[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 27 Jun 2022 01:10:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a822f0ef by security tracker role at 2022-06-27T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2022-34659
+       RESERVED
+CVE-2022-34647
+       RESERVED
+CVE-2022-34646
+       RESERVED
+CVE-2022-34345
+       RESERVED
+CVE-2022-34157
+       RESERVED
+CVE-2022-33964
+       RESERVED
+CVE-2022-33946
+       RESERVED
+CVE-2022-33190
+       RESERVED
+CVE-2022-32971
+       RESERVED
+CVE-2022-32579
+       RESERVED
+CVE-2022-31476
+       RESERVED
+CVE-2022-30692
+       RESERVED
+CVE-2022-29514
+       RESERVED
+CVE-2022-27168
+       RESERVED
+CVE-2022-2214
+       RESERVED
+CVE-2022-2213
+       RESERVED
+CVE-2022-2212
+       RESERVED
 CVE-2022-34645
        RESERVED
 CVE-2022-34644
@@ -311,6 +345,7 @@ CVE-2022-34494 (rpmsg_virtio_add_ctrl_dev in 
drivers/rpmsg/virtio_rpmsg_bus.c in
        [stretch] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/1680939e9ecf7764fba8689cfb3429c2fe2bb23c (5.19-rc1)
 CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
+       RESERVED
        - libguestfs <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
        TODO: check, upstream references
@@ -330,8 +365,8 @@ CVE-2022-34491 (In the RSS extension for MediaWiki through 
1.38.1, when the $wgR
        NOT-FOR-US: MediaWiki RSS extension
 CVE-2022-34490
        RESERVED
-CVE-2022-2206
-       RESERVED
+CVE-2022-2206 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. 
...)
+       TODO: check
 CVE-2022-34486
        RESERVED
 CVE-2022-27637
@@ -2364,8 +2399,8 @@ CVE-2022-33737
        RESERVED
 CVE-2022-33736
        RESERVED
-CVE-2022-33202
-       RESERVED
+CVE-2022-33202 (Authentication bypass vulnerability in the setup screen of 
L2Blocker(o ...)
+       TODO: check
 CVE-2022-2088
        RESERVED
 CVE-2022-2087 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
@@ -3431,8 +3466,8 @@ CVE-2022-33211
        RESERVED
 CVE-2022-33210
        RESERVED
-CVE-2022-33146
-       RESERVED
+CVE-2022-33146 (Open redirect vulnerability in web2py versions prior to 2.22.5 
allows  ...)
+       TODO: check
 CVE-2022-32585
        RESERVED
 CVE-2022-28127
@@ -3610,7 +3645,7 @@ CVE-2022-33126
        RESERVED
 CVE-2022-33125
        RESERVED
-CVE-2022-33124 (aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL 
which can ...)
+CVE-2022-33124 (** DISPUTED ** AIOHTTP 3.8.1 can report a "ValueError: Invalid 
IPv6 UR ...)
        TODO: check
 CVE-2022-33123
        RESERVED
@@ -9663,7 +9698,7 @@ CVE-2022-30934
 CVE-2022-30933
        RESERVED
 CVE-2022-30932
-       RESERVED
+       REJECTED
 CVE-2022-30931 (Employee Leaves Management System (ELMS) V 2.1 is vulnerable 
to Cross  ...)
        NOT-FOR-US: Employee Leaves Management System (ELMS)
 CVE-2022-30930 (Tourism Management System Version: V 3.2 is affected by: Cross 
Site Re ...)
@@ -13429,6 +13464,7 @@ CVE-2019-25059 (Artifex Ghostscript through 9.26 
mishandles .completefont. NOTE:
        NOTE: Fixed by: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0
        NOTE: Issue exists because of an incomplete fix for CVE-2019-3839
 CVE-2022-29599 (In Apache Maven maven-shared-utils prior to version 3.3.3, the 
Command ...)
+       {DLA-3059-1}
        - maven-shared-utils 3.3.4-1 (bug #1012314)
        NOTE: https://github.com/apache/maven-shared-utils/pull/40
        NOTE: https://issues.apache.org/jira/browse/MSHARED-297
@@ -82191,7 +82227,7 @@ CVE-2021-30283 (Possible denial of service due to 
improper handling of debug reg
        NOT-FOR-US: Qualcomm components for Android
 CVE-2021-30282 (Possible out of bound write in RAM partition table due to 
improper val ...)
        NOT-FOR-US: Qualcomm components for Android
-CVE-2021-30281 (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, 
Snapdragon Co ...)
+CVE-2021-30281 (Possible unauthorized access to secure space due to improper 
check of  ...)
        NOT-FOR-US: Snapdragon
 CVE-2021-30280
        RESERVED
@@ -165045,8 +165081,8 @@ CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior 
exposes IOCTL and allows i
        NOT-FOR-US: Patriot Viper RGB Driver
 CVE-2020-9755
        RESERVED
-CVE-2020-9754
-       RESERVED
+CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the 
attacker to  ...)
+       TODO: check
 CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support 
signatur ...)
        NOT-FOR-US: Whale Browser
 CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can 
move a lo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822f0ef3f2949e0730a4a2149dfafdbc909aef9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a822f0ef3f2949e0730a4a2149dfafdbc909aef9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to