Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c7476cd1 by security tracker role at 2022-07-15T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,15 @@ +CVE-2022-2420 + RESERVED +CVE-2022-2419 + RESERVED +CVE-2022-2418 + RESERVED +CVE-2022-2417 + RESERVED +CVE-2022-2416 + RESERVED +CVE-2022-2415 + RESERVED CVE-2022-35873 RESERVED CVE-2022-35872 @@ -4534,12 +4546,12 @@ CVE-2022-34096 RESERVED CVE-2022-34095 RESERVED -CVE-2022-34094 - RESERVED -CVE-2022-34093 - RESERVED -CVE-2022-34092 - RESERVED +CVE-2022-34094 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) + TODO: check +CVE-2022-34093 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) + TODO: check +CVE-2022-34092 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) + TODO: check CVE-2022-34091 RESERVED CVE-2022-34090 @@ -8581,8 +8593,8 @@ CVE-2022-32427 RESERVED CVE-2022-32426 RESERVED -CVE-2022-32425 - RESERVED +CVE-2022-32425 (The login function of Mealie v1.0.0beta-2 allows attackers to enumerat ...) + TODO: check CVE-2022-32424 RESERVED CVE-2022-32423 @@ -8597,12 +8609,12 @@ CVE-2022-32419 RESERVED CVE-2022-32418 RESERVED -CVE-2022-32417 - RESERVED -CVE-2022-32416 - RESERVED -CVE-2022-32415 - RESERVED +CVE-2022-32417 (PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE ...) + TODO: check +CVE-2022-32416 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...) + TODO: check +CVE-2022-32415 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/? ...) + TODO: check CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) NOT-FOR-US: njs CVE-2022-32413 (An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers ...) @@ -8613,14 +8625,14 @@ CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows att NOT-FOR-US: HongCMS CVE-2022-32410 RESERVED -CVE-2022-32409 - RESERVED +CVE-2022-32409 (A local file inclusion (LFI) vulnerability in the component codemirror ...) + TODO: check CVE-2022-32408 RESERVED CVE-2022-32407 RESERVED -CVE-2022-32406 - RESERVED +CVE-2022-32406 (GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the ...) + TODO: check CVE-2022-32405 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) NOT-FOR-US: Prison Management System CVE-2022-32404 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) @@ -8653,8 +8665,8 @@ CVE-2022-32391 (Prison Management System v1.0 was discovered to contain a SQL in NOT-FOR-US: Prison Management System CVE-2022-32390 RESERVED -CVE-2022-32389 - RESERVED +CVE-2022-32389 (Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in ...) + TODO: check CVE-2022-32388 RESERVED CVE-2022-32387 @@ -8785,8 +8797,8 @@ CVE-2022-32325 (JPEGOPTIM v1.4.7 was discovered to contain a segmentation violat TODO: check CVE-2022-32324 (PDFAlto v0.4 was discovered to contain a heap buffer overflow via the ...) NOT-FOR-US: PDFAlto -CVE-2022-32323 - RESERVED +CVE-2022-32323 (AutoTrace v0.40.0 was discovered to contain a heap overflow via the Re ...) + TODO: check CVE-2022-32322 RESERVED CVE-2022-32321 @@ -8795,10 +8807,10 @@ CVE-2022-32320 RESERVED CVE-2022-32319 RESERVED -CVE-2022-32318 - RESERVED -CVE-2022-32317 - RESERVED +CVE-2022-32318 (Fast Food Ordering System v1.0 was discovered to contain a persistent ...) + TODO: check +CVE-2022-32317 (The MPlayer Project v1.5 was discovered to contain a heap use-after-fr ...) + TODO: check CVE-2022-32316 RESERVED CVE-2022-32315 @@ -8840,8 +8852,8 @@ CVE-2022-32300 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vuln NOT-FOR-US: YoudianCMS CVE-2022-32299 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) NOT-FOR-US: YoudianCMS -CVE-2022-32298 - RESERVED +CVE-2022-32298 (Toybox v0.8.7 was discovered to contain a NULL pointer dereference via ...) + TODO: check CVE-2022-32297 (Piwigo v12.2.0 was discovered to contain SQL injection vulnerability v ...) - piwigo <removed> CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra re ...) @@ -12194,8 +12206,8 @@ CVE-2022-31158 RESERVED CVE-2022-31157 RESERVED -CVE-2022-31156 - RESERVED +CVE-2022-31156 (Gradle is a build tool. Dependency verification is a security feature ...) + TODO: check CVE-2022-31155 RESERVED CVE-2022-31154 @@ -12212,8 +12224,8 @@ CVE-2022-31149 RESERVED CVE-2022-31148 RESERVED -CVE-2022-31147 - RESERVED +CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...) + TODO: check CVE-2022-31146 RESERVED CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...) @@ -25372,6 +25384,7 @@ CVE-2022-26711 (An integer overflow issue was addressed with improved input vali NOT-FOR-US: Apple CVE-2022-26710 RESERVED + {DSA-5183-1 DSA-5182-1} - webkit2gtk 2.36.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.4-1 @@ -34579,8 +34592,7 @@ CVE-2022-23827 RESERVED CVE-2022-23826 RESERVED -CVE-2022-23825 [AMD CPUs exhibit phantom jumps] - RESERVED +CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to predi ...) - linux <unfixed> - xen <unfixed> [buster] - xen <end-of-life> (DSA 4677-1) @@ -38815,6 +38827,7 @@ CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher all NOT-FOR-US: Rancher CVE-2022-22677 RESERVED + {DSA-5183-1 DSA-5182-1} - webkit2gtk 2.36.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - wpewebkit 2.36.4-1 @@ -43442,8 +43455,7 @@ CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...) NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938 NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257) NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847) -CVE-2021-4135 - RESERVED +CVE-2021-4135 (A memory leak vulnerability was found in the Linux kernel's eBPF for t ...) {DSA-5096-1 DLA-2941-1} - linux 5.15.15-1 (unimportant) [bullseye] - linux 5.10.92-1 @@ -95586,12 +95598,12 @@ CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an attacke TODO: check CVE-2021-26385 RESERVED -CVE-2021-26384 - RESERVED +CVE-2021-26384 (A malformed SMI (System Management Interface) command may allow an att ...) + TODO: check CVE-2021-26383 RESERVED -CVE-2021-26382 - RESERVED +CVE-2021-26382 (An attacker with root account privileges can load any legitimately sig ...) + TODO: check CVE-2021-26381 RESERVED CVE-2021-26380 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7476cd13eddb4b688643afb7d98934876e51e88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7476cd13eddb4b688643afb7d98934876e51e88 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits