Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1b2a8e0f by security tracker role at 2022-04-22T20:10:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,56 @@ -CVE-2022-29582 [io_uring: fix race between timeout flush and removal] +CVE-2022-29592 + RESERVED +CVE-2022-29591 + RESERVED +CVE-2022-29590 + RESERVED +CVE-2022-29589 (Crypt Server before 3.3.0 allows XSS in the index view. This is relate ...) + TODO: check +CVE-2022-29588 + RESERVED +CVE-2022-29587 + RESERVED +CVE-2022-29586 + RESERVED +CVE-2022-29585 + RESERVED +CVE-2022-29584 + RESERVED +CVE-2022-29583 (service_windows.go in the kardianos service package for Go omits quoti ...) + TODO: check +CVE-2022-29581 + RESERVED +CVE-2022-29580 + RESERVED +CVE-2022-29579 + RESERVED +CVE-2022-1440 (Command Injection vulnerability in git-interface@2.1.1 in GitHub repos ...) + TODO: check +CVE-2022-1439 (Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository ...) + TODO: check +CVE-2022-1438 + RESERVED +CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + TODO: check +CVE-2022-1436 + RESERVED +CVE-2022-1435 + RESERVED +CVE-2022-1434 + RESERVED +CVE-2022-1433 + RESERVED +CVE-2022-1432 + RESERVED +CVE-2022-1431 + RESERVED +CVE-2022-1430 + RESERVED +CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...) + TODO: check +CVE-2022-1428 + RESERVED +CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free ...) - linux 5.17.3-1 [buster] - linux <not-affected> (Vulnerable code not present) [stretch] - linux <not-affected> (Vulnerable code not present) @@ -4195,8 +4247,8 @@ CVE-2022-28076 RESERVED CVE-2022-28075 RESERVED -CVE-2022-28074 - RESERVED +CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site scripting (XS ...) + TODO: check CVE-2022-28073 RESERVED CVE-2022-28072 @@ -5835,12 +5887,12 @@ CVE-2022-27408 RESERVED CVE-2022-27407 RESERVED -CVE-2022-27406 - RESERVED -CVE-2022-27405 - RESERVED -CVE-2022-27404 - RESERVED +CVE-2022-27406 (FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere ...) + TODO: check +CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere ...) + TODO: check +CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere ...) + TODO: check CVE-2022-27403 RESERVED CVE-2022-27402 @@ -14851,8 +14903,8 @@ CVE-2022-24274 RESERVED CVE-2022-24273 RESERVED -CVE-2022-24272 (An authenticated user may trigger an invariant assertion during comman ...) - TODO: check +CVE-2022-24272 + REJECTED CVE-2022-23400 RESERVED CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...) @@ -20816,7 +20868,7 @@ CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded [stretch] - lighttpd <not-affected> (Vulnerable code not present; the issue was introduced in later versions) NOTE: https://redmine.lighttpd.net/issues/3134 NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664 -CVE-2022-22706 (An Arm product family through 2022-01-03 has an Exposed Dangerous Meth ...) +CVE-2022-22706 (Arm Mali GPU Kernel Driver allows a non-privileged user to achieve wri ...) NOT-FOR-US: ARM Mali GPU driver CVE-2022-22705 RESERVED @@ -45450,8 +45502,8 @@ CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML E NOT-FOR-US: IBM CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...) NOT-FOR-US: IBM -CVE-2021-38946 - RESERVED +CVE-2021-38946 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) + TODO: check CVE-2021-38945 RESERVED CVE-2021-38944 @@ -45532,12 +45584,12 @@ CVE-2021-38907 RESERVED CVE-2021-38906 RESERVED -CVE-2021-38905 - RESERVED -CVE-2021-38904 - RESERVED -CVE-2021-38903 - RESERVED +CVE-2021-38905 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authent ...) + TODO: check +CVE-2021-38904 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote a ...) + TODO: check +CVE-2021-38903 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) + TODO: check CVE-2021-38902 RESERVED CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...) @@ -45570,8 +45622,8 @@ CVE-2021-38888 RESERVED CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) NOT-FOR-US: IBM -CVE-2021-38886 - RESERVED +CVE-2021-38886 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) + TODO: check CVE-2021-38885 RESERVED CVE-2021-38884 @@ -52245,8 +52297,8 @@ CVE-2021-36205 (Under certain circumstances the session token is not cleared on TODO: check CVE-2021-36204 RESERVED -CVE-2021-36203 - RESERVED +CVE-2021-36203 (A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 ...) + TODO: check CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...) NOT-FOR-US: Johnson Controls Metasys CVE-2021-36201 @@ -60104,12 +60156,12 @@ CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Version NOT-FOR-US: FATEK Automation FvDesigner CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...) NOT-FOR-US: Advantech -CVE-2021-32929 - RESERVED +CVE-2021-32929 (All versions of Uffizio GPS Tracker may allow an attacker to perform u ...) + TODO: check CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...) NOT-FOR-US: Sentinel LDK Run-Time Environment installer -CVE-2021-32927 - RESERVED +CVE-2021-32927 (An attacker may be able to inject client-side JavaScript code on multi ...) + TODO: check CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...) NOT-FOR-US: Rockwell Automation CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...) @@ -68620,8 +68672,8 @@ CVE-2021-29826 RESERVED CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...) NOT-FOR-US: IBM -CVE-2021-29824 - RESERVED +CVE-2021-29824 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to privi ...) + TODO: check CVE-2021-29823 RESERVED CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) @@ -92940,8 +92992,8 @@ CVE-2021-20466 RESERVED CVE-2021-20465 RESERVED -CVE-2021-20464 - RESERVED +CVE-2021-20464 (IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, a ...) + TODO: check CVE-2021-20463 RESERVED CVE-2021-20462 @@ -137124,8 +137176,8 @@ CVE-2020-14125 RESERVED CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...) NOT-FOR-US: Xiaomi -CVE-2020-14123 - RESERVED +CVE-2020-14123 (There is a pointer double free vulnerability in Some MIUI Services. Wh ...) + TODO: check CVE-2020-14122 (Some Xiaomi phones have information leakage vulnerabilities, and some ...) TODO: check CVE-2020-14121 (A business logic vulnerability exists in Mi App Store. The vulnerabili ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2a8e0f771310ff61df8d81dd06f370a9e022ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b2a8e0f771310ff61df8d81dd06f370a9e022ca You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits