring Platform
CVE-2022-37176 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vul ...)
NOT-FOR-US: Tenda
@@ -6462,8 +6550,8 @@ CVE-2022-36775
RESERVED
CVE-2022-36774
RESERVED
-CVE-2022-36773
- RESERVED
+CVE-2022-36773 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XM ...)
+ TODO: check
CVE-2022-36772
RESERVED
CVE-2022-36771
@@ -6513,8 +6601,8 @@ CVE-2022-36761
RESERVED
CVE-2022-36760
RESERVED
-CVE-2022-36759
- RESERVED
+CVE-2022-36759 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2022-36758
RESERVED
CVE-2022-36757
@@ -6757,10 +6845,10 @@ CVE-2022-36639
RESERVED
CVE-2022-36638
RESERVED
-CVE-2022-36637
- RESERVED
-CVE-2022-36636
- RESERVED
+CVE-2022-36637 (Garage Management System v1.0 was discovered to contain a persistent c ...)
+ TODO: check
+CVE-2022-36636 (Garage Management System v1.0 was discovered to contain a SQL injectio ...)
+ TODO: check
CVE-2022-36635
RESERVED
CVE-2022-36634
@@ -6787,10 +6875,10 @@ CVE-2022-36624
RESERVED
CVE-2022-36623
RESERVED
-CVE-2022-36622
- RESERVED
-CVE-2022-36621
- RESERVED
+CVE-2022-36622 (Samsung Electronics mTower v0.3.0 and earlier was discovered to contai ...)
+ TODO: check
+CVE-2022-36621 (Samsung Electronics mTower v0.3.0 and earlier was discovered to contai ...)
+ TODO: check
CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...)
NOT-FOR-US: D-link
CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without a ...)
@@ -6813,8 +6901,8 @@ CVE-2022-36611 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2022-36610 (TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hard ...)
NOT-FOR-US: TOTOLINK
-CVE-2022-36609
- RESERVED
+CVE-2022-36609 (Clinic's Patient Management System v1.0 was discovered to contain a SQ ...)
+ TODO: check
CVE-2022-36608
RESERVED
CVE-2022-36607
@@ -6823,16 +6911,16 @@ CVE-2022-36606 (Ywoa before v6.1 was discovered to contain a SQL injection vulne
NOT-FOR-US: Ywoa
CVE-2022-36605 (Yimioa v6.1 was discovered to contain a SQL injection vulnerability vi ...)
NOT-FOR-US: Yimioa
-CVE-2022-36604
- RESERVED
-CVE-2022-36603
- RESERVED
-CVE-2022-36602
- RESERVED
-CVE-2022-36601
- RESERVED
-CVE-2022-36600
- RESERVED
+CVE-2022-36604 (An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and belo ...)
+ TODO: check
+CVE-2022-36603 (InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contai ...)
+ TODO: check
+CVE-2022-36602 (InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote ...)
+ TODO: check
+CVE-2022-36601 (The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 ...)
+ TODO: check
+CVE-2022-36600 (BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting ( ...)
+ TODO: check
CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...)
NOT-FOR-US: Mingsoft MCMS
CVE-2022-36598
@@ -6843,10 +6931,10 @@ CVE-2022-36596
RESERVED
CVE-2022-36595
RESERVED
-CVE-2022-36594
- RESERVED
-CVE-2022-36593
- RESERVED
+CVE-2022-36594 (Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vuln ...)
+ TODO: check
+CVE-2022-36593 (kkFileView v4.0.0 was discovered to contain an arbitrary file deletion ...)
+ TODO: check
CVE-2022-36592
RESERVED
CVE-2022-36591
@@ -8154,8 +8242,7 @@ CVE-2022-2449
RESERVED
CVE-2022-2448
RESERVED
-CVE-2022-2447
- RESERVED
+CVE-2022-2447 (A flaw was found in OpenStack. The application credential tokens can b ...)
- keystone <unfixed>
[bullseye] - keystone <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2105419
@@ -8812,8 +8899,7 @@ CVE-2022-2405
RESERVED
CVE-2022-2404
RESERVED
-CVE-2022-2403
- RESERVED
+CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The ...)
NOT-FOR-US: OpenShift
CVE-2022-35863
RESERVED
@@ -10437,8 +10523,7 @@ CVE-2022-35217 (The NHI card’s web service component has a stack-based buf
NOT-FOR-US: NHI card
CVE-2022-35216 (OMICARD EDM’s mail image relay function has a path traversal vul ...)
