[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 10 May 2022 01:10:35 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf0aa6e3 by security tracker role at 2022-05-10T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2022-30526
+       RESERVED
+CVE-2022-30525
+       RESERVED
+CVE-2022-1646
+       RESERVED
+CVE-2022-1645
+       RESERVED
+CVE-2022-1644
+       RESERVED
+CVE-2022-1643
+       RESERVED
 CVE-2022-30524 (There is an invalid memory access in the TextLine class in 
TextOutputD ...)
        TODO: check
 CVE-2022-30523
@@ -417,8 +429,8 @@ CVE-2022-1623
        RESERVED
 CVE-2022-1622
        RESERVED
-CVE-2022-1621
-       RESERVED
+CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub 
repository vim ...)
+       TODO: check
 CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in 
stl_update_ ...)
        - admesh <unfixed> (bug #1010770)
        [bullseye] - admesh <no-dsa> (Minor issue; can be fixed via point 
release)
@@ -11584,13 +11596,14 @@ CVE-2022-26356 (Racy interactions between dirty vram 
tracking and paging log dir
 CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 
causes deplo ...)
        NOT-FOR-US: Citrix
 CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of 
error,  ...)
-       {DLA-2970-1}
+       {DSA-5133-1 DLA-2970-1}
        - qemu 1:7.0+dfsg-1
        [buster] - qemu <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257
        NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf
        NOTE: vulnerable code in buster in vhost_vsock_send_transport_reset
 CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw 
was inadv ...)
+       {DSA-5133-1}
        - qemu 1:7.0+dfsg-1
        [buster] - qemu <not-affected> (Original upstream fix for CVE-2021-3748 
not applied)
        [stretch] - qemu <not-affected> (Original upstream fix for 
CVE-2021-3748 not applied)
@@ -18927,12 +18940,14 @@ CVE-2021-46559 (The firmware on Moxa TN-5900 devices 
through 3.1 has a weak algo
 CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in 
the relea ...)
        NOT-FOR-US: Bromite
 CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the 
Gerber Viewe ...)
+       {DLA-2998-1}
        - kicad 6.0.2+dfsg-1
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460
        NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700
        NOTE: 
https://gitlab.com/kicad/code/kicad/-/commit/54b20cb0492ee20eb9efaff478eaa51fe17b4ca3
 (master)
        NOTE: 
https://gitlab.com/kicad/code/kicad/-/commit/a7fbdfe9182fe075d1f36cf1f23432b28caf03b3
 (6.0.2)
 CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the 
Gerber Viewe ...)
+       {DLA-2998-1}
        - kicad 6.0.2+dfsg-1
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460
        NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700
@@ -18991,6 +19006,7 @@ CVE-2022-0359 (Heap-based Buffer Overflow in GitHub 
repository vim/vim prior to
        NOTE: 
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 
(v8.2.4214)
 CVE-2022-0358
        RESERVED
+       {DSA-5133-1}
        - qemu 1:7.0+dfsg-1
        [buster] - qemu <not-affected> (Vulnerable code not present)
        [stretch] - qemu <not-affected> (virtiofsd added in 5.0)
@@ -19768,12 +19784,14 @@ CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in 
Go before 1.16.14 and 1.17
 CVE-2022-23805 (A security out-of-bounds read information disclosure 
vulnerability in  ...)
        NOT-FOR-US: Trend Micro
 CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the 
Gerber Viewe ...)
+       {DLA-2998-1}
        - kicad 6.0.2+dfsg-1
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453
        NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719
        NOTE: 
https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50
 (6.0.2)
        NOTE: 
https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05
 (master)
 CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the 
Gerber Viewe ...)
+       {DLA-2998-1}
        - kicad 6.0.2+dfsg-1
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453
        NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719
@@ -20040,10 +20058,10 @@ CVE-2022-23707 (An XSS vulnerability was found in 
Kibana index patterns. Using t
        - kibana <itp> (bug #700337)
 CVE-2022-23706
        RESERVED
-CVE-2022-23705
-       RESERVED
-CVE-2022-23704
-       RESERVED
+CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble 
Storage Hyb ...)
+       TODO: check
+CVE-2022-23704 (A potential security vulnerability has been identified in 
Integrated L ...)
+       TODO: check
 CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble 
Storage Hyb ...)
        NOT-FOR-US: HPE
 CVE-2022-23702 (A potential security vulnerability has been identified in HPE 
Superdom ...)
@@ -21782,11 +21800,13 @@ CVE-2021-44777 (Cross-Site Request Forgery (CSRF) 
vulnerabilities leading to sin
 CVE-2021-44760 (Authenticated Reflected Cross-Site Scripting (XSS) 
vulnerability disco ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-4207 (A flaw was found in the QXL display device emulation in QEMU. A 
double ...)
+       {DSA-5133-1}
        - qemu 1:7.0+dfsg-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036966
        NOTE: https://starlabs.sg/advisories/22-4207/
        NOTE: Fixed by: 
https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895
 (v7.0.0-rc4)
 CVE-2021-4206 (A flaw was found in the QXL display device emulation in QEMU. 
An integ ...)
+       {DSA-5133-1}
        - qemu 1:7.0+dfsg-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036998
        NOTE: https://starlabs.sg/advisories/22-4206/
@@ -34169,8 +34189,8 @@ CVE-2021-43714
        RESERVED
 CVE-2021-43713
        RESERVED
-CVE-2021-43712
-       RESERVED
+CVE-2021-43712 (Stored XSS in Add New Employee Form in Sourcecodester Employee 
Daily T ...)
+       TODO: check
 CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 
V4.0.3c.7646_B2020 ...)
        NOT-FOR-US: TOTOLINK
 CVE-2021-43710



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0aa6e3d8da4b961cd4a2cc6b19b72632e3da23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf0aa6e3d8da4b961cd4a2cc6b19b72632e3da23
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to