Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c256aaee by security tracker role at 2022-05-18T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed
gf_utf8_wcsl ...)
+ TODO: check
+CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has
a NULL p ...)
+ TODO: check
+CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in
stack con ...)
+ TODO: check
+CVE-2022-1775
+ RESERVED
+CVE-2022-1774
+ RESERVED
+CVE-2022-1773
+ RESERVED
+CVE-2022-1772
+ RESERVED
+CVE-2022-1771
+ RESERVED
+CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator)
gem throug ...)
+ TODO: check
CVE-2022-30973
RESERVED
CVE-2022-1770
@@ -744,7 +762,7 @@ CVE-2021-4228
CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did
not cor ...)
NOT-FOR-US: HashiCorp
CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local
privilege esc ...)
- {DSA-5137-1}
+ {DSA-5137-1 DLA-3013-1}
- needrestart 3.6-1 (bug #1011154)
NOTE:
https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30
(v3.6)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9
@@ -2544,12 +2562,12 @@ CVE-2022-30056
RESERVED
CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow
vulnerability that ...)
NOT-FOR-US: Prime95
-CVE-2022-30054
- RESERVED
-CVE-2022-30053
- RESERVED
-CVE-2022-30052
- RESERVED
+CVE-2022-30054 (In Covid 19 Travel Pass Management 1.0, the code parameter is
vulnerab ...)
+ TODO: check
+CVE-2022-30053 (In Toll Tax Management System 1.0, the id parameter appears to
be vuln ...)
+ TODO: check
+CVE-2022-30052 (In Home Clean Service System 1.0, the password parameter is
vulnerable ...)
+ TODO: check
CVE-2022-30051
RESERVED
CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting
(XSS) via ...)
@@ -2562,8 +2580,8 @@ CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to
contain a SQL injection v
NOT-FOR-US: Mingsoft MCMS
CVE-2022-30046
RESERVED
-CVE-2022-30045
- RESERVED
+CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The
function ezx ...)
+ TODO: check
CVE-2022-30044
RESERVED
CVE-2022-30043
@@ -4413,10 +4431,10 @@ CVE-2022-29438
RESERVED
CVE-2022-29437
RESERVED
-CVE-2022-29436
- RESERVED
-CVE-2022-29435
- RESERVED
+CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in
Alexander Stokm ...)
+ TODO: check
+CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander
Stokmann' ...)
+ TODO: check
CVE-2022-29434
RESERVED
CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site
Scripting (XSS) ...)
@@ -4832,20 +4850,20 @@ CVE-2022-1364
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1363
RESERVED
-CVE-2022-1362
- RESERVED
-CVE-2022-1361
- RESERVED
-CVE-2022-1360
- RESERVED
-CVE-2022-1359
- RESERVED
-CVE-2022-1358
- RESERVED
-CVE-2022-1357
- RESERVED
-CVE-2022-1356
- RESERVED
+CVE-2022-1362 (The affected On-Premise cnMaestro is vulnerable inside a
specific rout ...)
+ TODO: check
+CVE-2022-1361 (The affected On-Premise cnMaestro is vulnerable to a pre-auth
data exf ...)
+ TODO: check
+CVE-2022-1360 (The affected On-Premise cnMaestro is vulnerable to execution of
code o ...)
+ TODO: check
+CVE-2022-1359 (The affected On-Premise cnMaestro is vulnerable to an arbitrary
file-w ...)
+ TODO: check
+CVE-2022-1358 (The affected On-Premise is vulnerable to data exfiltration
through imp ...)
+ TODO: check
+CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated
attacker t ...)
+ TODO: check
+CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By
default, a ...)
+ TODO: check
CVE-2022-1355
RESERVED
- tiff 4.3.0-8 (bug #1011160)
@@ -5064,8 +5082,8 @@ CVE-2022-29176 (Rubygems is a package registry used to
supply software for the R
TODO: check
CVE-2022-29175
REJECTED
-CVE-2022-29174
- RESERVED
+CVE-2022-29174 (countly-server is the server-side part of Countly, a product
analytics ...)
+ TODO: check
CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF).
go-tuf do ...)
- golang-github-endophage-gotuf <removed>
[stretch] - golang-github-endophage-gotuf <not-affected> (Vulnerable
code not present)
@@ -5092,8 +5110,7 @@ CVE-2022-29164 (Argo Workflows is an open source
container-native workflow engin
NOT-FOR-US: Argo Workflows
CVE-2022-29163
RESERVED
-CVE-2022-29162
- RESERVED
+CVE-2022-29162 (runc is a CLI tool for spawning and running containers on
Linux accord ...)
- runc <unfixed>
[stretch] - runc <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/12/1
@@ -6603,10 +6620,10 @@ CVE-2022-28619
RESERVED
CVE-2022-28618
RESERVED
-CVE-2022-28617
- RESERVED
-CVE-2022-28616
- RESERVED
+CVE-2022-28617 (A remote bypass security restrictions vulnerability was
discovered in ...)
+ TODO: check
+CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was
discover ...)
+ TODO: check
CVE-2022-28615
RESERVED
CVE-2022-28614
@@ -7854,8 +7871,7 @@ CVE-2022-28194 (NVIDIA Jetson Linux Driver Package
contains a vulnerability in t
NOT-FOR-US: NVIDIA Jetson Linux Driver Package
CVE-2022-28193 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
the Cbo ...)
NOT-FOR-US: NVIDIA Jetson Linux Driver Package
-CVE-2022-28192
- RESERVED
+CVE-2022-28192 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
- nvidia-graphics-drivers <unfixed> (bug #1011140)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7869,8 +7885,7 @@ CVE-2022-28192
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28191
- RESERVED
+CVE-2022-28191 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
- nvidia-graphics-drivers <unfixed> (bug #1011140)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7880,18 +7895,17 @@ CVE-2022-28191
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28190
- RESERVED
-CVE-2022-28189
- RESERVED
-CVE-2022-28188
- RESERVED
-CVE-2022-28187
- RESERVED
-CVE-2022-28186
- RESERVED
-CVE-2022-28185
- RESERVED
+CVE-2022-28190 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-28189 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-28188 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-28187 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-28186 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-28185 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1011140)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7910,8 +7924,7 @@ CVE-2022-28185
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28184
- RESERVED
+CVE-2022-28184 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1011140)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7921,8 +7934,7 @@ CVE-2022-28184
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28183
- RESERVED
+CVE-2022-28183 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1011140)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -7932,10 +7944,9 @@ CVE-2022-28183
[bullseye] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-510 <unfixed> (bug #1011147)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353
-CVE-2022-28182
- RESERVED
-CVE-2022-28181
- RESERVED
+CVE-2022-28182 (NVIDIA GPU Display Driver for Windows contains a vulnerability
in the ...)
+ TODO: check
+CVE-2022-28181 (NVIDIA GPU Display Driver for Windows and Linux contains a
vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1011140)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8257,8 +8268,8 @@ CVE-2022-1120 (Missing filtering in an error message in
GitLab CE/EE affecting a
- gitlab <unfixed>
CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to
Arbitrary File ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1118
- RESERVED
+CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF
Workbenc ...)
+ TODO: check
CVE-2022-1117
RESERVED
NOT-FOR-US: fapolicyd
@@ -10674,8 +10685,8 @@ CVE-2022-0998 (An integer overflow flaw was found in
the Linux kernel’s vi
[stretch] - linux <not-affected> (ulnerable code not present)
NOTE:
https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6)
NOTE: CONFIG_VHOST_VDPA not set in Debian
-CVE-2022-0997
- RESERVED
+CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and
Sensor co ...)
+ TODO: check
CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that
allows expi ...)
- 389-ds-base 2.0.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
@@ -18734,20 +18745,20 @@ CVE-2022-24396 (The Simple Diagnostics Agent -
versions 1.0 up to version 1.57,
NOT-FOR-US: SAP
CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20,
7.30, 7.3 ...)
NOT-FOR-US: SAP
-CVE-2022-24394
- RESERVED
-CVE-2022-24393
- RESERVED
-CVE-2022-24392
- RESERVED
-CVE-2022-24391
- RESERVED
-CVE-2022-24390
- RESERVED
-CVE-2022-24389
- RESERVED
-CVE-2022-24388
- RESERVED
+CVE-2022-24394 (Vulnerability in Fidelis Network and Deception CommandPost
enables aut ...)
+ TODO: check
+CVE-2022-24393 (Vulnerability in Fidelis Network and Deception CommandPost
enables aut ...)
+ TODO: check
+CVE-2022-24392 (Vulnerability in Fidelis Network and Deception CommandPost
enables aut ...)
+ TODO: check
+CVE-2022-24391 (Vulnerability in Fidelis Network and Deception CommandPost
enables SQL ...)
+ TODO: check
+CVE-2022-24390 (Vulnerability in rconfig “remote_text_file”
enables an att ...)
+ TODO: check
+CVE-2022-24389 (Vulnerability in rconfig “cert_utils” enables an
attacker ...)
+ TODO: check
+CVE-2022-24388 (Vulnerability in rconfig “date” enables an
attacker with u ...)
+ TODO: check
CVE-2022-24387 (With administrator or admin privileges the application can be
tricked ...)
NOT-FOR-US: SmarterTrack
CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects:
SmarterToo ...)
@@ -18765,8 +18776,8 @@ CVE-2022-0487 (A use-after-free vulnerability was found
in rtsx_usb_ms_drv_remov
NOTE:
https://lore.kernel.org/all/[email protected]/
NOTE:
https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4)
NOTE: CONFIG_MMC_MOXART is not set in Debian.
-CVE-2022-0486
- RESERVED
+CVE-2022-0486 (Improper file permissions in the CommandPost, Collector,
Sensor, and S ...)
+ TODO: check
CVE-2022-0485 [nbdcopy: missing error handling may create corrupted
destination image]
RESERVED
- libnbd 1.10.5-1 (bug #1005307)
@@ -21567,8 +21578,8 @@ CVE-2022-23708 (A flaw was discovered in Elasticsearch
7.17.0’s upgrade as
- elasticsearch <removed>
CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using
this vu ...)
- kibana <itp> (bug #700337)
-CVE-2022-23706
- RESERVED
+CVE-2022-23706 (A remote cross-site scripting (xss) vulnerability was
discovered in HP ...)
+ TODO: check
CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble
Storage Hyb ...)
NOT-FOR-US: HPE
CVE-2022-23704 (A potential security vulnerability has been identified in
Integrated L ...)
@@ -59247,8 +59258,8 @@ CVE-2021-35251 (Sensitive information could be
displayed when a detailed technic
NOT-FOR-US: Solarwinds
CVE-2021-35250 (A researcher reported a Directory Transversal Vulnerability in
Serv-U ...)
NOT-FOR-US: Serv-U
-CVE-2021-35249
- RESERVED
+CVE-2021-35249 (This broken access control vulnerability pertains specifically
to a do ...)
+ TODO: check
CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts
can quer ...)
NOT-FOR-US: SolarWinds
CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing
characters ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c256aaee6efb4d35fc646fffbf7421e178d8f850
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c256aaee6efb4d35fc646fffbf7421e178d8f850
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