NOT-FOR-US: OMICARD EDM
-CVE-2022-2320 [ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access]
- RESERVED
+CVE-2022-2320 (A flaw was found in the Xorg-x11-server. The specific flaw exists with ...)
{DSA-5199-1 DLA-3068-1}
- xorg-server 2:21.1.4-1 (bug #1014903)
- xwayland 2:22.1.3-1
@@ -10446,8 +10531,7 @@ CVE-2022-2320 [ZDI-CAN-16070: X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Ac
NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc
NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac
NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1
-CVE-2022-2319 [ZDI-CAN-16062: X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access]
- RESERVED
+CVE-2022-2319 (A flaw was found in the Xorg-x11-server. An out-of-bounds access issue ...)
{DSA-5199-1 DLA-3068-1}
- xorg-server 2:21.1.4-1 (bug #1014903)
- xwayland 2:22.1.3-1
@@ -10476,8 +10560,7 @@ CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of se
[buster] - lxml <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/
NOTE: https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f (lxml-4.9.1)
-CVE-2022-2308
- RESERVED
+CVE-2022-2308 (A flaw was found in vDPA with VDUSE backend. There are currently no ch ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -11513,8 +11596,7 @@ CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...
NOTE: https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89
NOTE: https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a (v9.0.0009)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-2256
- RESERVED
+CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in keycloa ...)
NOT-FOR-US: Keycloak
CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...)
- mod-wsgi 4.9.0-1.1 (bug #1016476)
@@ -11736,8 +11818,7 @@ CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not valid
NOT-FOR-US: WordPress plugin
CVE-2022-2239 (The Request a Quote WordPress plugin through 2.3.7 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2238
- RESERVED
+CVE-2022-2238 (A vulnerability was found in the search-api container in Red Hat Advan ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron
CVE-2022-2237
RESERVED
@@ -12759,10 +12840,10 @@ CVE-2022-34382
RESERVED
CVE-2022-34381
RESERVED
-CVE-2022-34380
- RESERVED
-CVE-2022-34379
- RESERVED
+CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an Authenticatio ...)
+ TODO: check
+CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authenticat ...)
+ TODO: check
CVE-2022-34378
RESERVED
CVE-2022-34377
@@ -12773,10 +12854,10 @@ CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal vul
NOT-FOR-US: Dell
CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command injection in ...)
NOT-FOR-US: Dell
-CVE-2022-34373 (Dell Command Integration Suite for System Center, versions prior to 6. ...)
+CVE-2022-34373 (Dell Command | Integration Suite for System Center, versions prior to ...)
NOT-FOR-US: Dell
-CVE-2022-34372
- RESERVED
+CVE-2022-34372 (Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an ...)
+ TODO: check
CVE-2022-34371
RESERVED
CVE-2022-34370
@@ -13417,7 +13498,7 @@ CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree prior
CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't valida ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2132 (A permissive list of allowed inputs flaw was found in DPDK. This issue ...)
- {DSA-5222-1}
+ {DSA-5222-1 DLA-3092-1}
- dpdk <unfixed>
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031
NOTE: https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623 (main)
@@ -19602,8 +19683,7 @@ CVE-2022-31751 (The kernel emcom module has multi-thread contention. Successful
NOT-FOR-US: Huawei
CVE-2022-31750
RESERVED
-CVE-2022-1902
- RESERVED
+CVE-2022-1902 (A flaw was found in the Red Hat Advanced Cluster Security for Kubernet ...)
NOT-FOR-US: StackRox Kubernetes Security Platform
CVE-2022-1901 (In affected versions of Octopus Deploy it is possible to unmask sensit ...)
NOT-FOR-US: Octopus Deploy
@@ -21776,16 +21856,19 @@ CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior t
CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...)
NOT-FOR-US: CVEProject/cve-services
CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
+ {DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp
NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8)
CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
+ {DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm
NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8)
CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...)
+ {DLA-3091-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974)
[stretch] - sofia-sip <postponed> (Minor issue)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g
@@ -22216,8 +22299,7 @@ CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerab
NOT-FOR-US: Metasonic Doc WebClient
CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
NOT-FOR-US: jgraph/drawio
-CVE-2022-1729 [perf: Fix sys_perf_event_open() race against self]
- RESERVED
+CVE-2022-1729 (A race condition was found the Linux kernel in perf_event_open() which ...)
{DSA-5173-1 DSA-5161-1 DLA-3065-1}
- linux 5.17.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/20/2
@@ -22996,8 +23078,8 @@ CVE-2022-30616 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could
NOT-FOR-US: IBM
CVE-2022-30615
RESERVED
-CVE-2022-30614
- RESERVED
+CVE-2022-30614 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a den ...)
+ TODO: check
CVE-2022-30613
RESERVED
CVE-2022-30612
@@ -23230,8 +23312,7 @@ CVE-2022-30550 (An issue was discovered in the auth component in Dovecot 2.2 and
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/9
NOTE: https://github.com/dovecot/core/commit/7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904
NOTE: https://github.com/dovecot/core/commit/a1022072e2ce36f853873d910287f466165b184b
-CVE-2022-1677
- RESERVED
+CVE-2022-1677 (In OpenShift Container Platform, a user with permissions to create or ...)
NOT-FOR-US: OpenShift
CVE-2022-1676
RESERVED
@@ -23446,8 +23527,7 @@ CVE-2022-1633 (Use after free in Sharesheet in Google Chrome on Chrome OS prior
- chromium 101.0.4951.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-1632
- RESERVED
+CVE-2022-1632 (An Improper Certificate Validation attack was found in Openshift. A re ...)
NOT-FOR-US: OpenShift
CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub reposi ...)
NOT-FOR-US: microweber
@@ -23988,8 +24068,8 @@ CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design allo
NOT-FOR-US: ABB e-Design
CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...)
NOT-FOR-US: ABB e-Design
-CVE-2022-1615
- RESERVED
+CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...)
+ TODO: check
CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1613
@@ -44767,8 +44847,7 @@ CVE-2022-23454
RESERVED
CVE-2022-23453
RESERVED
-CVE-2022-23452
- RESERVED
+CVE-2022-23452 (An authorization flaw was found in openstack-barbican, where anyone wi ...)
- barbican 1:14.0.0~rc1-2
[bullseye] - barbican <no-dsa> (Minor issue)
[buster] - barbican <no-dsa> (Minor issue)
@@ -48317,7 +48396,7 @@ CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded crede
NOT-FOR-US: EMC
CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...)
NOT-FOR-US: Dell PowerScale OneFS
-CVE-2022-22558 (Dell PowerEdge Server BIOS contains an Improper SMM communication buff ...)
+CVE-2022-22558 (Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 792 ...)
NOT-FOR-US: Dell
CVE-2022-22557 (PowerStore contains Plain-Text Password Storage Vulnerability in Power ...)
NOT-FOR-US: Dell
@@ -72932,8 +73011,8 @@ CVE-2021-39047 (IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2
NOT-FOR-US: IBM
CVE-2021-39046 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Bu ...)
NOT-FOR-US: IBM
-CVE-2021-39045
- RESERVED
+CVE-2021-39045 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local at ...)
+ TODO: check
CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...)
NOT-FOR-US: IBM
CVE-2021-39043 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...)
@@ -73004,8 +73083,8 @@ CVE-2021-39011
RESERVED
CVE-2021-39010
RESERVED
-CVE-2021-39009
- RESERVED
+CVE-2021-39009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credential ...)
+ TODO: check
CVE-2021-39008
RESERVED
CVE-2021-39007
@@ -96514,8 +96593,8 @@ CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server
NOT-FOR-US: IBM
CVE-2021-29824 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to privi ...)
NOT-FOR-US: IBM
-CVE-2021-29823
- RESERVED
+CVE-2021-29823 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross ...)
+ TODO: check
CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
NOT-FOR-US: IBM
CVE-2021-29821 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
@@ -107070,8 +107149,8 @@ CVE-2021-25659 (A vulnerability has been identified in Automation License Manage
NOT-FOR-US: Automation License Manager
CVE-2021-25658
RESERVED
-CVE-2021-25657
- RESERVED
+CVE-2021-25657 (A privilege escalation vulnerability was discovered in Avaya IP Office ...)
+ TODO: check
CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...)
NOT-FOR-US: Avaya
CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...)
@@ -120869,8 +120948,8 @@ CVE-2021-20470 (IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that use
NOT-FOR-US: IBM
CVE-2021-20469
RESERVED
-CVE-2021-20468
- RESERVED
+CVE-2021-20468 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross ...)
+ TODO: check
CVE-2021-20467
RESERVED
CVE-2021-20466
@@ -192017,8 +192096,8 @@ CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.
NOT-FOR-US: IBM
CVE-2020-4302 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ex ...)
NOT-FOR-US: IBM
-CVE-2020-4301
- RESERVED
+CVE-2020-4301 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross ...)
+ TODO: check
CVE-2020-4300 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...)
NOT-FOR-US: IBM
CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97ab104bd3e60c6133551d606406d993f19d5898
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97ab104bd3e60c6133551d606406d993f19d5898
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220902/6656c2d9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list