Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 69b1b4e4 by security tracker role at 2022-06-15T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,57 @@ +CVE-2022-33758 + RESERVED +CVE-2022-33757 + RESERVED +CVE-2022-33756 + RESERVED +CVE-2022-33755 + RESERVED +CVE-2022-33754 + RESERVED +CVE-2022-33753 + RESERVED +CVE-2022-33752 + RESERVED +CVE-2022-33751 + RESERVED +CVE-2022-33750 + RESERVED +CVE-2022-33749 + RESERVED +CVE-2022-33748 + RESERVED +CVE-2022-33747 + RESERVED +CVE-2022-33746 + RESERVED +CVE-2022-33745 + RESERVED +CVE-2022-33744 + RESERVED +CVE-2022-33743 + RESERVED +CVE-2022-33742 + RESERVED +CVE-2022-33741 + RESERVED +CVE-2022-33740 + RESERVED +CVE-2022-33739 + RESERVED +CVE-2022-33738 + RESERVED +CVE-2022-33737 + RESERVED +CVE-2022-33736 + RESERVED +CVE-2022-33202 + RESERVED +CVE-2022-2088 + RESERVED +CVE-2022-2087 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check CVE-2022-33735 RESERVED CVE-2022-33734 @@ -1199,8 +1253,7 @@ CVE-2022-33148 RESERVED CVE-2022-33147 RESERVED -CVE-2022-33140 - RESERVED +CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...) NOT-FOR-US: Apache NiFi CVE-2022-33139 RESERVED @@ -1496,10 +1549,10 @@ CVE-2022-32994 RESERVED CVE-2022-32993 RESERVED -CVE-2022-32992 - RESERVED -CVE-2022-32991 - RESERVED +CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...) + TODO: check +CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...) + TODO: check CVE-2022-32990 RESERVED CVE-2022-32989 @@ -2501,8 +2554,8 @@ CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francois NOT-FOR-US: francoisjacquet/rosariosis CVE-2022-32551 RESERVED -CVE-2022-32550 - RESERVED +CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...) + TODO: check CVE-2022-32549 RESERVED CVE-2022-32289 @@ -2575,16 +2628,16 @@ CVE-2022-2024 RESERVED CVE-2022-2023 RESERVED -CVE-2017-20050 - RESERVED -CVE-2017-20049 - RESERVED -CVE-2017-20048 - RESERVED -CVE-2017-20047 - RESERVED -CVE-2017-20046 - RESERVED +CVE-2017-20050 (A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M30 ...) + TODO: check +CVE-2017-20049 (A vulnerability, which was classified as critical, was found in AXIS P ...) + TODO: check +CVE-2017-20048 (A vulnerability, which was classified as critical, has been found in A ...) + TODO: check +CVE-2017-20047 (A vulnerability classified as problematic was found in AXIS P1204, P32 ...) + TODO: check +CVE-2017-20046 (A vulnerability classified as problematic has been found in AXIS P1204 ...) + TODO: check CVE-2022-32536 RESERVED CVE-2022-32535 @@ -3151,14 +3204,14 @@ CVE-2022-32304 RESERVED CVE-2022-32303 RESERVED -CVE-2022-32302 - RESERVED -CVE-2022-32301 - RESERVED -CVE-2022-32300 - RESERVED -CVE-2022-32299 - RESERVED +CVE-2022-32302 (Theme Park Ticketing System v1.0 was discovered to contain a SQL injec ...) + TODO: check +CVE-2022-32301 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) + TODO: check +CVE-2022-32300 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) + TODO: check +CVE-2022-32299 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) + TODO: check CVE-2022-32298 RESERVED CVE-2022-32297 @@ -3678,22 +3731,22 @@ CVE-2022-1963 RESERVED CVE-2021-4233 RESERVED -CVE-2022-32158 - RESERVED -CVE-2022-32157 - RESERVED -CVE-2022-32156 - RESERVED -CVE-2022-32155 - RESERVED -CVE-2022-32154 - RESERVED -CVE-2022-32153 - RESERVED -CVE-2022-32152 - RESERVED -CVE-2022-32151 - RESERVED +CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 9.0 let client ...) + TODO: check +CVE-2022-32157 (Splunk Enterprise deployment servers in versions before 9.0 allow unau ...) + TODO: check +CVE-2022-32156 (In Splunk Enterprise and Universal Forwarder versions before 9.0, the ...) + TODO: check +CVE-2022-32155 (In universal forwarder versions before 9.0, management services are av ...) + TODO: check +CVE-2022-32154 (Dashboards in Splunk Enterprise versions before 9.0 might let an attac ...) + TODO: check +CVE-2022-32153 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...) + TODO: check +CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...) + TODO: check +CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with Splun ...) + TODO: check CVE-2022-32150 RESERVED CVE-2022-32149 @@ -3736,8 +3789,8 @@ CVE-2022-1960 RESERVED CVE-2022-1959 RESERVED -CVE-2022-1958 - RESERVED +CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...) + TODO: check CVE-2022-1957 RESERVED CVE-2022-1956 @@ -3826,8 +3879,8 @@ CVE-2022-32103 RESERVED CVE-2022-32102 RESERVED -CVE-2022-32101 - RESERVED +CVE-2022-32101 (kkcms v1.3.7 was discovered to contain a SQL injection vulnerability v ...) + TODO: check CVE-2022-32100 RESERVED CVE-2022-32099 @@ -11449,8 +11502,8 @@ CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in NOT-FOR-US: WordPress plugin CVE-2022-29454 RESERVED -CVE-2022-29453 - RESERVED +CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google ...) + TODO: check CVE-2022-29452 RESERVED CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vul ...) @@ -11471,18 +11524,18 @@ CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vul NOT-FOR-US: WordPress plugin CVE-2022-29443 RESERVED -CVE-2022-29442 - RESERVED -CVE-2022-29441 - RESERVED -CVE-2022-29440 - RESERVED -CVE-2022-29439 - RESERVED -CVE-2022-29438 - RESERVED -CVE-2022-29437 - RESERVED +CVE-2022-29442 (Authenticated (subscriber or higher user role) Stored Cross-Site Scrip ...) + TODO: check +CVE-2022-29441 (Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Fo ...) + TODO: check +CVE-2022-29440 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + TODO: check +CVE-2022-29439 (Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by Nex ...) + TODO: check +CVE-2022-29438 (Authenticated (author or higher user role) Persistent Cross-Site Scrip ...) + TODO: check +CVE-2022-29437 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Sl ...) + TODO: check CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...) NOT-FOR-US: WordPress plugin CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...) @@ -11543,8 +11596,8 @@ CVE-2022-29408 (Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Di NOT-FOR-US: WordPress plugin CVE-2022-29407 RESERVED -CVE-2022-29406 - RESERVED +CVE-2022-29406 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + TODO: check CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...) NOT-FOR-US: Rebooter CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...) @@ -12236,8 +12289,8 @@ CVE-2022-1343 (The function `OCSP_basic_verify` verifies the signer certificate - openssl <not-affected> (Only affects OpenSSL 3.0) NOTE: https://www.openssl.org/news/secadv/20220503.txt NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a (openssl-3.0.3) -CVE-2022-1342 - RESERVED +CVE-2022-1342 (A lack of password masking in Devolutions Remote Desktop Manager allow ...) + TODO: check CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...) - bwm-ng 0.6.3-1 (unimportant) NOTE: https://github.com/vgropp/bwm-ng/issues/26 @@ -16156,8 +16209,8 @@ CVE-2022-27861 RESERVED CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...) NOT-FOR-US: WordPress plugin -CVE-2022-27859 - RESERVED +CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + TODO: check CVE-2022-27858 RESERVED CVE-2022-27857 @@ -33369,8 +33422,8 @@ CVE-2022-22446 RESERVED CVE-2022-22445 RESERVED -CVE-2022-22444 - RESERVED +CVE-2022-22444 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploi ...) + TODO: check CVE-2022-22443 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2022-22442 @@ -45013,8 +45066,8 @@ CVE-2022-20827 RESERVED CVE-2022-20826 RESERVED -CVE-2022-20825 - RESERVED +CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...) + TODO: check CVE-2022-20824 RESERVED CVE-2022-20823 @@ -45025,12 +45078,12 @@ CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software NOT-FOR-US: Cisco CVE-2022-20820 RESERVED -CVE-2022-20819 - RESERVED +CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...) + TODO: check CVE-2022-20818 RESERVED -CVE-2022-20817 - RESERVED +CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...) + TODO: check CVE-2022-20816 RESERVED CVE-2022-20815 @@ -45069,8 +45122,8 @@ CVE-2022-20800 RESERVED CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco -CVE-2022-20798 - RESERVED +CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco ...) + TODO: check CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...) NOT-FOR-US: Cisco CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...) @@ -45214,14 +45267,14 @@ CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service NOT-FOR-US: Cisco CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...) NOT-FOR-US: Cisco -CVE-2022-20736 - RESERVED +CVE-2022-20736 (A vulnerability in the web-based management interface of Cisco AppDyna ...) + TODO: check CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...) NOT-FOR-US: Cisco -CVE-2022-20733 - RESERVED +CVE-2022-20733 (A vulnerability in the login page of Cisco Identity Services Engine (I ...) + TODO: check CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...) NOT-FOR-US: Cisco CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...) @@ -45363,8 +45416,8 @@ CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface o NOT-FOR-US: Cisco CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...) NOT-FOR-US: Cisco -CVE-2022-20664 - RESERVED +CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure Email ...) + TODO: check CVE-2022-20663 RESERVED CVE-2022-20662 @@ -46774,8 +46827,8 @@ CVE-2021-42734 RESERVED CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...) NOT-FOR-US: Adobe -CVE-2021-42732 - RESERVED +CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788) ...) + TODO: check CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...) NOT-FOR-US: Adobe CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) @@ -48078,8 +48131,8 @@ CVE-2022-20235 RESERVED CVE-2022-20234 RESERVED -CVE-2022-20233 - RESERVED +CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...) + TODO: check CVE-2022-20232 RESERVED CVE-2022-20231 @@ -48124,209 +48177,203 @@ CVE-2022-20212 RESERVED CVE-2022-20211 RESERVED -CVE-2022-20210 - RESERVED -CVE-2022-20209 - RESERVED -CVE-2022-20208 - RESERVED -CVE-2022-20207 - RESERVED -CVE-2022-20206 - RESERVED -CVE-2022-20205 - RESERVED -CVE-2022-20204 - RESERVED +CVE-2022-20210 (The UE and the EMM communicate with each other using NAS messages. Whe ...) + TODO: check +CVE-2022-20209 (In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possi ...) + TODO: check +CVE-2022-20208 (In parseRecursively of cppbor_parse.cpp, there is a possible out of bo ...) + TODO: check +CVE-2022-20207 (In static definitions of GattServiceConfig.java, there is a possible p ...) + TODO: check +CVE-2022-20206 (In setPackageOrComponentEnabled of NotificationManagerService.java, th ...) + TODO: check +CVE-2022-20205 (In isFileUri of FileUtil.java, there is a possible way to bypass the c ...) + TODO: check +CVE-2022-20204 (In registerRemoteBugreportReceivers of DevicePolicyManagerService.java ...) + TODO: check CVE-2022-20203 RESERVED -CVE-2022-20202 - RESERVED -CVE-2022-20201 - RESERVED -CVE-2022-20200 - RESERVED +CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, ...) + TODO: check +CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a possible out of ...) + TODO: check +CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible leak of ho ...) + TODO: check CVE-2022-20199 RESERVED -CVE-2022-20198 - RESERVED -CVE-2022-20197 - RESERVED -CVE-2022-20196 - RESERVED -CVE-2022-20195 - RESERVED -CVE-2022-20194 - RESERVED -CVE-2022-20193 - RESERVED -CVE-2022-20192 - RESERVED -CVE-2022-20191 - RESERVED -CVE-2022-20190 - RESERVED +CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out o ...) + TODO: check +CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start foreground ...) + TODO: check +CVE-2022-20196 (In gallery3d and photos, there is a possible permission bypass due to ...) + TODO: check +CVE-2022-20195 (In the keystore library, there is a possible prevention of access to s ...) + TODO: check +CVE-2022-20194 (In onCreate of ChooseLockGeneric.java, there is a possible permission ...) + TODO: check +CVE-2022-20193 (In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a ...) + TODO: check +CVE-2022-20192 (In grantEmbeddedWindowFocus of WindowManagerService.java, there is a p ...) + TODO: check +CVE-2022-20191 (Product: AndroidVersions: Android kernelAndroid ID: A-209324757Referen ...) + TODO: check +CVE-2022-20190 (Product: AndroidVersions: Android kernelAndroid ID: A-208744915Referen ...) + TODO: check CVE-2022-20189 RESERVED -CVE-2022-20188 - RESERVED +CVE-2022-20188 (Product: AndroidVersions: Android kernelAndroid ID: A-207254598Referen ...) + TODO: check CVE-2022-20187 RESERVED -CVE-2022-20186 - RESERVED -CVE-2022-20185 - RESERVED -CVE-2022-20184 - RESERVED -CVE-2022-20183 - RESERVED -CVE-2022-20182 - RESERVED -CVE-2022-20181 - RESERVED +CVE-2022-20186 (In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbi ...) + TODO: check +CVE-2022-20185 (In TBD of TBD, there is a possible use after free bug. This could lead ...) + TODO: check +CVE-2022-20184 (Product: AndroidVersions: Android kernelAndroid ID: A-209153114Referen ...) + TODO: check +CVE-2022-20183 (In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out ...) + TODO: check +CVE-2022-20182 (In handle_ramdump of pixel_loader.c, there is a possible way to create ...) + TODO: check +CVE-2022-20181 (Product: AndroidVersions: Android kernelAndroid ID: A-210936609Referen ...) + TODO: check CVE-2022-20180 RESERVED -CVE-2022-20179 - RESERVED -CVE-2022-20178 - RESERVED -CVE-2022-20177 - RESERVED -CVE-2022-20176 - RESERVED -CVE-2022-20175 - RESERVED -CVE-2022-20174 - RESERVED -CVE-2022-20173 - RESERVED -CVE-2022-20172 - RESERVED -CVE-2022-20171 - RESERVED -CVE-2022-20170 - RESERVED -CVE-2022-20169 - RESERVED -CVE-2022-20168 - RESERVED -CVE-2022-20167 - RESERVED -CVE-2022-20166 - RESERVED +CVE-2022-20179 (Product: AndroidVersions: Android kernelAndroid ID: A-211683760Referen ...) + TODO: check +CVE-2022-20178 (In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is ...) + TODO: check +CVE-2022-20177 (Product: AndroidVersions: Android kernelAndroid ID: A-209906686Referen ...) + TODO: check +CVE-2022-20176 (In auth_store of sjtag-driver.c, there is a possible read of uninitial ...) + TODO: check +CVE-2022-20175 (Product: AndroidVersions: Android kernelAndroid ID: A-209252491Referen ...) + TODO: check +CVE-2022-20174 (In exynos_secEnv_init of mach-gs101.c, there is a possible out of boun ...) + TODO: check +CVE-2022-20173 (Product: AndroidVersions: Android kernelAndroid ID: A-207116951Referen ...) + TODO: check +CVE-2022-20172 (In onbind of ShannonRcsService.java, there is a possible access to pro ...) + TODO: check +CVE-2022-20171 (Product: AndroidVersions: Android kernelAndroid ID: A-215565667Referen ...) + TODO: check +CVE-2022-20170 (Product: AndroidVersions: Android kernelAndroid ID: A-209421931Referen ...) + TODO: check +CVE-2022-20169 (Product: AndroidVersions: Android kernelAndroid ID: A-211162353Referen ...) + TODO: check +CVE-2022-20168 (Product: AndroidVersions: Android kernelAndroid ID: A-210594998Referen ...) + TODO: check +CVE-2022-20167 (Product: AndroidVersions: Android kernelAndroid ID: A-204956204Referen ...) + TODO: check +CVE-2022-20166 (In various methods of kernel base drivers, there is a possible out of ...) - linux 5.10.4-1 NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 NOTE: https://git.kernel.org/linus/aa838896d87af561a33ecefea1caa4c15a68bc47 (5.10-rc1) -CVE-2022-20165 - RESERVED -CVE-2022-20164 - RESERVED +CVE-2022-20165 (In asn1_parse of asn1.c, there is a possible out of bounds read due to ...) + TODO: check +CVE-2022-20164 (Product: AndroidVersions: Android kernelAndroid ID: A-204891956Referen ...) + TODO: check CVE-2022-20163 RESERVED -CVE-2022-20162 - RESERVED +CVE-2022-20162 (In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds r ...) + TODO: check CVE-2022-20161 RESERVED -CVE-2022-20160 - RESERVED -CVE-2022-20159 - RESERVED +CVE-2022-20160 (Product: AndroidVersions: Android kernelAndroid ID: A-210083655Referen ...) + TODO: check +CVE-2022-20159 (In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a pos ...) + TODO: check CVE-2022-20158 RESERVED CVE-2022-20157 RESERVED -CVE-2022-20156 - RESERVED -CVE-2022-20155 - RESERVED -CVE-2022-20154 - RESERVED +CVE-2022-20156 (In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code ...) + TODO: check +CVE-2022-20155 (In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-tr ...) + TODO: check +CVE-2022-20154 (In lock_sock_nested of sock.c, there is a possible use after free due ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8) -CVE-2022-20153 - RESERVED +CVE-2022-20153 (In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-afte ...) - linux 5.14.6-1 [bullseye] - linux 5.10.113-1 [buster] - linux <not-affected> (Vulnerable code not present) [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 NOTE: https://git.kernel.org/linus/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (5.13-rc1) -CVE-2022-20152 - RESERVED -CVE-2022-20151 - RESERVED +CVE-2022-20152 (In the TitanM chip, there is a possible out of bounds write due to a m ...) + TODO: check +CVE-2022-20151 (Product: AndroidVersions: Android kernelAndroid ID: A-210712565Referen ...) + TODO: check CVE-2022-20150 RESERVED -CVE-2022-20149 - RESERVED -CVE-2022-20148 - RESERVED +CVE-2022-20149 (Product: AndroidVersions: Android kernelAndroid ID: A-211685939Referen ...) + TODO: check +CVE-2022-20148 (In TBD of TBD, there is a possible use-after-free due to a race condit ...) - linux 5.15.3-1 NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 -CVE-2022-20147 - RESERVED -CVE-2022-20146 - RESERVED -CVE-2022-20145 - RESERVED -CVE-2022-20144 - RESERVED -CVE-2022-20143 - RESERVED -CVE-2022-20142 - RESERVED -CVE-2022-20141 - RESERVED +CVE-2022-20147 (In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out ...) + TODO: check +CVE-2022-20146 (In uploadFile of FileUploadServiceImpl.java, there is a possible incor ...) + TODO: check +CVE-2022-20145 (In startLegacyVpnPrivileged of Vpn.java, there is a possible way to re ...) + TODO: check +CVE-2022-20144 (In multiple functions of AvatarPhotoController.java, there is a possib ...) + TODO: check +CVE-2022-20143 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...) + TODO: check +CVE-2022-20142 (In createFromParcel of GeofenceHardwareRequestParcelable.java, there i ...) + TODO: check +CVE-2022-20141 (In ip_check_mc_rcu of igmp.c, there is a possible use after free due t ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [buster] - linux 4.19.208-1 [stretch] - linux 4.9.290-1 NOTE: https://source.android.com/security/bulletin/2022-06-01 NOTE: https://git.kernel.org/linus/23d2b94043ca8835bd1e67749020e839f396a1c2 (5.15-rc1) -CVE-2022-20140 - RESERVED +CVE-2022-20140 (In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds wri ...) + TODO: check CVE-2022-20139 RESERVED -CVE-2022-20138 - RESERVED -CVE-2022-20137 - RESERVED +CVE-2022-20138 (In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.ja ...) + TODO: check +CVE-2022-20137 (In onCreateContextMenu of NetworkProviderSettings.java, there is a pos ...) + TODO: check CVE-2022-20136 RESERVED -CVE-2022-20135 - RESERVED -CVE-2022-20134 - RESERVED -CVE-2022-20133 - RESERVED -CVE-2022-20132 - RESERVED +CVE-2022-20135 (In writeToParcel of GateKeeperResponse.java, there is a possible parce ...) + TODO: check +CVE-2022-20134 (In readArguments of CallSubjectDialog.java, there is a possible way to ...) + TODO: check +CVE-2022-20133 (In setDiscoverableTimeout of AdapterService.java, there is a possible ...) + TODO: check +CVE-2022-20132 (In lg_probe and related functions of hid-lg.c and other USB HID files, ...) - linux 5.15.15-1 [bullseye] - linux 5.10.92-1 [buster] - linux 4.19.232-1 [stretch] - linux 4.9.303-1 NOTE: https://source.android.com/security/bulletin/2022-06-01 -CVE-2022-20131 - RESERVED -CVE-2022-20130 - RESERVED -CVE-2022-20129 - RESERVED +CVE-2022-20131 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...) + TODO: check +CVE-2022-20130 (In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible ...) + TODO: check +CVE-2022-20129 (In registerPhoneAccount of PhoneAccountRegistrar.java, there is a poss ...) + TODO: check CVE-2022-20128 RESERVED -CVE-2022-20127 - RESERVED -CVE-2022-20126 - RESERVED -CVE-2022-20125 - RESERVED -CVE-2022-20124 - RESERVED -CVE-2022-20123 - RESERVED +CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...) + TODO: check +CVE-2022-20126 (In setScanMode of AdapterService.java, there is a possible way to enab ...) + TODO: check +CVE-2022-20125 (In GBoard, there is a possible way to bypass factory reset protections ...) + TODO: check +CVE-2022-20124 (In deletePackageX of DeletePackageHelper.java, there is a possible way ...) + TODO: check +CVE-2022-20123 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...) + TODO: check CVE-2022-20122 RESERVED CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...) @@ -50751,8 +50798,8 @@ CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosy NOT-FOR-US: Sourcecodester CVE-2021-41673 RESERVED -CVE-2021-41672 - RESERVED +CVE-2021-41672 (PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection i ...) + TODO: check CVE-2021-41671 RESERVED CVE-2021-41670 @@ -51356,8 +51403,8 @@ CVE-2021-41415 RESERVED CVE-2021-41414 RESERVED -CVE-2021-41413 - RESERVED +CVE-2021-41413 (ok-file-formats master 2021-9-12 is affected by a buffer overflow in o ...) + TODO: check CVE-2021-41412 RESERVED CVE-2021-41411 @@ -52570,8 +52617,8 @@ CVE-2021-40942 RESERVED CVE-2021-40941 RESERVED -CVE-2021-40940 - RESERVED +CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...) + TODO: check CVE-2021-40939 RESERVED CVE-2021-40938 @@ -52633,8 +52680,8 @@ CVE-2021-40912 RESERVED CVE-2021-40911 RESERVED -CVE-2021-40910 - RESERVED +CVE-2021-40910 (There is a reflective cross-site scripting (XSS) vulnerability in the ...) + TODO: check CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...) NOT-FOR-US: Sourcecodester CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...) @@ -53096,8 +53143,8 @@ CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.0 NOT-FOR-US: Adobe CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) NOT-FOR-US: Adobe -CVE-2021-40727 - RESERVED +CVE-2021-40727 (Access of Memory Location After End of Buffer (CWE-788 ...) + TODO: check CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) @@ -54436,8 +54483,8 @@ CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within t NOT-FOR-US: GibbonEdu/core CVE-2021-40213 RESERVED -CVE-2021-40212 - RESERVED +CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.2152 ...) + TODO: check CVE-2021-40211 RESERVED CVE-2021-40210 @@ -55371,8 +55418,8 @@ CVE-2021-39822 RESERVED CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...) NOT-FOR-US: Adobe -CVE-2021-39820 - RESERVED +CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...) + TODO: check CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) NOT-FOR-US: Adobe CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) @@ -55399,8 +55446,8 @@ CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, the NOT-FOR-US: Android CVE-2021-39807 (In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible ...) NOT-FOR-US: Android -CVE-2021-39806 - RESERVED +CVE-2021-39806 (In closef of label_backends_android.c, there is a possible way to corr ...) + TODO: check CVE-2021-39805 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2021-39804 (In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a m ...) @@ -55645,8 +55692,8 @@ CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible NOT-FOR-US: Android CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...) NOT-FOR-US: Android -CVE-2021-39691 - RESERVED +CVE-2021-39691 (In WindowManager, there is a possible tapjacking attack due to an inco ...) + TODO: check CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...) NOT-FOR-US: Android CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...) @@ -55805,7 +55852,7 @@ CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a NOT-FOR-US: Android CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...) NOT-FOR-US: Android -CVE-2021-39624 (In Package Manger, there is a possible permanent denial of service due ...) +CVE-2021-39624 (In PackageManager, there is a possible permanent denial of service due ...) NOT-FOR-US: Android CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...) NOT-FOR-US: Android @@ -62753,8 +62800,8 @@ CVE-2021-36903 RESERVED CVE-2021-36902 RESERVED -CVE-2021-36901 - RESERVED +CVE-2021-36901 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phi ...) + TODO: check CVE-2021-36900 RESERVED CVE-2021-36899 @@ -72133,8 +72180,7 @@ CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67) NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67) NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67) -CVE-2021-33036 - RESERVED +CVE-2021-33036 (In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2. ...) - hadoop <itp> (bug #793644) CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...) - libreoffice 1:4.3.1-1 @@ -119504,7 +119550,7 @@ CVE-2020-27070 RESERVED CVE-2020-27069 RESERVED -CVE-2020-27068 (In the nl80211_policy policy of nl80211.c, there is a possible out of ...) +CVE-2020-27068 (Product: AndroidVersions: Android kernelAndroid ID: A-127973231Referen ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 @@ -231379,8 +231425,8 @@ CVE-2019-4577 RESERVED CVE-2019-4576 (IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA d ...) NOT-FOR-US: IBM -CVE-2019-4575 - RESERVED +CVE-2019-4575 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...) + TODO: check CVE-2019-4574 RESERVED CVE-2019-4573 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69b1b4e4f9e87e2aa6f9cb48eb8082ce4ff80564 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69b1b4e4f9e87e2aa6f9cb48eb8082ce4ff80564 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits