[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 17 Aug 2022 13:10:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0ac8df6b by security tracker role at 2022-08-17T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-38392 (A certain 5400 RPM OEM hard drive, as shipped with laptop PCs 
in appro ...)
+       TODO: check
+CVE-2022-2875
+       RESERVED
+CVE-2022-2874
+       RESERVED
+CVE-2022-2873
+       RESERVED
+CVE-2022-2872
+       RESERVED
+CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository 
notrinos/notr ...)
+       TODO: check
 CVE-2022-38391
        RESERVED
 CVE-2022-38390
@@ -113,16 +125,16 @@ CVE-2022-2850 [SIGSEGV in sync_repl]
        NOTE: 
https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
        NOTE: https://github.com/389ds/389-ds-base/issues/5418
        NOTE: Results from an incomplete fix for CVE-2021-3514
-CVE-2022-2849
-       RESERVED
+CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.0 ...)
+       TODO: check
 CVE-2022-2848
        RESERVED
 CVE-2022-2847 (A vulnerability, which was classified as critical, has been 
found in S ...)
        NOT-FOR-US: SourceCodester Guest Management System
 CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar 
Event  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-2845
-       RESERVED
+CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 
9.0.0217. ...)
+       TODO: check
 CVE-2022-2844 (A vulnerability classified as problematic has been found in 
MotoPress  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event 
Schedule. I ...)
@@ -750,8 +762,8 @@ CVE-2022-38152
        RESERVED
 CVE-2022-38151
        RESERVED
-CVE-2022-38149
-       RESERVED
+CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive 
Information ...)
+       TODO: check
 CVE-2022-38148
        RESERVED
 CVE-2022-38147
@@ -2248,8 +2260,8 @@ CVE-2022-37461
        RESERVED
 CVE-2022-37460
        RESERVED
-CVE-2022-37459
-       RESERVED
+CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices 
before  ...)
+       TODO: check
 CVE-2022-37458
        RESERVED
 CVE-2022-37457
@@ -5619,18 +5631,18 @@ CVE-2022-36193
        RESERVED
 CVE-2022-36192
        RESERVED
-CVE-2022-36191
-       RESERVED
-CVE-2022-36190
-       RESERVED
+CVE-2022-36191 (A heap-buffer-overflow had occurred in function 
gf_isom_dovi_config_ge ...)
+       TODO: check
+CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free 
vulnerabili ...)
+       TODO: check
 CVE-2022-36189
        RESERVED
 CVE-2022-36188
        RESERVED
 CVE-2022-36187
        RESERVED
-CVE-2022-36186
-       RESERVED
+CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 
2.1-DEV-revUNK ...)
+       TODO: check
 CVE-2022-36185
        RESERVED
 CVE-2022-36184
@@ -6141,7 +6153,8 @@ CVE-2022-35960
        RESERVED
 CVE-2022-35959
        RESERVED
-CVE-2022-35958 (Discourse is a 100% open source discussion platform. A 
malicious user  ...)
+CVE-2022-35958
+       REJECTED
        NOT-FOR-US: Discourse
 CVE-2022-35957
        RESERVED
@@ -8173,8 +8186,8 @@ CVE-2022-35119
        RESERVED
 CVE-2022-35118 (PyroCMS v3.9 was discovered to contain multiple cross-site 
scripting ( ...)
        NOT-FOR-US: PyroCMS
-CVE-2022-35117
-       RESERVED
+CVE-2022-35117 (Clinic's Patient Management System v1.0 was discovered to 
contain a cr ...)
+       TODO: check
 CVE-2022-35116
        RESERVED
 CVE-2022-35115
@@ -14079,7 +14092,7 @@ CVE-2022-32817
        RESERVED
 CVE-2022-32816 [A UI spoofing issue was addressed with improved UI handling]
        RESERVED
-       {DSA-5211-1 DSA-5210-1}
+       {DSA-5211-1 DSA-5210-1 DLA-3073-1}
        - webkit2gtk 2.36.6-1
        - wpewebkit 2.36.6-1
        NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
@@ -14131,7 +14144,7 @@ CVE-2022-32793
        RESERVED
 CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input 
validation]
        RESERVED
-       {DSA-5211-1 DSA-5210-1}
+       {DSA-5211-1 DSA-5210-1 DLA-3073-1}
        - webkit2gtk 2.36.6-1
        - wpewebkit 2.36.6-1
        NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2
@@ -18542,8 +18555,8 @@ CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an 
addition integer overflo
        NOT-FOR-US: Solana rBPF
 CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of 
e-mail  ...)
        - mastodon <itp> (bug #859741)
-CVE-2022-31262
-       RESERVED
+CVE-2022-31262 (An exploitable local privilege escalation vulnerability exists 
in GOG  ...)
+       TODO: check
 CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and 
5.4.x throu ...)
        NOT-FOR-US: Morpheus
 CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository 
radareorg/radare2 ...)
@@ -21564,8 +21577,8 @@ CVE-2022-30264 (The Emerson ROC and FloBoss RTU product 
lines through 2022-05-02
        NOT-FOR-US: Emerson
 CVE-2022-30263
        RESERVED
-CVE-2022-30262
-       RESERVED
+CVE-2022-30262 (The Emerson ControlWave 'Next Generation' RTUs through 
2022-05-02 mish ...)
+       TODO: check
 CVE-2022-30261
        RESERVED
 CVE-2022-30260
@@ -46169,8 +46182,8 @@ CVE-2022-22457
        RESERVED
 CVE-2022-22456
        RESERVED
-CVE-2022-22455
-       RESERVED
+CVE-2022-22455 (IBM Security Verify Governance Identity Manager 10.0 virtual 
appliance ...)
+       TODO: check
 CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally 
authentic ...)
        NOT-FOR-US: IBM
 CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than 
expected cr ...)
@@ -49044,8 +49057,8 @@ CVE-2021-45456 (Apache kylin checks the legitimacy of 
the project before executi
        NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2021-45455
        RESERVED
-CVE-2021-45454
-       RESERVED
+CVE-2021-45454 (Ampere Altra before SRP 1.08b and Altra Max&#8203; before SRP 
2.05 all ...)
+       TODO: check
 CVE-2021-45453
        RESERVED
 CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, 
and 4.0 b ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac8df6b8e29f8ca995c58ec44fdc69c0f12e786

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac8df6b8e29f8ca995c58ec44fdc69c0f12e786
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to