Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2963291a by security tracker role at 2022-08-31T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2022-39077
+ RESERVED
+CVE-2022-39076
+ RESERVED
+CVE-2022-39075
+ RESERVED
+CVE-2022-39074
+ RESERVED
+CVE-2022-39073
+ RESERVED
+CVE-2022-39072
+ RESERVED
+CVE-2022-39071
+ RESERVED
+CVE-2022-39070
+ RESERVED
+CVE-2022-39069
+ RESERVED
+CVE-2022-39068
+ RESERVED
+CVE-2022-39067
+ RESERVED
+CVE-2022-39066
+ RESERVED
+CVE-2022-39065
+ RESERVED
+CVE-2022-39064
+ RESERVED
+CVE-2022-39063
+ RESERVED
+CVE-2022-39062
+ RESERVED
+CVE-2022-39061
+ RESERVED
+CVE-2022-39060
+ RESERVED
+CVE-2022-39059
+ RESERVED
+CVE-2022-39058
+ RESERVED
+CVE-2022-39057
+ RESERVED
+CVE-2022-39056
+ RESERVED
+CVE-2022-39055
+ RESERVED
+CVE-2022-39054
+ RESERVED
+CVE-2022-39053
+ RESERVED
+CVE-2022-39052
+ RESERVED
+CVE-2022-39051
+ RESERVED
+CVE-2022-39050
+ RESERVED
+CVE-2022-39049
+ RESERVED
+CVE-2022-3069
+ RESERVED
+CVE-2022-3068
+ RESERVED
CVE-2022-39048
RESERVED
CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36.
When the sy ...)
@@ -168,7 +230,7 @@ CVE-2022-3038
RESERVED
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0321.
...)
+CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322.
...)
- vim <unfixed>
NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
NOTE:
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb
(v9.0.0322)
@@ -572,8 +634,8 @@ CVE-2022-38814
RESERVED
CVE-2022-38813
RESERVED
-CVE-2022-38812
- RESERVED
+CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author
parameter. ...)
+ TODO: check
CVE-2022-38811
RESERVED
CVE-2022-38810
@@ -631,8 +693,8 @@ CVE-2022-3030
RESERVED
CVE-2022-3029
RESERVED
-CVE-2022-3028
- RESERVED
+CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework
for tran ...)
+ TODO: check
CVE-2022-3027
RESERVED
CVE-2022-3026
@@ -1253,7 +1315,7 @@ CVE-2022-38627
RESERVED
CVE-2022-38626
RESERVED
-CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain
insufficient f ...)
+CVE-2022-38625 (** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to
contain ...)
NOT-FOR-US: Patlite NH-FB
CVE-2022-38624
RESERVED
@@ -1974,8 +2036,8 @@ CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t
underflow that can lead
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c
(v4.4.0rc1)
-CVE-2022-2866
- RESERVED
+CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and prior is vulnerable to an
out-of- ...)
+ TODO: check
CVE-2022-2865
RESERVED
[experimental] - gitlab 15.2.3+ds1-1
@@ -2718,10 +2780,10 @@ CVE-2022-38155 (TEE_Malloc in Samsung mTower through
0.3.0 allows a trusted appl
NOT-FOR-US: Samsung mTower
CVE-2022-38154
RESERVED
-CVE-2022-38153
- RESERVED
-CVE-2022-38152
- RESERVED
+CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when
--enable-session ...)
+ TODO: check
+CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS
1.3 client ...)
+ TODO: check
CVE-2022-38151
RESERVED
CVE-2022-38149 (HashiCorp Consul Template through 0.29.1 inserts Sensitive
Information ...)
@@ -2792,10 +2854,10 @@ CVE-2022-36351
RESERVED
CVE-2022-33893
RESERVED
-CVE-2022-2759
- RESERVED
-CVE-2022-2758
- RESERVED
+CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions
prior ...)
+ TODO: check
+CVE-2022-2758 (All versions of LS Industrial Systems (LSIS) Co. Ltd LS
Electric PLCs ...)
+ TODO: check
CVE-2022-2757
RESERVED
CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository
kareadita/kavi ...)
@@ -4768,7 +4830,7 @@ CVE-2022-36281
RESERVED
CVE-2022-33940
RESERVED
-CVE-2022-2625 (A vulnerability found in postgresql. On this security issue an
attack ...)
+CVE-2022-2625 (A vulnerability was found in PostgreSQL. This attack requires
permissi ...)
{DLA-3072-1}
- postgresql-14 14.5-1
- postgresql-13 <removed>
@@ -5130,10 +5192,10 @@ CVE-2022-37186
RESERVED
CVE-2022-37185
RESERVED
-CVE-2022-37184
- RESERVED
-CVE-2022-37183
- RESERVED
+CVE-2022-37184 (The application manage_website.php on Garage Management System
1.0 is ...)
+ TODO: check
+CVE-2022-37183 (Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via
/search/ ...)
+ TODO: check
CVE-2022-37182
RESERVED
CVE-2022-37181 (72crm 9.0 has an Arbitrary file upload vulnerability. ...)
@@ -5254,8 +5316,8 @@ CVE-2022-37124
RESERVED
CVE-2022-37123
RESERVED
-CVE-2022-37122
- RESERVED
+CVE-2022-37122 (Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 -
B2.1.0, App ...)
+ TODO: check
CVE-2022-37121
RESERVED
CVE-2022-37120
@@ -5436,8 +5498,7 @@ CVE-2022-37039
RESERVED
CVE-2022-37038
RESERVED
-CVE-2022-2590
- RESERVED
+CVE-2022-2590 (A race condition was found in the way the Linux kernel's memory
subsys ...)
- linux 5.18.16-1
[bullseye] - linux <not-affected> (Vulnerable code introduced later)
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -5541,14 +5602,11 @@ CVE-2019-25073
RESERVED
CVE-2016-15005
RESERVED
-CVE-2022-37023
- RESERVED
+CVE-2022-37023 (Apache Geode versions prior to 1.15.0 are vulnerable to a
deserializat ...)
NOT-FOR-US: Apache Geode
-CVE-2022-37022
- RESERVED
+CVE-2022-37022 (Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable
to a dese ...)
NOT-FOR-US: Apache Geode
-CVE-2022-37021
- RESERVED
+CVE-2022-37021 (Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are
vulnerable t ...)
NOT-FOR-US: Apache Geode
CVE-2022-2581 (Out-of-bounds Read in GitHub repository vim/vim prior to
9.0.0104. ...)
- vim 2:9.0.0135-1 (unimportant)
@@ -6591,8 +6649,8 @@ CVE-2022-36568
RESERVED
CVE-2022-36567
RESERVED
-CVE-2022-36566
- RESERVED
+CVE-2022-36566 (Rengine v1.3.0 was discovered to contain a command injection
vulnerabi ...)
+ TODO: check
CVE-2022-36565 (Incorrect access control in the install directory (C:\Wamp64)
of Wamp ...)
TODO: check
CVE-2022-36564 (Incorrect access control in the install directory
(C:\Strawberry) of S ...)
@@ -6990,12 +7048,12 @@ CVE-2022-2522 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
- vim 2:9.0.0135-1 (bug #1016068)
NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
NOTE:
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089
(v9.0.0061)
-CVE-2022-2521
- RESERVED
-CVE-2022-2520
- RESERVED
-CVE-2022-2519
- RESERVED
+CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid
pointer free ...)
+ TODO: check
+CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc
assertion f ...)
+ TODO: check
+CVE-2022-2519 (There is a double free or corruption in rotateImage() at
tiffcrop.c:88 ...)
+ TODO: check
CVE-2022-2518
RESERVED
CVE-2022-2517
@@ -7332,8 +7390,8 @@ CVE-2022-33949
RESERVED
CVE-2022-32575
RESERVED
-CVE-2022-2485
- RESERVED
+CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride
Field I/ ...)
+ TODO: check
CVE-2022-2484
RESERVED
CVE-2022-2483
@@ -7446,8 +7504,8 @@ CVE-2022-31473 (In BIG-IP Versions 16.1.x before 16.1.1
and 15.1.x before 15.1.4
NOT-FOR-US: F5 BIG-IP
CVE-2022-30535 (In versions 2.x before 2.3.0 and all versions of 1.x, An
attacker auth ...)
NOT-FOR-US: F5
-CVE-2022-2466
- RESERVED
+CVE-2022-2466 (It was found that Quarkus 2.10.x does not terminate HTTP
requests head ...)
+ TODO: check
CVE-2022-2465 (Rockwell Automation ISaGRAF Workbench software versions 6.0
through 6. ...)
NOT-FOR-US: Rockwell Automation
CVE-2022-2464 (Rockwell Automation ISaGRAF Workbench software versions 6.0
through 6. ...)
@@ -8011,8 +8069,8 @@ CVE-2022-36047
RESERVED
CVE-2022-36046
RESERVED
-CVE-2022-36045
- RESERVED
+CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports
either Redis, ...)
+ TODO: check
CVE-2022-36044
RESERVED
CVE-2022-36043
@@ -8031,8 +8089,8 @@ CVE-2022-36037 (kirby is a content management system
(CMS) that adapts to many d
NOT-FOR-US: Kirby CMS
CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX.
There is ...)
TODO: check
-CVE-2022-36035
- RESERVED
+CVE-2022-36035 (Flux is a tool for keeping Kubernetes clusters in sync with
sources of ...)
+ TODO: check
CVE-2022-36034 (nitrado.js is a type safe wrapper for the Nitrado API.
Possible ReDoS ...)
TODO: check
CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning,
scrapin ...)
@@ -11632,8 +11690,7 @@ CVE-2022-2222 (The Download Monitor WordPress plugin
before 4.5.91 does not ensu
NOT-FOR-US: WordPress plugin
CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of
Devolutio ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
-CVE-2022-2220
- RESERVED
+CVE-2022-2220 (OpenShift doesn't properly verify subdomain ownership, which
allows ro ...)
NOT-FOR-US: OpenShift
CVE-2022-2219 (The Unyson WordPress plugin before 2.7.27 does not sanitise and
escape ...)
NOT-FOR-US: WordPress plugin
@@ -13014,8 +13071,7 @@ CVE-2022-2155
RESERVED
CVE-2022-2154
RESERVED
-CVE-2022-2153
- RESERVED
+CVE-2022-2153 (A flaw was found in the Linux kernel’s KVM when
attempting to se ...)
{DSA-5173-1 DLA-3065-1}
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
@@ -13083,8 +13139,7 @@ CVE-2022-2134 (Denial of Service in GitHub repository
inventree/inventree prior
NOT-FOR-US: inventree
CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't
valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2132
- RESERVED
+CVE-2022-2132 (A permissive list of allowed inputs flaw was found in DPDK.
This issue ...)
{DSA-5222-1}
- dpdk <unfixed>
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031
@@ -16421,10 +16476,10 @@ CVE-2022-2046 (The Directorist WordPress plugin
before 7.2.3 allows administrato
NOT-FOR-US: WordPress plugin
CVE-2022-2045
RESERVED
-CVE-2022-2044
- RESERVED
-CVE-2022-2043
- RESERVED
+CVE-2022-2044 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an
out-of-bou ...)
+ TODO: check
+CVE-2022-2043 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an
out-of-bou ...)
+ TODO: check
CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba
@@ -17118,14 +17173,14 @@ CVE-2022-2007 (Use after free in WebGPU in Google
Chrome prior to 102.0.5005.115
- chromium 102.0.5005.115-1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2022-2006
- RESERVED
-CVE-2022-2005
- RESERVED
-CVE-2022-2004
- RESERVED
-CVE-2022-2003
- RESERVED
+CVE-2022-2006 (AutomationDirect DirectLOGIC has a DLL vulnerability in the
install di ...)
+ TODO: check
+CVE-2022-2005 (AutomationDirect C-more EA9 HTTP webserver uses an insecure
mechanism ...)
+ TODO: check
+CVE-2022-2004 (AutomationDirect DirectLOGIC is vulnerable to a a specially
crafted pa ...)
+ TODO: check
+CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically
crafted s ...)
+ TODO: check
CVE-2022-2002
RESERVED
CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to
Cross-Sit ...)
@@ -17991,22 +18046,19 @@ CVE-2022-32205 (A malicious server can serve
excessive amounts of `Set-Cookie:`
NOTE: Fixed by:
https://github.com/curl/curl/commit/48d7064a49148f03942380967da739dcde1cdc24
(curl-7_84_0)
CVE-2022-31734 (** Unsupported When Assigned ** Cisco Catalyst 2940 Series
Switches pr ...)
NOT-FOR-US: Cisco
-CVE-2022-1976
- RESERVED
+CVE-2022-1976 (A flaw was found in the Linux kernel’s implementation of
IO-URIN ...)
- linux 5.18.14-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9cae36a094e7e9d6e5fe8b6dcd4642138b3eb0c7 (5.19-rc1)
NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/2
-CVE-2022-1975 [NFC: netlink: fix sleep in atomic bug when firmware download
timeout]
- RESERVED
+CVE-2022-1975 (There is a sleep-in-atomic bug in /net/nfc/netlink.c that
allows an at ...)
{DSA-5173-1 DSA-5161-1 DLA-3065-1}
- linux 5.17.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/2
NOTE:
https://git.kernel.org/linus/4071bf121d59944d5cd2238de0642f3d7995a997 (5.18-rc6)
-CVE-2022-1974
- RESERVED
+CVE-2022-1974 (A use-after-free flaw was found in the Linux kernel's NFC core
functio ...)
{DSA-5173-1 DSA-5161-1 DLA-3065-1}
- linux 5.17.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1
@@ -19725,8 +19777,8 @@ CVE-2022-1890
RESERVED
CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape
and sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1888
- RESERVED
+CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based
buffer ...)
+ TODO: check
CVE-2021-4231 (A vulnerability was found in Angular up to
11.0.4/11.1.0-next.2. It ha ...)
NOT-FOR-US: angular/angular - replacement for deprecated angularjs
NOTE: AngularJS upstream support has officially ended as of January 2022
@@ -23608,10 +23660,10 @@ CVE-2022-30320 (Saia Burgess Controls (SBC) PCD
through 2022-05-06 uses a Broken
NOT-FOR-US: Saia Burgess Controls
CVE-2022-30319 (Saia Burgess Controls (SBC) PCD through 2022-05-06 allows
Authenticati ...)
NOT-FOR-US: Saia Burgess Controls
-CVE-2022-30318
- RESERVED
-CVE-2022-30317
- RESERVED
+CVE-2022-30318 (Honeywell ControlEdge through R151.1 uses Hard-coded
Credentials. Acco ...)
+ TODO: check
+CVE-2022-30317 (Honeywell Experion LX through 2022-05-06 has Missing
Authentication fo ...)
+ TODO: check
CVE-2022-30316 (Honeywell Experion PKS Safety Manager 5.02 has Insufficient
Verificati ...)
NOT-FOR-US: Honeywell
CVE-2022-30315 (Honeywell Experion PKS Safety Manager (SM and FSC) through
2022-05-06 ...)
@@ -23740,6 +23792,7 @@ CVE-2022-30289 (A stored Cross-site Scripting (XSS)
vulnerability was identified
CVE-2022-30288 (** DISPUTED ** Agoo before 2.14.3 does not reject GraphQL
fragment spr ...)
NOT-FOR-US: Ruby gem agoo
CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a
reflection inj ...)
+ {DLA-3090-1}
- php-horde-turba 4.2.25-6 (bug #1012279)
NOTE: https://blog.sonarsource.com/horde-webmail-rce-via-email/
NOTE:
https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html
@@ -24192,8 +24245,7 @@ CVE-2022-30126 (In Apache Tika, a regular expression in
our StandardsText class,
NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3
CVE-2022-1553 (Leaking password protected articles content due to improper
access con ...)
NOT-FOR-US: Publify
-CVE-2022-1552
- RESERVED
+CVE-2022-1552 (A flaw was found in PostgreSQL. There is an issue with
incomplete effo ...)
{DSA-5136-1 DSA-5135-1}
- postgresql-14 14.3-1
- postgresql-13 <removed>
@@ -25076,8 +25128,7 @@ CVE-2022-29812 (In JetBrains IntelliJ IDEA before
2022.1 notification mechanisms
- intellij-idea <itp> (bug #747616)
CVE-2022-29811 (In JetBrains Hub before 2022.1.14638 stored XSS via project
icon was p ...)
NOT-FOR-US: JetBrains Hub
-CVE-2022-1508
- RESERVED
+CVE-2022-1508 (An out-of-bounds read flaw was found in the Linux
kernel’s io_ur ...)
- linux 5.15.3-1
[bullseye] - linux 5.10.120-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -26092,10 +26143,10 @@ CVE-2022-29504
RESERVED
CVE-2022-29503
RESERVED
-CVE-2022-1405
- RESERVED
-CVE-2022-1404
- RESERVED
+CVE-2022-1405 (CNCSoft: All versions prior to 1.01.32 does not properly
sanitize inpu ...)
+ TODO: check
+CVE-2022-1404 (Delta Electronics CNCSoft (All versions prior to 1.01.32) does
not pro ...)
+ TODO: check
CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize
input ...)
NOT-FOR-US: ASDA-Soft
CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize
input ...)
@@ -26748,16 +26799,14 @@ CVE-2022-1357 (The affected On-Premise cnMaestro
allows an unauthenticated attac
NOT-FOR-US: Cambium Networks cnMaestro
CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By
default, a ...)
NOT-FOR-US: Cambium Networks cnMaestro
-CVE-2022-1355
- RESERVED
+CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in
main() ...)
- tiff 4.3.0-8 (bug #1011160)
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2
-CVE-2022-1354
- RESERVED
+CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c
in TIFFR ...)
- tiff 4.3.0-7
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
@@ -27309,8 +27358,8 @@ CVE-2022-1327 (The Image Gallery WordPress plugin
before 1.1.6 does not sanitize
NOT-FOR-US: WordPress plugin
CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not
saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1325
- RESERVED
+CVE-2022-1325 (A flaw was found in Clmg, where with the help of a maliciously
crafted ...)
+ TODO: check
CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not
sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks
then p ...)
@@ -27362,8 +27411,7 @@ CVE-2022-29065
RESERVED
CVE-2022-29064
RESERVED
-CVE-2022-1319
- RESERVED
+CVE-2022-1319 (A flaw was found in Undertow. For an AJP 400 response, EAP 7 is
improp ...)
- undertow 2.2.17-1 (bug #1016448)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2073890
CVE-2022-1318 (Hills ComNav version 3002-19 suffers from a weak communication
channel ...)
@@ -28427,8 +28475,7 @@ CVE-2022-1261 (Matrikon, a subsidary of Honeywell
Matrikon OPC Server (all versi
NOT-FOR-US: MatrikonOPC
CVE-2022-1260
RESERVED
-CVE-2022-1259
- RESERVED
+CVE-2022-1259 (A flaw was found in Undertow. A potential security issue in
flow contr ...)
- undertow <not-affected> (Incomplete fix not released to any suite)
CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator
(ePO) ...)
NOT-FOR-US: McAfee
@@ -28455,8 +28502,7 @@ CVE-2022-1250 (The LifterLMS PayPal WordPress plugin
before 1.4.0 does not sanit
NOT-FOR-US: WordPress plugin
CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which
has been ...)
NOT-FOR-US: SAP
-CVE-2022-1247
- RESERVED
+CVE-2022-1247 (An issue found in linux-kernel that leads to a race condition
in rose_ ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066799
CVE-2022-1246
@@ -28482,8 +28528,7 @@ CVE-2022-28662 (A vulnerability has been identified in
Simcenter Femap (All vers
NOT-FOR-US: Siemens
CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All
versions & ...)
NOT-FOR-US: Siemens
-CVE-2022-1271
- RESERVED
+CVE-2022-1271 (An arbitrary file write vulnerability was found in GNU gzip's
zgrep ut ...)
{DSA-5123-1 DSA-5122-1 DLA-2977-1 DLA-2976-1}
- xz-utils 5.2.5-2.1 (bug #1009167)
- gzip 1.12-1 (bug #1009168)
@@ -28499,8 +28544,7 @@ CVE-2022-1271
NOTE: Improves further the fix:
https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=9d3248751178939713a39115cf68ec8a11506cc9
(v1.12)
NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/8
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-619/
-CVE-2022-1263
- RESERVED
+CVE-2022-1263 (A NULL pointer dereference issue was found in KVM when
releasing a vCP ...)
- linux 5.17.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -28609,8 +28653,8 @@ CVE-2022-28627 (A local arbitrary code execution
vulnerability was discovered in
NOT-FOR-US: HPE
CVE-2022-28626 (A local arbitrary code execution vulnerability was discovered
in HPE I ...)
NOT-FOR-US: HPE
-CVE-2022-28625
- RESERVED
+CVE-2022-28625 (A local disclosure of sensitive information vulnerability was
discover ...)
+ TODO: check
CVE-2022-28624 (A potential security vulnerability has been identified in
certain HPE ...)
NOT-FOR-US: HPE
CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could
be exploi ...)
@@ -29356,8 +29400,7 @@ CVE-2022-28328 (A vulnerability has been identified in
SCALANCE W1788-1 M12 (All
NOT-FOR-US: Siemens SCALANCE
CVE-2022-1206
RESERVED
-CVE-2022-1205
- RESERVED
+CVE-2022-1205 (A NULL pointer dereference flaw was found in the Linux
kernel’s ...)
{DSA-5173-1 DSA-5127-1}
- linux 5.17.6-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4
@@ -30811,8 +30854,8 @@ CVE-2022-27913
RESERVED
CVE-2022-27912
RESERVED
-CVE-2022-27911
- RESERVED
+CVE-2022-27911 (An issue was discovered in Joomla! 4.2.0. Multiple Full Path
Disclosur ...)
+ TODO: check
CVE-2022-27910 (In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely
most vers ...)
NOT-FOR-US: Joomla component
CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote
user can ch ...)
@@ -35350,10 +35393,10 @@ CVE-2022-26333
REJECTED
CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers
name fie ...)
NOT-FOR-US: Cipi
-CVE-2022-26331
- RESERVED
-CVE-2022-26330
- RESERVED
+CVE-2022-26331 (Potential vulnerabilities have been identified in Micro Focus
ArcSight ...)
+ TODO: check
+CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus
ArcSight ...)
+ TODO: check
CVE-2022-26329
RESERVED
CVE-2022-26328
@@ -52436,8 +52479,8 @@ CVE-2022-21943
RESERVED
CVE-2022-21942
RESERVED
-CVE-2022-21941
- RESERVED
+CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01are
vulnerable ...)
+ TODO: check
CVE-2022-21940
RESERVED
CVE-2022-21939
@@ -121789,12 +121832,12 @@ CVE-2020-35540
REJECTED
CVE-2020-35539
RESERVED
-CVE-2020-35538
- RESERVED
-CVE-2020-35537
- RESERVED
-CVE-2020-35536
- RESERVED
+CVE-2020-35538 (A crafted input file could cause a null pointer dereference in
jcopy_s ...)
+ TODO: check
+CVE-2020-35537 (In gcc, a crafted input source file could cause g++ to crash
during co ...)
+ TODO: check
+CVE-2020-35536 (In gcc, an internal compiler error in match_reload function at
lra-con ...)
+ TODO: check
CVE-2020-35535
RESERVED
CVE-2020-35534
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2963291ad886e1448f623037d2edbf909cf612c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2963291ad886e1448f623037d2edbf909cf612c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
