Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ffe6c2d8 by security tracker role at 2022-06-11T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1568,14 +1568,14 @@ CVE-2022-32291 (In Real Player through 20.1.0.312,
attackers can execute arbitra
NOT-FOR-US: Real Player
CVE-2022-32290
RESERVED
-CVE-2017-20040
- RESERVED
-CVE-2017-20039
- RESERVED
-CVE-2017-20038
- RESERVED
-CVE-2017-20037
- RESERVED
+CVE-2017-20040 (A vulnerability was found in SICUNET Access Controller
0.32-05z. It ha ...)
+ TODO: check
+CVE-2017-20039 (A vulnerability was found in SICUNET Access Controller
0.32-05z. It ha ...)
+ TODO: check
+CVE-2017-20038 (A vulnerability was found in SICUNET Access Controller
0.32-05z and cl ...)
+ TODO: check
+CVE-2017-20037 (A vulnerability has been found in SICUNET Access Controller
0.32-05z a ...)
+ TODO: check
CVE-2017-20036 (A vulnerability, which was classified as problematic, was
found in PHP ...)
- phplist <itp> (bug #612288)
CVE-2017-20035 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -1906,11 +1906,13 @@ CVE-2022-1976
RESERVED
CVE-2022-1975 [NFC: netlink: fix sleep in atomic bug when firmware download
timeout]
RESERVED
+ {DSA-5161-1}
- linux 5.17.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/2
NOTE:
https://git.kernel.org/linus/4071bf121d59944d5cd2238de0642f3d7995a997 (5.18-rc6)
CVE-2022-1974
RESERVED
+ {DSA-5161-1}
- linux 5.17.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1
NOTE:
https://git.kernel.org/linus/da5c0f119203ad9728920456a0f52a6d850c01cd (5.18-rc6)
@@ -1923,6 +1925,7 @@ CVE-2022-1973 [fs/ntfs3: Fix invalid free in log_replay]
NOTE:
https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1)
CVE-2022-1972
RESERVED
+ {DSA-5161-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1949,6 +1952,7 @@ CVE-2022-1968 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
CVE-2022-1967
RESERVED
CVE-2022-1966 (A use-after-free vulnerability was found in the Linux kernel's
Netfilt ...)
+ {DSA-5161-1}
- linux 5.18.2-1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/31/1
NOTE:
https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd
@@ -3740,6 +3744,7 @@ CVE-2022-1853
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-1852 [KVM: x86: avoid calling x86 emulator without a decoded
instruction]
RESERVED
+ {DSA-5161-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5186,6 +5191,7 @@ CVE-2022-1791
CVE-2022-1790
RESERVED
CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in
a call ...)
+ {DSA-5161-1}
- linux 5.17.11-1
NOTE:
https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76
CVE-2022-1788
@@ -5193,6 +5199,7 @@ CVE-2022-1788
CVE-2022-1787
RESERVED
CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s
io_uring s ...)
+ {DSA-5161-1}
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -5541,6 +5548,7 @@ CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in
GitHub repository jgraph/d
NOT-FOR-US: jgraph/drawio
CVE-2022-1729 [perf: Fix sys_perf_event_open() race against self]
RESERVED
+ {DSA-5161-1}
- linux 5.17.11-1
NOTE: https://www.openwall.com/lists/oss-security/2022/05/20/2
NOTE:
https://git.kernel.org/linus/3ac6487e584a1eb54071dbe1212e05b884136704
@@ -5937,8 +5945,8 @@ CVE-2022-30782 (Openmoney API through 2020-06-29 uses the
JavaScript Math.random
NOT-FOR-US: Openmoney
CVE-2022-30781 (Gitea before 1.16.7 does not escape git fetch remote. ...)
- gitea <removed>
-CVE-2022-30780
- RESERVED
+CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to
cause a den ...)
+ TODO: check
CVE-2022-30779 (Laravel 9.1.8, when processing attacker-controlled data for
deserializ ...)
TODO: check, issue seems to be in src:guzzle, check details
CVE-2022-30778 (Laravel 9.1.8, when processing attacker-controlled data for
deserializ ...)
@@ -11366,6 +11374,7 @@ CVE-2022-28895 (A command injection vulnerability in
the component /setnetworkse
CVE-2022-28894
RESERVED
CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can
call xs_xp ...)
+ {DSA-5161-1}
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -16182,6 +16191,7 @@ CVE-2022-1013 (The Personal Dictionary WordPress plugin
before 1.3.4 fails to pr
NOT-FOR-US: WordPress plugin
CVE-2022-1012
RESERVED
+ {DSA-5161-1}
- linux 5.17.11-1
NOTE:
https://git.kernel.org/linus/b2d057560b8107c633b39aabe517ff9d93f285e3 (5.18-rc6)
CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel’s
FUSE files ...)
@@ -18484,6 +18494,7 @@ CVE-2022-0856 (libcaca is affected by a Divide By Zero
issue via img2txt, which
CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository
microwebe ...)
NOT-FOR-US: microweber (whmcs_plugin)
CVE-2022-0854 (A memory leak flaw was found in the Linux kernel’s DMA
subsystem ...)
+ {DSA-5161-1}
- linux 5.17.3-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058395
NOTE:
https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e (5.17-rc6)
@@ -24329,6 +24340,7 @@ CVE-2022-0496
CVE-2022-0495
RESERVED
CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl
functi ...)
+ {DSA-5161-1}
- linux 5.16.14-1
NOTE:
https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5)
CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not
properly val ...)
@@ -38579,8 +38591,8 @@ CVE-2021-44268
RESERVED
CVE-2021-44267
RESERVED
-CVE-2021-44266
- RESERVED
+CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS
via the mo ...)
+ TODO: check
CVE-2021-44265
RESERVED
CVE-2021-44264
@@ -40729,6 +40741,7 @@ CVE-2022-21501
CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage
Proxies). ...)
NOT-FOR-US: Oracle
CVE-2022-21499 (KGDB and KDB allow read and write access to kernel memory, and
thus sh ...)
+ {DSA-5161-1}
- linux 5.17.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -48968,8 +48981,8 @@ CVE-2021-41740
RESERVED
CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica
Proxy 4. ...)
NOT-FOR-US: Artica Web Proxy
-CVE-2021-41738
- RESERVED
+CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in
/cgi-bin/kerb ...)
+ TODO: check
CVE-2021-41737
RESERVED
- faust <unfixed>
@@ -49514,8 +49527,8 @@ CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An
Elevated Privileges issue exi
NOT-FOR-US: D-Link
CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L
v2.17 and ...)
NOT-FOR-US: D-Link
-CVE-2021-41502
- RESERVED
+CVE-2021-41502 (An issue was discovered in Subrion CMS v4.2.1 There is a
stored cross- ...)
+ TODO: check
CVE-2021-41501
RESERVED
CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org
cvxop & ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe6c2d81ad8ca23cead30184688e443fc416456
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe6c2d81ad8ca23cead30184688e443fc416456
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
