Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0ac8df6b by security tracker role at 2022-08-17T20:10:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,15 @@ +CVE-2022-38392 (A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in appro ...) + TODO: check +CVE-2022-2875 + RESERVED +CVE-2022-2874 + RESERVED +CVE-2022-2873 + RESERVED +CVE-2022-2872 + RESERVED +CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notr ...) + TODO: check CVE-2022-38391 RESERVED CVE-2022-38390 @@ -113,16 +125,16 @@ CVE-2022-2850 [SIGSEGV in sync_repl] NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979 NOTE: https://github.com/389ds/389-ds-base/issues/5418 NOTE: Results from an incomplete fix for CVE-2021-3514 -CVE-2022-2849 - RESERVED +CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + TODO: check CVE-2022-2848 RESERVED CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Guest Management System CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar Event ...) NOT-FOR-US: WordPress plugin -CVE-2022-2845 - RESERVED +CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217. ...) + TODO: check CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoPress ...) NOT-FOR-US: WordPress plugin CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...) @@ -750,8 +762,8 @@ CVE-2022-38152 RESERVED CVE-2022-38151 RESERVED -CVE-2022-38149 - RESERVED +CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive Information ...) + TODO: check CVE-2022-38148 RESERVED CVE-2022-38147 @@ -2248,8 +2260,8 @@ CVE-2022-37461 RESERVED CVE-2022-37460 RESERVED -CVE-2022-37459 - RESERVED +CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices before ...) + TODO: check CVE-2022-37458 RESERVED CVE-2022-37457 @@ -5619,18 +5631,18 @@ CVE-2022-36193 RESERVED CVE-2022-36192 RESERVED -CVE-2022-36191 - RESERVED -CVE-2022-36190 - RESERVED +CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...) + TODO: check +CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...) + TODO: check CVE-2022-36189 RESERVED CVE-2022-36188 RESERVED CVE-2022-36187 RESERVED -CVE-2022-36186 - RESERVED +CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...) + TODO: check CVE-2022-36185 RESERVED CVE-2022-36184 @@ -6141,7 +6153,8 @@ CVE-2022-35960 RESERVED CVE-2022-35959 RESERVED -CVE-2022-35958 (Discourse is a 100% open source discussion platform. A malicious user ...) +CVE-2022-35958 + REJECTED NOT-FOR-US: Discourse CVE-2022-35957 RESERVED @@ -8173,8 +8186,8 @@ CVE-2022-35119 RESERVED CVE-2022-35118 (PyroCMS v3.9 was discovered to contain multiple cross-site scripting ( ...) NOT-FOR-US: PyroCMS -CVE-2022-35117 - RESERVED +CVE-2022-35117 (Clinic's Patient Management System v1.0 was discovered to contain a cr ...) + TODO: check CVE-2022-35116 RESERVED CVE-2022-35115 @@ -14079,7 +14092,7 @@ CVE-2022-32817 RESERVED CVE-2022-32816 [A UI spoofing issue was addressed with improved UI handling] RESERVED - {DSA-5211-1 DSA-5210-1} + {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 @@ -14131,7 +14144,7 @@ CVE-2022-32793 RESERVED CVE-2022-32792 [An out-of-bounds write issue was addressed with improved input validation] RESERVED - {DSA-5211-1 DSA-5210-1} + {DSA-5211-1 DSA-5210-1 DLA-3073-1} - webkit2gtk 2.36.6-1 - wpewebkit 2.36.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 @@ -18542,8 +18555,8 @@ CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflo NOT-FOR-US: Solana rBPF CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail ...) - mastodon <itp> (bug #859741) -CVE-2022-31262 - RESERVED +CVE-2022-31262 (An exploitable local privilege escalation vulnerability exists in GOG ...) + TODO: check CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x throu ...) NOT-FOR-US: Morpheus CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/radare2 ...) @@ -21564,8 +21577,8 @@ CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02 NOT-FOR-US: Emerson CVE-2022-30263 RESERVED -CVE-2022-30262 - RESERVED +CVE-2022-30262 (The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mish ...) + TODO: check CVE-2022-30261 RESERVED CVE-2022-30260 @@ -46169,8 +46182,8 @@ CVE-2022-22457 RESERVED CVE-2022-22456 RESERVED -CVE-2022-22455 - RESERVED +CVE-2022-22455 (IBM Security Verify Governance Identity Manager 10.0 virtual appliance ...) + TODO: check CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally authentic ...) NOT-FOR-US: IBM CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than expected cr ...) @@ -49044,8 +49057,8 @@ CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executi NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2021-45455 RESERVED -CVE-2021-45454 - RESERVED +CVE-2021-45454 (Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 all ...) + TODO: check CVE-2021-45453 RESERVED CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac8df6b8e29f8ca995c58ec44fdc69c0f12e786 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ac8df6b8e29f8ca995c58ec44fdc69c0f12e786 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits