Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49d2604c by security tracker role at 2022-05-03T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-30126
+ RESERVED
+CVE-2022-1553
+ RESERVED
+CVE-2022-1552
+ RESERVED
+CVE-2019-25060
+ RESERVED
CVE-2022-30125
RESERVED
CVE-2022-30124
@@ -595,6 +603,7 @@ CVE-2022-1517
RESERVED
CVE-2022-1516
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1 (unimportant)
NOTE: Fixed by:
https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1)
NOTE: CONFIG_X25 is not set in Debian
@@ -702,8 +711,8 @@ CVE-2022-29826
RESERVED
CVE-2022-29825
RESERVED
-CVE-2022-29824
- RESERVED
+CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in
buf.c ( ...)
+ TODO: check
CVE-2022-29516
RESERVED
CVE-2022-29823
@@ -1511,6 +1520,7 @@ CVE-2022-1429 (SQL injection in GridHelperService.php in
GitHub repository pimco
CVE-2022-1428
RESERVED
CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a
use-after-free ...)
+ {DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -2350,6 +2360,7 @@ CVE-2022-1354
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319
NOTE: Fixed by:
https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
CVE-2022-1353 (A vulnerability was found in the pfkey_register function in
net/key/af ...)
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE:
https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17)
CVE-2022-1352
@@ -4569,13 +4580,16 @@ CVE-2022-28391 (BusyBox through 1.35.0 allows remote
attackers to execute arbitr
[stretch] - busybox <no-dsa> (Minor issue)
NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the
Linux kerne ...)
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE:
https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1)
CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the
Linux ker ...)
+ {DSA-5127-1}
- linux 5.17.3-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1)
CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the
Linux ker ...)
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE:
https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1)
CVE-2022-28387
@@ -4590,8 +4604,8 @@ CVE-2022-28383
RESERVED
CVE-2022-28382
RESERVED
-CVE-2022-1214
- RESERVED
+CVE-2022-1214 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository
livehelperchat/li ...)
NOT-FOR-US: livehelperchat
CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub
repository mruby ...)
@@ -4613,7 +4627,7 @@ CVE-2022-1211 (A vulnerability classified as critical has
been found in tildearr
- furnace <itp> (bug #1008592)
CVE-2022-28377
RESERVED
-CVE-2022-28376 (Verizon LVSKIHP 5G outside devices through 2022-02-15 allow
anyone (kn ...)
+CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15
allow anyon ...)
NOT-FOR-US: Verizon
CVE-2022-28375
RESERVED
@@ -4665,6 +4679,7 @@ CVE-2022-28358
CVE-2022-28357
RESERVED
CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was
found in ne ...)
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE:
https://git.kernel.org/linus/764f4eb6846f5475f1244767d24d25dd86528a4a
NOTE: https://www.openwall.com/lists/oss-security/2022/04/06/1
@@ -4757,10 +4772,12 @@ CVE-2022-1206
RESERVED
CVE-2022-1205
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4
CVE-2022-1204
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2
CVE-2022-1203
@@ -4928,11 +4945,13 @@ CVE-2022-28281
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281
CVE-2022-1199
RESERVED
+ {DSA-5127-1}
- linux 5.16.18-1
[buster] - linux 4.19.235-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/5
CVE-2022-1198
RESERVED
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3
CVE-2022-1197
@@ -4948,6 +4967,7 @@ CVE-2022-1196
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1196
CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in
driver ...)
+ {DSA-5127-1}
- linux 5.15.15-1
[buster] - linux 4.19.232-1
[stretch] - linux 4.9.303-1
@@ -5373,6 +5393,7 @@ CVE-2022-1159 (Rockwell Automation Studio 5000 Logix
Designer (all versions) are
NOT-FOR-US: Rockwell Automation
CVE-2022-1158
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5663,8 +5684,8 @@ CVE-2022-28120
RESERVED
CVE-2022-28119
RESERVED
-CVE-2022-28118
- RESERVED
+CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code
via a c ...)
+ TODO: check
CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of
Navigate ...)
NOT-FOR-US: Navigate CMS
CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL
injection v ...)
@@ -6766,6 +6787,7 @@ CVE-2022-1057
CVE-2021-46739
RESERVED
CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP
transformation code ...)
+ {DSA-5127-1}
- linux 5.16.18-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
@@ -6872,6 +6894,7 @@ CVE-2022-1049 (A flaw was found in the Pacemaker
configuration tool (pcs). The p
NOTE:
https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5
NOTE: Introduced by
https://github.com/ClusterLabs/pcs/commit/8378cf1a81efc0cd421483234943057e2be0a8ed
(v0.10)
CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel’s
sound subs ...)
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4
@@ -7914,6 +7937,7 @@ CVE-2022-1017
RESERVED
CVE-2022-1016
RESERVED
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5
NOTE: Fixed by:
https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d
@@ -9962,6 +9986,7 @@ CVE-2020-36517 (An information leak in Nabu Casa Home
Assistant Operating System
CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to
1.19.10. ...)
NOT-FOR-US: Node urijs
CVE-2022-26490 (st21nfca_connectivity_event_received in
drivers/nfc/st21nfca/se.c in t ...)
+ {DSA-5127-1}
- linux 5.16.18-1
NOTE:
https://git.kernel.org/linus/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1)
CVE-2022-26486
@@ -14272,8 +14297,8 @@ CVE-2022-24975 (The --mirror documentation for Git
through 2.35.1 does not menti
NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
NOTE: CVE is specifically about --mirror documentation not mentioning
the availability
NOTE: of deleted content.
-CVE-2022-24974
- RESERVED
+CVE-2022-24974 (Links may not be rewritten according to policy in some
specially forma ...)
+ TODO: check
CVE-2022-24973
RESERVED
CVE-2022-24972
@@ -14461,8 +14486,8 @@ CVE-2022-24899
RESERVED
CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by
other X ...)
NOT-FOR-US: Xwiki
-CVE-2022-24897
- RESERVED
+CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs
to evalua ...)
+ TODO: check
CVE-2022-24896
RESERVED
CVE-2022-24895
@@ -18783,10 +18808,10 @@ CVE-2022-23725
RESERVED
CVE-2022-23724
RESERVED
-CVE-2022-23723
- RESERVED
-CVE-2022-23722
- RESERVED
+CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne
MFA Int ...)
+ TODO: check
+CVE-2022-23722 (When a password reset mechanism is configured to use the
Authenticatio ...)
+ TODO: check
CVE-2022-23721
RESERVED
CVE-2022-23720
@@ -21574,6 +21599,7 @@ CVE-2022-0169 (The Photo Gallery by 10Web WordPress
plugin before 1.6.0 does not
NOT-FOR-US: WordPress plugin
CVE-2022-0168
RESERVED
+ {DSA-5127-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -23959,6 +23985,7 @@ CVE-2021-45986 (Tenda routers G1 and G3
v15.11.0.17(9502)_CN were discovered to
CVE-2021-45985
RESERVED
CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux
kernel's c ...)
+ {DSA-5127-1}
- linux 5.15.15-1
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
@@ -26678,8 +26705,7 @@ CVE-2021-4140
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140
CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input
During Web P ...)
NOT-FOR-US: Pimcore
-CVE-2021-4138
- RESERVED
+CVE-2021-4138 (Improved Host header checks to reject requests not sent to a
well-know ...)
- geckodriver <itp> (bug #989456)
CVE-2022-22053
RESERVED
@@ -34946,8 +34972,8 @@ CVE-2022-20769
RESERVED
CVE-2022-20768
RESERVED
-CVE-2022-20767
- RESERVED
+CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco
Firepow ...)
+ TODO: check
CVE-2022-20766
RESERVED
CVE-2022-20765
@@ -34960,14 +34986,14 @@ CVE-2022-20762 (A vulnerability in the Common
Execution Environment (CEE) ConfD
NOT-FOR-US: Cisco
CVE-2022-20761 (A vulnerability in the integrated wireless access point (AP)
packet pr ...)
NOT-FOR-US: Cisco
-CVE-2022-20760
- RESERVED
-CVE-2022-20759
- RESERVED
+CVE-2022-20760 (A vulnerability in the DNS inspection handler of Cisco
Adaptive Securi ...)
+ TODO: check
+CVE-2022-20759 (A vulnerability in the web services interface for remote
access VPN fe ...)
+ TODO: check
CVE-2022-20758 (A vulnerability in the implementation of the Border Gateway
Protocol ( ...)
NOT-FOR-US: Cisco
-CVE-2022-20757
- RESERVED
+CVE-2022-20757 (A vulnerability in the connection handling function in Cisco
Firepower ...)
+ TODO: check
CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity
Services Engin ...)
NOT-FOR-US: Cisco
CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management
interface ...)
@@ -34978,36 +35004,36 @@ CVE-2022-20753
RESERVED
CVE-2022-20752
RESERVED
-CVE-2022-20751
- RESERVED
+CVE-2022-20751 (A vulnerability in the Snort detection engine integration for
Cisco Fi ...)
+ TODO: check
CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of
Cisco Redu ...)
NOT-FOR-US: Cisco
CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260,
RV340, ...)
NOT-FOR-US: Cisco Small Business RV Series Routers
-CVE-2022-20748
- RESERVED
+CVE-2022-20748 (A vulnerability in the local malware analysis process of Cisco
Firepow ...)
+ TODO: check
CVE-2022-20747 (A vulnerability in the History API of Cisco SD-WAN vManage
Software co ...)
NOT-FOR-US: Cisco
-CVE-2022-20746
- RESERVED
-CVE-2022-20745
- RESERVED
-CVE-2022-20744
- RESERVED
-CVE-2022-20743
- RESERVED
-CVE-2022-20742
- RESERVED
+CVE-2022-20746 (A vulnerability in the TCP proxy functionality of Cisco
Firepower Thre ...)
+ TODO: check
+CVE-2022-20745 (A vulnerability in the web services interface for remote
access VPN fe ...)
+ TODO: check
+CVE-2022-20744 (A vulnerability in the input protection mechanisms of Cisco
Firepower ...)
+ TODO: check
+CVE-2022-20743 (A vulnerability in the web management interface of Cisco
Firepower Man ...)
+ TODO: check
+CVE-2022-20742 (A vulnerability in an IPsec VPN library of Cisco Adaptive
Security App ...)
+ TODO: check
CVE-2022-20741 (A vulnerability in the web-based management interface of the
Network D ...)
NOT-FOR-US: Cisco
-CVE-2022-20740
- RESERVED
+CVE-2022-20740 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
+ TODO: check
CVE-2022-20739 (A vulnerability in the CLI of Cisco SD-WAN vManage Software
could allo ...)
NOT-FOR-US: Cisco
CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway
service could ...)
NOT-FOR-US: Cisco
-CVE-2022-20737
- RESERVED
+CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for
resources a ...)
+ TODO: check
CVE-2022-20736
RESERVED
CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
@@ -35020,10 +35046,10 @@ CVE-2022-20732 (A vulnerability in the configuration
file protections of Cisco V
NOT-FOR-US: Cisco
CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital
Building S ...)
NOT-FOR-US: Cisco
-CVE-2022-20730
- RESERVED
-CVE-2022-20729
- RESERVED
+CVE-2022-20730 (A vulnerability in the Security Intelligence feed feature of
Cisco Fir ...)
+ TODO: check
+CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD)
Softwar ...)
+ TODO: check
CVE-2022-20728
RESERVED
CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting
environm ...)
@@ -35050,8 +35076,8 @@ CVE-2022-20717 (A vulnerability in the NETCONF process
of Cisco SD-WAN vEdge Rou
NOT-FOR-US: Cisco
CVE-2022-20716 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow an aut ...)
NOT-FOR-US: Cisco
-CVE-2022-20715
- RESERVED
+CVE-2022-20715 (A vulnerability in the remote access SSL VPN features of Cisco
Adaptiv ...)
+ TODO: check
CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus
line ca ...)
NOT-FOR-US: Cisco
CVE-2022-20713
@@ -35227,12 +35253,12 @@ CVE-2022-20631
RESERVED
CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could
allow an au ...)
NOT-FOR-US: Cisco
-CVE-2022-20629
- RESERVED
-CVE-2022-20628
- RESERVED
-CVE-2022-20627
- RESERVED
+CVE-2022-20629 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
+CVE-2022-20628 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
+CVE-2022-20627 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
CVE-2022-20626
RESERVED
CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of
Cisco FXOS ...)
@@ -37022,16 +37048,16 @@ CVE-2021-42534 (The affected product’s web
application does not properly n
NOT-FOR-US: Trane
CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a
double free ...)
NOT-FOR-US: Adobe
-CVE-2021-42532
- RESERVED
-CVE-2021-42531
- RESERVED
-CVE-2021-42530
- RESERVED
-CVE-2021-42529
- RESERVED
-CVE-2021-42528
- RESERVED
+CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a
stack-b ...)
+ TODO: check
+CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a
stack-b ...)
+ TODO: check
+CVE-2021-42530 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a
stack-b ...)
+ TODO: check
+CVE-2021-42529 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a
stack-b ...)
+ TODO: check
+CVE-2021-42528 (XMP Toolkit 2021.07 (and earlier) is affected by a Null
pointer derefe ...)
+ TODO: check
CVE-2021-42527 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
NOT-FOR-US: Adobe
CVE-2021-42526 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier)
is affect ...)
@@ -52458,8 +52484,8 @@ CVE-2021-36846 (Authenticated (admin or higher user
role) Stored Cross-Site Scri
NOT-FOR-US: WordPress plugin
CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS)
vulnerabiliti ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36844
- RESERVED
+CVE-2021-36844 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability
discover ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36842
@@ -117253,16 +117279,16 @@ CVE-2020-23623
RESERVED
CVE-2020-23622
RESERVED
-CVE-2020-23621
- RESERVED
-CVE-2020-23620
- RESERVED
+CVE-2020-23621 (The Java Remote Management Interface of all versions of SVI MS
Managem ...)
+ TODO: check
+CVE-2020-23620 (The Java Remote Management Interface of all versions of
Orlansoft ERP ...)
+ TODO: check
CVE-2020-23619
RESERVED
-CVE-2020-23618
- RESERVED
-CVE-2020-23617
- RESERVED
+CVE-2020-23618 (A reflected cross site scripting (XSS) vulnerability in Xtend
Voice Lo ...)
+ TODO: check
+CVE-2020-23617 (A cross site scripting (XSS) vulnerability in the error page
of Totoli ...)
+ TODO: check
CVE-2020-23616
RESERVED
CVE-2020-23615
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d2604caf72bf091128d3f2008518c986fb9660
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49d2604caf72bf091128d3f2008518c986fb9660
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
