Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2963291a by security tracker role at 2022-08-31T20:10:36+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,65 @@ +CVE-2022-39077 + RESERVED +CVE-2022-39076 + RESERVED +CVE-2022-39075 + RESERVED +CVE-2022-39074 + RESERVED +CVE-2022-39073 + RESERVED +CVE-2022-39072 + RESERVED +CVE-2022-39071 + RESERVED +CVE-2022-39070 + RESERVED +CVE-2022-39069 + RESERVED +CVE-2022-39068 + RESERVED +CVE-2022-39067 + RESERVED +CVE-2022-39066 + RESERVED +CVE-2022-39065 + RESERVED +CVE-2022-39064 + RESERVED +CVE-2022-39063 + RESERVED +CVE-2022-39062 + RESERVED +CVE-2022-39061 + RESERVED +CVE-2022-39060 + RESERVED +CVE-2022-39059 + RESERVED +CVE-2022-39058 + RESERVED +CVE-2022-39057 + RESERVED +CVE-2022-39056 + RESERVED +CVE-2022-39055 + RESERVED +CVE-2022-39054 + RESERVED +CVE-2022-39053 + RESERVED +CVE-2022-39052 + RESERVED +CVE-2022-39051 + RESERVED +CVE-2022-39050 + RESERVED +CVE-2022-39049 + RESERVED +CVE-2022-3069 + RESERVED +CVE-2022-3068 + RESERVED CVE-2022-39048 RESERVED CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...) @@ -168,7 +230,7 @@ CVE-2022-3038 RESERVED - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0321. ...) +CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. ...) - vim <unfixed> NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322) @@ -572,8 +634,8 @@ CVE-2022-38814 RESERVED CVE-2022-38813 RESERVED -CVE-2022-38812 - RESERVED +CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. ...) + TODO: check CVE-2022-38811 RESERVED CVE-2022-38810 @@ -631,8 +693,8 @@ CVE-2022-3030 RESERVED CVE-2022-3029 RESERVED -CVE-2022-3028 - RESERVED +CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...) + TODO: check CVE-2022-3027 RESERVED CVE-2022-3026 @@ -1253,7 +1315,7 @@ CVE-2022-38627 RESERVED CVE-2022-38626 RESERVED -CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain insufficient f ...) +CVE-2022-38625 (** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain ...) NOT-FOR-US: Patlite NH-FB CVE-2022-38624 RESERVED @@ -1974,8 +2036,8 @@ CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) -CVE-2022-2866 - RESERVED +CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of- ...) + TODO: check CVE-2022-2865 RESERVED [experimental] - gitlab 15.2.3+ds1-1 @@ -2718,10 +2780,10 @@ CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted appl NOT-FOR-US: Samsung mTower CVE-2022-38154 RESERVED -CVE-2022-38153 - RESERVED -CVE-2022-38152 - RESERVED +CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when --enable-session ...) + TODO: check +CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client ...) + TODO: check CVE-2022-38151 RESERVED CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive Information ...) @@ -2792,10 +2854,10 @@ CVE-2022-36351 RESERVED CVE-2022-33893 RESERVED -CVE-2022-2759 - RESERVED -CVE-2022-2758 - RESERVED +CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions prior ...) + TODO: check +CVE-2022-2758 (All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs ...) + TODO: check CVE-2022-2757 RESERVED CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavi ...) @@ -4768,7 +4830,7 @@ CVE-2022-36281 RESERVED CVE-2022-33940 RESERVED -CVE-2022-2625 (A vulnerability found in postgresql. On this security issue an attack ...) +CVE-2022-2625 (A vulnerability was found in PostgreSQL. This attack requires permissi ...) {DLA-3072-1} - postgresql-14 14.5-1 - postgresql-13 <removed> @@ -5130,10 +5192,10 @@ CVE-2022-37186 RESERVED CVE-2022-37185 RESERVED -CVE-2022-37184 - RESERVED -CVE-2022-37183 - RESERVED +CVE-2022-37184 (The application manage_website.php on Garage Management System 1.0 is ...) + TODO: check +CVE-2022-37183 (Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/ ...) + TODO: check CVE-2022-37182 RESERVED CVE-2022-37181 (72crm 9.0 has an Arbitrary file upload vulnerability. ...) @@ -5254,8 +5316,8 @@ CVE-2022-37124 RESERVED CVE-2022-37123 RESERVED -CVE-2022-37122 - RESERVED +CVE-2022-37122 (Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, App ...) + TODO: check CVE-2022-37121 RESERVED CVE-2022-37120 @@ -5436,8 +5498,7 @@ CVE-2022-37039 RESERVED CVE-2022-37038 RESERVED -CVE-2022-2590 - RESERVED +CVE-2022-2590 (A race condition was found in the way the Linux kernel's memory subsys ...) - linux 5.18.16-1 [bullseye] - linux <not-affected> (Vulnerable code introduced later) [buster] - linux <not-affected> (Vulnerable code introduced later) @@ -5541,14 +5602,11 @@ CVE-2019-25073 RESERVED CVE-2016-15005 RESERVED -CVE-2022-37023 - RESERVED +CVE-2022-37023 (Apache Geode versions prior to 1.15.0 are vulnerable to a deserializat ...) NOT-FOR-US: Apache Geode -CVE-2022-37022 - RESERVED +CVE-2022-37022 (Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a dese ...) NOT-FOR-US: Apache Geode -CVE-2022-37021 - RESERVED +CVE-2022-37021 (Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable t ...) NOT-FOR-US: Apache Geode CVE-2022-2581 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. ...) - vim 2:9.0.0135-1 (unimportant) @@ -6591,8 +6649,8 @@ CVE-2022-36568 RESERVED CVE-2022-36567 RESERVED -CVE-2022-36566 - RESERVED +CVE-2022-36566 (Rengine v1.3.0 was discovered to contain a command injection vulnerabi ...) + TODO: check CVE-2022-36565 (Incorrect access control in the install directory (C:\Wamp64) of Wamp ...) TODO: check CVE-2022-36564 (Incorrect access control in the install directory (C:\Strawberry) of S ...) @@ -6990,12 +7048,12 @@ CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to - vim 2:9.0.0135-1 (bug #1016068) NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 NOTE: https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 (v9.0.0061) -CVE-2022-2521 - RESERVED -CVE-2022-2520 - RESERVED -CVE-2022-2519 - RESERVED +CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid pointer free ...) + TODO: check +CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion f ...) + TODO: check +CVE-2022-2519 (There is a double free or corruption in rotateImage() at tiffcrop.c:88 ...) + TODO: check CVE-2022-2518 RESERVED CVE-2022-2517 @@ -7332,8 +7390,8 @@ CVE-2022-33949 RESERVED CVE-2022-32575 RESERVED -CVE-2022-2485 - RESERVED +CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride Field I/ ...) + TODO: check CVE-2022-2484 RESERVED CVE-2022-2483 @@ -7446,8 +7504,8 @@ CVE-2022-31473 (In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4 NOT-FOR-US: F5 BIG-IP CVE-2022-30535 (In versions 2.x before 2.3.0 and all versions of 1.x, An attacker auth ...) NOT-FOR-US: F5 -CVE-2022-2466 - RESERVED +CVE-2022-2466 (It was found that Quarkus 2.10.x does not terminate HTTP requests head ...) + TODO: check CVE-2022-2465 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) NOT-FOR-US: Rockwell Automation CVE-2022-2464 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) @@ -8011,8 +8069,8 @@ CVE-2022-36047 RESERVED CVE-2022-36046 RESERVED -CVE-2022-36045 - RESERVED +CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...) + TODO: check CVE-2022-36044 RESERVED CVE-2022-36043 @@ -8031,8 +8089,8 @@ CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many d NOT-FOR-US: Kirby CMS CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is ...) TODO: check -CVE-2022-36035 - RESERVED +CVE-2022-36035 (Flux is a tool for keeping Kubernetes clusters in sync with sources of ...) + TODO: check CVE-2022-36034 (nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS ...) TODO: check CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning, scrapin ...) @@ -11632,8 +11690,7 @@ CVE-2022-2222 (The Download Monitor WordPress plugin before 4.5.91 does not ensu NOT-FOR-US: WordPress plugin CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of Devolutio ...) NOT-FOR-US: Devolutions Remote Desktop Manager -CVE-2022-2220 - RESERVED +CVE-2022-2220 (OpenShift doesn't properly verify subdomain ownership, which allows ro ...) NOT-FOR-US: OpenShift CVE-2022-2219 (The Unyson WordPress plugin before 2.7.27 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin @@ -13014,8 +13071,7 @@ CVE-2022-2155 RESERVED CVE-2022-2154 RESERVED -CVE-2022-2153 - RESERVED +CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when attempting to se ...) {DSA-5173-1 DLA-3065-1} - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 @@ -13083,8 +13139,7 @@ CVE-2022-2134 (Denial of Service in GitHub repository inventree/inventree prior NOT-FOR-US: inventree CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't valida ...) NOT-FOR-US: WordPress plugin -CVE-2022-2132 - RESERVED +CVE-2022-2132 (A permissive list of allowed inputs flaw was found in DPDK. This issue ...) {DSA-5222-1} - dpdk <unfixed> NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031 @@ -16421,10 +16476,10 @@ CVE-2022-2046 (The Directorist WordPress plugin before 7.2.3 allows administrato NOT-FOR-US: WordPress plugin CVE-2022-2045 RESERVED -CVE-2022-2044 - RESERVED -CVE-2022-2043 - RESERVED +CVE-2022-2044 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bou ...) + TODO: check +CVE-2022-2043 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bou ...) + TODO: check CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba @@ -17118,14 +17173,14 @@ CVE-2022-2007 (Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 - chromium 102.0.5005.115-1 [buster] - chromium <end-of-life> (see DSA 5046) [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2022-2006 - RESERVED -CVE-2022-2005 - RESERVED -CVE-2022-2004 - RESERVED -CVE-2022-2003 - RESERVED +CVE-2022-2006 (AutomationDirect DirectLOGIC has a DLL vulnerability in the install di ...) + TODO: check +CVE-2022-2005 (AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism ...) + TODO: check +CVE-2022-2004 (AutomationDirect DirectLOGIC is vulnerable to a a specially crafted pa ...) + TODO: check +CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically crafted s ...) + TODO: check CVE-2022-2002 RESERVED CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cross-Sit ...) @@ -17991,22 +18046,19 @@ CVE-2022-32205 (A malicious server can serve excessive amounts of `Set-Cookie:` NOTE: Fixed by: https://github.com/curl/curl/commit/48d7064a49148f03942380967da739dcde1cdc24 (curl-7_84_0) CVE-2022-31734 (** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches pr ...) NOT-FOR-US: Cisco -CVE-2022-1976 - RESERVED +CVE-2022-1976 (A flaw was found in the Linux kernel’s implementation of IO-URIN ...) - linux 5.18.14-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/9cae36a094e7e9d6e5fe8b6dcd4642138b3eb0c7 (5.19-rc1) NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/2 -CVE-2022-1975 [NFC: netlink: fix sleep in atomic bug when firmware download timeout] - RESERVED +CVE-2022-1975 (There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an at ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/2 NOTE: https://git.kernel.org/linus/4071bf121d59944d5cd2238de0642f3d7995a997 (5.18-rc6) -CVE-2022-1974 - RESERVED +CVE-2022-1974 (A use-after-free flaw was found in the Linux kernel's NFC core functio ...) {DSA-5173-1 DSA-5161-1 DLA-3065-1} - linux 5.17.11-1 NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1 @@ -19725,8 +19777,8 @@ CVE-2022-1890 RESERVED CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...) NOT-FOR-US: WordPress plugin -CVE-2022-1888 - RESERVED +CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer ...) + TODO: check CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...) NOT-FOR-US: angular/angular - replacement for deprecated angularjs NOTE: AngularJS upstream support has officially ended as of January 2022 @@ -23608,10 +23660,10 @@ CVE-2022-30320 (Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken NOT-FOR-US: Saia Burgess Controls CVE-2022-30319 (Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authenticati ...) NOT-FOR-US: Saia Burgess Controls -CVE-2022-30318 - RESERVED -CVE-2022-30317 - RESERVED +CVE-2022-30318 (Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Acco ...) + TODO: check +CVE-2022-30317 (Honeywell Experion LX through 2022-05-06 has Missing Authentication fo ...) + TODO: check CVE-2022-30316 (Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verificati ...) NOT-FOR-US: Honeywell CVE-2022-30315 (Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 ...) @@ -23740,6 +23792,7 @@ CVE-2022-30289 (A stored Cross-site Scripting (XSS) vulnerability was identified CVE-2022-30288 (** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL fragment spr ...) NOT-FOR-US: Ruby gem agoo CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflection inj ...) + {DLA-3090-1} - php-horde-turba 4.2.25-6 (bug #1012279) NOTE: https://blog.sonarsource.com/horde-webmail-rce-via-email/ NOTE: https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html @@ -24192,8 +24245,7 @@ CVE-2022-30126 (In Apache Tika, a regular expression in our StandardsText class, NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3 CVE-2022-1553 (Leaking password protected articles content due to improper access con ...) NOT-FOR-US: Publify -CVE-2022-1552 - RESERVED +CVE-2022-1552 (A flaw was found in PostgreSQL. There is an issue with incomplete effo ...) {DSA-5136-1 DSA-5135-1} - postgresql-14 14.3-1 - postgresql-13 <removed> @@ -25076,8 +25128,7 @@ CVE-2022-29812 (In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms - intellij-idea <itp> (bug #747616) CVE-2022-29811 (In JetBrains Hub before 2022.1.14638 stored XSS via project icon was p ...) NOT-FOR-US: JetBrains Hub -CVE-2022-1508 - RESERVED +CVE-2022-1508 (An out-of-bounds read flaw was found in the Linux kernel’s io_ur ...) - linux 5.15.3-1 [bullseye] - linux 5.10.120-1 [buster] - linux <not-affected> (Vulnerable code not present) @@ -26092,10 +26143,10 @@ CVE-2022-29504 RESERVED CVE-2022-29503 RESERVED -CVE-2022-1405 - RESERVED -CVE-2022-1404 - RESERVED +CVE-2022-1405 (CNCSoft: All versions prior to 1.01.32 does not properly sanitize inpu ...) + TODO: check +CVE-2022-1404 (Delta Electronics CNCSoft (All versions prior to 1.01.32) does not pro ...) + TODO: check CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...) NOT-FOR-US: ASDA-Soft CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...) @@ -26748,16 +26799,14 @@ CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attac NOT-FOR-US: Cambium Networks cnMaestro CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...) NOT-FOR-US: Cambium Networks cnMaestro -CVE-2022-1355 - RESERVED +CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...) - tiff 4.3.0-8 (bug #1011160) [bullseye] - tiff <no-dsa> (Minor issue) [buster] - tiff <no-dsa> (Minor issue) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2 -CVE-2022-1354 - RESERVED +CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFR ...) - tiff 4.3.0-7 [bullseye] - tiff <no-dsa> (Minor issue) [buster] - tiff <no-dsa> (Minor issue) @@ -27309,8 +27358,8 @@ CVE-2022-1327 (The Image Gallery WordPress plugin before 1.1.6 does not sanitize NOT-FOR-US: WordPress plugin CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not saniti ...) NOT-FOR-US: WordPress plugin -CVE-2022-1325 - RESERVED +CVE-2022-1325 (A flaw was found in Clmg, where with the help of a maliciously crafted ...) + TODO: check CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...) NOT-FOR-US: WordPress plugin CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...) @@ -27362,8 +27411,7 @@ CVE-2022-29065 RESERVED CVE-2022-29064 RESERVED -CVE-2022-1319 - RESERVED +CVE-2022-1319 (A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improp ...) - undertow 2.2.17-1 (bug #1016448) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2073890 CVE-2022-1318 (Hills ComNav version 3002-19 suffers from a weak communication channel ...) @@ -28427,8 +28475,7 @@ CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versi NOT-FOR-US: MatrikonOPC CVE-2022-1260 RESERVED -CVE-2022-1259 - RESERVED +CVE-2022-1259 (A flaw was found in Undertow. A potential security issue in flow contr ...) - undertow <not-affected> (Incomplete fix not released to any suite) CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) ...) NOT-FOR-US: McAfee @@ -28455,8 +28502,7 @@ CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanit NOT-FOR-US: WordPress plugin CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...) NOT-FOR-US: SAP -CVE-2022-1247 - RESERVED +CVE-2022-1247 (An issue found in linux-kernel that leads to a race condition in rose_ ...) - linux <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066799 CVE-2022-1246 @@ -28482,8 +28528,7 @@ CVE-2022-28662 (A vulnerability has been identified in Simcenter Femap (All vers NOT-FOR-US: Siemens CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All versions & ...) NOT-FOR-US: Siemens -CVE-2022-1271 - RESERVED +CVE-2022-1271 (An arbitrary file write vulnerability was found in GNU gzip's zgrep ut ...) {DSA-5123-1 DSA-5122-1 DLA-2977-1 DLA-2976-1} - xz-utils 5.2.5-2.1 (bug #1009167) - gzip 1.12-1 (bug #1009168) @@ -28499,8 +28544,7 @@ CVE-2022-1271 NOTE: Improves further the fix: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=9d3248751178939713a39115cf68ec8a11506cc9 (v1.12) NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/8 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-619/ -CVE-2022-1263 - RESERVED +CVE-2022-1263 (A NULL pointer dereference issue was found in KVM when releasing a vCP ...) - linux 5.17.3-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) @@ -28609,8 +28653,8 @@ CVE-2022-28627 (A local arbitrary code execution vulnerability was discovered in NOT-FOR-US: HPE CVE-2022-28626 (A local arbitrary code execution vulnerability was discovered in HPE I ...) NOT-FOR-US: HPE -CVE-2022-28625 - RESERVED +CVE-2022-28625 (A local disclosure of sensitive information vulnerability was discover ...) + TODO: check CVE-2022-28624 (A potential security vulnerability has been identified in certain HPE ...) NOT-FOR-US: HPE CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploi ...) @@ -29356,8 +29400,7 @@ CVE-2022-28328 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All NOT-FOR-US: Siemens SCALANCE CVE-2022-1206 RESERVED -CVE-2022-1205 - RESERVED +CVE-2022-1205 (A NULL pointer dereference flaw was found in the Linux kernel’s ...) {DSA-5173-1 DSA-5127-1} - linux 5.17.6-1 NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4 @@ -30811,8 +30854,8 @@ CVE-2022-27913 RESERVED CVE-2022-27912 RESERVED -CVE-2022-27911 - RESERVED +CVE-2022-27911 (An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosur ...) + TODO: check CVE-2022-27910 (In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most vers ...) NOT-FOR-US: Joomla component CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can ch ...) @@ -35350,10 +35393,10 @@ CVE-2022-26333 REJECTED CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name fie ...) NOT-FOR-US: Cipi -CVE-2022-26331 - RESERVED -CVE-2022-26330 - RESERVED +CVE-2022-26331 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + TODO: check +CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + TODO: check CVE-2022-26329 RESERVED CVE-2022-26328 @@ -52436,8 +52479,8 @@ CVE-2022-21943 RESERVED CVE-2022-21942 RESERVED -CVE-2022-21941 - RESERVED +CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable ...) + TODO: check CVE-2022-21940 RESERVED CVE-2022-21939 @@ -121789,12 +121832,12 @@ CVE-2020-35540 REJECTED CVE-2020-35539 RESERVED -CVE-2020-35538 - RESERVED -CVE-2020-35537 - RESERVED -CVE-2020-35536 - RESERVED +CVE-2020-35538 (A crafted input file could cause a null pointer dereference in jcopy_s ...) + TODO: check +CVE-2020-35537 (In gcc, a crafted input source file could cause g++ to crash during co ...) + TODO: check +CVE-2020-35536 (In gcc, an internal compiler error in match_reload function at lra-con ...) + TODO: check CVE-2020-35535 RESERVED CVE-2020-35534 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2963291ad886e1448f623037d2edbf909cf612c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2963291ad886e1448f623037d2edbf909cf612c7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits